Securing private key access for cross-component message processing

摘要

Often, for reasons of wireless bandwidth conservation, incomplete messages are provided to wireless messaging devices. Employing cryptography, for secrecy or authentication purposes, when including a received message that has been incompletely received can lead to lack of context on the receiver's end. By automatically obtaining the entirety of the message to be included, an outgoing message that includes the received message can be processed in a manner that securely and accurately represents the intended outgoing message. Alternatively, a server can assemble a composite message from a new message and an original message and, in cooperation with a wireless messaging device, sign the composite message. Since signing the composite message involves access to a private key, access to that private key is secured such that such access to the private key can only be arranged responsive to an explicit request for a hash that is to be signed using the private key.

主权项

1. At a mobile wireless communication device, a method of processing an electronic message, said method comprising:
detecting receipt of an instruction to sign a composite message, where said composite message is formed by a server associated with said mobile wireless communication device, said composite message including a new message portion and an original message, and only an initial portion of said original message is available at said mobile wireless communication device; generating an access key; inserting a record in a table, stored at said mobile wireless communication device, said record including said access key and a secondary value for use in obtaining a private cryptographic key; transmitting a processing request to said server associated with said mobile wireless communication device, said processing request including said new message portion, a reference to said original message, and said access key; receiving a signing request from said server, said signing request including a received access key and a hash of said composite message; locating in said table, the record with the access key that matches said received access key; extracting, from said record, said secondary value; obtaining said private cryptographic key by using said secondary value; employing said private cryptographic key to sign said hash to form a digital signature; and transmitting said digital signature to said server.