US20070150740A1 - Method for providing information security for wireless transmissions - Google Patents
Method for providing information security for wireless transmissionsDownload PDFInfo
- Publication number
- US20070150740A1 US20070150740A1US11/483,176US48317606AUS2007150740A1US 20070150740 A1US20070150740 A1US 20070150740A1US 48317606 AUS48317606 AUS 48317606AUS 2007150740 A1US2007150740 A1US 2007150740A1
- Authority
- US
- United States
- Prior art keywords
- correspondent
- public key
- intermediary
- message
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 230000005540biological transmissionEffects0.000titleclaimsabstractdescription17
- 238000000034methodMethods0.000titleclaimsdescription20
- 238000004891communicationMethods0.000claimsabstractdescription18
- 238000013475authorizationMethods0.000claimsdescription4
- 238000012795verificationMethods0.000claimsdescription4
- 238000012546transferMethods0.000claimsdescription3
- 238000009795derivationMethods0.000claimsdescription2
- 239000000284extractSubstances0.000claims1
- 238000005516engineering processMethods0.000description5
- 238000011084recoveryMethods0.000description2
- 230000003466anti-cipated effectEffects0.000description1
- 230000001413cellular effectEffects0.000description1
- 238000005265energy consumptionMethods0.000description1
- 238000004519manufacturing processMethods0.000description1
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- the present inventionrelates generally to cryptographic schemes, and specifically to cryptographic schemes relating to wireless applications.
- Information securityis required to secure many types of transactions performed electronically using a wide range of computing and communication technologies.
- technologiessuch as wireless networks, paging infrastructures and smart cards are being deployed to support critical, information sensitive applications including account inquiries, electronic cash, secure communications and access control.
- One of the key features of each of these technologiesis that they offer consumers the convenience of service anywhere, any time. The convenience offered to consumers results in a challenge for the vendors to create smaller and faster devices while providing a high level of security for information computed and transmitted.
- cryptosystemsInformation security is provided through the application of cryptographic systems (commonly referred to as cryptosystems).
- the two main classes of cryptosystemsare symmetric and public key.
- a symmetric cryptosystemtwo users wishing to participate in a secure transaction must share a common key. Therefore, each user must trust the other not to divulge the key to a third party.
- Users participating in a secure transaction using public key cryptosystemswill each have two keys, known as a key pair. One of the keys is kept secret and is referred to as the private key, while the other can be published and is referred to as the public key.
- applicationsuse a combination of both these classes of cryptosystems to provide information security.
- Symmetric technologiesare typically used to perform bulk data encryption
- public key technologiesare commonly used to perform key agreement, key transport, digital signatures and encryption of small messages.
- Elliptic curve cryptosystemsare based on an exceptionally difficult mathematical problem, Thus, elliptic curve systems can maintain security equivalent to many other systems while using much smaller public keys.
- the smaller key sizehas significant benefits in terms of the amount of information that must be exchanged between users, the time required for that exchange, the amount of information that must be stored for digital signature transactions, and the size and energy consumption of the hardware or software used to implement the system.
- the public keyis a point (Q) on an elliptic curve (represented as a pair of field elements) and the private key is an integer (k).
- Elliptic curvesare defined over an underlying field and may be implemented over the multiplicative group F p , (the integers modules a prime p) or characteristic 2 finite fields (F 2 m where m is a positive integer).
- Wireless devicesincluding cellular telephones, two-way pagers, wireless modems, and contactless smart cards, are increasing in popularity because of the convenience they provide while maintaining a low cost and small form factor.
- a method of communicating between a pair of correspondents through an intermediarycomprising the steps, registering one of said correspondents with said intermediary to share an identifier, preparing at said one correspondent a secure communication including a message between said correspondents, preparing a signature component including a derivation of said secure communication and said identifier forwarding said signature component to said intermediary and verifying said signature component at said intermediary, attaching to said communication a certificate of the public key and identity of the said one correspondent, and forwarding said communication and certificate to said other correspondent.
- FIG. 1is a schematic drawing of a pager system
- FIG. 3is a representation of a message transfer system for the system of FIG. 1
- FIG. 4is a schematic representation of an alternative embodiment of a communication system.
- a paging systemis represented generally by the numeral 100 .
- a first pager 102is operatively coupled with a first home terminal 104 through a wireless communication.
- the first home terminal 104is operatively coupled to a second home terminal 106 via a network 108 and the second home terminal 106 in turn is operatively coupled to a second pager 110 .
- the pagers 102 , 110are typically coupled to their respective home terminals 104 , 106 by radio frequency.
- the network 108is typically a public switched telephone network (PSTN), but can include a data network, and the Internet.
- PSTNpublic switched telephone network
- Every pager 102contains a subscriber unit address and a public key C of the pager manufacturer or service provider (herein referred to as the company public key). This information is loaded at the manufacture stage.
- the company public key Q Cis derived from a company private key d C .
- Each home terminal 104has a private key d H and a public key Q H .
- the public key Q Nis signed by the company private key d C to create a certificate denoted C M .
- the company public key Q Ccould be system wide or defined for a given region.
- a subscriberpurchases a pager 102 from a retail outlet and the pager is then loaded with a home index 112 and identifier ID using the protocol outlined below.
- the home indexis typically a 32-bit index which uniquely identifies the pager 102 and correlates it with a specific home terminal 104 .
- the subscribercalls a number, typically a toll-free number, to contact a service provider and a home terminal 104 is assigned.
- the home terminal 104sends the pager 102 its public key Q H and its certificate C M .
- the pagerverifies Q H , with the company public key Q C .
- the pagergenerates a private key d p and a corresponding public key Q p which is communicated to the home terminal 104 .
- the pager 102sends to the home terminal 104 the necessary authorization information (including identification, credit card number, subscriber unit address, and the like) encrypted under the home terminal public key Q H ).
- the home terminalgets authorization from a central repository that this subscriber unit has not already been activated and thereby prevents counterfeiting of subscriber units.
- the home terminal 104sets up a subscriber account and sends the pager 102 its home index and identifier ID encrypted under Q p and signed by the home terminal.
- Each pager 102 in a paging infrastructure 100is registered with a home terminal using the registration protocol described above.
- the pagershave a private and public key pair, dp,Q p , each of which are approximately 20 bytes in length.
- the home terminals 104have a private and public key pair dh, Q H each of which are approximately 25 bytes in length. It is desirable to have a longer key length at the home terminal for providing additional security. Further, since the home terminal 104 does not have the same power constraints as the pager 102 , the extra computational power required for the longer key is not a significant issue. The additional security at the home terminal 102 is important since a compromise of the home terminal would permit counterfeiting of subscriber units.
- each of the pagers 102has a certificate registered for it at the home terminal 104 .
- the certificate, cert cavalidates the public key Q p , and identity ID.
- Each of the home terminalsmaintains a table for the pagers and their associated certificate. Rather than having the pager sign the certificate and send the message to the home terminal, the certificate cert ca is signed by the pager's home terminal. The transmission process used to implement such a protocol is described in detail below.
- the first pager P 1wishes to send a message M to a recipient, e.g. a second pager P 2 having a public key Q P 1 .
- the sender P 1initially obtains an authentic copy of a recipient's public key Q P 2 .
- the first pagerthen transmits the signature, m a , and the signed, encrypted message, W, to the first home terminal.
- the signature, m ais used by the home terminal 104 associated with pager P 1 to verify that P 1 is a legitimate user.
- the message W and a nonce CNwhich is unique for each transmission, are coupled with the ID of P 1 and signed.
- the nonceis used to prevent replay of the transmission, W is a signed, encrypted form of the message M. Signing then encrypting is preferred over encrypting then signing.
- the bandwidth requirement of the transmission from the pager to the baseare reduced since the pager does not have to transmit a certificate.
- the first home terminal 104stores a pre-computed table of values which allows it to increase the speed of verifying P 1 's signature. Alternately, if verification is fast enough, as would be the case with a hardware implementation, the table of values is not required.
- the second home terminal, 106receives the transmission and verifies Q P 1 using Cert ca (Q P 1 , ID P 1 ). To save bandwidth, the second home terminal 106 signs Q P 1 according to the signature function S dp 1 (W
- Q P1has been validated by the signature of the home terminal 104 and therefore communicating between the second home terminal 106 and the second pager 110 in this manner keeps the certificates off the transmission channel and reduces bandwidth requirements.
- Mconsists of t bytes. If the Nyberg-Rueppel protocol is used for signing the message, t+20 bytes are required for S P 1 (M). A further 20 bytes a used to encrypt S P 1 (M), therefore W is t+40 bytes in length. Hashing h(W) uses 20 bytes if SHA-1 is used. The nonce CN uses 4 bytes and the identification ID P 1 uses 4 bytes. Once again, if Nyberg-Rueppel is We for signing, 20 additional bytes are used. Hence m a will be 48 bytes. Therefore, the transmission between the first pager and the first home terminal uses t+92 bytes.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
- This application is a continuation of U.S. patent application Ser. No. 09/680,501 filed on Oct. 5, 2000.
- The present invention relates generally to cryptographic schemes, and specifically to cryptographic schemes relating to wireless applications.
- Information security is required to secure many types of transactions performed electronically using a wide range of computing and communication technologies. As consumers demand more flexible, convenient services, technologies such as wireless networks, paging infrastructures and smart cards are being deployed to support critical, information sensitive applications including account inquiries, electronic cash, secure communications and access control. One of the key features of each of these technologies is that they offer consumers the convenience of service anywhere, any time. The convenience offered to consumers results in a challenge for the vendors to create smaller and faster devices while providing a high level of security for information computed and transmitted.
- Information security is provided through the application of cryptographic systems (commonly referred to as cryptosystems). The two main classes of cryptosystems are symmetric and public key. In a symmetric cryptosystem, two users wishing to participate in a secure transaction must share a common key. Therefore, each user must trust the other not to divulge the key to a third party. Users participating in a secure transaction using public key cryptosystems will each have two keys, known as a key pair. One of the keys is kept secret and is referred to as the private key, while the other can be published and is referred to as the public key. Typically, applications use a combination of both these classes of cryptosystems to provide information security. Symmetric technologies are typically used to perform bulk data encryption, while public key technologies are commonly used to perform key agreement, key transport, digital signatures and encryption of small messages.
- Since the introduction of public key cryptosystems, there have been many implementations proposed. All of these public key systems are based on mathematical problems which are known to be hard, that is, it is thought that breaking a system is equivalent to solving a hard mathematical problem. These problems are generally easy to solve for numbers that are small in size, but become increasingly difficult as lager numbers are used. One of the differences among the systems is how large the numbers have to be so that the system is too hard to solve given present and anticipated computing power. This is typically linked to the length of the key and referred to as the key size. A system using a small key size while maintaining a high level of security is considered better, as it requires less information to be transmitted and stored.
- Diffie-Hellman key agreement provided the first practical solution to the key distribution problem by allowing two parties to securely establish a shared secret over an open channel. The original key agreement protocol provides unauthenticated key agreement. The security is based on the discrete logarithm problem of finding integer x given a group generator α, and an element β, such that αx=β.
- Rivest Shamir Adleman (RSA) was the first widely deployed realization of a public key system. The RSA system is a full public key cryptosystem and can be used to implement both encryption and digital signature functions. The security of the RSA cryptosystem depends on the difficulty of factoring the product of two large distinct prime numbers. To create a private key/public key pair, a user chooses two large distinct primes P and Q, and forms the product n=PQ. With knowledge of P and Q, the user finds two values e and d such that ((M)e)dmod n=M.
- The public key of the user is the pair (e, n) while the private key is d. It is known that the recovery of d from and e and n requires the recovery of P and Q, and thus is equivalent to factoring n.
- Elliptic curve cryptosystems are based on an exceptionally difficult mathematical problem, Thus, elliptic curve systems can maintain security equivalent to many other systems while using much smaller public keys. The smaller key size has significant benefits in terms of the amount of information that must be exchanged between users, the time required for that exchange, the amount of information that must be stored for digital signature transactions, and the size and energy consumption of the hardware or software used to implement the system. The basis for the security of the elliptic curve cryptosystem is the assumed intractability of the elliptic curve discrete logarithm problem. The problem requires an efficient method to find an integer k given an elliptic curve over a finite field, a point P on the curve, another point Q such that Q=kP.
- In this system, the public key is a point (Q) on an elliptic curve (represented as a pair of field elements) and the private key is an integer (k). Elliptic curves are defined over an underlying field and may be implemented over the multiplicative group Fp, (the integers modules a prime p) or characteristic 2 finite fields (F2m where m is a positive integer).
- There are typically three levels in a cryptosystem, which are encryption, signatures, and certificates. These three levels can be implemented using to above mentioned systems or a combination thereof.
- The first level of a cryptosystem involves encrypting a message between correspondent A and correspondent B. This level is vulnerable to attack since there is no way for correspondent A to verify whether or not correspondent B sent the message, or if a third party in the guise of correspondent B sent the message.
- Therefore, the second level of signing a message was introduced. Correspondent B can sign the encrypted message using, for example, a hashing function to hash the original message. If correspondent A uses the same hashing function on the decrypted message and it matches the signature sent by correspondent B, then the signature is verified. However, a third party may act as an interloper. The third party could present itself to correspondent A as if it were correspondent B and vice versa. As a result, both correspondents would unwittingly divulge their information to the third party. Therefore, the signature verifies that the message sent by a correspondent is sent from that correspondent, but it does not verify the identity of the correspondent.
- To prevent this type of attack, the correspondents may use a trusted third party (TTP) to certify the public key of each correspondent. The TTP has a private signing algorithm and a verification algorithm assumed to be known by all entities. The TTP carefully verifies the identity of each correspondent, and signs a message consisting of an identifier and the correspondent's public key. This is a simple example as to how a TTP can be used to verify the identification of the correspondent.
- Some of the most significant emerging areas for public key cryptosystems include wireless devices. Wireless devices, including cellular telephones, two-way pagers, wireless modems, and contactless smart cards, are increasing in popularity because of the convenience they provide while maintaining a low cost and small form factor.
- However, implementing the above mentioned cryptosystems requires computational power, which is limited on such wireless devices. Therefore, there is a need for a cryptosystem that provides all of the advantages as described above, but requires less power from the wireless device.
- In accordance with the present invention there is provided a method of communicating between a pair of correspondents through an intermediary comprising the steps, registering one of said correspondents with said intermediary to share an identifier, preparing at said one correspondent a secure communication including a message between said correspondents, preparing a signature component including a derivation of said secure communication and said identifier forwarding said signature component to said intermediary and verifying said signature component at said intermediary, attaching to said communication a certificate of the public key and identity of the said one correspondent, and forwarding said communication and certificate to said other correspondent. BRIEF DESCRIPTION OF THE DRAWINGS
- An embodiment of the invention will now be described by way of example only with reference to the following drawings in which:
FIG. 1 is a schematic drawing of a pager system;FIG. 2 is a representation of a registration process for the ofFIG. 1 FIG. 3 is a representation of a message transfer system for the system ofFIG. 1 FIG. 4 is a schematic representation of an alternative embodiment of a communication system.- For convenience, like numerals in the description refer to like structures in the drawings. Further, although the description refers only to pagers, it is intended that the description includes wireless devices in general.
- Referring to
FIG. 1 , a paging system is represented generally by the numeral100. Afirst pager 102 is operatively coupled with afirst home terminal 104 through a wireless communication. Thefirst home terminal 104 is operatively coupled to asecond home terminal 106 via anetwork 108 and thesecond home terminal 106 in turn is operatively coupled to asecond pager 110. Thepagers respective home terminals network 108 is typically a public switched telephone network (PSTN), but can include a data network, and the Internet. - Before a
pager 102 can communicate with thehome terminal 104 it must be registered. Everypager 102 contains a subscriber unit address and a public keyCof the pager manufacturer or service provider (herein referred to as the company public key). This information is loaded at the manufacture stage. The company public key QCis derived from a company private key dC. - Each
home terminal 104 has a private key dHand a public key QH. The public key QNis signed by the company private key dCto create a certificate denoted CM. The company public key QCcould be system wide or defined for a given region. A subscriber purchases apager 102 from a retail outlet and the pager is then loaded with a home index112 and identifier ID using the protocol outlined below. The home index is typically a 32-bit index which uniquely identifies thepager 102 and correlates it with aspecific home terminal 104. - The subscriber calls a number, typically a toll-free number, to contact a service provider and a
home terminal 104 is assigned. Thehome terminal 104 sends thepager 102 its public key QHand its certificate CM. The pager verifies QH, with the company public key QC. The pager generates a private key dpand a corresponding public key Qpwhich is communicated to thehome terminal 104. Thepager 102 sends to thehome terminal 104 the necessary authorization information (including identification, credit card number, subscriber unit address, and the like) encrypted under the home terminal public key QH). The home terminal gets authorization from a central repository that this subscriber unit has not already been activated and thereby prevents counterfeiting of subscriber units. Thehome terminal 104 sets up a subscriber account and sends thepager 102 its home index and identifier ID encrypted under Qpand signed by the home terminal. - Each
pager 102 in apaging infrastructure 100 is registered with a home terminal using the registration protocol described above. The pagers have a private and public key pair, dp,Qp, each of which are approximately 20 bytes in length. Thehome terminals 104 have a private and public key pair dh, QHeach of which are approximately 25 bytes in length. It is desirable to have a longer key length at the home terminal for providing additional security. Further, since thehome terminal 104 does not have the same power constraints as thepager 102, the extra computational power required for the longer key is not a significant issue. The additional security at thehome terminal 102 is important since a compromise of the home terminal would permit counterfeiting of subscriber units. - To reduce the computational requirements on the pager thereby reducing the power required to encrypt a message M, each of the
pagers 102 has a certificate registered for it at thehome terminal 104. The certificate, certca, validates the public key Qp, and identity ID. Each of the home terminals maintains a table for the pagers and their associated certificate. Rather than having the pager sign the certificate and send the message to the home terminal, the certificate certcais signed by the pager's home terminal. The transmission process used to implement such a protocol is described in detail below. - Referring once again to
FIG. 1 andFIG. 3 , the first pager P1wishes to send a message M to a recipient, e.g. a second pager P2having a public key QP1 . The sender P1initially obtains an authentic copy of a recipient's public key QP2 . The first pager P1calculates ciphertext with of a signed message M such that W=EQP2 (SP1 (M)), where EQP1 is encryption under the public key QP1 and SP1 is the signature of the first pager on message M using the private key dp. - The first pager also calculates a signature ma=SP
1 (h(w)||CN||IDP1 ) where h(w) is a hash of W, such as SHA-1. CN is a timestamp or some other nonce, IDP1 is the unique identifier of the first pager, and || represents concatenation. The first pager then transmits the signature, ma, and the signed, encrypted message, W, to the first home terminal. - The signature, ma, is used by the
home terminal 104 associated with pager P1to verify that P1is a legitimate user. In order to avoid a challenge-response authentication to save time and bandwidth, the message W and a nonce CN, which is unique for each transmission, are coupled with the ID of P1and signed. The nonce is used to prevent replay of the transmission, W is a signed, encrypted form of the message M. Signing then encrypting is preferred over encrypting then signing. - The first home terminal receives maand W from P1and uses mato verify that P1is a legitimate user. IDP
1 is recovered from ma, and the first home terminal retrieves the certificate, certcafor P1from the corresponding table and attaches it to W. Certcais a full certificate such as X.509 and consists of 1 bytes. There is no loss of security in storing the certcacertificates at the first home terminal. - In addition to saving computational power on the pager, the bandwidth requirement of the transmission from the pager to the base are reduced since the pager does not have to transmit a certificate.
- The
first home terminal 104 stores a pre-computed table of values which allows it to increase the speed of verifying P1's signature. Alternately, if verification is fast enough, as would be the case with a hardware implementation, the table of values is not required. - The first home terminal then removes the signature component Maand transmits the signed, encrypted message W and the certificate Certcato the recipient. Since the recipient in this example is the
second pager 110, W and Certcaare sent to thesecond home terminal 106 that has public and private keys QP3dP3respectively. - The second home terminal,106 receives the transmission and verifies QP
1 using Certca(QP1 , IDP1 ). To save bandwidth, thesecond home terminal 106 signs QP1 according to the signature function Sdp1 (W||QP1 ||IDP1 ) and sends it along with W to P2. A time stamp CNlmay be included to prevent replay attacks. P2trusts the second home terminal to do this honestly. The pager P2can then verify W and recover the message M using its private key dP2and the senders public key QP1. QP1has been validated by the signature of thehome terminal 104 and therefore communicating between thesecond home terminal 106 and thesecond pager 110 in this manner keeps the certificates off the transmission channel and reduces bandwidth requirements. - An example of the bandwidth requirements for such a method is described as follows. Suppose M consists of t bytes. If the Nyberg-Rueppel protocol is used for signing the message, t+20 bytes are required for SP
1 (M). A further 20 bytes a used to encrypt SP1 (M), therefore W is t+40 bytes in length. Hashing h(W) uses 20 bytes if SHA-1 is used. The nonce CN uses 4 bytes and the identification IDP1 uses 4 bytes. Once again, if Nyberg-Rueppel is We for signing, 20 additional bytes are used. Hence mawill be 48 bytes. Therefore, the transmission between the first pager and the first home terminal uses t+92 bytes. - For the transmission from the first home terminal to the second home terminal, W uses t+40 bytes, Certcauses l bytes, and therefor the bandwidth required is t+l+40 bytes.
- For the transmission from the second home terminal, W uses t+40 bytes, QP
1 uses 20 bytes, IDP1 uses 4 bytes, and CN1uses 4 bytes. Therefore, using Nyberg-Rueppel for signing, the bandwidth used in sending W and Sdp3 (W||QP1 ||IDP1 ) and the nonce CN1is a total of 25+(t+40)+20+4+4=t+93 bytes. - In the above example, the transmission is from pager to pager. However, the protocol may be used from the input devices, for example, a DTMF telephone as illustrated in
FIG. 4 . In this case, the transmission T, would be With and Certca(Qd; IDD) where QDand IDDare the public key and identity of the telephone. - The transmission T2 would be W and certca(Qd; IDD) and the transmission T3 to the pager, after verification of Certcawould be QD, With IDDand CN all signed by the home terminal.
Claims (15)
1) A method of communicating between a pair of correspondents through an intermediary comprising the steps, registering one of said correspondents with said intermediary to share an identifier, preparing at said one correspondent a secure communication including a message between said correspondents,
preparing a signature component including a derivation of said secure communication and said identifier forwarding said signature component to said intermediary and verifying said signature component at said intermediary,
attaching to said communication a certificate of the public key and identity of said one correspondent, and forwarding said communication and certificate to said other correspondent.
2) A method according toclaim 1 wherein said signature component includes a unique to each communication.
3) A method according toclaim 1 wherein said communication includes a message signed by said one correspondent.
4) A method according toclaim 3 wherein said secure communication includes ciphertext encrypted with a public key of the other of said correspondents.
5) A method according toclaim 1 wherein said intermediary recovers said identifier from said signature component and retrieves said certificate based on said identifier.
6) A method according toclaim 1 wherein aid intermediary forwards said communication and certificate to a recipient who utilizes said certificate to determine the public key of said one correspondent.
7) A method according toclaim 6 wherein recipient signs a message including said public key of said one correspondent and forwards said secure communication and said signed message to said other correspondent.
8) A method according toclaim 7 wherein said other correspondent retrieves said public key of said one correspondent from said signed message and extracts said message from said secure transmission.
9) A method according toclaim 1 wherein said registration includes transferring a public key of said intermediary to said one correspondent and transferring said public key of said one correspondent to said intermediary.
10) A method according toclaim 9 wherein said one correspondent includes a public key of a trusted party and said intermediary has a certificate of its public key signed by said trusted party, said one correspondent verifying said public key of said intermediary with said public key of said trusted party.
11) A method according toclaim 10 wherein said public key of said intermediary is used to sign its public key for secure transfer to said intermediary.
12) A method according toclaim 11 wherein said one correspondent forwards authorization information to said intermediary during registration and said intermediary verifies that said one correspondent is not prior registered with a certifying authority.
13) A method according toclaim 12 wherein said authorization information includes an address particular to said one correspondent for identification by said verifying authority.
14) A method according toclaim 11 wherein said identifier is transferred from said intermediary upon verification by said certifying authority.
15) A method according toclaim 14 wherein transfer of said identifier is secured by the public key of said one correspondent and said private key of said intermediary.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US11/483,176US20070150740A1 (en) | 2000-10-05 | 2006-07-10 | Method for providing information security for wireless transmissions |
| US12/848,745US20110010540A1 (en) | 2000-10-05 | 2010-08-02 | Method for Providing Information Security for Wireless Transmissions |
| US13/549,176US9003182B2 (en) | 2000-10-05 | 2012-07-13 | Communication system and method for securely communicating a message between correspondents through an intermediary terminal |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US68050100A | 2000-10-05 | 2000-10-05 | |
| US11/483,176US20070150740A1 (en) | 2000-10-05 | 2006-07-10 | Method for providing information security for wireless transmissions |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US68050100AContinuation | 2000-10-05 | 2000-10-05 |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US12/848,745ContinuationUS20110010540A1 (en) | 2000-10-05 | 2010-08-02 | Method for Providing Information Security for Wireless Transmissions |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| US20070150740A1true US20070150740A1 (en) | 2007-06-28 |
Family
ID=24731380
Family Applications (3)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US11/483,176AbandonedUS20070150740A1 (en) | 2000-10-05 | 2006-07-10 | Method for providing information security for wireless transmissions |
| US12/848,745AbandonedUS20110010540A1 (en) | 2000-10-05 | 2010-08-02 | Method for Providing Information Security for Wireless Transmissions |
| US13/549,176Expired - Fee RelatedUS9003182B2 (en) | 2000-10-05 | 2012-07-13 | Communication system and method for securely communicating a message between correspondents through an intermediary terminal |
Family Applications After (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US12/848,745AbandonedUS20110010540A1 (en) | 2000-10-05 | 2010-08-02 | Method for Providing Information Security for Wireless Transmissions |
| US13/549,176Expired - Fee RelatedUS9003182B2 (en) | 2000-10-05 | 2012-07-13 | Communication system and method for securely communicating a message between correspondents through an intermediary terminal |
Country Status (5)
| Country | Link |
|---|---|
| US (3) | US20070150740A1 (en) |
| EP (2) | EP1325586A2 (en) |
| AU (1) | AU2001293598A1 (en) |
| CA (2) | CA2793746C (en) |
| WO (1) | WO2002030038A2 (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110010540A1 (en)* | 2000-10-05 | 2011-01-13 | Certicom Corp. | Method for Providing Information Security for Wireless Transmissions |
| US8943323B2 (en) | 2006-07-20 | 2015-01-27 | Blackberry Limited | System and method for provisioning device certificates |
| US20150089220A1 (en)* | 2009-10-31 | 2015-03-26 | Dipen Patel | Technique For Bypassing an IP PBX |
| US9641400B2 (en) | 2014-11-21 | 2017-05-02 | Afero, Inc. | Internet of things device for registering user selections |
| US9699814B2 (en) | 2015-07-03 | 2017-07-04 | Afero, Inc. | Apparatus and method for establishing secure communication channels in an internet of things (IoT) system |
| US9704318B2 (en) | 2015-03-30 | 2017-07-11 | Afero, Inc. | System and method for accurately sensing user location in an IoT system |
| US9717012B2 (en) | 2015-06-01 | 2017-07-25 | Afero, Inc. | Internet of things (IOT) automotive device, system, and method |
| US9729528B2 (en) | 2015-07-03 | 2017-08-08 | Afero, Inc. | Apparatus and method for establishing secure communication channels in an internet of things (IOT) system |
| US9793937B2 (en) | 2015-10-30 | 2017-10-17 | Afero, Inc. | Apparatus and method for filtering wireless signals |
| US9832173B2 (en)* | 2014-12-18 | 2017-11-28 | Afero, Inc. | System and method for securely connecting network devices |
| US9894473B2 (en) | 2014-12-18 | 2018-02-13 | Afero, Inc. | System and method for securely connecting network devices using optical labels |
| US10015766B2 (en) | 2015-07-14 | 2018-07-03 | Afero, Inc. | Apparatus and method for securely tracking event attendees using IOT devices |
| US10045150B2 (en) | 2015-03-30 | 2018-08-07 | Afero, Inc. | System and method for accurately sensing user location in an IoT system |
| US10178530B2 (en) | 2015-12-14 | 2019-01-08 | Afero, Inc. | System and method for performing asset and crowd tracking in an IoT system |
| US10291595B2 (en) | 2014-12-18 | 2019-05-14 | Afero, Inc. | System and method for securely connecting network devices |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3374923B1 (en)* | 2015-05-22 | 2021-08-25 | Huawei Device Co., Ltd. | Cryptographic unit for public key infrastructure (pki) operations |
| WO2019214942A1 (en)* | 2018-05-10 | 2019-11-14 | Telecom Italia S.P.A. | Protecting signaling messages in hop-by-hop network communication link |
Citations (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5136647A (en)* | 1990-08-02 | 1992-08-04 | Bell Communications Research, Inc. | Method for secure time-stamping of digital documents |
| US5241599A (en)* | 1991-10-02 | 1993-08-31 | At&T Bell Laboratories | Cryptographic protocol for secure communications |
| US5604801A (en)* | 1995-02-03 | 1997-02-18 | International Business Machines Corporation | Public key data communications system under control of a portable security device |
| US5649118A (en)* | 1993-08-27 | 1997-07-15 | Lucent Technologies Inc. | Smart card with multiple charge accounts and product item tables designating the account to debit |
| US5748735A (en)* | 1994-07-18 | 1998-05-05 | Bell Atlantic Network Services, Inc. | Securing E-mail communications and encrypted file storage using yaksha split private key asymmetric cryptography |
| US5850444A (en)* | 1996-09-09 | 1998-12-15 | Telefonaktienbolaget L/M Ericsson (Publ) | Method and apparatus for encrypting radio traffic in a telecommunications network |
| US5883810A (en)* | 1997-09-24 | 1999-03-16 | Microsoft Corporation | Electronic online commerce card with transactionproxy number for online transactions |
| US5903882A (en)* | 1996-12-13 | 1999-05-11 | Certco, Llc | Reliance server for electronic transaction system |
| US5943426A (en)* | 1995-09-25 | 1999-08-24 | Motorola, Inc. | Method and apparatus for relaying digitally signed messages |
| US6009173A (en)* | 1997-01-31 | 1999-12-28 | Motorola, Inc. | Encryption and decryption method and apparatus |
| US6178507B1 (en)* | 1997-02-03 | 2001-01-23 | Certicom Corp. | Data card verification system |
| US6301660B1 (en)* | 1997-07-31 | 2001-10-09 | Siemens Aktiengesellschaft | Computer system for protecting a file and a method for protecting a file |
| US6370249B1 (en)* | 1997-07-25 | 2002-04-09 | Entrust Technologies, Ltd. | Method and apparatus for public key management |
| US6601171B1 (en)* | 1999-02-18 | 2003-07-29 | Novell, Inc. | Deputization in a distributed computing system |
| US6760752B1 (en)* | 1999-06-28 | 2004-07-06 | Zix Corporation | Secure transmission system |
| US7142676B1 (en)* | 1999-06-08 | 2006-11-28 | Entrust Limited | Method and apparatus for secure communications using third-party key provider |
Family Cites Families (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5870475A (en)* | 1996-01-19 | 1999-02-09 | Northern Telecom Limited | Facilitating secure communications in a distribution network |
| US5878138A (en)* | 1996-02-12 | 1999-03-02 | Microsoft Corporation | System and method for detecting fraudulent expenditure of electronic assets |
| US20010050990A1 (en)* | 1997-02-19 | 2001-12-13 | Frank Wells Sudia | Method for initiating a stream-oriented encrypted communication |
| US6233577B1 (en)* | 1998-02-17 | 2001-05-15 | Phone.Com, Inc. | Centralized certificate management system for two-way interactive communication devices in data networks |
| CA2333361C (en)* | 1998-06-05 | 2007-11-06 | British Telecommunications Public Limited Company | Communications network |
| AU764213B2 (en)* | 1998-07-16 | 2003-08-14 | Telemac Corporation | System and method for managing prepaid wireless service |
| FI115372B (en)* | 1998-09-18 | 2005-04-15 | Nokia Corp | Procedure for identifying a mobile telephone, communication system and mobile telephone |
| KR100718086B1 (en)* | 1999-03-15 | 2007-05-16 | 톰슨 라이센싱 | Access Management Method and Device in Universal Copy Protection System for Digital Home Networks |
| FR2791203A1 (en)* | 1999-03-17 | 2000-09-22 | Schlumberger Systems & Service | DEVICE FOR AUTHENTICATING A MESSAGE DURING A CRYPTOGRAPHIC PROCESSING OPERATION OF SAID MESSAGE |
| GB9906305D0 (en)* | 1999-03-18 | 1999-05-12 | Bolero International Limited | Transaction support system |
| US6973444B1 (en)* | 1999-03-27 | 2005-12-06 | Microsoft Corporation | Method for interdependently validating a digital content package and a corresponding digital license |
| US6629150B1 (en)* | 1999-06-18 | 2003-09-30 | Intel Corporation | Platform and method for creating and using a digital container |
| US6996710B1 (en)* | 2000-03-31 | 2006-02-07 | Intel Corporation | Platform and method for issuing and certifying a hardware-protected attestation key |
| US6732101B1 (en)* | 2000-06-15 | 2004-05-04 | Zix Corporation | Secure message forwarding system detecting user's preferences including security preferences |
| EP1325586A2 (en)* | 2000-10-05 | 2003-07-09 | Certicom Corp. | A method for providing information security for wireless transmissions |
- 2001
- 2001-10-05EPEP01973936Apatent/EP1325586A2/ennot_activeCeased
- 2001-10-05CACA2793746Apatent/CA2793746C/ennot_activeExpired - Lifetime
- 2001-10-05AUAU2001293598Apatent/AU2001293598A1/ennot_activeAbandoned
- 2001-10-05WOPCT/CA2001/001410patent/WO2002030038A2/enactiveApplication Filing
- 2001-10-05CACA2424897Apatent/CA2424897C/ennot_activeExpired - Lifetime
- 2001-10-05EPEP10183477.8Apatent/EP2309670B1/ennot_activeExpired - Lifetime
- 2006
- 2006-07-10USUS11/483,176patent/US20070150740A1/ennot_activeAbandoned
- 2010
- 2010-08-02USUS12/848,745patent/US20110010540A1/ennot_activeAbandoned
- 2012
- 2012-07-13USUS13/549,176patent/US9003182B2/ennot_activeExpired - Fee Related
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5136647A (en)* | 1990-08-02 | 1992-08-04 | Bell Communications Research, Inc. | Method for secure time-stamping of digital documents |
| US5241599A (en)* | 1991-10-02 | 1993-08-31 | At&T Bell Laboratories | Cryptographic protocol for secure communications |
| US5649118A (en)* | 1993-08-27 | 1997-07-15 | Lucent Technologies Inc. | Smart card with multiple charge accounts and product item tables designating the account to debit |
| US5748735A (en)* | 1994-07-18 | 1998-05-05 | Bell Atlantic Network Services, Inc. | Securing E-mail communications and encrypted file storage using yaksha split private key asymmetric cryptography |
| US5604801A (en)* | 1995-02-03 | 1997-02-18 | International Business Machines Corporation | Public key data communications system under control of a portable security device |
| US5943426A (en)* | 1995-09-25 | 1999-08-24 | Motorola, Inc. | Method and apparatus for relaying digitally signed messages |
| US5850444A (en)* | 1996-09-09 | 1998-12-15 | Telefonaktienbolaget L/M Ericsson (Publ) | Method and apparatus for encrypting radio traffic in a telecommunications network |
| US5903882A (en)* | 1996-12-13 | 1999-05-11 | Certco, Llc | Reliance server for electronic transaction system |
| US6009173A (en)* | 1997-01-31 | 1999-12-28 | Motorola, Inc. | Encryption and decryption method and apparatus |
| US6178507B1 (en)* | 1997-02-03 | 2001-01-23 | Certicom Corp. | Data card verification system |
| US6370249B1 (en)* | 1997-07-25 | 2002-04-09 | Entrust Technologies, Ltd. | Method and apparatus for public key management |
| US6301660B1 (en)* | 1997-07-31 | 2001-10-09 | Siemens Aktiengesellschaft | Computer system for protecting a file and a method for protecting a file |
| US5883810A (en)* | 1997-09-24 | 1999-03-16 | Microsoft Corporation | Electronic online commerce card with transactionproxy number for online transactions |
| US6601171B1 (en)* | 1999-02-18 | 2003-07-29 | Novell, Inc. | Deputization in a distributed computing system |
| US6742114B1 (en)* | 1999-02-18 | 2004-05-25 | Novell, Inc. | Deputization in a distributed computing system |
| US7142676B1 (en)* | 1999-06-08 | 2006-11-28 | Entrust Limited | Method and apparatus for secure communications using third-party key provider |
| US6760752B1 (en)* | 1999-06-28 | 2004-07-06 | Zix Corporation | Secure transmission system |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9003182B2 (en) | 2000-10-05 | 2015-04-07 | Certicom Corp. | Communication system and method for securely communicating a message between correspondents through an intermediary terminal |
| US20110010540A1 (en)* | 2000-10-05 | 2011-01-13 | Certicom Corp. | Method for Providing Information Security for Wireless Transmissions |
| US8943323B2 (en) | 2006-07-20 | 2015-01-27 | Blackberry Limited | System and method for provisioning device certificates |
| US20150089220A1 (en)* | 2009-10-31 | 2015-03-26 | Dipen Patel | Technique For Bypassing an IP PBX |
| US9641400B2 (en) | 2014-11-21 | 2017-05-02 | Afero, Inc. | Internet of things device for registering user selections |
| US10291595B2 (en) | 2014-12-18 | 2019-05-14 | Afero, Inc. | System and method for securely connecting network devices |
| US9832173B2 (en)* | 2014-12-18 | 2017-11-28 | Afero, Inc. | System and method for securely connecting network devices |
| US9894473B2 (en) | 2014-12-18 | 2018-02-13 | Afero, Inc. | System and method for securely connecting network devices using optical labels |
| US10045150B2 (en) | 2015-03-30 | 2018-08-07 | Afero, Inc. | System and method for accurately sensing user location in an IoT system |
| US10798523B2 (en) | 2015-03-30 | 2020-10-06 | Afero, Inc. | System and method for accurately sensing user location in an IoT system |
| US9704318B2 (en) | 2015-03-30 | 2017-07-11 | Afero, Inc. | System and method for accurately sensing user location in an IoT system |
| US9717012B2 (en) | 2015-06-01 | 2017-07-25 | Afero, Inc. | Internet of things (IOT) automotive device, system, and method |
| US9729528B2 (en) | 2015-07-03 | 2017-08-08 | Afero, Inc. | Apparatus and method for establishing secure communication channels in an internet of things (IOT) system |
| US10375044B2 (en) | 2015-07-03 | 2019-08-06 | Afero, Inc. | Apparatus and method for establishing secure communication channels in an internet of things (IoT) system |
| US9699814B2 (en) | 2015-07-03 | 2017-07-04 | Afero, Inc. | Apparatus and method for establishing secure communication channels in an internet of things (IoT) system |
| US10015766B2 (en) | 2015-07-14 | 2018-07-03 | Afero, Inc. | Apparatus and method for securely tracking event attendees using IOT devices |
| US9793937B2 (en) | 2015-10-30 | 2017-10-17 | Afero, Inc. | Apparatus and method for filtering wireless signals |
| US10178530B2 (en) | 2015-12-14 | 2019-01-08 | Afero, Inc. | System and method for performing asset and crowd tracking in an IoT system |
Also Published As
| Publication number | Publication date |
|---|---|
| US20110010540A1 (en) | 2011-01-13 |
| EP2309670A2 (en) | 2011-04-13 |
| EP2309670A3 (en) | 2011-11-23 |
| AU2001293598A1 (en) | 2002-04-15 |
| WO2002030038A2 (en) | 2002-04-11 |
| CA2424897C (en) | 2015-08-04 |
| US9003182B2 (en) | 2015-04-07 |
| US20120284509A1 (en) | 2012-11-08 |
| CA2793746A1 (en) | 2002-04-11 |
| WO2002030038A3 (en) | 2002-12-12 |
| EP2309670B1 (en) | 2013-05-01 |
| CA2793746C (en) | 2016-09-20 |
| HK1155869A1 (en) | 2012-05-25 |
| EP1325586A2 (en) | 2003-07-09 |
| CA2424897A1 (en) | 2002-04-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9003182B2 (en) | Communication system and method for securely communicating a message between correspondents through an intermediary terminal | |
| Horn et al. | Authentication protocols for mobile network environment value-added services | |
| US6487661B2 (en) | Key agreement and transport protocol | |
| US20030210789A1 (en) | Data transmission links | |
| US7352866B2 (en) | Enhanced subscriber authentication protocol | |
| US20070083766A1 (en) | Data transmission links | |
| JP2005515701A6 (en) | Data transmission link | |
| EP1496644A2 (en) | Method for signature and session key generation | |
| US20050182936A1 (en) | Key agreement and transport protocol with implicit signatures | |
| EP0979496A2 (en) | Two way authentication protocol | |
| US20040250073A1 (en) | Protocol for hybrid authenticated key establishment | |
| US20030044019A1 (en) | Key agreement and transport protocol | |
| JP4307589B2 (en) | Authentication protocol | |
| Lee et al. | AKA protocols for mobile communications | |
| Mohammed et al. | Elliptic curve cryptosystems on smart cards | |
| HK1155869B (en) | Method for providing information security for wireless transmissions | |
| Yeun et al. | Secure software download for programmable mobile user equipment | |
| Tso et al. | ID-based key agreement for dynamic peer groups in mobile computing environments | |
| Kim et al. | New key recovery in WAKE protocol | |
| Yang et al. | A new mutual authentication and key exchange protocol with balanced computational power for wireless settings | |
| Das et al. | SPAM: secure protocol for authentication in mobile-communications | |
| Lee et al. | Temporary mobile user certificate for mobile information services in UMTS | |
| KR20030061512A (en) | Data security system and method therefor | |
| Kohandani | ECE720 Project | |
| unther Horn et al. | Authentication and Payment in Future Mobile Systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AS | Assignment | Owner name:MOTOROLA INC., FLORIDA Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:DAVIS, WALTER LEE;REEL/FRAME:018115/0419 Effective date:20040205 Owner name:CERTICOM CORP., CANADA Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:VANSTONE, SCOTT ALEXANDER;REEL/FRAME:018115/0415 Effective date:20010814 Owner name:MOTOROLA INC., FLORIDA Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:AYERST, DOUGLAS L;REEL/FRAME:018115/0429 Effective date:20030206 | |
| STCB | Information on status: application discontinuation | Free format text:ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION | |
| AS | Assignment | Owner name:BLACKBERRY LIMITED, ONTARIO Free format text:CHANGE OF NAME;ASSIGNOR:RESEARCH IN MOTION LIMITED;REEL/FRAME:034012/0007 Effective date:20130709 | |
| AS | Assignment | Owner name:MALIKIE INNOVATIONS LIMITED, IRELAND Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BLACKBERRY LIMITED;REEL/FRAME:064104/0103 Effective date:20230511 |