Abstract: Improved techniques and apparatus for managing data between a host device (e.g., host computer) and a media device are disclosed. The data being managed can, for example, pertain to media data for media assets. The managing of the media data thus can involve transfer of media assets between the host device and the media device. In one embodiment, the transfer of media assets between a host device and a media device can be referred to as data backup.

Abstract: Embodiments of the present disclosure provide methods and systems for securely installing software on a computing device, such as a mobile device. In one embodiment, the device executes an installer that securely installs the software. In order to perform installations securely, the installer configures one or more secure containers for the software and installs the software exclusively in these containers. In some embodiments, the installer randomly determines the identifiers for the containers. These identifiers remain unknown to the software to be installed. Instead, an installation framework maintains the correspondence between an application and its container. Other methods and apparatuses are also described.

Abstract: A method and an apparatus for establishing an operating environment by certifying a code image received from a host over a communication link are described. The code image may be digitally signed through a central authority server. Certification of the code image may be determined by a fingerprint embedded within a secure storage area such as a ROM (read only memory) of the portable device based on a public key certification process. A certified code image may be assigned a hash signature to be stored in a storage of the portable device. An operating environment of the portable device may be established after executing the certified code.

Abstract: Systems and methods for activating a mobile device for use with a service provider are described. In one exemplary method, a mobile device having a currently inserted SIM card may be prepared for activation using a signing process in which an activation server generates a signed activation ticket that uniquely corresponds to the combination of the device and SIM card, and that is securely stored on the mobile device. In another exemplary method the mobile device may be activated in an activation process in which the device verifies an activation ticket against information specific to the device and SIM card, and initiates activation when the verification of the activation ticket is successful.

Abstract: Methods, program products, and systems of over-the-air device configuration are disclosed. In general, in one aspect, a mobile device can determine, in an application subsystem of the mobile device, that the mobile device requests an initial setup. The application subsystem can send a request to a baseband subsystem of the mobile device. The request can include an indicator specifying that the baseband subsystem is to operate in a service configuration mode. The mobile device can request the configuration information from a registration server using the baseband subsystem that operates under the service configuration mode. Requesting the configuration information from the server can include connecting to the server over the air using a cellular network, through a specified carrier and under a specified data transfer cap. The mobile device can then configure the mobile device using configuration information received from the server.

Abstract: Systems and methods for activating a mobile device for use with a service provider are described. In one exemplary method, a mobile device having a currently inserted SIM card may be prepared for activation using a signing process in which an activation server generates a signed activation ticket that uniquely corresponds to the combination of the device and SIM card, and that is securely stored on the mobile device. In another exemplary method the mobile device may be activated in an activation process in which the device verifies an activation ticket against information specific to the device and SIM card, and initiates activation when the verification of the activation ticket is successful.

Abstract: Methods and systems are disclosed that allow automated qualification of a binary application program. A binary application program submitted from a developer can be automatically examined to determine whether the binary application program complies with rules or guidelines of a platform. If the binary application program complies with the rules or guidelines, the binary application program can be qualified, and can be distributed upon further approval. If the binary application program does not comply with the rules or guidelines, the application program can be rejected and a notification can be sent to the developer.

Abstract: Embodiments of the present disclosure provide methods and systems for managing securely installed applications. After installation, an installation framework performs a bind process to correlate the randomly assigned identifier with the unique identifier of the application. The installation framework also manages the execution of the application. When an application is launched, the application framework performs a search for that application's randomly assigned identifier and locates the application's container. The application is then allowed to execute within its container. During execution, the software application may also be restricted in various ways by the installation framework to its dynamic containers. The installer may also work with a trusted operating system component, such as the kernel, to help enforce the container restrictions. In addition, if desired, the use of random identifiers for containers may be used in conjunction with other security mechanisms, such as the use of code signing.

Abstract: Systems and methods for activating a mobile device for use with a service provider are described. In one exemplary method, a mobile device having a currently inserted SIM card may be prepared for activation using a signing process in which an activation server generates a signed activation ticket that uniquely corresponds to the combination of the device and SIM card, and that is securely stored on the mobile device. In another exemplary method the mobile device may be activated in an activation process in which the device verifies an activation ticket against information specific to the device and SIM card, and initiates activation when the verification of the activation ticket is successful.

Abstract: Embodiments of the present disclosure provide methods and systems for securely installing software on a computing device, such as a mobile device. In one embodiment, the device executes an installer that securely installs the software. In order to perform installations securely, the installer configures one or more secure containers for the software and installs the software exclusively in these containers. In some embodiments, the installer randomly determines the identifiers for the containers. These identifiers remain unknown to the software to be installed. Instead, an installation framework maintains the correspondence between an application and its container. Other methods and apparatuses are also described.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for data storage. In one aspect, a method includes the actions of identifying a running query from an application; determining one or more data items of a plurality of data items that the application has permission to view according to one or more application specific access policies; and presenting the one or more data items to the application while not presenting other data items of the plurality of data items.

Abstract: Methods, program products, and systems of over-the-air device configuration are disclosed. In general, in one aspect, a mobile device can determine, in an application subsystem of the mobile device, that the mobile device requests an initial setup. The application subsystem can send a request to a baseband subsystem of the mobile device. The request can include an indicator specifying that the baseband subsystem is to operate in a service configuration mode. The mobile device can request the configuration information from a registration server using the baseband subsystem that operates under the service configuration mode. Requesting the configuration information from the server can include connecting to the server over the air using a cellular network, through a specified carrier and under a specified data transfer cap. The mobile device can then configure the mobile device using configuration information received from the server.

Abstract: Embodiments of the present disclosure provide methods and systems for securely installing software on a computing device, such as a mobile device. In one embodiment, the device executes an installer that securely installs the software. In order to perform installations securely, the installer configures one or more secure containers for the software and installs the software exclusively in these containers. In some embodiments, the installer randomly determines the identifiers for the containers. These identifiers remain unknown to the software to be installed. Instead, an installation framework maintains the correspondence between an application and its container. Other methods and apparatuses are also described.

Abstract: Methods and systems are disclosed that allow automated qualification of a binary application program. A binary application program submitted from a developer can be automatically examined to determine whether the binary application program complies with rules or guidelines of a platform. If the binary application program complies with the rules or guidelines, the binary application program can be qualified, and can be distributed upon further approval. If the binary application program does not comply with the rules or guidelines, the application program can be rejected and a notification can be sent to the developer.

Abstract: Systems and methods for activating a mobile device for use with a service provider are described. In one exemplary method, a mobile device having a currently inserted SIM card may be prepared for activation using a signing process in which an activation server generates a signed activation ticket that uniquely corresponds to the combination of the device and SIM card, and that is securely stored on the mobile device. In another exemplary method the mobile device may be activated in an activation process in which the device verifies an activation ticket against information specific to the device and SIM card, and initiates activation when the verification of the activation ticket is successful.

Abstract: Systems and methods for activating a mobile device for use with a service provider are described. In one exemplary method, a mobile device having a currently inserted SIM card may be prepared for activation using a signing process in which an activation server generates a signed activation ticket that uniquely corresponds to the combination of the device and SIM card, and that is securely stored on the mobile device. In another exemplary method the mobile device may be activated in an activation process in which the device verifies an activation ticket against information specific to the device and SIM card, and initiates activation when the verification of the activation ticket is successful.

Abstract: Embodiments of the present disclosure provide for upgrades and synchronization of applications installed on a device, such as a mobile device. In one embodiment, a device may include applications purchased and downloaded via a content management system. The device maintains a list or database of applications that are authorized for each device. This list is also replicated in a remote cache that is maintained by an archive host. The device may then synchronize and upgrade these applications across multiple platforms, such as one or more computers that can be coupled to the device or the archive host. The archive host allows for files of the application be provided back to the device. Upon installation, the device can then confirm the authorization and identity of the newly installed application.

Abstract: Embodiments of the present disclosure provide methods and systems of backing up applications and their associated data installed on a device, such as a mobile device. In particular, data for a backed-up application is stored on a remote archive host and can be restored to dynamically managed containers of securely installed applications on the device. Upon request, the archive host may provide a package of files to the device. The device may then restore the application based on the contents of the package. The package may comprise all the files needed to install the application including the program code, data, and documents. Alternatively, the package may simply comprise just some of the files, such as just the data or documents for an application. After installation, a secure installer framework may be used to verify the applications and authorize the application's execution on the device.

Abstract: Embodiments of the present disclosure provide methods and systems for managing securely installed applications. After installation, an installation framework performs a bind process to correlate the randomly assigned identifier with the unique identifier of the application. The installation framework also manages the execution of the application. When an application is launched, the application framework performs a search for that application's randomly assigned identifier and locates the application's container. The application is then allowed to execute within its container. During execution, the software application may also be restricted in various ways by the installation framework to its dynamic containers. The installer may also work with a trusted operating system component, such as the kernel, to help enforce the container restrictions. In addition, if desired, the use of random identifiers for containers may be used in conjunction with other security mechanisms, such as the use of code signing.

Abstract: Embodiments of the present disclosure provide methods and systems for securely installing software on a computing device, such as a mobile device. In one embodiment, the device executes an installer that securely installs the software. In order to perform installations securely, the installer configures one or more secure containers for the software and installs the software exclusively in these containers. In some embodiments, the installer randomly determines the identifiers for the containers. These identifiers remain unknown to the software to be installed. Instead, an installation framework maintains the correspondence between an application and its container. Other methods and apparatuses are also described.