Abstract: A method and system for receiving from an authenticated user, at an authorization server, via a service provider, an authorization request to perform a sensitive operation on a first device. The method also includes generating, by the authorization server and in response to receiving the authorization request, an authorization token that includes a device constraint and a binding code constraint, which includes a binding code. Additionally, the method includes transmitting the authorization token to an isolated execution environment of the first device, where the sensitive operation is not permitted on the first device unless the first device successfully performs a verification in the isolated execution environment using the authorization token. Furthermore, the method includes permitting the sensitive operation based on the verification.

Abstract: A system and method can support on-device operation management. A token issuer on a backend server, and/or a tool, can generate an authorization token, which is bound to a user of one or more devices using a unique identifier (ID) that is assigned to the user. The unique ID can be known and/or shared between the an on-device authorizing entity and the token issuer. Then, the on-device authorizing entity can verify the authorization token before granting an execution of one or more protected on-device operations. Furthermore, the on-device authorizing entity may not grant the execution of the one or more protected on-device operations, when the unique ID is erased from the device.

Abstract: A method and system for receiving from an authenticated user, at an authorization server, via a service provider, an authorization request to perform a sensitive operation on a first device. The method also includes generating, by the authorization server and in response to receiving the authorization request, an authorization token that includes a device constraint and a binding code constraint, which includes a binding code. Additionally, the method includes transmitting the authorization token to an isolated execution environment of the first device, where the sensitive operation is not permitted on the first device unless the first device successfully performs a verification in the isolated execution environment using the authorization token. Furthermore, the method includes permitting the sensitive operation based on the verification.

Abstract: One particular implementation may take the form of a system or method for tracking application identification and application context in a context-isolated computing environment. The method may store such application information to reduce redundant information being stored on a stack. More particularly, the embodiment may store the application information in a context-specific marker frame. The context-specific marker frame may be stored once on the stack or it may be stored separately from the stack to maintain a small stack size. In another implementation, an invocation handler method may be called to store the redundant information about the executing application. The invocation handler may store the necessary information in a well-known location for later use by the virtual machine. The invocation handler may also provide further benefits, such as synchronization to ensure thread safety on shareable objects.

Abstract: A system and method can support on-device operation management. A token issuer on a backend server, and/or a tool, can generate an authorization token, which is bound to a user of one or more devices using a unique identifier (ID) that is assigned to the user. The unique ID can be known and/or shared between the an on-device authorizing entity and the token issuer. Then, the on-device authorizing entity can verify the authorization token before granting an execution of one or more protected on-device operations. Furthermore, the on-device authorizing entity may not grant the execution of the one or more protected on-device operations, when the unique ID is erased from the device.

Abstract: A system and method is provided to facilitate secure communications for a server-application executing on a resource-constrained device. A request, from a client application executing on a client device to access a server application executing on the resource-constrained device is received on an application-specific secure port of a resource-constrained device. The request is authenticated using a security token stored in an application context of the server application. The authentication is performed by a transport security layer protocol executing within the application context of the server application. The security token is specific for the server application. A secure connection is established directly between the secure port and the client application upon the authentication being successful.

Abstract: A system and method is provided to facilitate secure communications for a server-application executing on a resource-constrained device. A request, from a client application executing on a client device to access a server application executing on the resource-constrained device is received on an application-specific secure port of a resource-constrained device. The request is authenticated using a security token stored in an application context of the server application. The authentication is performed by a transport security layer protocol executing within the application context of the server application. The security token is specific for the server application. A secure connection is established directly between the secure port and the client application upon the authentication being successful.

Abstract: An approach for making an object owned by a first application that executes in a first isolated execution context accessible to a second application that executes in a second isolated execution context is described herein. According to this approach the object is associated with the first isolated execution context. A request is received to render the object accessible to the second application. Ownership of the object is transferred to the second application by changing the isolated execution context that is associated with the object to the second isolated execution context, thereby rendering the object accessible to the second application.

Abstract: A persistence management system facilitates porting servlet-based applications, such as Web applications, to an extremely mobile/nomadic system such as a resource-constrained device platform, e.g., a smart card, where sessions on a card acceptance device are intermittent by nature. Persistence management system (i) minimizes the startup time, and (ii) restores applications in a consistent state. The persistent management system supports: a) selective persistence of servlet model objects: both container-managed objects and application-managed objects; b) optional persistence of threads; and c) optional persistence of connection objects.

Abstract: A first application instance is associated with a protection domain based on credentials (e.g.: a signed certificate) associated with a set of application code that, when executed, gives rise to the application instance. The first application instance executes in a first execution context. An indication is received that the first application instance seeks access to protected functionality associated with a second execution context. In response to receiving the indication, a determining is made as to whether the first application instance has permission to access the protected functionality. The determination is made by determining the protection domain with which the first application instance is associated, and determining if the protection domain with which the first application instance is associated is in the set of one or more protection domains.

Abstract: One particular implementation may take the form of a system or method for tracking application identification and application context in a context-isolated computing environment. The method may store such application information to reduce redundant information being stored on a stack. More particularly, the embodiment may store the application information in a context-specific marker frame. The context-specific marker frame may be stored once on the stack or it may be stored separately from the stack to maintain a small stack size. In another implementation, an invocation handler method may be called to store the redundant information about the executing application. The invocation handler may store the necessary information in a well-known location for later use by the virtual machine. The invocation handler may also provide further benefits, such as synchronization to ensure thread safety on shareable objects.

Abstract: A generic event notification service for a resource-constrained device is provided. One method includes receiving an event having a unique event identifier, and determining whether an event-producing application is authorized to fire the event. Upon a determination of authorization to fire the event, a determination is made whether any event-consuming applications are authorized by the event-producing application to receive the event. Upon a determination of authorization to receive the event, the event is forwarded to each authorized event-consuming application. In this manner, secure, flexible, generic, and uniform application interaction is facilitated.

Abstract: An approach for making an object owned by a first application that executes in a first isolated execution context accessible to a second application that executes in a second isolated execution context is described herein. According to this approach the object is associated with the first isolated execution context. A request is received to render the object accessible to the second application. Ownership of the object is transferred to the second application by changing the isolated execution context that is associated with the object to the second isolated execution context, thereby rendering the object accessible to the second application.

Abstract: A first application instance is associated with a protection domain based on credentials (e.g.: a signed certificate) associated with a set of application code that, when executed, gives rise to the application instance. The first application instance executes in a first execution context. An indication is received that the first application instance seeks access to protected functionality associated with a second execution context. In response to receiving the indication, a determining is made as to whether the first application instance has permission to access the protected functionality. The determination is made by determining the protection domain with which the first application instance is associated, and determining if the protection domain with which the first application instance is associated is in the set of one or more protection domains.

Abstract: Versioning may be utilized in a knowledge base decision tree in order to provide several useful features. To accomplish this, when a decision tree is traversed, the decision tree representing a knowledge base and having non-leaf nodes with one or more branches representing possible symptoms, and leaf nodes with no branches, branches may be followed corresponding to symptoms experience by the application until a leaf node is reached. This traversal may be recorded as a version, with subsequent traversals having a different version. This allows a user to rerun performance tuning either from the beginning or from an earlier node without having to re-enter information already provided. It also allows a user to resume the performance tuning should he be interrupted in the middle, such as by a crash or by having to halt a long traversal.

Abstract: A server has a memory and an analyzer. The memory stores a library of symptom descriptions, a library of corresponding diagnoses, a library of corresponding remedies, and a library of corresponding probes. The analyzer is coupled to the memory and has an identifier, a comparator, and a reiterater. The identifier identifies at least one symptom of an application to be probed based on an input. That input can either be a user input describing the symptoms of the application or symptoms previously already identified. The comparator compares the symptoms of the application with the library of symptom descriptions. The reiterator reiteravely operates the identifier on the comparator until the symptoms correspond with a diagnosis from the library of corresponding diagnoses.

Abstract: Versioning may be utilized in a knowledge base decision tree in order to provide several useful features. To accomplish this, when a decision tree is traversed, the decision tree representing a knowledge base and having non-leaf nodes with one or more branches representing possible symptoms, and leaf nodes with no branches, branches may be followed corresponding to symptoms experience by the application until a leaf node is reached. This traversal may be recorded as a version, with subsequent traversals having a different version. This allows a user to rerun performance tuning either from the beginning or from an earlier node without having to re-enter information already provided. It also allows a user to resume the performance tuning should he be interrupted in the middle, such as by a crash or by having to halt a long traversal.

Abstract: In order to diagnose applications, a specialized knowledge base may be created that is static upon creation but may become dynamic when traversed. The knowledge base may be defined as a decision tree having one or more diagnosis nodes, one or more analysis nodes, and one or more symptom branches. The diagnosis nodes are leaf nodes and indicate proposed diagnoses and/or proposed remedies for an application. The symptom branches may connect analysis nodes to other analysis nodes or analysis nodes to diagnosis nodes, and may indicate possible symptoms of the application. The analysis nodes may be non-leaf nodes and indicate information required to determine which symptom branches to follow during traversal. Additionally, the analysis nodes may indicate additional information required from a collector agent before traversal can be continued. This allows the knowledge base to be utilized dynamically, improving performance and reliability.