Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device. The method comprises: storing data comprising, for each of a plurality of access levels associated with the application, first data indicative of a combination of one or more credentials associated with the respective access level and an access level key corresponding to the respective access level, the access level key being encrypted by the combination of one or more credentials associated with the respective access level; determining, based on the first data, an access level in the plurality of access levels corresponding to a combination of one or more credentials available to the application; decrypting the access level key in the stored data corresponding to the determined access level; and providing access to encrypted application data associated with the application and corresponding to the determined access level.

Abstract: Systems, methods, and software can be used to process a resource request. In some aspects, a method, comprising: transmitting, from a mobile device, an encrypted request to a proxy server, wherein the encrypted request comprises a Hypertext Transfer Protocol (HTTP) request, the HTTP request is addressed to an application server that provides service to an application on the mobile device, and the encrypted request is encrypted using an application-specific credential that is associated with the application; and receiving, at the mobile device, an encrypted response in response to the encrypted request, wherein the encrypted response comprises an HTTP response generated by the application server.

Abstract: A method of controlling access to data on a first electronic device, the method comprising steps of establishing a shared encryption key with a first software application instance running on a second electronic device, receiving a ‘begin session’ command sent by the first software application instance and responsive to the ‘begin session’ command, creating a storage location in a data store of the electronic device, obtaining a data encryption key, receiving data, encrypting the data using the data encryption key and storing the encrypted data in the storage location, receiving an ‘end session’ command sent by the first software application instance and responsive to the ‘end session’ command, discarding the shared encryption key, and deleting the encrypted data from the storage location.

Abstract: Systems, methods, and software can be used to provide inter-enterprise data communications between enterprise applications on an electronic device. In some aspects, a method comprises: receiving, by a bridge application executing on an electronic device, an interoperation request for a first enterprise, wherein the interoperation request includes a first token and a second token; sending, from the bridge application to an application of the first enterprise, the first token, wherein the application of the first enterprise executes on the electronic device; receiving, by the bridge application from the application of the first enterprise, a certificate in response to the first token, wherein the certificate is encrypted by the second token; decrypting, by the bridge application, the certificate by using the second token; and validating, by the bridge application, the application of the first enterprise based on the decrypted certificate.

Abstract: A method and system for negotiating a secure device-to-device communications channel between a first computing device and a second computing device, wherein the first computing device is associated with a first user and the second computing device is associated with a second user. The method comprises receiving, at a server, a first connection request comprising first address data and a first cryptographic key associated with the first computing device, the first connection request being received over a first secure communications channel, and receiving, at the server, a second connection request comprising second address data and a second cryptographic key associated with the second computing device, the second connection request being received over a second secure communications channel.

Abstract: Embodiments provide methods, devices and computer program arranged to control access to clipboards by applications. In one embodiment a user device comprises: at least one processor; and at least one memory comprising computer program code and an application that has been provisioned by an application provisioning entity, the application having access to a first clipboard of a first type, to which data can be transferred and/or from which data can be retrieved by a further, different, application on the user device, wherein the application is configured with an encryption key for the transfer of data to and/or retrieval of data from a second clipboard of a second, type, clipboard, the encryption key being associated with the application provisioning entity. The user device can control the transfer of data to and/or retrieval of data from the second clipboard by the application via the encryption key.

Abstract: Systems, methods, and software can be used to process a resource request. In some aspects, a method, comprising: transmitting, from a mobile device, an encrypted request to a proxy server, wherein the encrypted request comprises a Hypertext Transfer Protocol (HTTP) request, the HTTP request is addressed to an application server that provides service to an application on the mobile device, and the encrypted request is encrypted using an application-specific credential that is associated with the application; and receiving, at the mobile device, an encrypted response in response to the encrypted request, wherein the encrypted response comprises an HTTP response generated by the application server.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: A computing device stores a set of executable code comprising first, second and third subsets of data. The first and second subsets of data comprise first and second encrypted data, respectively. Responsive to receipt of first authentication data for authenticating a respective user, the computing device is arranged to decrypt one of the first and second encrypted data to generate decrypted data, and to configure the third subset of data based on the decrypted data. The third subset of data, having been so configured, is executable by the one or more processors using the operating system to perform one or more tasks on behalf of the respective user. Thus an application-level log in is provided.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: Methods and devices arranged to provide functions for generating a security code are described. These functions include defining a set of locations in the one or more images on the basis of one or more user-selected locations, and generating a security code based on values determined and derived from display parameters associated with imaging elements having locations corresponding to the defined set of locations. This enables a security code to be generated that contains a high level of entropy, and is therefore capable of providing high levels of security, based on user input that is easy for the user to remember.

Abstract: A contact enrichment system is provided to determine whether contacts stored in a mobile device match profiles stored on a social network server. Profiles matching the contacts are used to enrich the contacts by appending information such as images and video to the contacts. The appended information in the contacts are also linked to the source profile so that the contact information may be periodically updated. Information may be drawn from multiple profiles on multiple social network servers to fully enrich the contacts stored on the mobile device.

Abstract: Disclosed herein are methods and devices for associating a first workspace data object with a first workspace service and for determining characteristics of the association of the first workspace data object with the first workspace service. The methods and devices described herein relate to receiving touch-screen based input in a plurality of display areas of a display to make the associations.

Abstract: Embodiments of the invention are concerned with processing data relating to calendar entries. In one embodiment processing includes detecting a correspondence between a telephone number and at least one characteristic of a calendar workspace item, and processing data relating to a communications event identified by the telephone number on the basis of the detected correspondence. The processing may include triggering a notification for an incoming communications event, such as a telephone call or text message, that is received by a telephony device. In another embodiment processing includes detecting a correspondence between at least one characteristic of a stored communications event workspace item and at least one characteristic of a calendar workspace item, and processing data relating to the communications event on the basis of the detected correspondence. This processing may include filtering a plurality of communications event workspace items, and displaying one or more of the filtered items.

Abstract: In one aspect of a method of anonymizing user data by aggregation, at least one server-side device receives an anonymous aggregation command from a user client device. The anonymous aggregation command includes a specification of a set of users and an action to be taken. A list of users who meet the specification in the anonymous aggregation command is generated. The list of users who meet the specification is validated as meeting at least one criterion for anonymous aggregation. The action in the anonymous aggregation command is triggered to be taken in respect of the validated list of users who meet the specification.

Abstract: A method and system for negotiating a secure device-to-device communications channel between a first computing device and a second computing device, wherein the first computing device is associated with a first user and the second computing device is associated with a second user. The method comprises receiving, at a server, a first connection request comprising first address data and a first cryptographic key associated with the first computing device, the first connection request being received over a first secure communications channel, and receiving, at the server, a second connection request comprising second address data and a second cryptographic key associated with the second computing device, the second connection request being received over a second secure communications channel.

Abstract: Embodiments provide methods, devices and computer program arranged to control access to clipboards by applications. In one embodiment a user device comprises: at least one processor; and at least one memory comprising computer program code and an application that has been provisioned by an application provisioning entity, the application having access to a first clipboard of a first type, to which data can be transferred and/or from which data can be retrieved by a further, different, application on the user device, wherein the application is configured with an encryption key for the transfer of data to and/or retrieval of data from a second clipboard of a second, type, clipboard, the encryption key being associated with the application provisioning entity. The user device can control the transfer of data to and/or retrieval of data from the second clipboard by the application via the encryption key.

Abstract: A contact enrichment system is provided to determine whether contacts stored in a mobile device match profiles stored on a social network server. Profiles matching the contacts are used to enrich the contacts by appending information such as images and video to the contacts. The appended information in the contacts are also linked to the source profile so that the contact information may be periodically updated. Information may be drawn from multiple profiles on multiple social network servers to fully enrich the contacts stored on the mobile device.

Abstract: Methods and devices arranged to provide functions for generating a security code are described. These functions include defining a set of locations in the one or more images on the basis of one or more user-selected locations, and generating a security code based on values determined and derived from display parameters associated with imaging elements having locations corresponding to the defined set of locations. This enables a security code to be generated that contains a high level of entropy, and is therefore capable of providing high levels of security, based on user input that is easy for the user to remember.