KR20050113204A - System and method of protecting data on a communication device - Google Patents

Abstract

A system and method of protecting data on a communication device are provided. Data received when the communication device is in a first operational state is encrypted using a first cryptographic key and algorithm. When the communication device is in a second operational state, received data is encrypted using a second cryptographic key and algorithm. Received data is stored on the communication device in encrypted form.

Description

[0001] SYSTEM AND METHOD FOR PROTECTING DATA ON A COMMUNICATION DEVICE [0002]

The present invention relates generally to data protection, and more particularly to data protection on a communication device.

In a corporate environment, employees are typically provided with access to office supplies and devices typically used to perform their jobs, including at least a personal computer (PC), and also include wireless mobile communication devices and other types of electronic devices do. Confidential or other sensitive user information, employer information, or both can be stored on any of these devices. User devices, such as PCs in an employer's building, are kept physically secure by employers, but portable or mobile devices are less secure because they are more likely to be misled or stolen by their nature. Therefore, it is often desirable to protect sensitive information on the mobile device from unauthorized parties from accessing the information on the lost or stolen user device.

One common type of security measure for a mobile device that is capable of communicating, such as a wireless mobile communication device, is, for example, to ensure that sensitive information is securely transmitted to such mobile device. Although information transmission is secure, these measures only protect information during transmission, and not after information is received by the mobile device.

According to another known security scheme, the received information is encrypted before it is stored in memory or before it is stored. Decryption of the stored encrypted information requires access to the encryption key. Symmetric key cryptography, where a single key is used for both encryption and decryption, is generally desirable for mobile devices with limited processing resources because symmetric key cryptographic operations are faster and less processor-intensive than those associated with other cryptographic schemes to be. Access to this single key should be controlled using, for example, password protection, such that an unauthorized user can not easily read the key from the memory on the lost or stolen mobile device and decrypt all encrypted content stored on the mobile device . However, this may result in a situation where the key is inaccessible when information is received at the mobile device.

1 is a block diagram illustrating a communication system in which a mobile device may be used;

2 is a block diagram of a mobile device in which a data protection system and method are implemented;

3 is a flow chart illustrating a method for enabling data protection.

4 is a flow diagram illustrating a method for protecting data received at a mobile device.

5A is a block diagram of a data format;

5B is a block diagram of an alternative data format.

6 is a flow diagram illustrating a method for accessing protected data;

7-11 are screen shots of a display on a mobile device on which a data protection system and method are implemented.

12 is a block diagram of a wireless mobile communication device;

A system for protecting data on a communication device having a first operating state and a second operating state includes a key storage configured to store a plurality of cryptographic keys; A memory configured to store data; Data is used to determine whether the communication device is in the first operating state or in the second operating state and the first cipher key of the plurality of cipher keys is used when the communication device is in the first operating state, Or a data protection system configured to encrypt the received data using the second encryption key of the plurality of encryption keys when the communication device is in the second operation state, and to store the encrypted received data in the memory.

A method of protecting data on a communication device includes storing a first protected cryptographic key and a second cryptographic key on a communication device, receiving data at the communication device, determining whether the first protected cryptographic key is accessible Encrypting the received data using a first protected cryptographic key if the first protected cryptographic key is accessible, encrypting the received data using the first protected cryptographic key if the first protected cryptographic key is inaccessible, Encrypting the received data using the encryption key, and storing the encrypted received data in a memory on the communication device.

Further features of the data protection system and method will be described or become more apparent in the following detailed description.

1 is a block diagram illustrating a communication system in which a mobile device may be used. The communication system 10 includes a wide area network (WAN) which is connected to the computer system 14, the wireless network gateway 16 and the corporate premises network (LAN) The wireless network gateway 16 is also connected to the wireless communication network 20 and the mobile device 22, which is a wireless mobile communication device, is configured to operate within the wireless communication network 20. [

The computer system 14 may be, for example, a desktop or laptop PC configured to communicate to the WAN 12, which is the Internet. A PC, such as computer system 14, typically accesses the Internet through an Internet Service Provider (ISP), an Application Service Provider (ASP), and the like.

The in-house LAN 18 is an example of a typical working environment in which a plurality of computers are connected in a network. Such networks are often located behind security firewalls 24. Within the on-premises LAN 18, the data server 26 running on the computer behind the firewall 24 exchanges data within the LAN 18 and communicates data with other external systems and devices via the WAN 12. [ And serves as a primary interface for exchange. The data server 26 may be, for example, a messaging server such as a Microsoft ^TM Exchange Server or a Lotus Domino ^TM Server. These servers also provide additional functions such as calendar, todo lists, task lists, dynamic database storage of data such as email and documentation. Although only the data server 26 is shown in the LAN 18, those skilled in the art will appreciate that a single LAN may be used by more than one of the networked computer systems 28, including other types of servers supporting resources shared among the networked computer systems 28 Server. ≪ / RTI >

The data server 26 provides data communication capabilities to the networked computer system 28 coupled to the LAN 18. A typical LAN 18 includes a plurality of computer systems 28 each of which implements an appropriate client for communicating with the data server 26. In the above example of electronic messaging, within the LAN 18, the messages are received by the data server 26, distributed to appropriate mailboxes in the user account addressed in the received messages, Lt; RTI ID = 0.0 > messaging < / RTI > The exchange of electronic messages with other types of data is likewise enabled using a client compatible with the data server 26. For example, a multipurpose client such as Lotus Notes processes electronic messages as well as other types of files and data.

The wireless gateway 16 provides an interface to the wireless network 20 through which data including data to be protected may be exchanged with the mobile device 22. [ The mobile device 22 may be, for example, a data communication device, a dual-mode communication device such as a plurality of modem mobile phones having data and voice communication capabilities, a multi-mode communication device capable of voice, A personal digital assistant (PDA) capable of wireless communication, or a wireless modem operating in conjunction with a laptop or desktop computer system or some other device. An exemplary mobile device is described in further detail below.

A function such as addressing of the mobile device 22, encoding of a message for wireless transmission or other conversion, or other necessary interface functionality is performed by the wireless network gateway 16. When the wireless network gateway 16 is configured to operate with more than one wireless network 20 it also determines a network that can best locate the location of a given mobile device 22, Or traverses the mobile device as far as possible when traveling between networks. Although only a single wireless network gateway 16 is shown in FIG. 1, the mobile device 22 may be configured to communicate with more than one gateway, for example, a corporate network gateway or a WAP gateway.

Certain computer systems having access to the WAN 12 may be able to exchange data with the mobile device 22 via the wireless network gateway 16 if such communication is allowed to the mobile device 22. Alternatively, a private wireless network gateway, such as a wireless virtual private network (VPN) router, may also be implemented to provide a private interface to the wireless network. For example, a wireless VPN implemented in the LAN 18 can provide a private interface from the LAN 18 to one or more mobile devices 22 over the wireless network 20 without requiring the wireless network gateway 16 have. Such private interface to wireless network gateway 16 and / or mobile device 22 via wireless network 20 may also be provided to LAN 18 by providing a data forward or redirection system operating in conjunction with data server 26. [ It can be effectively expanded to an external entity.

The wireless network 20 typically communicates data to and from communication devices, such as the mobile device 22, via RF transmissions between base stations and devices. The wireless network 20 may be, for example, a data-centric wireless network, a voice-centric wireless network, or a dual-mode network capable of supporting voice and data communications over the same infrastructure. The recently developed voice and data networks include a CDMA (Code Division Multiple Access) network, a GSM (Groupe Special Mobile or Global Syatem for Mobile Communications) and a GPRS (General Packet Radio Service) network, Global Evolution) and UMTS (Universal Mobile Telecommunications Syatems). An existing network of the data center is ^{Mobitex TM Radio Network ( "Mobitex"} ) and the ^{DataTAC TM Radio Network ( "DataTAC"} ), not limited to this, the known data network in the voice-centric North America and around the world for many years, comprises a (TDMA) system and Personal Communication Systems (PCS) networks such as GSM.

In the system 10, the company that owns the in-house LAN 18 can provide the mobile device 22 to the employee and provide access to the on-premises LAN 18. The company data may then be accessed and stored in the mobile device 22. [ When a user of the mobile device 22 accesses the LAN 18 via the computer system 28 on which the mobile device 22 is also capable of communicating, Paths are available. Such data is generally protected during transmission to the mobile device 22 by using secure communication techniques, but these techniques do not protect the data once the data is received and stored at the mobile device 22.

As described above, data encryption prior to or during storage of data on the mobile device 22 provides some security measures. In order to reduce data access time delays and processor load associated with data decryption, symmetric key cryptography is preferred. However, the security measures implemented to protect the symmetric key may also make it difficult to access the key when the data is received. For example, if the mobile device 22 implements cryptographic protection, the symmetric key used for data encryption may only be accessible if it is unlocked by the correct entry of the secure password (password or passphrase). In this example, if the mobile device 22 receives the data when it is locked, i. E. The data is entered into the mobile device 22 without ever being requested, the symmetric key is inaccessible and the data can not be encrypted for storage .

A system and method in accordance with an embodiment of the present invention provides protection of received data when the mobile device is in any of a plurality of states.

2 is a block diagram of a mobile device in which a data protection system and method are implemented. It will be appreciated by those skilled in the art that only the components associated with the data protection system are shown in FIG. The mobile device typically further includes components other than those shown in Fig.

The mobile device 30 includes a memory 32, a data protection system 49, a processor 50, a user interface (UI) 52, a wireless transceiver 54 and an interface or connector 56. The memory 32 preferably includes a storage area 34 for software applications, a key storage 42 and a plurality of data stores 36-40 and 44-48.

The memory 32 is, or at least includes, a writable storage such as RAM in which other device components can write data. The software application storage 34 includes a software application installed on the mobile device 30 and may include, for example, an electronic messaging application, a personal information management (PIM) application, a game, as well as other applications. The application data store 38 may store data, such as cached web pages for browser applications, or files used by the software application, as well as configuration data for the software applications, And stores relevant information. Electronic messages, such as received and / or transmitted e-mail messages, are stored in the message store 38. Data such as schedule information, reservations and reminders are stored in the calendar storage unit 40. The task storage unit 44 is used to store a task that the user wants to track. The notes and notes entered by the user are stored in the note storage unit 46. [ The text entry storage 48 stores a predicted text entry and a word list or dictionary that supports automatic error correction when, for example, text is entered on the mobile device 30. [ Although shown as separate data stores, those skilled in the art will appreciate that some or all of the stores may be incorporated into a single data store within memory 32. [ It will also be appreciated that the mobile device may include more, fewer, or different data stores than those shown in FIG.

The key store 42 preferably stores the encryption key used to support data protection on the mobile device 30 and resides within the secure portion of the memory 32 where access is controlled or within secure memory components. For example, the user or software application should not be able to delete or change the data protection key in the key store 42. In one embodiment, access to the key store 42 is limited to the data protection system 49. The data protection system 49 encrypts the received data and decrypts the encrypted data stored in the memory 32, as described in more detail below.

The processor 50 is connected to the wireless transceiver 54, thereby allowing the mobile device 30 to communicate over the wireless network. The interface / connector 56 provides an alternative communication path to a PC or other device having a cooperative interface or connector. The interface / connector 56 may be an optical data transmission interface such as, for example, an Infrared Data Association (IrDA) port, some other short range wireless communication interface, or a serial port, a universal serial bus And may be any of a plurality of data transfer components including a wired interface, such as a digital (SD) slot. Known short range wireless communication interfaces include, for example, a Bluetooth ^TM module and an 802.11 module. Those skilled in the art will recognize that "Bluetooth" and "802.11" represent a set of specifications available from the Institute of Electrical and Electronics Engineers (IEEE) for wireless LAN and wireless personal area networks, respectively . Thus, the communication link established through the interface / connector 56 may be a wireless connection or a physical wired connection.

The UI 52 includes UI components such as a keyboard or keypad, a display, or other components that accept input from or provide output to a user of the mobile device 30. Although shown in FIG. 2 as a single block, it will be appreciated that the mobile device typically includes more than one UI, and the UI 52 is thus intended to represent more than one interface.

Data in any or all of the data stores on the mobile device may be protected as described herein. In most implementations, other data stores 36-38 and 44-48 typically store data that a user or employee may want to protect against personal or company data, The application is unlikely to be protected.

In the mobile device 30, access to the memory 32 is controlled by a data protection system 49 which encrypts the received data and stores the encrypted data in the memory 32 , And decodes the stored data for other mobile device components. All other components of the mobile device 30 are connected to the data protection system 49 and the memory read and write operations by these other components are executed via the data protection system 49. [ Data received by the data protection system 49 from the wireless transmit / receive 54 or UI 52 via the processor 50, from a software application executed by the processor 50, or from the interface / Is encrypted using the key stored in the key storage unit (42). Likewise, when a request for protected data is received by the data protection system 49 from a component or software application on the mobile device 30, the data protection system 49 decrypts the encrypted data and decrypts the decrypted data To the request component. The data protection system 49 comprises software modules or utilities that can be enabled or disabled as described in detail below; Or a memory 32, a specific portion of the memory 32, or a hardware module configured to manage a particular data store or data type.

It is to be understood that the arrangement of the apparatus shown in FIG. 2 is intended to be illustrative only, and that the present invention is by no means limited thereto. For example, in an alternative embodiment, processor 50, interface / connector 56, and other device systems access memory 32, and when encrypted data retrieved from memory 32 is decrypted and received And interacts with the data protection system when data is encrypted before being stored in the memory 32. [ In this case, the mobile device system and components send data to the data protection system for encryption and decryption when needed, but access memory 32 directly. 2 provides for more stringent data protection control in that access to the memory 32 is controlled by the data protection system 49, but this alternate embodiment provides that the non- Simplifies support for the unprotected data store because it is retrieved directly from the memory 32 without any association.

In operation, the data protection system 49 accesses the cryptographic key in the key storage unit 42. According to one embodiment of the present invention, the key storage unit 42 stores some keys. As described above, the symmetric encryption scheme is generally preferred for processor-constrained mobile devices, so that symmetric keys used for encryption and decryption of protected data are stored in key store 42 when data protection is enabled Do. Although the secure password securely protects the mobile device 30 from unauthorized use, further action is generally desirable to protect the symmetric key, and thus the encrypted data, against so-called hardware attacks. For example, password protection does not protect memory contents when physical components, including memory 32, are removed from mobile device 30 to directly read the stored data. Therefore, the symmetric key is preferably stored in the key storage unit 42 in an encrypted form. Decryption of the symmetric key requires an accurate entry of the user's password.

Once decrypted, the symmetric key is typically stored in the key store 42 or other memory area or cache so that it does not need to be decrypted as needed. However, the decrypted symmetric key may be used in response to or automatically in response to a user command after a predetermined security expiration period when the mobile device 30 is locked, or when the mobile device 30 is, for example, stored in a carrying case or leather case . Next, when the mobile device 30 is unlocked with the correct password, the encrypted symmetric key is decrypted again.

The key cryptosystem provides a high level of protection to the symmetric key and thus the data encrypted using this symmetric key, but when the mobile device 30 is locked no decrypted version of the symmetric key is available. By itself, any data received when the mobile device 30 is locked can not be encrypted using the symmetric key. Maintaining the decryption symmetric key in the memory after the mobile device 30 is locked such that the data can be encrypted when the mobile device 30 is locked means that the data stored in the memory 32 is in a state susceptible to hardware attacks do. Alternatively, the user may be prompted to enter a password each time data is received. However, if the user does not immediately enter the password, then the received data must be stored as ordinary characters, at least not until the next time the user unlocks the mobile device 30, or simply on the mobile device 30 It should not be stored. In the latter case, the received data is lost in the mobile device 30 and must be retransmitted to the device.

According to one embodiment of the present invention, the key store 42 also stores a public / private key pair. Since the public key is not confidential, it is usually stored as a character even when the mobile device 30 is locked. The data encrypted using the public key can only be decrypted using a private key that can be protected in a manner similar to a symmetric key. The public key is therefore used to encrypt the data received when the mobile device 30 is locked.

Therefore, the symmetric key, which is the first cryptographic key, is used to encrypt the data received when the mobile device 30 is in the first unlocked operating state, and the public key, which is the second cryptographic key, Lt; RTI ID = 0.0 > locked < / RTI > For this reason, the advantage of the symmetric key cryptography is that it is realized for some data received when the mobile device 30 is unlocked. The decryption of such data is faster and less processor intensive than any other cryptography. On the other hand, the shortcoming of using the protected symmetric key is prevented by storing the public key for data encryption when the mobile device 30 is locked. The data encrypted using the public key is decrypted using the corresponding private key. Public key cryptography is generally slower than symmetric key cryptography, but data access delays associated with data decryption are preferably reduced by selecting a public key cryptosystem with fast decryption operations. For example, elliptic curve cryptography (ECC) provides significantly faster decoding than Rivest-Shamir-Adleman (RSA) techniques.

As briefly discussed above, the data protection system 49 may be implemented with software modules or utilities that are enabled when the data is protected. Figure 3 is a flow chart illustrating a method for enabling data protection. At step 60, an operation to enable data protection is performed by the mobile device. This operation is preferably invoked by the user of the mobile device by entering a command or selecting a menu item using, for example, a keyboard, keypad, mouse, thumbwheel or other input device. However, it should also be appreciated that the mobile device preferably can be configured to require the user to enable data protection. For example, if an employer wishes to provide mobile devices to an employee user and wants certain company data on the mobile device to be securely protected, a configuration control software module or utility, and a configuration control that specifies that data protection should be enabled The information is inserted onto the mobile device either before the mobile device is presented to the user or when the mobile device is initially configured for operation by the user. The configuration control module then automatically invokes its operation in step 60, or restrict some or all other mobile device operations until data protection is enabled.

In order to protect the symmetric key used for data encryption and the private key used for data decryption, password protection must also be enabled when data protection is enabled or before it is enabled. At step 62, a determination is made as to whether the password protection has already been enabled. If password protection is not enabled, at step 64, the user is prompted to enable password protection and set a password. Then, if password protection is already enabled, or after the user has enabled password protection in step 64, then in step 66, a data protection key is generated and stored in the key store.

The data protection key generated in step 66 encrypts the received data when the mobile device is in the unlocked state before the data is stored in the memory on the mobile device and decrypts the encrypted data when retrieved from the memory It contains the symmetric key used. As described above, this symmetric key itself is encrypted using the password set by the user. A public / private key pair is also generated in step 66. The public key is usually stored as a character because it does not need to be kept secret and is used to encrypt the data received when the mobile device is in the locked state. The data encrypted using the public key can only be decrypted using the private key, so that the compromise of the public key is not a security concern. However, it is preferable that the private key is stored in the key storage unit in an encrypted form, such as a symmetric key, for example, by encrypting the private key using a password.

Certain data received at the mobile device after data protection is enabled is encrypted before being stored in memory. 4 is a flow chart illustrating a method for protecting data received at a mobile device.

In step 72, the data is received at the mobile device. 2, mobile device 30 is configured to receive data via a wireless transceiver 54 or interface / connector 56, as well as user input via UI 52. [ The software application also typically generates data for storage in the memory 32. For example, in the case where other interfaces, such as a disk drive or a memory stick reader, are provided, step 72 also includes an operation of receiving data from these interfaces.

The current operating state of the mobile device is then determined in step 74. [ If the device is locked, the public key is retrieved and the received data is encrypted using the public key (step 78). If the mobile device is unlocked, a symmetric key is available. The decrypted symmetric key is retrieved from the key store or cache if it is decrypted when the mobile device is unlocked by correctly entering the password. Otherwise, the encrypted symmetric key is retrieved from the key store, decrypted and then used to encrypt the retrieved data (step 76).

According to another embodiment of the present invention, at step 80, a determination is made as to whether the received data relates to existing data already stored on the mobile device. In step 82, the encrypted received data is stored in memory if not related to the existing data. If the received data is related to the existing data, the encrypted received data is added to the existing data (step 84). For example, if a transmitter of received data, or an intermediate system such as data server 26 or wireless network gateway 16 of FIG. 1, is configured to transmit data to the mobile device in blocks up to a predetermined size, The item is divided into separate blocks that are sent to the mobile device. In this case, each data block associated with a particular data item received after the first data block for the same data item is associated with some previously received data for the data item.

It will be appreciated by those skilled in the art that if a data item is separated into data blocks, each block includes information that allows the receiver to reconstruct the data item. This information is typically in the form of a session identifier, a data item identifier, a file name, a sequence number, or some other identifier used in the receiver to identify other data blocks for the data item. Although each data block is encrypted when it is received at the mobile device, its modified version, such as a data item identifier, or a hash of the identifier, is preferably stored at the mobile device and, at step 80, Is used to determine whether or not it is related to < / RTI >

If the data item contains a plurality of data blocks, each data block is encrypted and stored when received. Each data block contains a portion of the same data item, but the data block is separately encrypted using an algorithm and key according to the operational state of the mobile device when the data block is received. Thus, the received multi-block data items are stored as a series of independently encrypted data blocks. 5A is a block diagram of a data format supporting such a data item.

The data item 85 includes a data item reference 86 and three data item portions 87, 88 and 89. The data item portions 87, 88, and 89 are preferably stored in the byte array referenced by the data item reference 86. The data item reference 86 includes a data item identifier such as, for example, an email message identifier or session identifier, and a pointer to the array or the location of the byte array in which the data item portions 87,88 and 89 are stored . The data item identifier supports the determination in step 80 of FIG. 4 and allows the data item portions 87, 88 and 89 to be retrieved, along with the location. Each data item portion 87,88 and 89 includes a data block header 87A, 88A or 89A and a data block 87B, 88B or 89B. The data block header 87A, 88A and 89A includes a length and a key identifier corresponding to each data block 87B, 88B and 89B in the data item 85. [ The data block length in the data block header indicates the length or alternatively indicates the position of the end of the corresponding data block or a pointer to the end of the data block so that each data block can be properly retrieved. The key identifier includes a key, a cryptographic algorithm, or both, which are used to encrypt the data block or are required to decrypt the data block. Data blocks 87B, 88B, and 89B represent received data blocks that contain a single data item that is encrypted.

In the example shown in FIG. 5A, data block 1 was received when the mobile device was unlocked and, by itself, it was encrypted using a symmetric key to generate an encrypted data block 87B. The length of the encrypted data block 87B is determined and this length and the "symmetric" key identifier are added to the encrypted data block 87B as in the block header 87A. The block header 87A and the encrypted data block 87B are then stored in memory.

A data item reference may be a data item, or a multiple-data item, so that a data item can be retrieved and a subsequently received related data block is identified and added to the corresponding byte array referenced by the data item reference. The first data block of the block data item is preferably created and stored when it is received on the mobile device. Thus, the data item reference 86 was created when data block 1 was received, or perhaps after data block 1 was encrypted and stored on the mobile device, and the identifier of the data item and the data item portion 87 were stored And a location indicating where it will be stored or stored.

Data block 2, which is the second data block in the data item, was encrypted using the public key since it was received when the mobile device was locked. The block 2 header 88A is generated and added to the encrypted data block 88B and the final data item portion 88 including the block header 88A and the encrypted data block 88B, Is added to the data item portion 87 in the array referenced by the data item reference 86. Data block 3, which is the third data block, was received while the mobile device was unlocked, like data block 1, and was encrypted using a symmetric key. A data portion 89 comprising a block header 89A and an encrypted data block 89B is likewise appended to the data item portion 88 in the array referenced by the data item reference 86. [

In this manner, subsequent data blocks of one data item are encrypted, a data header is generated and added to the encrypted data block, and the block header and encrypted data block are appended to the previous encrypted data block. In one known way of effectively adding new data to an existing byte array, a new array is determined, the contents of the existing array are copied to the new array, and the new data is written into the new array. The memory space occupied by the existing array is de-referenced or otherwise reused for storage of other data. The copying of this technique tends to be slow and is memory intensive in that it requires enough available memory space for two copies of the existing data array. The above-described supplementary scheme is faster than the known technique and requires less memory space.

When a data item 85 is accessed, such as when a user selects a data item for display, the byte array in which the data item portions 87, 88, and 89 are found uses the location in the data item reference 86 And is located in the memory. For each encrypted data block 87B, 88B, and 89B, the appropriate decryption scheme and the length of the encrypted data block are determined from the key identifiers and lengths in the corresponding block headers 87A, 88A, and 89A. Each encrypted data block 87B, 88B, and 89B is read from the byte array and decoded, and the decoded data block is combined into a single decoded data item corresponding to the data item transmitted to the mobile device.

It will be appreciated by those skilled in the art that although the data item portions 87, 88, and 89 are shown and described in Figure 5 as being stored in a byte array, the data item portions need not necessarily be stored in contiguous memory locations There will be. A memory pointer or other identifier is typically used to logically link the block.

5B is a block diagram of an alternative data format. The data item 90 represents the logical structure of one data item and includes one data item header 92 and three encrypted data blocks 94, 96 and 98. The header 92 contains information such as a data item identifier and a length, location and key identifier for each data block 94, 96 and 98 in the data item 90. The header 92 and data blocks 94, 96 and 98 are preferably logically linked, but need not necessarily be stored in contiguous memory locations.

As in the example described above with reference to FIG. 5A, data blocks 1, 2, and 3 were received when the mobile device was unlocked, locked, and unlocked, respectively. Data blocks 1 and 3 were encrypted using a symmetric key, and data block 2 was encrypted using a public key. When the first data block 94 is received and encrypted and stored on the mobile device so that the first data block 94 can be properly retrieved and decoded and then the associated related data block can be identified, 92) was well prepared and stored. The information for the second and third encrypted data blocks 96 and 98 was added to the header 92 when these data blocks were received. When the mobile device is unlocked and the data item 90 is accessed on the mobile device, each block is positioned using the location and length in the header 92 and a suitable decryption scheme is determined from the key identifier in the header 92 And then each data block is retrieved, decoded and combined to reconstruct the data item.

As shown in FIGS. 5A and 5B and described above, a single data item may contain data blocks encrypted using different encryption schemes, which are received at the mobile device when the mobile device is in a different operational state . It is also possible that the mobile device is in the same operating state when data blocks for the same data item are received. For example, if data block 2 was received when the mobile device was in the unlocked state, that data block 2 could also be encrypted using the symmetric key. According to another embodiment of the present invention, before the received data block is encrypted, whether the current operational state of the mobile device is the same as the operational state of the mobile device when the previous data block of the same data item was received Is determined. If the operational state, and therefore the data protection key, is the same for the received data and the previous data block of one data item, the previous block and the received data are encrypted in the same manner. In this case, the previous data block is preferably decoded if possible, and the received data block is appended to the previous data block decoded to form the combined data block, the combined data block is encrypted and stored in memory do. Since the previous data block is part of the encrypted combined data block, the memory space occupied by the previous data block is overwritten with the encrypted combined data block or becomes available to store other data.

This type of operation is possible, for example, when the previous block and received data are received while the symmetric key is accessible. When the device is locked and encrypted using the public key, the previous block and the received data are received, the private key is inaccessible and the previous block can not be decrypted. However, as described in more detail below, a similar decryption and re-encryption process is possible when the private key becomes accessible, such as when the previous block and the received data are accessed.

Although this decryption / re-encryption provides for coupling of more than one data block into a single encrypted data block, the addition of an encrypted data block as described above requires less time, memory and data processing, Memory, and processing resources.

6 is a flow chart illustrating a method for accessing protected data. In step 102, the data protection system or mobile device system or component retrieves the encrypted data depending on how the data protection system and memory access scheme are implemented. The data protection system then determines, based on the key identifier, whether the encrypted data has been encrypted using the symmetric key or has been encrypted using the public key. In step 106, the corresponding private key is used to decrypt the encrypted data, which is encrypted using the public key. In step 108, the symmetric key is used to decrypt the encrypted data, which is encrypted using a symmetric key. The decrypted data is then retrieved or output to the requesting mobile device system or component. If the received data includes a plurality of data blocks, steps 104 to 110 are executed for each data block.

Decryption steps 106 and 108 assume that the public key or symmetric key is accessible. Unless the mobile device is unlocked when the protected data is accessed, these keys may be available from the memory or may be decrypted. If the key is inaccessible, the protected data can not be decrypted.

As discussed above, public key cryptography is typically slower than symmetric key cryptography. Each time the mobile device is locked, or the data item containing the data is decrypted, the public key decryption operation must be performed on the mobile device. If such data is decrypted in step 106, the decrypted data is available on the mobile device. During the decryption operation, the mobile device remains unlocked so that the symmetric key is also accessible. According to another embodiment of the present invention, the decrypted data previously encrypted using the public key is re-encrypted using the symmetric key. If necessary, the data item header is also updated accordingly. Alternatively, if a given data block of a data item is encrypted using a public key, the decrypted data block is concatenated to form a single combined data block, and then this single combined data The block is re-encrypted using the symmetric key. The original data item is then replaced in memory with the re-encrypted data item. In this way, another public key decryption operation is prevented when the data item is subsequently accessed.

It should also be appreciated that, instead, it may be more desirable to maintain separate encrypted data blocks for multi-block data items. For example, if the multi-block data item is an email message, the message display in the "Inbox" or message list requires only data from the first data block. In this case, it is much faster to construct a message list if only the first data block of each message is decoded instead of each full message.

The specific implementation and configuration of the data protection system and method depends on the type of device on which the data protection is provided. The interaction between the user and the data protection system may be different for different device types. Figures 7-11 are screen shots of a display on a mobile device on which a data protection system and method are implemented, as one illustrative possible implementation. The screenshots in FIGS. 7-11 show the screens displayed to the user on the mobile device display at various stages during the construction of the security feature. In Figures 7-11, data protection is referred to as content protection.

In Figure 7, the user has selected the operation to enable content protection on the mobile device. However, as shown at the top of FIG. 7, the password protection has not yet been enabled, and the user is prompted to enable password protection. Once the user has enabled password protection by moving the cursor from No ("No") to Yes ("Yes ") and selecting Yes, the user will see a password and security expiration period of 2 minutes in this example And password protection is enabled. If password protection is not enabled and there is no available alternative means of safeguarding the data protection key, content protection can not be enabled. These operations are almost the same as those shown in steps 60, 62, and 64 of FIG.

Once password protection is enabled, a content protection key is generated. In Figure 8, the content protection key pair is a public / private key pair. The pseudo-random data is gathered during the key generation operation from the pushing of the user key on the keypad or keyboard and the movement of the thumbwheel input device on the mobile device. On a PC, such data is typically collected using mouse movement. However, since most mobile devices have small displays and no mice, the keyboard keys are used with thumb wheel input devices to provide more randomized data than can be collected using key press or thumb wheel input alone . Figure 9 shows a screen providing feedback to the user indicating pseudo-random information collection progress. In the preferred embodiment, 160 bit data is collected and used as a private key from which a public key is generated. The symmetric key is similarly generated when content protection is enabled, using the same pseudo-random information or further pseudo-random information collected in a similar manner. The number of key presses and thumbwheel movements is preferably reduced by using the same pseudo-random information during the two key generation operations. For example, if the data protection system is configured to use a 160-bit private key and a 128-bit symmetric key, 160-bit random information is collected and used as a private key, and 128 of the 160 bits are used as the symmetric key.

If a data protection key is generated and stored, data protection is enabled and a security options screen appears as shown in FIG. If the mobile device implements other security features, the security options screen provides access to enable, disable, or configure these features as well as content protection. In Fig. 10, the security feature that locks the mobile device when the mobile device is placed in the portable leather case is accessible via the security options screen.

As a further security measure, certain configuration requirements for content protection preferably can not be disabled while content protection is enabled. For example, disabling password protection relinquishes security of the private key and the symmetric key. When the user tries to disable password protection while content protection is enabled, the alert message shown in Fig. 11 is displayed. Password protection is not disabled unless content protection is disabled. Some mobile device types also support configuration control information to further control which features can be enabled and disabled by the user.

When content protection is disabled, several operations are possible. In one embodiment, the stored encrypted data is maintained in an encrypted form. The data protection key is decrypted and then re-encrypted with a pre-determined password that is known to or accessible by the data protection system. The stored encrypted data is retained, but the decryption of the data protection key, and therefore the decryption of the encrypted data when accessed, does not require entry of the user's password. In this way, the same data protection key can be used once content protection is re-enabled. In an alternative embodiment, all stored encrypted data is decrypted and restored in memory when content protection is disabled. Then, there is no decryption operation required for subsequent access to the stored data. If content protection is enabled again, a new data protection key is generated or obtained, the stored data may be encrypted if possible, and subsequently received data is encrypted as described above.

12 is a block diagram of a wireless mobile communication device. Mobile device 500 is preferably a two-way communication device having at least voice and data communication capabilities. Mobile device 500 preferably has the ability to communicate with other computer systems on the Internet. Depending on the functionality provided by mobile device 500, it may be referred to as a data messaging device, an interactive pager, a mobile phone with data messaging capabilities, a wireless Internet appliance, or a data communication device (with or without telephone capability). As discussed above, such an apparatus is generally referred to herein simply as a mobile apparatus.

The mobile device 500 includes a transceiver 511, a microprocessor 538, a display 522, a non-volatile memory 524, a random access memory (RAM) 526, an auxiliary input / 528, a serial port 530, a keyboard 532, a speaker 534, a microphone 536, a short range wireless communication subsystem 540, and other device subsystems 542. The transceiver 511 preferably includes a transmitter and receiver antenna 516 and 518, a receiver Rx 512, a transmitter Tx 514, one or more local oscillators 513 and a digital signal processor (DSP) (520). Within non-volatile memory 524, mobile device 500 includes a plurality of software modules 524A-524N that may be executed by microprocessor 538 (and / or DSP 520): a voice communication module 524A, a data communication module 524B, and a plurality of other operational modules 524N that perform a plurality of other functions.

Mobile device 500 is preferably a two-way communication device having voice and data communication capabilities. Thus, for example, the mobile device 500 can communicate over a voice network, such as any of the analogue or digital cellular networks, and can also communicate over a data network. The voice and data network is represented by communication tower 519 in FIG. These voice data networks may be separate communication networks using separate infrastructure such as base stations, network controllers, or the like, or may be integrated into a single wireless network. Therefore, references to the network 519 should be interpreted to include both a single voice and data network and separate networks.

The communication subsystem 511 is used to communicate with the network 519. The DSP 520 is used to send and receive communication signals to and from the transmitter 514 and the receiver 512 and also exchanges control information with the transmitter 514 and the receiver 512. A single LO 513 may be used with transmitter 514 and receiver 512 if voice and data communications occur at a single frequency, or a set of frequencies at closely spaced intervals. Alternatively, if different frequencies are used for voice communication to data communication, or if the mobile device 500 is enabled for communication on more than one network 519, then a plurality of LOs 513 may be communicated within the network 519 Lt; RTI ID = 0.0 > frequency < / RTI > Although two antennas 516 and 518 are shown in FIG. 12, the mobile device 500 can be used with a single antenna structure. Information, including voice and data information, is communicated to / from the communication module 511 via a link between the DSP 520 and the microprocessor 538.

The detailed design of the communications subsystem 511, such as frequency band, component selection, power level, etc., depends on the communications network 519 on which the mobile device 500 is intended to operate. For example, the mobile device 500, which is intended to be operated in the North American market, is designed to operate as a Mobitex or DataTAC mobile data communication network and also operates on any of several voice communication networks such as AMPS, TDMA, CDMA, PCS, Mobile device 500 intended for use in Europe may be configured to operate with a GPRS data communication network and a GSM voice communication network. Other types of data and voice networks, which are separate and integrated, may also be used with the mobile device 500.

The communication network access requirements for mobile device 500 also depend on the type of network 519. [ For example, in the Mobitex and DataTAC data networks, the mobile device is registered on the network using a unique identification number associated with each device. However, in a GPRS data network, the network access is associated with a subscriber or user of the mobile device 500. GPRS devices typically require a subscriber identity module ("SIM") that is required to operate the mobile device 500 over a GPRS network. Although the local or non-network communication functions (if any) may be operated without a SIM, the mobile device 500 may also be capable of communicating via the network 519 other than some legally required operations, such as the '911' Can not be performed.

After a predetermined required network registration or activation procedure is completed, the mobile device 500 can send and receive communication signals, including both voice and data signals, over the network 519 preferably. The signal received by the antenna from communication network 519 is sent to receiver 512 which provides signal amplification, frequency down conversion, filtering, channel selection, and analog-to-digital conversion. The analog-to-digital conversion of the received signal allows more complex communication functions such as digital demodulation and decoding to be performed using DSP 520. [ In a similar manner, the signal to be transmitted to the network 519 may be processed, including, for example, modulation and encoding by the DSP 520, and then processed in a digital to analog conversion, frequency up conversion, filtering, 518 for transmission to the communication network 519. The transmitter 514 may be any of a variety of communication networks. Although a single transmitter 511 is shown for both voice and data communications, in an alternate embodiment, the mobile device 500 includes a first transceiver for transmitting and receiving voice signals and a second transceiver for transmitting and receiving data signals, A first transceiver configured to operate within a frequency band, and a second transceiver configured to operate within a second frequency band.

In addition to processing the communication signals, the DSP 520 also provides receiver and transmitter control. For example, the gain levels applied to the communication signals within receiver 512 and transmitter 514 may be adaptively controlled via an automatic gain control algorithm implemented within DSP 520. [ Other transceiver control algorithms may also be implemented within the DSP 520 to provide more sophisticated control of the transceiver 511.

The microprocessor 538 preferably manages and controls the overall operation of the mobile device 500. Many types of microprocessors or microcontrollers may be used herein, or alternatively, a single DSP 520 may be used to implement the functions of the microprocessor 538. Low-level communication functions, including at least data and voice communications, are performed via the DSP 520 in the transceiver 511. A high-level communication application, including voice communication application 524A and data communication application 524B, is stored in non-volatile memory 524 for execution by microprocessor 538. [ For example, the voice communication module 524A provides a high-level user interface that can operate to send and receive voice calls over the network 519 between the mobile device 500 and a plurality of other voice devices. Similarly, the data communication module 524B is operable to send and receive data, such as an email message, a file, organizer information, a short text message, etc., over the network 519 between the mobile device 500 and a plurality of other data devices It provides a high-level user interface.

The microprocessor 538 also includes a display 522, a RAM 526, an auxiliary I / O device 528, a serial port 530, a keyboard 532, a speaker 534, a microphone 536, System 540, and any other device subsystem 542, as will be described in greater detail below. For example, modules 524A-N may be executed by microprocessor 538 to provide a high-level interface between a user of the mobile device and the mobile device. The interface typically includes an input / output component provided through a display component 522 and a graphical component provided via the auxiliary I / O device 528, the keyboard 532, the speaker 534 or the microphone 536 .

Some of the illustrated subsystems of FIG. 12 perform communication-related functions, while other subsystems may provide "resident" or on-device functionality. Particularly, some subsystems, such as the keyboard 532 and the display 522, may be used for communication-related functions, such as input of text messages for transmission over a data communication network, and for devices such as a calculator or task list or other PDA- Can be used for resident function.

The operating system software used by the microprocessor 538 is preferably stored in a persistent store, such as non-volatile memory 524. In addition to operating system and communication modules 524A-N, non-volatile memory 524 may include a file system for storing data. The non-volatile memory 524 also includes at least a key store as well as the protected data described above. The operating system, specific device application or module, or portion thereof, is typically temporarily loaded into a volatile store such as RAM 526 for faster operation. In addition, the received communication signals may also be temporarily stored in the RAM 526, before being permanently written into the file system located in the non-volatile memory 524. Non-volatile memory 524 may be implemented as, for example, flash memory, non-volatile RAM, or battery backup RAM.

An exemplary application module 524N that may be loaded onto the mobile device 500 is a PIM application that provides PDA functionality such as calendar events, reservations, and task items. The module 524N may also interact with a voice communication module 524A that manages telephone calls, voicemail, etc., and may also interact with a data communication module 524B that manages email communications and other data transmissions. Alternatively, all functions of the voice communication module 524A and the data communication module 524B may be integrated within the PIM module.

Nonvolatile memory 524 preferably provides a file system to facilitate storage of PIM data items on the device. The PIM application preferably includes the ability to send and receive data items over the wireless network 519, either alone, or with voice and data communication modules 524A, 524B. The PIM data items are seamlessly integrated, synchronized and updated seamlessly with the corresponding set of data items associated with or stored on the host computer via the wireless network 519 to create a mirrored system for data items associated with a particular user .

The mobile device 500 is manually synchronized with the host system by placing the mobile device 500 in an interface pedestal that connects the serial port 530 of the mobile device 500 to the serial port of the host system. The serial port 530 may also be used to download other application modules 524N for installation on the mobile device 500. [ This wired download path can be further used to load the encryption key onto the mobile device 500 for use in secure communications, which is a safer method than exchanging encryption information over the wireless network 519. [ As an alternative to the on-device data protection key generation described above, the data protection key may be generated by another system and communicated to the mobile device 500 in this manner.

The software application module 524N may be coupled to the network 514 via the network 519, the auxiliary I / O subsystem 528, the short-range communication subsystem 540, or any other suitable subsystem 542 Loaded on the mobile device 500 and may be installed by the user in the non-volatile memory 524 or the RAM 526. [ Such flexibility in application installation can increase the functionality of the mobile device 500 and provide improved on-device functionality, communication-related functionality, or both. For example, a secure communication application enables e-commerce functions and other such financial transactions to be performed using the mobile device 500.

When the mobile device 500 is operating in a data communication mode, a received signal, such as a text message or web page download, is processed by the transceiver 511 and provided to the microprocessor 538, Preferably further processes the received signal for output to the display 522, or to the auxiliary I / O subsystem 528. When data protection is enabled, the received data is encrypted as described above before being stored on the mobile device 500. The user of mobile device 500 may also configure data items such as email messages using keyboard 532, which is a fully alphanumeric keyboard, preferably arranged in a QWERTY arrangement, such as the well-known DVORAK arrangement scheme Other alphanumeric keyboards of other arrangements may also be used. User input to the mobile device 500 is further enhanced by a plurality of auxiliary I / O devices 528, which may include thumb wheel input devices, touch pads, various switches, rocker input switches, and the like. The configured data items entered by the user may then be transmitted via the communication network 519 via the transceiver 511 and stored in encrypted form on the mobile device 500 as well.

When the mobile device 500 is operating in a voice communication mode, the overall operation of the mobile device 500 is that the received signal is output to the speaker 534 and a voice signal for transmission is generated in the microphone 536 Is almost similar to the data mode. An alternative voice or audio I / O device, such as a voice message recording subsystem, may also be implemented on the mobile device 500. Display 522 may also be used to provide caller identification, duration of a voice call, or other voice call related information. For example, the microprocessor 538, along with the voice communication module 524A and the operating system software, may detect and display the caller identification information of the incoming voice call on the display 522. [ Although the above-described data protection technology does not necessarily have to be applied to voice communication, since the voice communication signal is not typically stored, certain voice communication related information such as contact information can be protected.

The short-range communications subsystem 540 may also be included within the mobile device 500. For example, the subsystem 540 may include an infrared device and associated circuitry and components, or a Bluetooth or 802.11 short-range wireless communication module, to provide communications with similarly enabled systems and devices.

It will be appreciated that the above description is by way of example only and relates to the preferred embodiment. Various modifications to the system methods described above will be apparent to those skilled in the art, and such obvious changes, whether expressly stated or not, are within the scope of the invention as described and claimed.

For example, an apparatus in which the systems and methods described above may be implemented may include fewer, more, or different components than those shown in the figures. While data protection is probably the most appropriate for mobile devices that are physically difficult to secure due to the nature of the mobile device, the techniques described herein are typically applicable to PCs as well as other systems that are fixed.

The present invention also never relies on any particular communication feature. Data protection as described herein may be implemented in a bidirectional or unidirectional (receive-only) communications device.

Also, although data protection has been described above with respect to data received primarily after data protection has been enabled, existing data that is already stored on the mobile device before data protection is enabled may also be used When data protection is enabled.

Claims (42)

A system for protecting data on a communication device having a first operating state and a second operating state, A key storage unit configured to store a plurality of cipher keys; A memory configured to store data; And Data is received, the communication device is in a first operating state or in a second operating state, and the first cryptographic key of the plurality of cryptographic keys is used when the communication device is in the first operating state, or And a data protection system configured to encrypt the received data using the second one of the plurality of cipher keys when the communication device is in the second operation state, and to store the encrypted received data in the memory. 2. The system of claim 1, wherein the second cryptographic key is inaccessible when the communication device is in a first operational state. 3. The system of claim 2, wherein the first operating state is a locked state and the second operating state is an unlocked state. 3. The system of claim 2, wherein the first cryptographic key is a public key and the second cryptographic key is a symmetric key. 2. The system of claim 1, wherein the communication device comprises a wireless transceiver and the data protection system is configured to receive data from a wireless transceiver. 6. The system of claim 5, wherein the received data comprises confidential data received from a remote computer network over a wireless communication network. 6. The system of claim 5, wherein the communication device further comprises a connector, and wherein the data protection system is also configured to receive data from the connector. The system of claim 7, wherein the connector is selected from the group consisting of a serial port, a universal serial bus (USB) port, a secure digital (SD) slot, and a short- In system. 5. The system of claim 4, wherein the data protection system also receives a request for data, determines whether the communication device is in a second operating state, and transmits the requested data if the communication device is in a second operating state And decrypting the encrypted data. 10. The system of claim 9, wherein the request comprises encrypted data to be decrypted by a data protection system. 10. The system of claim 9, wherein the request identifies the requested data and the data protection system retrieves and decrypts the requested data. 11. The method of claim 10 wherein the public key is associated with a private key and the data protection system further determines whether the encrypted data is encrypted using a public key or a symmetric key, And decrypt the encrypted data using a symmetric key if the encrypted data is encrypted using the symmetric key. ≪ Desc / Clms Page number 12 > 13. The system of claim 12, wherein the data protection system is further configured to store decrypted data on a communications device and to delete decrypted data when the communications device enters a first operational state. 14. The method of claim 13, wherein the symmetric key and the private key are stored in an encrypted form on a communication device, and wherein the data protection system further decrypts the private key when the requested data is encrypted using the public key Storing the decrypted private key on the communication device, decrypting the symmetric key when the requested data is encrypted using the symmetric key, and storing the decrypted symmetric key on the communication device, And delete the decrypted private key and the decrypted symmetric key when entering. 2. The system of claim 1, wherein the data protection system further comprises: a determination unit operable to determine whether the received data relates to existing data stored in the memory, To the existing associated data in the system. 16. The method of claim 15, wherein the encrypted received data and the existing data comprise data blocks of one data item, wherein the data items are encrypted using a second encryption key to determine whether each data block is encrypted using the first encryption key And further comprising an identifier indicating whether the data has been encrypted. The method of claim 1, wherein the communication device is a data communication device, a mobile phone having data and voice communication capabilities, a multi-mode device capable of voice, data and other forms of communication, a messaging device, A wireless mobile communication device selected from the group consisting of a digital assistant (PDA), a wireless modem, a one-way communication device and a two-way communication device. A method for protecting data on a communication device, Storing a first protected cryptographic key and a second cryptographic key on a communication device; Receiving data from a communication device; Determining whether a first protected cryptographic key is accessible; Encrypting the received data using a first protected cryptographic key if the first protected cryptographic key is accessible; Encrypting the received data using a second cryptographic key if the first protected cryptographic key is inaccessible; And And storing the encrypted received data in a memory on the communication device. 19. The method of claim 18, wherein the communication device has a locked operating state in which the first protected cryptographic key is inaccessible and an unlocked operating state in which the first protected cryptographic key is accessible, Determining whether the device is in a locked operating state or in an unlocked operating state. 20. The method of claim 19, wherein the first protected cryptographic key is a symmetric key and the second cryptographic key is a public key associated with the private key, the method further comprising storing the private key on the communication device Way. 19. The method of claim 18, wherein the communication device is a wireless mobile communication device, and wherein the receiving comprises receiving confidential data from a remote computer network via the wireless communication network. 21. The method of claim 20, further comprising: receiving a request for data from a system on the communication device; Determining whether the requested data is encrypted using a symmetric key or a public key; Decrypting the requested data using a symmetric key if the requested data is encrypted using a symmetric key; And And decrypting the requested data using the private key if the requested data is encrypted using the private key. 23. The method of claim 22, wherein the request comprises encrypted data to be decrypted. 24. The method of claim 22, wherein the request identifies the requested data, and the method further comprises retrieving the requested data. 23. The method of claim 22, further comprising: storing the decrypted data on a communication device; And Further comprising deleting decrypted data when the communication device enters a locked operating state. 26. The method of claim 25, wherein storing the first protected cryptographic key and the second cryptographic key on a communication device comprises: encrypting the symmetric key and storing the encrypted symmetric key on the communication device; Wherein storing the private key on the communication device comprises encrypting the private key and storing the encrypted private key on the communication device; Wherein decrypting the requested data using the symmetric key comprises: decrypting the encrypted symmetric key; Wherein decrypting the requested data using the private key comprises decrypting the encrypted private key. 27. The method of claim 26, wherein decrypting the requested data using the symmetric key further comprises storing the decrypted symmetric key on a communication device, wherein decrypting the requested data using the private key RTI ID = 0.0 > 1, < / RTI > further comprising storing the decrypted private key on a communication device. 28. The method of claim 27, wherein the step of decrypting the requested data using the symmetric key comprises: determining whether a decrypted symmetric key is stored on the communication device; decrypting the decrypted symmetric key if the decrypted symmetric key is stored in the communication device; Retrieving the symmetric key; The step of decrypting the requested data using the private key may include determining whether the decrypted private key is stored on the communication device, and retrieving the decrypted private key when the decrypted private key is stored in the communication device Further comprising the steps of: 28. The method of claim 27, further comprising deleting a decrypted symmetric key and a decrypted private key when the communication device enters a locked operating state. 19. The method of claim 18, wherein the received data comprises a data item having a data item identifier, Creating a data item reference that includes a data item identifier and a location of encrypted received data in the memory; And Further comprising storing the data item reference in a memory. 19. The method of claim 18, wherein storing the encrypted received data comprises: Determining whether the received data relates to existing data stored in the memory; And And adding the encrypted received data to the existing associated data in the memory when the received data relates to the existing data. 32. The method of claim 31, wherein the received data and the existing associated data comprise data blocks of a data item, the data item is associated with a data item reference that includes a data item identifier and a location of existing related data in memory. Wherein the step of adding the encrypted received data comprises: Determining the length of the encrypted received data; Generating an identifier indicating whether the encrypted received data has been encrypted using the first protected cryptographic key or using the second cryptographic key; Adding a length and an identifier to the encrypted received data; And Length, an identifier, and encrypted received data to existing associated data. 19. The method of claim 18, wherein the received data comprises a data item having a data item identifier, The data item identifier, the block length of the encrypted received data, the location of the encrypted received data in the memory, and whether the encrypted received data has been encrypted using the first protected encryption key or the second encrypted key Creating a data item header including a key identifier; And Storing the data item header in a memory. 34. The method of claim 33, wherein the storing the encrypted received data comprises: Determining whether the received data relates to existing data stored in the memory and an existing data header; And If the received data is related to existing data and an existing data header, Determining the length of the encrypted received data; Generating an identifier indicating whether the encrypted received data is encrypted using a first protected encryption key or encrypted using a second encrypted key; Adding the determined length and the generated identifier to a data item header; And And adding the encrypted received data to existing associated data. 19. The method of claim 18, wherein encrypting the received data using the first protected encryption key comprises: Determining whether the received data relates to existing encrypted data stored in the memory; Determining whether existing encrypted data has been encrypted using a first protected cryptographic key if the received data relates to existing encrypted data stored in the memory; And If the existing encrypted data is encrypted using the first protected encryption key, Decrypts the existing encrypted data using the first protected cryptographic key ; Adds the received data to the decoded existing data, Forming a block; And And encrypting the combined data block using a first protected cryptographic key. 33. The method of claim 32, wherein the second cryptographic key is associated with a private decryption key, wherein storing the first protected cryptographic key and the second cryptographic key on a communication device includes storing the private decryption key on a communication device Said method comprising the steps of: Receiving a request for a data item from a system on the communication device; For each block in the data item, If the data block is encrypted using the first protected cryptographic key, Determining if it is encrypted using a cryptographic key; If the data block is encrypted using the first protected cryptographic key, Decrypting the data block using the protected cryptographic key; And Decrypting the data block using the private decryption key when the data block is encrypted using the private key; And And providing a decrypted data item comprising each decrypted data block to a system on the communication device. 37. The method of claim 36, wherein for each data block in the data item encrypted using the second cryptographic key, Encrypting a decrypted data block using a first protected cryptographic key to generate a re-encrypted data block; And Replacing the data block with a re-encrypted data block in memory. 38. The method of claim 36, further comprising: encrypting a decrypted data item using a first protected cryptographic key to generate a re-encrypted data item; And Replacing the data item in the memory with the re-encrypted data item. 19. The method of claim 18, further comprising: enabling data protection on a communication device; Determining whether a locked operating state in which the first protected cryptographic key is inaccessible is enabled on the communication device; Prompting the user of the communication device to enable the locked operating state if the locked operating state is not enabled on the communication device; And Further comprising generating a decryption key associated with the first protected cryptographic key, the second cryptographic key, and the second cryptographic key when the locked operating state is enabled on the communication device. 40. The method of claim 39, wherein said generating comprises collecting pseudo-random information from user inputs to a communication device. 19. The method of claim 18, wherein the communication device is a data communication device, a mobile phone having data and voice communication capabilities, a multi-mode device capable of voice, data and other types of communication, a messaging device, A wireless communication device selected from the group consisting of a digital assistant (PDA), a wireless modem, a unidirectional communication device, and a bidirectional communication device. A system for protecting data on a communication device, Means for storing a first protected cryptographic key and a second cryptographic key on a communication device; Means for receiving data at a communication device; Means for determining whether a first protected cryptographic key is accessible; Means for encrypting data received using a first protected cryptographic key if the first protected cryptographic key is accessible; Means for encrypting the received data using a second cryptographic key if the first protected cryptographic key is inaccessible; And And means for storing the encrypted received data in a memory on the communication device.