USRE45087E1 - Certificate management and transfer system and method - Google Patents

Abstract

A method and system for Certificate management and transfer between messaging clients are disclosed. When communications are established between a first messaging client and a second messaging client, one or more Certificates stored on the first messaging client may be selected and transferred to the second messaging client. Messaging clients may thereby share Certificates. Certificate management functions such as Certificate deletions, Certificate updates and Certificate status checks may also be provided.

Description

PRIORITY CLAIMS AND CROSS-REFERENCES TO RELATED APPLICATIONS

This application is a reissue application of U.S. Pat. No. 8,015,400, which issued Sep. 6, 2011 from U.S. patent application Ser. No. 12/480,841, filed Jun. 9, 2009, which is a continuation of U.S. patent application Ser. No. 10/480,615, filed on Dec. 11, 2003, now U.S. Pat. No. 7,546,453, and entitled “Certificate Management and Transfer System and Method.” The complete disclosure of this application, including drawings, is hereby incorporated into this application now issued as U.S. Pat. No. 7,546,453 on Jun. 9, 2009, which is the National Stage of International Application No. PCT/CA02/00868, filed Jun. 12, 2002, which claims the benefit of U.S. provisional application Ser. No. 60/297,681, filed Jun. 12, 2001, and of U.S. provisional application Ser. No. 60/365,533, filed Mar. 20, 2002. The entire contents of U.S. patent application Ser. No. 12/480,841, U.S. patent application Ser. No. 10/480,615, U.S. provisional application Ser. No. 60/297,681 and U.S. provisional application Ser. No. 60/365,533 are incorporated herein by reference.

This application claims priority from U.S. Provisional Applications Ser. No. 60/297,681, filed on Jun. 12, 2001, and Ser. No. 60/365,533, filed on Mar. 20, 2002. The complete disclosure of each of these provisional applications, including drawings, is hereby incorporated into this application by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates generally to the field of secure electronic messaging and in particular to management and transfer of Certificates between secure messaging clients.

2. Description of the State of the Art

Most known secure messaging clients, including for example e-mail software applications operating on desktop computer systems, maintain a data store, or at least a dedicated data storage area, for secure messaging information such as Certificates (“Certs”). A Cert normally includes the public key of an entity as well as identity information that is bound to the public key with one or more digital signatures. In Secure Multipurpose Internet Mail Extension (S/MIME) messaging, for example, a public key is used to verify a digital signature on a received secure message and to encrypt a session key that was used to encrypt a message to be sent. In other secure messaging schemes, public keys may be used to encrypt data or messages. If a public key is not available at the messaging client when required for encryption or digital signature verification, then the Cert must be loaded onto the messaging client before these operations can be performed. Normally, each messaging client establishes communications with a Cert source to obtain any required Certs and manages its own Certs and private keys independently of other messaging clients. However, when a user has more than one messaging client, operating on a desktop or laptop personal computer (PC) and a wireless mobile communication device, for example, then Certs must typically be loaded onto each messaging client from the Cert source.

Therefore, there remains a need for a messaging client with a Cert management and transfer mechanism that simplifies Cert management and loading.

There remains a related need for a Cert management and loading system and method.

SUMMARY

A method of Cert management and transfer between a first messaging client and a second messaging client is provided. The method may include the steps of establishing communications between the first messaging client and the second messaging client, selecting one or more Certs stored on the first messaging client for transfer to the second messaging client, and transferring the selected Certs from the first messaging client to the second messaging client.

A system for Cert management and transfer between a first messaging client and a second messaging client is also provided. The system may comprise, at the first messaging client, a first memory comprising a first Cert store configured to store Certs, a first Cert synchronization (sync) system configured to access the first Cert store, and a first communications interface. At the second messaging client, the system may include a second memory comprising a second Cert store configured to store Certs, a second Cert sync system configured to access the second Cert store, and a second communications interface compatible with the first communications interface. The first Cert sync system is may also be configured to transfer Certs stored in the first Cert store from the first messaging client to the second messaging client when a communications link is established between the first messaging client and the second messaging client via the first communications interface and the second communications interface.

A further system, for transferring Certs between a computer system and a wireless mobile communication device, is also provided. The system may include a serial port associated with the computer system, a mobile device cradle connected to the serial port, the mobile device cradle having an interface, and a mobile device interface associated with the wireless mobile communication device and compatible with the interface of the mobile device cradle. Certs stored at the computer system may be transferred to the wireless mobile communication device when a communications link is established between the computer system and the wireless mobile communication device by placing the wireless mobile communication device in the mobile device cradle.

A wireless mobile communication device is also provided, and may comprise a wireless transceiver, a messaging system coupled to the wireless transceiver, a communications interface, a Cert store configured to store Certs, and a Cert sync system coupled to the Cert store and the communications interface. The messaging system may be configured to store Certs received via the wireless transceiver to the Cert store, and the Cert sync system is configured to store Certs received via the communications interface to the Cert store.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of an exemplary messaging system.

FIG. 2 is a block diagram illustrating a secure e-mail message exchange in a messaging system.

FIG. 3 is a block diagram of a wireless mobile communication device and an associated computer system implementing a Cert management and transfer system.

FIG. 4 is a flow diagram illustrating a method of Cert management and transfer between messaging clients.

FIG. 5 is a block diagram of a wireless mobile communication device as an example of a messaging client in which systems and methods according to aspects of the present invention may be implemented.

FIG. 6 is a block diagram showing an example communication system.

FIG. 7 is a block diagram of an alternative example communication system.

FIG. 8 is a block diagram of another alternative communication system.

DETAILED DESCRIPTION

A secure message is a message that has been processed by a message sender, or possibly an intermediate system between a message sender and a message receiver, to ensure one or more of data confidentiality, data integrity and user authentication. Common techniques for secure messaging include signing a message with a digital signature and/or encrypting a message. For example, a secure message may be a message that has been signed, encrypted, encrypted and then signed, or signed and then encrypted by a message sender, according to variants of Secure Multipurpose Internet Mail Extensions (S/MIME).

A messaging client allows a system on which it operates to receive and possibly also send messages. Messaging clients may operate on a computer system, a handheld device, or any other system or device with communications capabilities. Many messaging clients also have additional non-messaging functions.

FIG. 1 is a block diagram of an exemplary messaging system. Thesystem10 includes a Wide Area Network (WAN)12, coupled to acomputer system14, awireless network gateway16 and a corporate Local Area Network (LAN)18. Thewireless network gateway16 is also connected to awireless communication network20 in which a wireless mobile communication device22 (“mobile device”), is configured to operate.

Thecomputer system14 may be a desktop or laptop PC, which is configured to communicate to theWAN12, the Internet for example. PCs, such ascomputer system14, normally access the Internet through an Internet Service Provider (ISP), Application Service Provider (ASP) or the like.

Thecorporate LAN18 is an example of a network-based messaging client. It is normally located behind asecurity firewall24. Within thecorporate LAN30, amessage server26, operating on a computer behind thefirewall24, acts as the primary interface for the corporation to exchange messages both within theLAN18, and with other external messaging clients via theWAN12. Twoknown message servers26 include, for example, Microsoft™Exchange Server and Lotus Domino™. These servers are often used in conjunction with Internet mail routers that typically use UNIX-based Sendmail protocols to route and deliver mail. Themessage server26 may also provide additional functionality, such as dynamic database storage for data like calendars, todo lists, task lists, e-mail and documentation.

Themessage server26 provides messaging capabilities tonetworked computer systems28 coupled to theLAN18. Atypical LAN18 includesmultiple computer systems28, each of which implements a messaging client, such as Microsoft Outlook™, Lotus Notes™, etc. Within theLAN18, messages are received by themessage server26, distributed to the appropriate mailboxes for user accounts addressed in the received message, and are then accessed by a user through a messaging client operating on acomputer system28.

Thewireless gateway16 provides an interface to awireless network20, through which messages may be exchanged with amobile device22. Themobile device22 may for example be a data communication device, a voice communication device, a dual-mode communication device such as most modem cellular telephones having both data and voice communications functionality, a personal digital assistant (PDA) enabled for wireless communications, or a laptop or desktop computer system with a wireless modem.

Such functions as addressing of themobile device22, encoding or otherwise transforming messages for wireless transmission, and any other required interface functions may be performed by thewireless gateway16. Thewireless gateway16 may be configured to operate with more than onewireless network20, in which case thewireless gateway16 may also determine a most likely network for locating a given mobile device user and possibly track users as they roam between countries or networks.

Any computer system with access to theWAN12 may exchange messages with themobile device22 through thewireless network gateway16. Alternatively, private wireless network gateways such as wireless Virtual Private Network (VPN) routers could also be implemented to provide a private interface to a wireless network. For example, a wireless VPN implemented in theLAN18 may provide a private interface from theLAN18 to one or more wirelessmobile communication devices22 through thewireless network20. Such a private interface to wirelessmobile communication devices22 via thewireless network gateway16 and/or thewireless network20 may also effectively be extended to entities outside theLAN18 by providing a message forwarding or redirection system that operates with themessage server26. Such a message redirection system is disclosed in U.S. Pat. No. 6,219,694, which is hereby incorporated into this application by reference. In this type of system, incoming messages received by themessage server26 and addressed to a user of amobile device22 are sent through the wireless network interface, either a wireless VPN router,wireless gateway16 or other interface for example, to thewireless network20 and to the user'smobile device22. Another alternate interface to a user's mailbox on amessage server26 may be a Wireless Application Protocol (WAP) gateway. Through a WAP gateway, a list of messages in a user's mailbox on themessage server26, and possibly each message or a portion of each message, may be sent to themobile device22. Several example communication systems are described in further detail below.

Awireless network20 normally delivers messages to and frommobile devices22 via RF transmissions between base stations andmobile devices22. Thewireless network20 may for example be: (1) a data-centric wireless network, (2) a voice-centric wireless network, or (3) a dual-mode network that can support both voice and data communications over the same infrastructure. Recently developed networks include: (1) the Code Division Multiple Access (CDMA) network, (2) the Groupe Special Mobile or the Global System for Mobile Communications (GSM) and the General Packet Radio Service (GPRS), both developed by the standards committee of CEPT, and (3) third-generation (3G) networks like Enhanced Data rates for Global Evolution (EDGE) and Universal Mobile Telecommunications Systems (UMTS), which are currently under development.

GPRS is a data overlay on top of the existing GSM wireless network, which is used operating in virtually every country in Europe. Some older examples of data-centric network include, but are not limited to: (1) the Mobitex™ Radio Network (“Mobitex”), and (2) the DataTAC™Radio Network (“DataTAC”). Examples of known voice-centric data networks include Personal Communication Systems (PCS) networks like CDMA, GSM, and Time Division Multiple Access (TDMA) systems that have been available in North America and world-wide for several years.

Themobile device22 may be a data communication device, a voice communication device, or a multiple-mode device capable of voice, data and other types of communications. An exemplarymobile device22 is described in further detail below.

Perhaps the most common type of messaging currently in use is e-mail. In a standard e-mail system, an e-mail message is sent by an e-mail sender, possibly through a message server and/or a service provider system, and typically routed through the Internet to one or more message receivers. E-mail messages are normally sent in the clear and use traditional Simple Mail Transfer Protocol (SMTP), RFC822 headers and MIME body parts to define the format of the e-mail message.

In recent years, secure messaging techniques have evolved to protect both the content and integrity of messages such as e-mail messages. S/MIME and Pretty Good Privacy™ (PGP™) are two public key secure e-mail messaging protocols that provide for both encryption, to protect data content, and signing, which both protects the integrity of a message and provides for sender authentication by a message receiver. Secure messages may also be encoded, compressed or otherwise processed in addition to being encrypted and/or signed.

FIG. 2 is a block diagram illustrating a secure e-mail message exchange in a messaging system. The system includes ane-mail sender30, coupled to aWAN32 and awireless gateway34, which provides an interface between theWAN32 and awireless network36. Amobile device38 is adapted to operate within thewireless network36. Also shown inFIG. 2 is acomputer system31 associated with amobile device38 or a user of themobile device38 as described in further detail below. Thecomputer system31 has acommunication link33 to an interface orconnector35 through which information may be exchanged with themobile device38, as indicated by the dashedline39.

Thee-mail sender30 may be a PC, such as thesystem14 inFIG. 1, or it may be a network-connected computer, such ascomputer system28. Thee-mail sender30 may also be a mobile device on which e-mail messages may be composed and sent. TheWAN32,wireless gateway34,wireless network36 andmobile device38 are substantially the same as similarly labelled components inFIG. 1.

According to secure messaging schemes such as S/MIME and PGP, a message is encrypted using a one-time session key chosen by thee-mail sender30. The session key is used to encrypt the message body and is then itself encrypted using the public key of each addressed message receiver to which the message is to be sent. As shown at40, a message encrypted in this way includes an encrypted message body44 and an encrypted session key46. In this type of message encryption scheme, a message sender such ase-mail sender30 must have access to the public key of each entity to which an encrypted message is to be sent.

A securee-mail message sender30 typically signs a message by taking a digest of the message and signing the digest using the sender's private key. A digest may for example be generated by performing a check-sum, Cyclic Redundancy Check (CRC) or some other preferably non-reversible operation such as a hash on the message. This digest is then signed by the sender using the sender's private key. The private key may be used to perform an encryption or other transformation operation on the digest to generate the digest signature. A digital signature including the digest and the digest signature is then appended to the outgoing message. In addition, a Cert of the sender, which includes the sender's public key and sender identity information that is bound to the public key with one or more digital signatures, and possibly any chained Certs and Certificate Revocation Lists (CRLs) associated with the sender's Cert and any chained Certs may also be attached to a secure message.

Thesecure e-mail message40 sent by thee-mail sender30 may include thedigital signature42, as well as the encrypted message body44 and the encrypted session key46, both of which are signed. The sender's Cert, any chained Certs and one or more CRLs may also be included in themessage40. In the S/MIME secure messaging technique, Certs, CRLs and digital signatures are normally placed at the beginning of a message, and the message body is included in a file attachment.

Messages generated by other secure messaging schemes may place message components in a different order than shown or include additional and/or different components. For example, asecure message40 may include addressing information, such as “To:” and “From:” email addresses, and other header information.

When thesecure e-mail message40 is sent from thee-mail sender30, it is routed through theWAN32 to thecomputer system31, which in most cases will be either a PC associated with an e-mail address for user A or a network-connected computer workstation which accesses a mailbox on a messaging server. Thecomputer system31 repackages thesecure message40 into an electronic envelope and forwards the repackaged message to thewireless gateway34. The repackaged message is then sent through thewireless network36 to themobile device38. At themobile device38, the electronic envelope is then removed from the repackaged message to recover the originalsecure message40, which may then be processed on themobile device38. This message repackaging may involve such operations as compression, encryption and encoding, and will typically be performed by a software module or application operating at thecomputer system31. Where thecomputer system31 accesses received e-mail on a messaging server however, the repackaging operations may be performed at the messaging server or possibly another system operating in conjunction with the messaging server. At themobile device38, inverse operations are similarly performed by an unpackaging system or software module.

Although thecomputer system31 is shown as receiving thesecure message40, repackaging the message and then sending the repackaged message to themobile device38 in the illustrative example system ofFIG. 2, other implementations are also possible. For example, themobile device38 may be addressable directly, in which case themessage40 is routed to thewireless gateway34 instead of to thecomputer system31. Thewireless gateway34 then performs any required address translation, encoding or similar functions, if any, and sends the message through thewireless network36 to themobile device38.

In addition, the message may be routed or forwarded to themobile device38 through other transport mechanisms than thewireless gateway34. For example, routing to thewireless network36 may be accomplished using a wireless VPN router associated with thee-mail sender30, or, in the case of a message being received at acomputer system31 and then forwarded to themobile device38, with thecomputer system31.

Each receiver of a signed message, both thecomputer system31 andmobile device38 inFIG. 2, may verify thedigital signature42 by generating a digest of the message body44 and encrypted session key46, extracting the digest from thedigital signature42, comparing the generated digest with the digest extracted from thedigital signature42, and verifying the digest signature in thedigital signature42. The digest algorithm used by a secure message receiver is the same as the algorithm used by the message sender, and may be specified for example in a message header or possibly in thedigital signature42. One commonly used digest algorithm is the so-called Secure Hashing Algorithm 1 (SHA1), although other digest algorithms such as Message-Digest Algorithm 5 (MD5) may also be used.

In order to verify the digestsignature42, a message receiver must retrieve the sender's public key and verify the signature on the digest in thedigital signature42 by performing a reverse transformation on the digest signature. For example, if the message sender generated the digest signature by encrypting the digest using its private key, then a receiver would use the sender's public key to decrypt the digest signature to recover the original digest. If a secure message includes the sender's Cert, then the sender's public key may be extracted from the Cert. The sender's public key may instead be retrieved from a local store, for example where the public key was extracted from an earlier message from the sender and stored in a key store in the receiver's local store. Alternatively, the public key may be retrieved from the sender's Cert if it is stored in the local store, or from a Public Key Server (PKS). A PKS is a server that is normally associated with a Certificate Authority (CA) from which a Cert for an entity, including the entity's public key, is available. A PKS might reside within a corporate LAN such as18 (FIG. 1), or anywhere on theWAN32, Internet or other network or system through which message receivers may establish communications with the PKS. A sender's Cert may be loaded onto amobile device38 from an associatedcomputer system31, as described in further detail below.

A digest algorithm is preferably a non-reversible function that produces a unique output for every unique input. Therefore, if an original message is changed or corrupted, then the digest generated by the receiver will be different from the digest extracted from the digital signature, and signature verification therefore fails. Because digest algorithms are publicly known, however, it is possible that an entity may alter a secure message, generate a new digest of the altered message, and forward the altered message to any addressed message receivers. In this case, the digest generated at the receiver on the basis of the altered message will match the new digest that was added by the entity that altered the message. The digest signature check is intended to prevent verification of a digital signature in such a situation. Even though the generated and new digests will match, since a sender signs the original digest using its own private key, the entity that altered the message cannot generate a new digest signature that can be verified with the sender's private key. Therefore, although the digests in the altered message match, the digital signature will not be verified since the digest signature verification will fail.

These mathematical operations do not prevent anyone from seeing the contents of the secure message, but do ensure the message has not been tampered with since it was signed by the sender, and that the message was signed by the person as indicated on the ‘From’ field of the message.

When thedigital signature42 has been verified, or sometimes even if digital signature verification fails, the encrypted message body44 must then be decrypted before it can be displayed or further processed by a receiving messaging client, thecomputer system31 and themobile device38 inFIG. 2. A message receiver uses its private key to decrypt the encrypted session key46 and then uses the decrypted session key to decrypt the encrypted message body44 and thereby recover the original message.

An encrypted message that is addressed to more than one receiver would include an encrypted version of the session key for each receiver that was encrypted using the public key of the receiver. Each receiver would perform the same digital signature verification operations, but would decrypt a different one of the encrypted session keys using its own private key.

Therefore, in a secure messaging system, a sending messaging client must have access the public key of any receiver to which an encrypted message is to be sent. A receiving messaging client must be able to retrieve the sender's public key, which may be available to a messaging client through various mechanisms, in order to verify a digital signature in a signed message. Although themobile device38 is a receiver of thesecure message40, themobile device38 may be enabled for two-way communications, and may therefore require public keys for both message sending and message receiving operations.

Public keys are commonly provided in Certs. As described above, a Cert for any particular entity typically includes the entity's public key and identification information that is bound to the public key with a digital signature. Several types of Cert currently in widespread use, including for example X.509 Certs which are typically used in S/MIME. PGP uses Certs with a slightly different format. Systems and methods according to aspects of the present invention may be used with any of these types of Cert, as well as other types of Cert, both currently known types as well as others that may be developed. The digital signature in a Cert is generated by the issuer of the Cert, and can be checked by a message receiver substantially as described above. A Cert sometimes includes an expiry time or validity period from which a messaging client may determine if the Cert has expired. Verification of the validity of a Cert may also involve tracing a certification path through a Cert chain, which includes a user's Cert as well as possibly other Certs to verify that the user's Cert is authentic. A Cert may also be checked against a CRL to ensure that the Cert has not been revoked.

If the digital signature in a Cert for a particular entity is valid, the Cert has not expired or been revoked and the issuer of either the Cert or a chained Cert is trusted, then the public key in the Cert is assumed to be the public key of the entity for which the Cert was issued, also referred to as the subject of the Cert.

Certs may be available to a messaging client from several sources. When a Cert is attached to a received message, the Cert can be extracted from the message and stored by the messaging client. Otherwise, Certs can be requested and downloaded from a PKS on a LAN, the Internet or other network with which a requestor may establish communications. Alternatively, according to an aspect of the present invention, a messaging client may load Certs from other sources than a PKS. Many modem mobile devices are configured for connection to a PC. By connecting such a devices to a PC to download Certs via a physical connection such as a serial port or USB port, over-the-air transfer of Certs may be reduced. If such a physical connection is used to load Certs for entities to which a user expects to send encrypted messages, then these Certs need not be downloaded when encrypted messages are to be sent to any of these entities. A user may similarly load Certs for any entities from which signed messages are expected to be received, such that digital signatures may be verified even if one of these entities does not append its Cert to a signed message.

In known systems, any Cert must be requested from a Cert source and stored on each messaging client. Certs are not normally shared between messaging clients, even when the messaging clients are associated with the same user. In the system ofFIG. 2 for example, if user A requires a Cert for another entity, user B, on both thecomputer system31 and themobile device38, then user B's Cert must be requested and loaded twice—once for thecomputer system31 and again for themobile device38. Using a Cert management and transfer system, however, user B's Cert need be requested and loaded on only one of thecomputer system31 and themobile device38.

FIG. 3 is a block diagram of a mobile device and an associated computer system implementing a Cert management and transfer system. InFIG. 3, only the components directly involved in Cert management and transfer operations are shown. It should be apparent to those skilled in the art that a mobile device and computer system will typically include further components. Thecomputer system31 and amobile device38 are illustrative examples of a first messaging client and a second messaging between which Certs may be transferred. The first and second messaging clients could also possibly be two mobile devices or two computer systems.

As shown inFIG. 3, amobile device38 incorporating a Cert management and transfer system comprises amemory52, amessaging system60, a Cert synchronization (sync)system62, a user interface (UI)64, awireless transceiver66, and an interface orconnector68. Thememory52 preferably includes a storage area for aCert store54, as well as possibly other data stores such as anaddress book56 in which messaging contact information is stored, and an applicationdata storage area58 which stores data associated with software applications on themobile device38.Data stores56 and58 are illustrative examples of stores that may be implemented in amemory52 onmobile device38. Thememory52 may also be used by other device systems in addition to those shown inFIG. 3 to store other types of data.

Thememory52 is a writeable store such as a RAM into which other device components may write data. TheCert store54 is a storage area dedicated to storage of Certs on themobile device38. Certs may be stored in theCert store54 in the format in which they are received, or may alternatively be parsed or otherwise translated into a storage format before being written to thestore54.

Themessaging system60 is connected to thewireless transceiver66 and is thus enabled for communications via a wireless network. TheCert sync system62 is connected to the interface/connector68 to allow communication with thecomputer system31, through the cooperating interface/connector35 andconnections39 and33.

TheUI64 may include such UI components as a keyboard or keypad, a display, or other components which may accept inputs from or provide outputs to a user of themobile device38. Although shown as a single block inFIG. 3, it should be apparent that amobile device38 typically includes more than one UI, and theUI64 is therefore intended to represent one or more user interfaces.

Thecomputer system31 includes aphysical connection33 through which Certs may be transferred to themobile device38 via the interface orconnector35. Although shown inFIG. 3 as an external component, the interface/connector35 may alternatively be internal to thecomputer system31. Like themobile device38, thecomputer system31 includes aCert sync system70, which in most implementations will be a software application. TheCert sync system70 interfaces with aUI71, which may include one or more input and output components, theconnection33 and theCert store72. TheCert store72 could possibly be any computer storage medium, including for example a local hard disk drive or other memory unit. Certs, which are public information, could also be shared between computer systems within a network for example, such that thestore72 is external but accessible to thecomputer system31, for example on a network file server. Themessaging system70 is connected to both theCert store72 and thecommunications subsystem76.

A messaging client implementing a Cert management and transfer system may still preferably retrieve Certs in a conventional manner. This is represented inFIG. 3 by the connections between themessaging systems60,74, Cert stores54,72 and a communication system, either thewireless transceiver66 orcommunications subsystem76. Therefore, when themessaging system60 on themobile device38 requires a public key for a sender of a received message or an addressee of a message to be sent, a Cert may be requested and received, from a PKS for example, through thewireless transceiver66. When a Cert is appended to a received message, themessaging system60 may extract the Cert from the message and store the Cert to theCert store54. Thecomputer system31 may perform similar operations to obtain any required Certs.

A user of a Cert storage and transfer system as shown inFIG. 3 can also preferably select and transfer Certs to amobile device38 from thecomputer system31, or from themobile device38 to thecomputer system31, via a communication link established between the interfaces orconnectors68 and35. The interfaces orconnectors68 and35 could be any of a plurality of compatible data transfer components, including for example optical data transfer interfaces such as Infrared Data Association (IrDA) ports, other short-range wireless communications interfaces, or wired interfaces such serial or Universal Serial Bus (USB) and connections. Known short-range wireless communications interfaces include, for example, “Bluetooth” modules and 802.11 modules according to the Bluetooth or 802.11 specifications, respectively. It will be apparent to those skilled in the art that Bluetooth and 802.11 denote sets of specifications, available from the Institute of Electrical and Electronics Engineers (IEEE), relating to wireless LANs and wireless personal area networks, respectively.

Since communications between thecomputer system31 and themobile device38 need not necessarily be via a physical connection, references to connecting a mobile device to an associated computer includes establishing communications between a computer system and a mobile device through either physical connections or wireless transfer schemes. Thus, themobile device38 could be connected to thecomputer system31 by placing themobile device38 in a mobile device cradle connected to a serial port on thecomputer system31, by positioning themobile device38 such that an optical port thereof is in a line of sight of a similar port of thecomputer system31, or by physically connecting or arranging themobile device38 andcomputer system31 in some other manner so that data may be exchanged. The particular operations involved in establishing communications between a mobile device and a computer system will be dependent upon the types of Interfaces and/or connectors.

Referring again toFIG. 3, when themobile device38 is connected to thecomputer system31, theCert sync system70 is preferably automatically started. Other operations may also be automatically executed when themobile device38 is connected to thecomputer system31, preferably in accordance with user-specified settings established at thecomputer system31, themobile device38, or both.

TheCert sync system70 may access theCert store72 to determine which Certs are stored therein. TheCert sync system70 then preferably generates a list of stored Certs on aUI71, preferably a display screen, on thecomputer system31. Certs could be listed for example in the order in which they are stored in theCert store72, in order of frequency of use, in alphabetical order of the name of the entity for which the Cert was issued (i.e. the subject name) or any other default or user-configured order. In this list, Certs are preferably identified by subject name, or if contact information for the subject of a Cert is stored in an address book or similar contact information store on thecomputer system31, a Cert could alternatively be identified using a portion of the contact information such as a familiar name for example.

A user may then choose which of the Certs stored on thecomputer system31 should be transferred to themobile device38, using a mouse, keyboard or other input device that may be implemented as aUI71 associated with thecomputer system31. The selected Certs are then transferred to themobile device38 via the connections and interfaces33,35,39,68. A Cert transfer operation may for example be an add operation, to add selected Certs to theCert store54 on themobile device38, an update operation, for example to replace an expired Cert in theCert store54 on themobile device38 with a selected Cert or to replace a less frequently used Cert with one that is or is expected to be more frequently used, or a replace all operation, in which all Certs in the Cert store on themobile device38 are deleted and the selected Certs are stored to theCert store54. Other types of Cert transfers are also possible and may be selectable or configurable using theCert sync system70, theCert sync system62, or both.

On themobile device38, Certs are received by theCert sync system62 and processed according to the type of transfer operation selected by the user to store transferred Certs to theCert store54. Transferred Certs may be added to the store in addition to (add operation) or instead of (update operation) Certs already stored in theCert store54 or after the Certs in theCert store54 have been deleted (replace all operation). When Certs are transferred to amobile device38 in this manner, a message sender or an intermediate system through which messages are sent to themobile device38 need not send Certs along with secure messages to themobile device38. An intermediate system, if present, may also strip Certs and possibly other relatively bulky information from a received secure message before it is sent to themobile device38 if the Certs have already been transferred to themobile device38.

Sincememory52 on amobile device38 tends to be limited, data stores such as theCert store54 may have sufficient space to store only a certain number of Certs. When theCert store54 is full, no new Certs can be transferred from thecomputer system31 to theCert store54 unless one or more existing Certs in theCert store54 are overwritten or deleted.Cert store54 overflow could be handled by either the mobile deviceCert sync system62, the computer systemCert sync system70, or both. For example, theCert sync system62 in themobile device38 may be configured to implement a least recently used (LRU) replacement policy in theCert store54, whereby a least recently used Cert will automatically be overwritten if a new Cert is to be loaded into themobile device38 when theCert store54 is full. Alternatively, theCert sync system62 may be configured to alert theCert sync system70 if theCert store54 is or becomes full while themobile device38 andcomputer system31 are connected. An alert could also or instead be returned to theCert sync system70 when a user attempts to add a Cert to afull Cert store54. In this case, the user could then be prompted via aUI71 to choose whether or not a Cert in theCert store54 should be replaced with the Cert to be added and if so, possibly to select a Cert that should be replaced. Such a scheme may also allow a user to abort an add operation when aCert store54 is full.

TheCert sync system70 on thecomputer system31 may also check each Cert in theCert store72 to ensure that only valid Certs are transferred to themobile device38. This may involve checking one or more CRLs, an expiry time or validity period, and possibly submitting a status inquiry to an external system (not shown) for each Cert. Any Certs that have expired or are no longer valid may be deleted from theCert store72 and are preferably not included in the Cert list generated by theCert sync system70. Detection of an expired or invalid Cert in theCert store72 may also trigger either a request for a new Cert for the entity identified in the subject name or like field of the expired or invalid Cert, or a user prompt to select a further action, such as request a new Cert or simply delete the expired or invalid Cert without requesting a new one.

If themessaging system74 or another component in thecomputer system31 periodically checks the status of all stored Certs, then a status check by theCert sync system70 might not be necessary every time that the mobile device is connected to thecomputer system31. In either case, a user can be assured that Certs transferred from thecomputer system31 to themobile device38 are valid at the time of transfer. However, due primarily to the size of CRLs, processing loads associated with Cert status checking and network latency when Cert status information must be requested from an external source, Cert status checking on amobile device38 tends to be problematic and therefore is not commonly performed. Although valid at the time of transfer, Certs in theCert store54 that expire, are revoked or become invalid after the time of transfer might not always be detected on amobile device38.

Cert management systems and methods may alleviate this problem of expired, revoked or invalid Certs in theCert store54 of themobile device38. TheCert sync systems62 and70 can exchange Cert information between themobile device38 andcomputer system31. TheCert sync system62, similar to theCert sync system70 as described above, is preferably configured to access theCert store54 to generate at least a list of Certs stored in theCert store54 when themobile device38 is connected to thecomputer system31. Depending upon the information required by theCert sync system70 to check the status of a Cert, a copy of the Certs in theCert store54, not just a list of Certs, may be passed to theCert sync system70. The list or complete Certs may be passed to theCert sync system70 either automatically or in response to a request to theCert sync system62 from theCert sync system70. Using information in the list or Certs, as well as any CRLs, expiry times or validity periods and any information from external sources if required, theCert sync system70 checks the status of each Cert.

If a Cert on themobile device38 is expired, revoked or invalid, theCert sync system70 preferably retrieves a new Cert to replace the expired Cert, from either itsown Cert store72 or an external Cert source. Alternatively, a user may be prompted (via aUI71 or64) to select whether the Cert should tie deleted from theCert store54 or a new Cert should be retrieved. TheCert sync system62 then either deletes or replaces the expired, revoked or invalid Cert with a new Cert from thecomputer system31.

Either themobile device38 or thecomputer system31 preferably maintains a record of at least the most recent Cert check for Certs on themobile device38, such that the frequency of Cert checking for Certs stored on themobile device38 is controllable. When themobile device38 is connected to thecomputer system31, this Cert check record is accessed to determine if the Certs stored in theCert store54 should be checked.

Coordinated operation of theCert sync systems62 and70 also provides for further Cert management functions. Since theCert sync system70 has access to both itsown Cert store72 and, through theCert sync system62, the mobiledevice Cert store54, separate lists of Certs stored at thecomputer system31 and themobile device38 may be generated and displayed to a user. The user can then easily determine which Certs have already been loaded onto themobile device38. Alternatively, Certs that are stored in the mobiledevice Cert store54 may be removed from the list of Certs that are stored in theCert store72, such that only those Certs available in theCert store72 that are not stored in the mobiledevice Cert store54 are displayed for selection and transfer to themobile device38.

If a list of Certs stored in the mobiledevice Cert store54 is displayed to a user on thecomputer system31, the user is better able to manage the Certs in themobile device store54. For example, a user may select a Cert from the device list for deletion, and can also determine how many Certs are stored on themobile device38 and possibly how much space is remaining in theCert store54.

Certs may also be transferred from themobile device38 to thecomputer system31. As described above, both thecomputer system31 and themobile device38 may retrieve Certs from a variety of sources. When thecomputer system31 and themobile device38 are separately addressable for example, they may receive secure messages from different senders and thus require different Certs to process the messages. Different Certs may also be required to send secure messages to different recipients. If a required Cert was not transferred from thecomputer system31 to theCert store54, then themobile device38 may retrieve the Cert from another source via a wireless network for example. In this case, the mobiledevice Cert store54 contains a Cert that might not be available in theCert store72 of thecomputer system31. Such a Cert may be transferred from themobile device38 to thecomputer system31 substantially as described above.

Similarly, where themobile device UI64 includes a display screen and one or more input devices such as a keyboard, thumbwheel and the like, Cert management and transfer operations could be controlled by theCert sync system62.

When Cert management operations are complete, both themobile device38 and thecomputer system31 preferably revert to a normal operating mode. If the Cert sync-systems62 and70 are embodied as software applications, the applications may be closed or may instead end automatically after selected Certs have been transferred. TheCert sync systems62,70 may also be configured to start only when one or each of the sync systems is invoked by a user instead of automatically when themobile device38 is connected to thecomputer system31.

FIG. 4 is a flow diagram illustrating a method of Cert management and transfer between messaging clients. InFIG. 4, a mobile device and a computer system are used as illustrative examples of a first messaging client and a second messaging client which implement a Cert management and transfer method, although as described above in conjunction withFIG. 3, Certs may also be exchanged between mobile devices or between multiple computer systems.

The method begins atstep80, when a mobile device is connected to a computer system.Step80 involves establishing communications between the mobile device and the computer system, for example via a physical link such as a serial or USB connection or a wireless link such as an optical, Bluetooth, 802.11 or other short-range communication link. Atstep82, the computer system may check the status of any Certs stored in a Cert store on the mobile device, and possibly retrieve a new Cert for each expired, revoked or invalid Cert in the mobile device Cert store, as described above.Step86 may be automatic or may alternatively be dependent upon a user response to a prompt or alert generated when one or more of the Certs stored on the mobile device are found to be expired, revoked or invalid.

If none of the Certs on the mobile device are expired, revoked or invalid, when new Certs have been or will not be retrieved for any such Certs, or if no status check is performed for Certs stored on the mobile device, then a list of Certs stored in a Cert store on the computer system is generated and displayed to the user, atstep88. As described above, a list of the Certs stored at each messaging client may be displayed to a user. The user may then select one or more stored Certs from either of the lists atstep90 and the selected Certs are transferred from one messaging client to the other messaging client atstep92.Steps90 and92 may be repeated for each selected Cert. Alternatively, a user may select a plurality of Certs atstep90 and transfer each Cert atstep92 without requiring further action on the part of the user. The Cert transfer atstep92 may be from the computer system to the mobile device or from the mobile device to the computer system. Cert selection and transfersteps90 and92 may be repeated as often as necessary to perform desired Cert transfer operations. Cert store overflow handling may be configurable, for example according to an LRU replacement policy, or in response to a further user selection to replace a stored Cert or abort the Cert transfer operation.

Since a computer system normally has faster and more powerful processing resources and access to a much higher-speed communication link to a PKS or other Cert source than a mobile device, Cert loading from a remote source to a computer system is a relatively fast and simple process. Therefore, most Cert transfers atstep92 will likely be from the computer system to the mobile device be to the mobile device. However, Cert transfers between computer systems is also possible, when Certs are to be managed and/or shared between computer systems. Sharing of Certs between computer systems within a corporate LAN for example would minimize communications with external PKSs or other Cert sources for any Certs that have been retrieved from the external sources by a computer system within the LAN.

Cert transfers atstep92 may add selected Certs to a Cert store on a messaging client or replace any or all of the Certs in the Cert store on the messaging client, as described above. Although not explicitly shown inFIG. 4, other Cert management operations than Cert transfers may also be performed after lists of stored Certs are generated and displayed atstep88. For example, Certs may be selected for deletion or other operations than transfer to another messaging client.

FIG. 5 is a block diagram of a wireless mobile communication device as an example of a messaging client in which the present invention may be implemented. Themobile device500 is preferably a two-way communication device having at least voice and data communication capabilities. Themobile device500 preferably has the capability to communicate with other computer systems on the Internet. Depending on the functionality provided by the mobile device, the mobile device may be referred to as a data messaging device, a two-way pager, a cellular telephone with data messaging capabilities, a wireless Internet appliance, or a data communication device (with or without telephony capabilities). As mentioned above, such devices are referred to generally herein simply as mobile devices.

Themobile device500 includes a transceiver511, amicroprocessor538, adisplay522,Flash memory524,RAM526, auxiliary input/output (I/O)devices528, aserial port530, akeyboard532, aspeaker534, amicrophone536, a short-rangewireless communications sub-system540, and may also include other device sub-systems542. The transceiver511 preferably includes transmit and receiveantennas516,518, a receiver (Rx)512, a transmitter (Tx)514, one or more local oscillators (LOs)513, and a digital signal processor (DSP)520. Within theFlash memory524, themobile device500 preferably includes a plurality ofsoftware modules524A-524N that can be executed by the microprocessor538 (and/or the DSP520), including avoice communication module524A, adata communication module524B, and a plurality of otheroperational modules524N for carrying out a plurality of other functions.

Themobile device500 is preferably a two-way communication device having voice and data communication capabilities. Thus, for example, themobile device500 may communicate over a voice network, such as any of the analog or digital cellular networks, and may also communicate over a data network. The voice and data networks are depictedFIG. 5 by thecommunication tower519. These voice and data networks may be separate communication networks using separate infrastructure, such as base stations, network controllers, etc., or they may be integrated into a single wireless network. References to thenetwork519 should therefore be interpreted as encompassing both a single voice and data network and separate networks.

The communication subsystem511 is used to communicate with thenetwork519. TheDSP520 is used to send and receive communication signals to and from the transmitter514 andreceiver512, and may also exchange control information with the transmitter514 andreceiver512. If the voice and data communications occur at a single frequency, or closely-spaced set of frequencies, then asingle LO513 may be used in conjunction with the transmitter514 andreceiver512. Alternatively, if different frequencies are utilized for voice communications versus data communications, then a plurality ofLOs513 can be used to generate a plurality of frequencies corresponding to thenetwork519. Although twoantennas516,518 are depicted inFIG. 5, themobile device500 could be used with a single antenna structure. Information, which includes both voice and data information, is communicated to and from the communication module511 via a link between theDSP520 and themicroprocessor538.

The detailed design of the communication subsystem511, such as frequency band, component selection, power level, etc., will be dependent upon thecommunication network519 in which themobile device500 is intended to operate. For example, amobile device500 intended to operate in a North American market may include a communication subsystem511 designed to operate with the Mobitex or DataTAC mobile data communication networks and also designed to operated with any of a variety of voice communication networks, such as AMPS, TDMA, CDMA, PCS, etc., whereas amobile device500 intended for use in Europe may be configured to operate with the GPRS data communication network and the GSM voice communication network. Other types of data and voice networks, both separate and integrated, may also be utilized with themobile device500.

Depending upon the type ofnetwork519, the access requirements for themobile device500 may also vary. For example, in the Mobitex and DataTAC data networks, mobile devices are registered on the network using a unique identification number associated with each device. In GPRS data networks, however, network access is associated with a subscriber or user of themobile device500. A GPRS device typically requires a subscriber identity module (“SIM”), which is required in order to operate themobile device500 on a GPRS network. Local or non-network communication functions (if any) may be operable, without the SIM, but themobile device500 will be unable to carry out any functions involving communications over thenetwork519, other than any legally required operations, such as ‘911’ emergency calling.

After any required network registration or activation procedures have been completed, themobile device500 may send and receive communication signals, preferably including both voice and data signals, over thenetwork519. Signals received by theantenna516 from thecommunication network519 are routed to thereceiver512, which provides for signal amplification, frequency down conversion, filtering, channel selection, etc., and may also provide analog to digital conversion. Analog to digital conversion of the received signal allows more complex communication functions, such as digital demodulation and decoding to be performed using theDSP520. In a similar manner, signals to be transmitted to thenetwork519 are processed, including modulation and encoding, for example, by theDSP520 and are then provided to the transmitter514 for digital to analog conversion, frequency up conversion, filtering, amplification and transmission to thecommunication network519 via theantenna518. Although a single transceiver511 is shown inFIG. 5 for both voice and data communications, it is possible that themobile device500 may include two distinct transceivers, a first transceiver for transmitting and receiving voice signals, and a second transceiver for transmitting and receiving data signals.

In addition to processing the communication signals, theDSP520 may also provide for receiver and transmitter control. For example, the gain levels applied to communication signals in thereceiver512 and transmitter514 may be adaptively controlled through automatic gain control algorithms implemented in theDSP520. Other transceiver control algorithms could also be implemented in theDSP520 in order to provide more sophisticated control of the transceiver511.

Themicroprocessor538 preferably manages and controls the overall operation of themobile device500. Many types of microprocessors or microcontrollers could be used here, or, alternatively, asingle DSP520 could be used to carry out the functions of themicroprocessor538. Low-level communication functions, including at least data and voice communications, are performed through theDSP520 in the transceiver511. Other, high-level communication applications, such as avoice communication application524A, and adata communication application524B may be stored in theFlash memory524 for execution by themicroprocessor538. For example, thevoice communication module524A may provide a high-level user interface operable to transmit and receive voice calls between themobile device500 and a plurality of other voice devices via thenetwork519. Similarly, thedata communication module524B may provide a high-level user interface operable for sending and receiving data, such as e-mail messages, files, organizer information, short text messages, etc., between themobile device500 and a plurality of other data devices via thenetwork519. On themobile device500, a secure messaging software application, incorporating software modules corresponding to themessaging system60 andCert sync system62 inFIG. 3 for example, may operate in conjunction with thedata communication module524B in order to implement the techniques described above.

Themicroprocessor538 also interacts with other device subsystems, such as thedisplay522,Flash memory524, random access memory (RAM)526, auxiliary input/output (I/O)subsystems528,serial port530,keyboard532,speaker534,microphone536, a short-range communications subsystem540 and any other device subsystems generally designated as542. For example, themodules524A-N are executed by themicroprocessor538 and may provide a high-level interface between a user of the mobile device and the mobile device. This interface typically includes a graphical component provided through thedisplay522, and an input/output component provided through the auxiliary I/O528,keyboard532,speaker534, ormicrophone536. Such interfaces are designated generally asUI64 inFIG. 3.

Some of the subsystems shown inFIG. 5 perform communication-related functions, whereas other subsystems may provide “resident” or on-device functions. Notably, some subsystems, such askeyboard532 anddisplay522 may be used for both communication-related functions, such as entering a text message for transmission over a data communication network, and device-resident functions such as a calculator or task list or other PDA type functions.

Operating system software used by themicroprocessor538 is preferably stored in a persistent store such asFlash memory524. In addition to the operating system andcommunication modules524A-N, theFlash memory524 may also include a file system for storing data. A storage area is also preferably provided in theFlash memory524 to store Certs, address book entries and possibly other information required for messaging, shown asdata stores54,56 and58 inFIG. 3. The operating system, specific device applications or modules, or parts thereof, may be temporarily loaded into a volatile store, such asRAM526 for faster operation. Moreover, received communication signals may also be temporarily stored toRAM526, before permanently writing them to a file system located in thepersistent store524.

Anexemplary application module524N that may be loaded onto themobile device500 is a personal information manager (PIM) application providing PDA functionality, such as calendar events, appointments, and task items. Thismodule524N may also interact with thevoice communication module524A for managing phone calls, voice mails, etc., and may also interact with thedata communication module524B for managing e-mail communications and other data transmissions. Alternatively, all of the functionality of thevoice communication module524A and thedata communication module524B may be integrated into the PIM module.

TheFlash memory524 preferably provides a file system to facilitate storage of PIM data items on the device. The PIM application preferably includes the ability to send and receive data items, either by itself, or in conjunction with the voice anddata communication modules524A,524B, via thewireless network519. The PIM data items are preferably seamlessly integrated, synchronized and updated, via thewireless network519, with a corresponding set of data items stored or associated with a host computer system, thereby creating a mirrored system for data items associated with a particular user.

Themobile device500 may also be manually synchronized with a host system by placing themobile device500 in an interface cradle, which couples theserial port530 of themobile device500 to the serial port of the host system. Theserial port530 may also be used to enable a user to set preferences through an external device or software application, to downloadother application modules524N for installation, and to manage Certs on a device as described above. This wired download path may further be used to load an encryption key onto the device, which is a more secure method than exchanging encryption information via thewireless network519.

Additional application modules524N may be loaded onto themobile device500 through thenetwork519, through an auxiliary I/O subsystem528, through theserial port530, through the short-range communications subsystem540, or through any other suitable subsystem542, and installed by a user in theFlash memory524 orRAM526. Such flexibility in application installation increases the functionality of themobile device500 and may provide enhanced on-device functions, communication-related functions, or both. For example, secure communication applications may enable electronic commerce functions and other such financial transactions to be performed using themobile device500.

When themobile device500 is operating in a data communication mode, a received signal, such as a text message or a web page download, will be processed by the transceiver511 and provided to themicroprocessor538, which will preferably further process the received signal for output to thedisplay522, or, alternatively, to an auxiliary I/O device528. A Cert received by the transceiver511, in response to a request to a PKS or attached to a secure message for example, will be processed as described above to add the Cert to a Cert store in theFlash memory524 if it has not already been stored, and to extract and store contact information in a new address book entry in theFlash memory524 if necessary. A user ofmobile device500 may also compose data items, such as email messages, using thekeyboard532, which is preferably a complete alphanumeric keyboard laid out in the QWERTY style, although other styles of complete alphanumeric keyboards such as the known DVORAK style may also be used. User input to themobile device500 is further enhanced with a plurality of auxiliary I/O devices528, which may include a thumbwheel input device, a touchpad, a variety of switches, a rocker input switch, etc. The composed data items input by the user may then be transmitted over thecommunication network519 via the transceiver511.

When themobile device500 is operating in a voice communication mode, the overall operation of themobile device500 is substantially similar to the data mode, except that received signals are preferably output to thespeaker534 and voice signals for transmission are generated by amicrophone536. In addition, the secure messaging techniques described above might not necessarily be applied to voice communications. Alternative voice or audio I/O subsystems, such as a voice message recording subsystem, may also be implemented on themobile device500. Although voice or audio signal output is preferably accomplished primarily through thespeaker534, thedisplay522 may also be used to provide an indication of the identity of a calling party, the duration of a voice call, or other voice call related information. For example, themicroprocessor538, in conjunction with thevoice communication module524A and the operating system software, may detect the caller identification information of an incoming voice call and display it on thedisplay522.

A short-range communications subsystem540 may also be included in themobile device500. For example, thesubsystem540 may include an infrared device and associated circuits and components, or a Bluetooth or 802.11 short-range wireless communication module to provide for communication with similarly-enabled systems and devices. Thus, Cert management and transfer operations as described above may be enabled on themobile device500 via theserial port530 or other short-range communications subsystem540. More than one such interface may be used, depending upon the type of messaging client with which mobile device Cert management and/or transfer operations will be performed. For mobile device to computer system operations, theserial port530 may be used, whereas for mobile device to mobile device operations, another short-range communications subsystem540 could be used.

Although an example secure message transfer has been described above in the context of a communication system as shown inFIG. 2, Cert management and transfer may also be useful in other types of communication systems.

FIG. 6 is a block diagram showing an example communication system. InFIG. 6, there is shown acomputer system602, aWAN604,corporate LAN606 behind asecurity firewall608,wireless infrastructure610,wireless networks612 and614, andmobile devices616 and618. Thecorporate LAN606 includes amessage server620, awireless connector system628, adata store617 including at least a plurality ofmailboxes619, adesktop computer system622 having a communication link directly to a mobile device such as throughphysical connection624 to an interface orconnector626, and awireless VPN router632. Operation of the system inFIG. 6 will be described below with reference to themessages33,34 and36.

Thecomputer system602, likecomputer system14 inFIG. 1, may, for example, be a laptop, desktop or palmtop computer system configured for connection to theWAN604. Such a computer system may connect to theWAN604 via an ISP or ASP. Alternatively, thecomputer system602 may be a network-connected computer system that accesses theWAN604 through a LAN or other network. Many modem mobile devices are enabled for connection to a WAN through various infrastructure and gateway arrangements, so that thecomputer system602 may also be a mobile device.

Thecorporate LAN606 is an illustrative example of a central, server-based messaging system that has been enabled for wireless communications. Thecorporate LAN606 may be referred to as a “host system”, in that it hosts both adata store617 withmailboxes619 for messages, as well as possibly further data stores (not shown) for other data items, that may be sent to or received frommobile devices616 and618, and thewireless connector system628, thewireless VPN router632, or possibly other components enabling communications between thecorporate LAN606 and one or moremobile devices616 and618. In more general terms, a host system may be one or more computers at, with or in association with which a wireless connector system is operating. Thecorporate LAN606 is one preferred embodiment of a host system, in which the host system is a server computer running within a corporate network environment operating behind and protected by at least onesecurity communications firewall608. Other possible central host systems include ISP, ASP and other service provider or mail systems. Although thedesktop computer system624 and interface/connector626 may be located outside such host systems, wireless communication operations may be similar to those described below.

Thecorporate LAN606 implements thewireless connector system628 as an associated wireless communications enabling component, which will normally be a software program, a software application, or a software component built to work with at least one or more message server. Thewireless connector system628 is used to send user-selected information to, and to receive information from, one or moremobile devices616 and618, via one ormore wireless networks612 and614. Thewireless connector system628 may be a separate component of a messaging system, as shown inFIG. 6, or may instead be partially or entirely incorporated into other communication system components. For example, themessage server620 may incorporate a software program, application, or component implementing thewireless connector system628, portions thereof, or some or all of its functionality.

Themessage server620, running on a computer behind thefirewall608, acts as the main interface for the corporation to exchange messages, including for example e-mail, calendaring data, voice mail, electronic documents, and other personal information management (PIM) data with theWAN604, which will typically be the Internet. A message server is often used in conjunction with Internet mail routers to route and deliver messages. The particular intermediate operations and computers will be dependent upon the specific type of message delivery mechanisms and networks via which messages are exchanged, and therefore have not been shown inFIG. 6. The functionality of themessage server20 may extend beyond message sending and receiving, providing such features as dynamic database storage for data like calendars, todo lists, task lists, e-mail and documentation, as described above.

Message servers such as620 normally maintain a plurality ofmailboxes619 in one or more data stores such as617 for each user having an account on the server. Thedata store817 includesmailboxes619 for a number of (“n”) user accounts. Messages received by themessage server620 that Identify a user, a user account, a mailbox, or possibly another address associated with a user, account ormailbox619 as a message recipient will typically be stored in thecorresponding mailbox619. If a message is addressed to multiple recipients or a distribution list, then copies of the same message may be stored to more than onemailbox619. Alternatively, themessage server620 may store a single copy of such a message in a data store accessible to all of the users having an account on the message server, and store a pointer or other identifier in each recipient'smailbox619. In typical messaging systems, each user may then access his or hermailbox619 and its contents using a messaging client such as Microsoft Outlook or Lotus Notes, which normally operates on a PC, such as thedesktop computer system622, connected in theLAN606. Although only onedesktop computer system622 is shown inFIG. 6, those skilled in the art will appreciate that a LAN will typically contain many desktop, notebook and laptop computer systems. Each messaging client normally accesses amailbox619 through themessage server620, although in some systems, a messaging client may enable direct access to thedata store617 and amailbox619 stored thereon by thedesktop computer system622. Messages may also be downloaded from thedata store617 to a local data store (not shown) on thedesktop computer system622.

Within thecorporate LAN606, thewireless connector system628 operates in conjunction with themessage server620. Thewireless connector system628 may reside on the same computer system as themessage server620, or may instead be implemented on a different computer system. Software implementing thewireless connector system628 may also be partially or entirely integrated with themessage server620. Thewireless connector system628 and themessage server620 are preferably designed to cooperate and interact to allow the pushing of information tomobile devices616,618. In such an installation, thewireless connector system628 is preferably configured to send information that is stored in one or more data stores associated with thecorporate LAN606 to one or moremobile devices616,618, through thecorporate firewall608 and via theWAN604 and one of thewireless networks612,614. For example, a user that has an account and associatedmailbox619 in thedata store617 may also have a mobile device, such as616. As described above, messages received by themessage server620 that identify a user, account ormailbox619 are stored to acorresponding mailbox619 by themessage server620. If a user has a mobile device, such as616, messages received by themessage server620 and stored to the user'smailbox619 are preferably detected by thewireless connector system628 and sent to the user'smobile device616. This type of functionality represents a “push” message sending technique. Thewireless connector system628 may instead employ a “pull” technique, in which items stored in amailbox619 are sent to amobile device616,618 responsive to a request or access operation made using the mobile device, or some combination of both techniques.

The use of awireless connector628 thereby enables a messaging system including amessage server620 to be extended so that each user'smobile device616,618 has access to stored messages of themessage server620. Although the systems and methods described herein are not restricted solely to a push-based technique, a more detailed description of push-based messaging may be found in U.S. Pat. No. 6,219,694, referenced above, and in the following co-pending and commonly-owned U.S. patent applications, all of which are related to the '694 patent: U.S. patent application Ser. No. 09/401,868, Ser. No. 09/545,963, Ser. No. 09/528,495; Ser. No. 09/545,962, and Ser. No. 09/649,755. The complete disclosure of the '694 patent and each of these applications, including drawings and claims, is hereby incorporated into this application by reference. This push technique uses a wireless friendly encoding, compression and encryption technique to deliver all information to a mobile device, thus effectively extending the company firewall8 to include themobile devices616,618.

As shown inFIG. 6, there are several paths for exchanging information with amobile device616,618 from thecorporate LAN606. One possible information transfer path is through thephysical connection624 such as a serial port, using an interface orconnector626. This path may be useful for example for bulk information, such as Certs and CRLs as described above, or updates often performed at initialization of amobile device616,618 or periodically when a user of amobile device616,618 is working at a computer system in theLAN606, such as thecomputer system622. Thephysical connection624 may also be used to transfer other information from adesktop computer system622 to amobile device616,618, including private keys such as private encryption or signature keys associated with thedesktop computer system622.

Private key exchange using aphysical connection624 and connector orinterface626 allows a user'sdesktop computer system622 andmobile device616 or618 to share at least one identity for accessing all encrypted and/or signed mail. The user'sdesktop computer system622 andmobile device616 or618 can thereby also be used to manage and transfer private keys, so that either thehost system622 ormobile device616 or618 can process secure messages addressed to the user's mailbox or account on themessage server620.

In known “synchronization” type wireless messaging systems, a physical path has also been used to transfer messages frommailboxes619 associated with amessage server620 tomobile devices616 and618.

Another method for data exchange with amobile device616,618 is over-the-air, through thewireless connector system628 and usingwireless networks612,614. As shown inFIG. 6, this could involve aWireless VPN router632, if available in thenetwork606, or, alternatively, a traditional WAN connection towireless infrastructure610 that provides an interface to one ormore wireless networks612,614. TheWireless VPN router632 provides for creation of a VPN connection directly through aspecific wireless network612 to awireless device616. Such aWireless VPN router632 may be used in conjunction with a static addressing scheme. For example, if thewireless network612 is an Internet Protocol (IP) based wireless network, then the new IP Version 6 (IPV6) should provide enough IP addresses to dedicate an IP address to everymobile device616 configured to operate within thenetwork612 and thus make it possible to push information to amobile device616 at any time. A primary advantage of using awireless VPN router632 is that it could be an off-the-shelf VPN component which would not requirewireless infrastructure610. A VPN connection may use a Transmission Control Protocol over IP (TCP/IP) or User Datagram Protocol over IP (UDP/IP) connection to deliver messages directly to and from amobile device616.

If awireless VPN router632 is not available, then a link to aWAN604, normally the Internet, is a commonly used connection mechanism that may be employed by thewireless connector system628. To handle the addressing of themobile device616 and any other required interface functions,wireless infrastructure610 is preferably used. One example of awireless infrastructure610 is thegateway16 inFIG. 1. Thewireless infrastructure610 may also determine a most likely wireless network for locating a given user, and track users as they roam between countries or networks. In wireless networks such as612 and614, messages are normally delivered to and frommobile devices616,618 via RF transmissions between base stations (not shown) and themobile devices616,618.

A plurality of connections towireless networks612 and614 may be provided, including, for example, Integrated Services Digital Network (ISDN), Frame Relay or T1 connections using the TCP/IP protocol used throughout the Internet. Thewireless networks612 and614 could represent distinct, unique and unrelated networks, or they could represent the same network in different countries, and may be any of the different types of networks described above in conjunction with thewireless network20 inFIG. 1.

In some implementations, more than one over-the-air information exchange mechanism may be provided in thecorporate LAN606. In the exemplary communication system ofFIG. 6 for example,mobile devices616,618 associated withusers having mailboxes619 associated with user accounts on themessage server620 are configured to operate ondifferent wireless networks612 and614. If thewireless network612 supports IPv6 addressing, then thewireless VPN router632 may be used by thewireless connector system628 to exchange data with anymobile device616 operating within thewireless network612. Thewireless network614 may be a different type of wireless network, however, such as the Mobitex network, in which case information may instead be exchanged with amobile device18 operating within thewireless network614 by thewireless connector system628 via a connection to theWAN604 and thewireless infrastructure610.

Operation of the system inFIG. 6 will now be described using an example of ane-mail message633 sent from thecomputer system602 and addressed to at least one recipient having both an account andmailbox619 or like data store associated with themessage server620 and amobile device616 or618. However, thee-mail message633 is intended for illustrative purposes only. The exchange of other types of information between thecorporate LAN606 is preferably also enabled by thewireless connector system628.

Thee-mail message633, sent from thecomputer system602 via theWAN604, may be fully in the clear, or signed with a digital signature and/or encrypted, depending upon the particular messaging scheme used. For example, if thecomputer system602 is enabled for secure messaging using S/MIME, then thee-mail message633 may be signed, encrypted, or both, and processed as described above.

E-mail messages such as633 normally use traditional Simple Mail Transfer Protocol (SMTP), RFC822 headers and Multipurpose Internet Mail Extensions (MIME) body parts to define the format of the e-mail message. These techniques are all well known to one in the art. Thee-mail message633 arrives at themessage server620, which determines into whichmailboxes619 thee-mail message633 should be stored. As described above, a message such as thee-mail message633 may include a user name, a user account, a mailbox identifier, or other type of identifier that may be mapped to a particular account or associatedmailbox619 by themessage server620. For ane-mail message633, recipients are typically identified using e-mail addresses corresponding to a user account and thus amailbox619.

Thewireless connector system628 sends or mirrors, via awireless network612 or614, certain user-selected data items or parts of data items from thecorporate LAN606 to the user'smobile device616 or618, preferably, upon detecting that one or more triggering events has occurred. A triggering event includes, but is not limited to, one or more of the following: screen saver activation at a user'snetworked computer system622, disconnection of the user'smobile device616 or618 from theinterface626, or receipt of a command sent from amobile device616 or618 to the host system to start sending one or more messages stored at the host system. Thus, thewireless connector system628 may detect triggering events associated with themessage server620, such as receipt of a command, or with one or morenetworked computer systems622, including the screen saver and disconnection events described above. When wireless access to corporate data for amobile device616 or618 has been activated at theLAN606, for example when thewireless connector system628 detects the occurrence of a triggering event for a mobile device user, data items selected by the user are preferably sent to the user's mobile device. In the example of thee-mail message633, assuming that a triggering event has been detected, the arrival of themessage633 at themessage server620 is detected by thewireless connector system628. This may be accomplished, for example, by monitoring or queryingmailboxes619 associated with themessage server620, or, if themessage server620 is a Microsoft Exchange server, then thewireless connector system628 may register for advise syncs provided by the Microsoft Messaging Application Programming Interface (MAPI) to thereby receive notifications when a new message is stored to amailbox619.

When a data item such as thee-mail message633 is to be sent to amobile device616 or618, thewireless connector system628 preferably repackages the data item in a manner that is transparent to the mobile device, so that information sent to and received by the mobile device appears similar to the information as stored on and accessible at the host system,LAN606 inFIG. 6. One preferred repackaging method includes wrapping received messages to be sent via awireless network612,614 in an electronic envelope that corresponds to the wireless network address of themobile device616,618 to which the message is to be sent. Alternatively, other repackaging methods could be used, such as special-purpose TCP/IP wrapping techniques. Such repackaging preferably also results in e-mail messages sent from amobile device616 or618 appearing to come from a corresponding host system account ormailbox619 even though they are composed and sent from a mobile device. A user of amobile device616 or618 may thereby effectively share a single e-mail address between a host system account ormailbox619 and the mobile device.

Repackaging of thee-mail message633 is indicated at634 and636. Repackaging techniques may be similar for any available transfer paths or may be dependent upon the particular transfer path, either thewireless infrastructure610 or thewireless VPN router632. For example, thee-mail message633 is preferably compressed and encrypted, either before or after being repackaged at634, to thereby effectively provide for secure transfer to themobile device618. Compression reduces the bandwidth required to send the message, whereas encryption ensures confidentiality of any messages or other information sent tomobile devices616 and618. In contrast, messages transferred via aVPN router632 might only be compressed and not encrypted, since a VPN connection established by theVPN router632 is inherently secure. Messages are thereby securely sent, via either encryption at thewireless connector system628, which may be considered a non-standard VPN tunnel or a VPN-like connection for example, or theVPN router632, tomobile devices616 and618. Accessing messages using amobile device616 or618 is thus no less secure than accessing mailboxes at theLAN606 using thedesktop computer system622.

When a repackagedmessage634 or636 arrives at amobile device616 or618, via thewireless infrastructure610, or via thewireless VPN router632, themobile device616 or618 removes the outer electronic envelope from the repackagedmessage634 or636, and performs any required decompression and decryption operations. When theoriginal message633 is a secure message, further processing may also be performed by themobile device616,618. Messages sent from amobile device616 or618 and addressed to one or more recipients are preferably similarly repackaged, and possibly compressed and encrypted, and sent to a host system such as theLAN606. The host system may then remove the electronic envelope from the repackaged message, decrypt and decompress the message if desired, and route the message to the addressed recipients.

Another goal of using an outer envelope is to maintain at least some of the addressing information in theoriginal e-mail message633. Although the outer envelope used to route information tomobile devices616,618 is addressed using a network address of one or more mobile devices, the outer envelope preferably encapsulates the entireoriginal e-mail message633, including at least one address field, possibly in compressed and/or encrypted form. This allows original “To”, “From” and “CC” addresses of thee-mail message633 to be displayed when the outer envelope is removed and the message is displayed on amobile device616 or618. The repackaging also allows reply messages to be delivered to addressed recipients, with the “From” field reflecting an address of the mobile device user's account or mailbox on the host system, when the outer envelope of a repackaged outgoing message sent from a mobile device is removed by thewireless connector system628. Using the user's account or mailbox address from themobile device616 or618 allows a message sent from a mobile device to appear as though the message originated from the user'smailbox619 or account at the host system rather than the mobile device.

FIG. 7 is a block diagram of an alternative exemplary communication system, in which wireless communications are enabled by a component associated with an operator of a wireless network. As shown inFIG. 7, the system includes acomputer system702,WAN704, acorporate LAN707 located behind asecurity firewall708,network operator infrastructure740, awireless network711, andmobile devices713 and715. Thecomputer system702,WAN704,security firewall708,message server720,data store717,mailboxes719, andVPN router735 are substantially the same as the similarly-labelled components inFIG. 6. However, since theVPN router735 communicates with thenetwork operator infrastructure740, it need not necessarily be a wireless VPN router in the system ofFIG. 7. Thenetwork operator infrastructure740 enables wireless information exchange between theLAN707 andmobile devices713,715, respectively associated with thecomputer systems742 and752 and configured to operate within thewireless network711. In theLAN707, a plurality ofdesktop computer systems742,752 are shown, each having aphysical connection746,756 to an interface orconnector748,758. Awireless connector system744,754 is operating on or in conjunction with eachcomputer system742,752.

Thewireless connector systems744,754 may be similar to thewireless connector system628 described above, in that they enable data items, such as e-mail messages and other items that are stored inmailboxes719, and possibly data items stored in a local or network data store, to be sent from theLAN707 to one or moremobile devices713,715. InFIG. 7 however, thenetwork operator infrastructure740 provides an interface between themobile devices713,715 and theLAN707. As above, operation of the system shown inFIG. 7 will be described below in the context of ane-mail message733 as an illustrative example of a data item that may be sent to amobile device713,715.

When ane-mail message733, addressed to one or more recipients having an account on themessage server720, is received by themessage server720, the message, or possibly a pointer to a single copy of the message stored in a central mailbox or data store, is stored into themailbox719 of each such recipient. Once thee-mail message733 or pointer has been stored to amailbox719, it may preferably be accessed using amobile device713 or715. In the example shown inFIG. 7, thee-mail message733 has been addressed to themailboxes719 associated with bothdesktop computer systems742 and752 and thus bothmobile devices713 and715.

As those skilled in the art will appreciate, communication network protocols commonly used in wired networks such as theLAN707 and/or theWAN704 are not suitable or compatible with wireless network communication protocols used within wireless networks such as711. For example, communication bandwidth, protocol overhead and network latency, which are primary concerns in wireless network communications, are less significant in wired networks, which typically have much higher capacity and speed than wireless networks. Therefore,mobile devices713 and715 cannot normally access thedata store717 directly. Thenetwork operator infrastructure740 provides a bridge between thewireless network711 and theLAN707.

Thenetwork operator infrastructure740 enables amobile device713,715 to establish a connection to theLAN707 through theWAN704, and may, for example, be operated by an operator of thewireless network711 or a service provider that provides wireless communication service formobile devices713 and715. In a pull-based system, amobile device713,715 may establish a communication session with thenetwork operator infrastructure740 using a wireless network compatible communication scheme, preferably a secure scheme such as Wireless Transport Layer Security (WTLS) when information should remain confidential, and a wireless web browser such as a Wireless Application Protocol (WAP) browser. A user may then request (through manual selection or pre-selected defaults in the software residing in the mobile device) any or all information, or just new information for example, stored in amailbox719 in thedata store717 at theLAN707. Thenetwork operator infrastructure740 then establishes a connection or session with awireless connector system744,754, using Secure Hypertext Transfer Protocol (HTTPS) for example, if no session has already been established. As above, a session between thenetwork operator infrastructure740 and awireless connector system744,754 may be made via a typical WAN connection or through theVPN router735 if available. When time delays between receiving a request from amobile device713,715 and delivering requested information back to the device are to be minimized, thenetwork operator infrastructure740 and thewireless connector systems744,754 may be configured so that a communication connection remains open once established.

In the system ofFIG. 7, requests originating frommobile device A713 andB715 would be sent to thewireless connector systems744 and754, respectively. Upon receiving a request for information from thenetwork operator infrastructure740, awireless connector system744,754 retrieves requested information from a data store. For thee-mail message733, thewireless connector system744,754 retrieves thee-mail message733 from theappropriate mailbox719, typically through a messaging client operating in conjunction with thecomputer system742,752, which may access amailbox719 either via themessage server720 or directly. Alternatively, awireless connector system744,754 may be configured to accessmailboxes719 itself, directly or through themessage server720. Also, other data stores, both network data stores similar to thedata store717 and local data stores associated with eachcomputer system742,752, may be accessible to awireless connector system744,754, and thus to amobile device713,715.

If thee-mail message733 is addressed to the message server accounts ormailboxes719 associated with bothcomputer systems742 and752 anddevices713 and715, then thee-mail message733 may be sent to thenetwork operator infrastructure740 as shown at760 and762, which then sends a copy of the e-mail message to eachmobile device713 and715, as indicated at764 and766. Information may be transferred between thewireless connector systems744,754 and thenetwork operator infrastructure740 via either a connection to theWAN704 or theVPN router735. When thenetwork operator infrastructure740 communicates with thewireless connector systems744,754 and themobile devices713,715 via different protocols, translation operations may be performed by thenetwork operator infrastructure740. Repackaging techniques may also be used between thewireless connector systems744,754 and thenetwork operator infrastructure740, and between eachmobile device713,715 and thenetwork operator infrastructure740.

Messages or other information to be sent from amobile device713,715 may be processed in a similar manner, with such information first being transferred from amobile device713,715 to thenetwork operator infrastructure740. Thenetwork operator infrastructure740 may then send the information to awireless connector system744,754 for storage in amailbox719 and delivery to any addressed recipients by themessage server720 for example, or may alternatively deliver the information to the addressed recipients.

The above description of the system inFIG. 7 relates to pull-based operations. Thewireless connector systems744,754 and the network operator infrastructure may instead be configured to push data items tomobile devices713 and715. A combined push/pull system is also possible. For example, a notification of a new message or a list of data items currently stored in a data store at theLAN707 could be pushed to amobile device713,715, which may then be used to request messages or data items from theLAN707 via thenetwork operator infrastructure740.

If mobile devices associated with user accounts on theLAN707 are configured to operate within different wireless networks, then each wireless network may have an associated wireless network infrastructure component similar to740.

Although separate, dedicatedwireless connector systems744,754 are shown for eachcomputer system742,752 in the system ofFIG. 7, one or more of thewireless connector systems744,754 may preferably be configured to operate in conjunction with more than onecomputer system742,752, or to access a data store ormailbox719 associated with more than one computer system. For example, thewireless connector system744 may be granted access to themailboxes719 associated with both thecomputer system742 and thecomputer system752. Requests for data items from eithermobile device A713 orB715 may then be processed by thewireless connector system744. This configuration may be useful to enable wireless communications between theLAN707 and themobile devices713 and715 without requiring adesktop computer system742,752 to be running for each mobile device user. A wireless connector system may instead be implemented in conjunction with themessage server720 to enable wireless communications.

FIG. 8 is a block diagram of another alternative communication system. The system includes acomputer system802,WAN804, acorporate LAN809 located behind asecurity firewall808, anaccess gateway880,data store882,wireless networks884 and886, andmobile devices888 and890. TheLAN809, thecomputer system802,WAN804,security firewall808,message server820,data store817,mailboxes819,desktop computer system822,physical connection824, interface orconnector826 andVPN router835 are substantially the same as the corresponding components described above. Theaccess gateway880 anddata store882 providemobile devices88 and90 with access to data items stored at theLAN809. InFIG. 8, awireless connector system878 operates on or in conjunction with themessage server820, although a wireless connector system may instead operate on or in conjunction with one or more desktop computer systems in theLAN809.

Thewireless connector system878 provides for transfer of data items stored at theLAN809 to one or moremobile devices888,890. These data items preferably include e-mail messages stored inmailboxes819 in thedata store817, as well as possibly other items stored in thedata store817 or another network data store or a local data store of a computer system such as822.

As described above, ane-mail message833 addressed to one or more recipients having an account on themessage server820 and received by themessage server820 may be stored into themailbox819 of each such recipient. In the system ofFIG. 8, theexternal data store882 preferably has a similar structure to, and remains synchronized with, thedata store817. PIM information or data stored atdata store882 preferably is independently modifiable to the PIM information or data stored at the host system. In this particular configuration, the independently modifiable information at theexternal data store882 may maintain synchronization of a plurality of data stores associated with a user (i.e., data on a mobile device, data on a personal computer at home, data at the corporate LAN, etc.). This synchronization may be accomplished, for example, through updates sent to thedata store882 by thewireless connector system878 at certain time intervals, each time an entry in thedata store817 is added or changed, at certain times of day, or when initiated at theLAN809, by themessage server820 or acomputer system822, at thedata store882, or possibly by amobile device888,890 through theaccess gateway880.

In the case of thee-mail message833 for example, an update sent to thedata store882 some time after thee-mail message833 is received may indicate that themessage833 has been stored in acertain mailbox819 in thestore817, and a copy of the e-mail message will be stored to a corresponding storage area in thedata store882. When thee-mail message833 has been stored in themailboxes819 corresponding to themobile devices888 and890 for example, one or more copies of the e-mail message, indicated at892 and894 inFIG. 8, will be sent to and stored in corresponding storage areas or mailboxes in thedata store882. As shown, updates or copies of stored information in thedata store817 may be sent to thedata store882 via a connection to theWAN804 or theVPN router835. For example, thewireless connector system878 may post updates or stored information to a resource in thedata store882 via an HTTP post request. Alternatively, a secure protocol such as HTTPS or Secure Sockets Layer (SSL) may be used. Those skilled in the art will appreciate that a single copy of a data item stored in more than one location in a data store at theLAN809 may instead be sent to thedata store882. This copy of the data item could then be stored either in more than one corresponding location in thedata store882, or a single copy may be stored in thedata store882, with a pointer or other identifier of the stored data item being stored in each corresponding location in thedata store882.

Theaccess gateway880 is effectively an access platform, in that it providesmobile devices888 and890 with access to thedata store882. Thedata store882 may be configured as a resource accessible on theWAN804, and theaccess gateway880 may be an ISP system or WAP gateway through whichmobile devices888 and890 may connect to theWAN804. A WAP browser or other browser compatible with thewireless networks884 and886 may then be used to access thedata store882, which is synchronized with thedata store817, and download stored data items either automatically or responsive to a request from amobile device888,890. As shown at896 and898, copies of thee-mail message833, which was stored in thedata store817, may be sent to themobile devices888 and890. A data store (not shown) on eachmobile device888,890 may thereby be synchronized with a portion, such as amailbox819, of adata store817 on acorporate LAN809. Changes to a mobile device data store may similarly be reflected in thedata stores882 and817.

It will be appreciated that the above description relates to preferred embodiments by way of example only. Many variations on the invention will be obvious to those knowledgeable in the field, and such obvious variations are within the scope of the invention as described and claimed, whether or not expressly described.

For example, although a wireless mobile communication device is shown inFIGS. 3-5 and described as one of the messaging clients, the invention is also applicable to other messaging clients, including those operating on desktop and laptop computer systems, networked computer workstations and other types of messaging clients between which Cert management and transfer, to allow sharing of Certs for example, is desired.

It is also contemplated that other Cert-related information may be managed and transferred between messaging clients substantially as described above. CRLs, public keys and private keys could similarly be managed and/or transferred.

Claims (30)

It is claimed:

1. A method of Certificate (Cert) management and transfer between a computer system having a first data transfer interface and a wireless communication device enabled for communications in a wireless communication network and having a second data transfer interface compatible with the first data transfer interface, the method comprising:

establishing communications between the computer system and the wireless communication device via the first data transfer interface and the second data transfer interface;

checking status of Certs stored at one of the computer system and the wireless communication device;

receiving user input to select one or more Certs from the valid Certs stored at the one of the computer system and the wireless communication device for transfer to the other of the computer system and the wireless communication device; and

transferring the selected one or more Certs from the one of the computer system and the wireless communication device to the other of the computer system and the wireless communication device,

wherein the transferred one or more Certs are used to handle messages communicated via the wireless communication network that are received from or to be transmitted to one or more remote entities whose communications are associated with the transferred one or more Certs.

2. The method ofclaim 1, wherein:

establishing communications between the computer system and the wireless communication device comprises establishing a communications link between the first data transfer interface and the second data transfer interface; and

the communications link is selected from the group consisting of: a physical communications link and a wireless communications link.

3. The method ofclaim 1, further comprising:

generating a list of Certs stored at the one of the computer system and the wireless communication device; and

displaying the generated list of Certs,

wherein the user input comprises a selection of the one or more Certs from the displayed list.

4. The method ofclaim 3, wherein:

the displaying comprises displaying the generated list on the one of the computer system and the wireless communication device; and

the selection of the one or more Certs from the displayed list is made via a user interface associated with the one of the computer system and the wireless communication device.

5. The method ofclaim 3, wherein:

the displaying comprises displaying the generated list on the other of the computer system and the wireless communication device; and

the selection of the one or more Certs from the displayed list is made via a user interface associated with the other of the computer system and the wireless communication device.

6. The method ofclaim 3, wherein generating the list of Certs comprises:

identifying Certs that are stored at the one of the computer system and the wireless communication device;

identifying Certs that are stored at the other of the computer system and the wireless communication device; and

generating a list of Certs that are stored only at the one of the computer system and the wireless communication device and not at the other of the computer system and the wireless communication device.

7. The method ofclaim 1, further comprising storing the selected one or more Certs in a data store on the other of the computer system and the wireless communication device.

8. The method ofclaim 1, further comprising:

receiving user input to select one or more Certs stored at the other of the computer system and the wireless communication device for transfer to the one of the computer system and the wireless communication device; and

transferring the selected one or more Certs stored at the other of the computer system and the wireless communication device from the other of the computer system and the wireless communication device to the one of the computer system and the wireless communication device.

9. The method ofclaim 8, further comprising:

generating a list of Certs stored at the one of the computer system and the wireless communication device;

displaying the generated list of Certs on the one of the computer system and the wireless communication device;

generating a list of Certs stored at the other of the computer system and the wireless communication device; and

displaying the generated list of Certs on the one of the computer system and the wireless communication device,

wherein the user input to select the one or more Certs stored at the one of the computer system and the wireless communication device comprises a selection from the list of Certs stored at the one of the computer system and the wireless communication device and made via a user interface associated with the one of the computer system and the wireless communication device, and

wherein the user input to select the one or more Certs stored at the other of the computer system and the wireless communication device comprises a selection from the list of Certs stored at the other of the computer system and the wireless communication device and made via a user interface associated with the one of the computer system and the wireless communication device.

10. The method ofclaim 1, further comprising:

generating a list of Certs stored in a data store at the other of the computer system and the wireless communication device;

displaying the generated list of Certs on the one of the computer system and the wireless communication device;

receiving user input to select for deletion from the data store one or more Certs from the displayed list via a user interface associated with the one of the computer system and the wireless communication device; and

deleting the selected one or more Certs from the data store on the other of the computer system and the wireless communication device.

11. The method ofclaim 1, wherein the computer system is selected from the group consisting of: a desktop computer system, a laptop computer system, and a wireless mobile communication device.

12. The method ofclaim 1, wherein the one or more Certs associated with the one or more remote entities are available from a third-party certificate authority.

13. A system for Certificate (Cert) management and transfer between a computer system and a wireless communication device, the system comprising:

at the computer system:

a first memory comprising a first Cert store configured to store Certs;

a first Cert synchronization (sync) system configured to access the first Cert store; and

a first communications interface; and

at the wireless communication device:

a second memory comprising a second Cert store configured to store Certs;

a second Cert sync system configured to access the second Cert store;

a wireless transceiver that enables the wireless communication device for communications in a wireless communication network; and

a second communications interface compatible with the first communications interface,

wherein the first Cert sync system is further configured to transfer Certs stored in the first Cert store from the computer system to the wireless communication device when a communications link is established between the computer system and the wireless communication device via the first communications interface and the second communications interfaces,

wherein the first Cert sync system checks status of the Certs stored in the first Cert store to ensure that valid Certs are transferred to the wireless communication device; and

wherein the transferred Certs are used to handle messages communicated via the wireless communication network that are received from or to be transmitted to remote entities whose communications are associated with the transferred Certs.

14. The system ofclaim 13, wherein the second Cert sync system is further configured to store Certs transferred from the computer system to the wireless communication device to the second Cert store.

15. The system ofclaim 14, further comprising a user interface at the computer system, the user interface being configured to accept user inputs to select one or more of the Certs stored in the first Cert store, wherein the selected Certs are transferred from the computer system to the wireless communication device.

16. The system ofclaim 15, wherein the second Cert sync system is further configured to transfer Certs stored in the second Cert store from the wireless communication device to the computer system when the communications link is established between the computer system and the wireless communication device via the first communications interface and the second communications interface.

17. The system ofclaim 14, wherein the user interface at the computer system is further configured to accept user inputs to select one or more of the Certs stored in the second Cert store, wherein the selected one or more Certs are transferred from the wireless communication device to the computer system.

18. The system ofclaim 13, wherein the first Cert sync system is further configured to check the status of each Cert stored in the second Cert store to detect expired, invalid or revoked Certs stored in the second Cert store.

19. The system ofclaim 13, wherein the computer system is selected from the group consisting of: a desktop computer system, a laptop computer system, and a wireless mobile communication device.

20. The system ofclaim 13, wherein the wireless communication device is selected from the group consisting of: a data communication device, a voice communication device, a dual-mode communication device having both data and voice communications functionality, a cellular telephone having data communications functionality, a personal digital assistant (PDA) enabled for wireless communications, and a laptop or desktop computer system with a wireless modem.

21. The system ofclaim 13, further comprising:

at the computer system:

a first messaging system; and

a first communications subsystem; and

at the wireless communication device:

a second messaging system; and

a second communications subsystem,

wherein the first messaging system is configured to store Certs received via the first communications subsystem to the first Cert store and the second messaging system is configured to store Certs received via the second communications subsystem to the second Cert store.

22. The system ofclaim 13, wherein the first communications interface and the second communications interface establish a physical link between the computer system and the wireless communication device.

23. The system ofclaim 22, wherein the first communications interface and the second communications interface are selected from the group consisting of: serial ports and Universal Serial Bus (USB) ports.

24. The system ofclaim 22, wherein the first communications interface and the second communications interface are selected from the group consisting of: Infrared Data Association (IrDA) ports, Bluetooth modules and 802.11 modules.

25. The system ofclaim 13, wherein the first communications interface and the second communications interface establish a wireless link between the computer system and the wireless communication device.

26. A system for transferring Certificates (Certs) between a computer system and a wireless mobile communication device, the system comprising:

a serial port associated with the computer system;

a mobile device connector connected to the serial port, the mobile device connector having an interface; and

a mobile device interface associated with the wireless mobile communication device and compatible with the interface of the mobile device connector,

wherein Certs stored at the computer system are transferred to the wireless mobile communication device when a communications link is established between the computer system and the wireless mobile communication device by placing the wireless mobile communication device in the mobile device connector,

wherein status of the Certs stored at the computer system is checked to ensure that valid Cells are transferred to the wireless mobile communication device; and

wherein the transferred Certs are used to handle messages communicated via the wireless communication network that are received from or to be transmitted to remote entities whose communications are associated with the transferred Certs.

27. A wireless mobile communication device comprising:

a wireless transceiver;

a messaging system coupled to the wireless transceiver;

a communications interface for exchanging data with a computer system;

a Cert store configured to store Certificates (Certs); and

a Cert synchronization (sync) system coupled to the Cert store and the communications interface,

wherein the messaging system is configured to store Certs received via the wireless transceiver to the Cert store, and the Cert sync system is configured to store Certs received from the computer system via the communications interface to the Cert store,

wherein status of the received Certs is checked at the computer system to ensure valid Certs are sent to the wireless mobile communication device; and

wherein the stored Certs are used to handle messages communicated via the wireless communication network that are received from or to be transmitted to remote entities whose communications are associated with the stored Certs.

28. The wireless mobile communication device ofclaim 27, wherein the messaging system is further configured to request Certs from a Public Key Server (PKS).

29. The wireless mobile communication device ofclaim 27, wherein the communications interface is selected from the group consisting of: a serial port, a Universal Serial Bus (USB) port, and Infrared Data Association (IrDA) port, a Bluetooth module and an 802.11 module.

30. The wireless mobile communication device ofclaim 27, wherein the wireless mobile communication device is selected from the group consisting of: a data communication device, a voice communication device, a dual-mode communication device having both data and voice communications functionality, a cellular telephone having data communications functionality, a personal digital assistant (PDA) enabled for wireless communications, and a laptop or desktop computer system with a wireless modem.

Images