Abstract: A secure portable electronic device for providing secure services when used in conjunction with a host computer. The secure portable device includes a read-only memory partition, a read/write memory partition, and a secure memory partition. The secure portable device includes instructions stored in the read-only partition including a host agent containing instructions executable by the host computer. The secure portable device also includes instructions stored in the secure memory partition. These instructions include a card agent containing instructions executable by central processing units secure portable electronic device, and includes a card agent communications module for communicating with the host agent; and a security module for accessing private information stored in the secure memory partition.

Abstract: A consent service on a host computer providing cryptographically signed consent for user attributes by a user on a host computer to a web service provider. The consent service is operable to provide decryption of the user attributes acquired by the web service provider from an identity provider. The consent service displaying and acquiring user consent to one or more user attributes displayed in a browser web page to the user on the host computer. The consent service is operable to provide encryption of the user consented attributes and to generate cryptographically signed consent of the user. The consent service conveying and transmitting the user consented attribute and cryptographically signed user consent to the web service provider. The web service provider is operable to provide decryption of the user consented attributes and storing the user consented attributes and signed user consent.

Abstract: A method and system for providing support for legacy protocols for remote method invocation on a computer system. An annotation in program source is used to build a mapping data structure appended to the executable program. During execution of an executable program legacy protocol messages are translated using the mapping data structure.

Abstract: A method and system for providing support for legacy protocols for remote method invocation on a computer system. An annotation in program source is used to build a mapping data structure appended to the executable program. During execution of an executable program legacy protocol messages are translated using the mapping data structure.

Abstract: A data processing system which includes memory, a processor connected to the memory, and logic for causing the processor to perform a method for executing computer code having a plurality of transactions within the computer code. The method includes steps for examining the computer code being executed for a change in observable state; for storing data for the executed computer code that are part of the plurality of transactions within the computer code; for maintaining a pointer to the logical beginning of the stored data and maintaining a pointer to the end of the stored data for the last transaction within the computer code to be fully executed; and responsive to detecting a change in observable state, for committing a portion of the stored data.

Abstract: A smart card which includes a non-volatile read/write memory, a processor connected to the memory, and an installer module configured to cause the processor to receive computer code having method bodies into the memory, and further configured to cause the processor to perform a method for determining the instruction boundaries of the method bodies and resolving unresolved references within the method bodies.

Abstract: A smart card comprises a microcontroller, a memory unit, a storage unit, and a communications unit. The smart card may be connected to a terminal, which is in turn may be connected to a host computer and/or a network. The smart card is configured to initiate communications with the terminal, which enables the smart card to control the terminal, host computer, or network and to access the resources connected to the terminal, host computer, or network. A communications protocol defines the commands that the smart card can send and allows the smart card to communicate using asynchronous or logical asynchronous communication.

Abstract: A method and microcontroller for secure object sharing between applications executing on the microcontroller. A server application registers a delegate object with the operating system of the microcontroller. The delegate object permits access to the public interfaces of the server while enforcing security policies.

Abstract: A smart card having the capability during execution of an initialization process to allow concurrent processing of a second process consisting of distinct computational units having deadlines associated therewith and a method for operating such a smart card. The smart card has logic to initiate the second process and to execute a unit of the second process, logic to initiate the initialization process, logic to periodically pause the initialization process to allow the second process to process a computational unit before any required deadline for completing the computational unit, and logic to executing the second process processing a computational unit during the pauses of the initialization process.

Abstract: Updating system software of a resource-constrained device having a microprocessor. The system software is updated by embedding native code instructions in an application program that is downloaded onto the resource-constrained device. The native code instructions are selected from the instruction set requiring no processing prior to execution by the microprocessor. In response to detecting that an application contains embedded native code, passing the embedded native code directly to the microprocessor for execution.

Abstract: Updating the access control of a smart card at multiple points of the smart card life cycle. The system and method for updating the access control mechanisms during the smart card life cycle includes implementing an interface having a method for providing access control and a method for registering an access manager as an active access manager. In response to a request to register an access manager, the system and method executes the method for determining whether registering the access manager may be allowed.

Abstract: Providing application programs the right to access a data item while preventing security breaches, allowing applications and data to be independently updated, and allowing multiple applications to share the data item. Each application program has associated therewith a first public key and each data file has associated therewith a second public key. If these public keys match for a particular application program and data file, the application program is granted access to the data file.

Abstract: Protecting an application of a multi-application smart card against unauthorized manipulations. A system and method for guarding against unauthorized modifications includes partitioning the application into a plurality of basic blocks. Basic blocks are programming atomic units that have one entry point and one exit point and comprises a set of data units. For each basic block a check value associated with a basic block is computed wherein the check value is a function of the data units of the basic block. This check value is some how remembered and later recalled and checked either during execution of the corresponding basic block of the application program or prior to execution of the application program. During or prior to execution of the basic block the re-computed check value is verified to be the same as the remembered check value. If not, an error condition is indicated and a corrective action may be taken.

Abstract: System and method for secure communication between a resource constrained device and a remote node over a computer network. The system and method according to the invention supports an SSL/TLS protocol stack on the resource-constrained device by performing at least one optimization step to reduce the resources required to support the SSL/TLS protocol stack on the resource constrained device.

Abstract: End-to-end communication between a UICC and a remote node on a network without requiring implementation of special purpose protocols at the remote node. The UICC operates to transmit a command using a first protocol from the UICC to the terminal to request the terminal to open a data channel to the network. The wireless terminal operates to, in response to the request to open a data channel, attempt to open a channel to the network. Upon indication that a data channel has successfully been opened: the UICC operates to transmit datagrams of a second protocol to the wireless terminal using the first protocol. The wireless terminal operates to receive the datagrams from the UICC and to transmit the datagrams received from the UICC to the network using the second protocol. The wireless terminal operates to receive datagrams of the second protocol from the remote entity and to transmit the datagrams from the remote entity to the UICC using the first protocol.

Abstract: Secure communication between a resource-constrained device and remote network nodes over a network with the resource-constrained acting as a network node. The remote network nodes communicate with the resource-constrained device using un-modified network clients and servers. Executing on the resource-constrained device, a communications module implements one or more link layer communication protocols, operable to communicate with a host computer, operable to communicate with remote network nodes and operable to implement network security protocols thereby setting a security boundary inside the resource-constrained device.