Abstract: A system and method for isolating secure communication events from a non-secure application are described herein. The method can include the steps of intercepting a communication event from an external communications network or an external communications device and determining whether the communication event is a secure communication event. If the communication event is a secure communication event, the secure communication event can be processed by a secure application. In addition, the secure communication event can be prevented from being processed by the non-secure application.

Abstract: A system and method for isolating secure communication events from a non-secure application are described herein. The method can include the steps of intercepting a communication event from an external communications network or an external communications device and determining whether the communication event is a secure communication event. If the communication event is a secure communication event, the secure communication event can be processed by a secure application. In addition, the secure communication event can be prevented from being processed by the non-secure application.

Abstract: A method and system of runtime injection for a secure application are described herein. During runtime of the secure application, a conventional request from the secure application can be intercepted. The intercepted conventional request can be modified such that the request is unrecognizable to an unsecure application, which can create a secure request. In addition, the secure request can be passed to a system process to enable the system process to process the secure request.

Abstract: A method and system of selectively permitting a non-secure application to communicate with a secure application are described herein. The method can be practiced in a system that support an environment designed to restrict secure applications from processing requests from non-secure applications. In particular, a request can be received from a non-secure application by a system framework and, through the system framework, it can be determined that a secure application is capable of processing the request. The request can be delegated from the system framework to a secure framework. In addition, through the secure framework, it can be determined whether the non-secure application is an authorized non-secure application. If the non-secure application is an authorized non-secure application, the secure application can be permitted to process the request from the non-secure application.

Abstract: A method and system for selective application of device policies are described herein. The method can include the step of receiving one or more policies from a messaging server in which the policies are intended to be indiscriminately applied to a computing device. Out of the received policies, one or more container policies that are to be applied to a container of the computing device can be identified. The identified container policies can be applied to the container such that the identified container policies may be prevented from being indiscriminately applied to the computing device.

Abstract: A system and method for linking to a shared library, such as a shared class library, are described herein. The method can include the step of launching an application on a computing device in which the computing device supports a first class loader and a second class loader. The first class loader may serve as a parent class loader to the second class loader. In response to the launching of the application, an override class loader that is configured to serve as an override parent class loader to the second class loader can be generated. When a request for a component is received from the launched application at the second class loader, the request can be intercepted by the override class loader to determine if the override class loader is to process the request. If the override class loader is to process the request, the override class loader can be used to search the shared library for the component.

Abstract: A system and method for isolating secure communication events from a non-secure application are described herein. The method can include the steps of intercepting a communication event from an external communications network or an external communications device and determining whether the communication event is a secure communication event. If the communication event is a secure communication event, the secure communication event can be processed by a secure application. In addition, the secure communication event can be prevented from being processed by the non-secure application.

Abstract: A system and method for enabling the sharing of content between secure applications and unsecure applications are described herein. Content requests can be received from secure applications and unsecure applications. In response to the content requests, listings of options can be returned that have the ability to satisfy the content requests from the requesting secure applications or the requesting unsecure applications. In addition, selections of the options of the listings of options can be received through the requesting secure applications or the requesting unsecure applications. Content locations that are to be returned to the secure applications can be selectively modified such that subsequent content requests that involve the modified content locations are identified as being associated with an unsecure option.

Abstract: A method and system for selective application of device policies are described herein. The method can include the step of receiving one or more policies from a messaging server in which the policies are intended to be indiscriminately applied to a computing device. Out of the received policies, one or more container policies that are to be applied to a container of the computing device can be identified. The identified container policies can be applied to the container such that the identified container policies may be prevented from being indiscriminately applied to the computing device.

Abstract: A method and system for combining multiple applications into a single binary file while maintaining per process sandboxing are described herein. The method can include the steps of identifying a plurality of applications for delivery to a computing device and analyzing the non-code assets of the identified applications for conflicts. The conflicts among the non-code assets of the identified applications can be resolved. In addition, a process tag can be attached to the components of the identified applications to ensure that the components of the identified application run in their authorized processes, thereby maintaining per process sandboxing of the identified applications. The plurality of applications can be packaged as a single binary file without affecting the per process sandboxing.

Abstract: A system and method for isolating secure communication events from a non-secure application are described herein. The method can include the steps of intercepting a communication event from an external communications network or an external communications device and determining whether the communication event is a secure communication event. If the communication event is a secure communication event, the secure communication event can be processed by a secure application. In addition, the secure communication event can be prevented from being processed by the non-secure application.

Abstract: A method of enabling the federation of unrelated applications is described herein. The method can include the step of installing a candidate application for inclusion in a secure workspace. A first previously-installed application may have a certificate signed by a first entity, and a second previously-installed application may have a certificate signed by a second entity such that the first and second previously-installed applications have different certificates. The method can also include the steps of generating a federation value for the candidate application for inclusion in the secure workspace and determining the result of a federation check of the candidate application based on the generated federation value. If the federation check for the candidate application is satisfied, the candidate application may be permitted to be part of the secure workspace.

Abstract: A method and system of restricting the operation of applications to authorized domains is described herein. The method can include the steps of receiving reference domain restriction data associated with an application and receiving generated domain restriction data associated with the application. A domain restriction check can be performed by comparing the generated domain restriction data with the reference domain restriction data, In addition, a domain restriction approval signal can be generated if the domain restriction check is satisfied. The domain restriction check can ensure that the application will not operate in unauthorized domains.