Abstract: A contact enrichment system is provided to determine whether contacts stored in a mobile device match profiles stored on a social network server. Profiles matching the contacts are used to enrich the contacts by appending information such as images and video to the contacts. The appended information in the contacts are also linked to the source profile so that the contact information may be periodically updated. Information may be drawn from multiple profiles on multiple social network servers to fully enrich the contacts stored on the mobile device.

Abstract: A system and method are provided for searching the contents of a network system connected to data storage devices from a remote terminal over a wired or wireless link. This system formulates search requests, and dispatches the requests, A variety of search engines and services are invoked to find the requested contents. A summary is formed in a format brief enough for transmission over a wireless link. The search summary information is indexed the remote terminal to subsequently request all or part of a document referenced in the search summary, allows formation of requests of all or part of a referenced document in its original form or in a form transcoded appropriately for transmission over a wireless link and presented on the remote terminal.

Abstract: In one aspect of a method of anonymizing user data by aggregation, at least one server-side device receives an anonymous aggregation command from a user client device. The anonymous aggregation command includes a specification of a set of users and an action to be taken. A list of users who meet the specification in the anonymous aggregation command is generated. The list of users who meet the specification is validated as meeting at least one criterion for anonymous aggregation. The action in the anonymous aggregation command is triggered to be taken in respect of the validated list of users who meet the specification.

Abstract: A method and system for negotiating a secure device-to-device communications channel between a first computing device and a second computing device, wherein the first computing device is associated with a first user and the second computing device is associated with a second user. The method comprises receiving, at a server, a first connection request comprising first address data and a first cryptographic key associated with the first computing device, the first connection request being received over a first secure communications channel, and receiving, at the server, a second connection request comprising second address data and a second cryptographic key associated with the second computing device, the second connection request being received over a second secure communications channel.

Abstract: Embodiments provide methods, devices and computer program arranged to facilitate authenticated communication between a user device and a service associated with a network. One embodiment comprises an apparatus which, in response to authenticating a user device on the basis of a first authentication protocol, transmits a request for a credential of a first type to an authentication server associated with the network via a communications link therebetween, the credential of the first type being for use by the apparatus to obtain a credential of a second type on behalf of the user device from the authentication server. Subsequently, the apparatus transmits a request for a credential of a second type to the authentication server via the communications link therebetween, the credential of the second type being for use by the user device in establishing authenticated communication with the service. The credential of the second type is then transmitted to the user device.

Abstract: A system is disclosed in which a wireless device is monitored and maintained over a network. One embodiment of the system comprises a wireless device including: a service to maintain data objects, provide messaging capability, and provide data access capability on behalf of a user of the wireless device; and a rules engine communicatively coupled to the service to execute a set of rules transmitted to the wireless device from a server, the set of rules to instruct the rules engine to gather information related to the wireless device and to take action on the wireless device based on the gathered information.

Abstract: Techniques are disclosed for synchronizing service data between a data store and a device using the service data. These synchronization techniques may be used with a synchronization method and device that adaptively adjust synchronization parameters, such as the synchronization interval and quantity of synchronized data, on a per-end-user basis in response to actual end-user behavior. In particular, heavy users of service data are rewarded with improved synchronization parameters, such as a combination of shorter synchronization intervals and increased synchronization data quantities, which provides closer to “direct access” performance. Light users of service, on the other hand, are assigned lower cost synchronization parameters, such as longer synchronization intervals and/or decreased synchronization data quantities.

Abstract: Data is stored on a computing device in an encrypted form using a control application. A data access application requests access to the data. It is determined whether the data access application has available a shared encryption key that is available to the control application. If a shared encryption key is available, the shared encryption key is used to encrypt a request for access to the data. If a shared encryption key is not available, a shared encryption key is negotiated with the control application, and the negotiated shared encryption key is used to encrypt the request for access to the data. The control application receives the encrypted request, decrypts the encrypted request using the shared encryption key, and makes the data stored on the computing device in encrypted form available to the data access application in response to the decrypted request.

Abstract: A smartphone that includes a communications interface to communicate via one or more Internet communications channels is provided. The smartphone also includes a service engine that communicates with a global server via an Internet channel using the communications interface to provide identification data to the global server. In response to providing the identification data, the service engine receives configuration data to configure the service engine with a selectable set of downloadable executables. The selectable set of downloadable executables include a selection of downloadable executables that is made at least in part by the global server using the identification data. A display presents at least some of the selectable set of downloadable executables on the smartphone, and an input device selects a downloadable executable from the selectable set. The service engine initiates a download of the selected downloadable executable using the communications interface.

Abstract: A method of on-device access using a container application to manage a sub application provisioned on a computer device by set of stored instructions executed by a computer processor to implement the steps of: receive a communication for the sub application by a first service programming interface (SPI) of the container application, the communication sent by a on-device process over a first communication pathway of a device infrastructure of the computer device utilizing interprocess communication (IPC) framework of the device infrastructure, the first communication pathway provided external to the first SPI; retransmit the communication by the first SPI to a second SPI of the sub application over a second communication pathway that bypasses the IPC framework, the second communication pathway internal to the first SPI; receiving a response to the communication by the first SPU from the second SPI over the second communication pathway; and directing the response to the on-device process over the first communic

Abstract: Data is stored on a computing device in encrypted form in respective digital containers. At least one data access application is stored on the computing device. A control application of the computing device connects to a remote control center. A command from the remote control center is received at the connected control application. The command contains an action to be taken in respect of at least one of the at least one data access application and the containers stored on the computing device. The command is passed from the connected control application to the data access application or container, and the data access application or container carries out the command.

Abstract: A system and method for providing authenticated access to an initiating terminal in relation to the services provided by a terminating terminal via a communications network are disclosed. In one aspect, a global server comprises a communications module, which receives and processes a key exchange initiation message from the initiating terminal so as to establish an encrypted communications channel with the terminating terminal. The communications module, responsive to a received key exchange initiation message, performs an encrypted communication establishment process in respect of the received key exchange initiation message. The encrypted communication establishment process comprises authenticating the initiating terminal, and in the event that the initiating terminal is successfully authenticated, transmitting keying data corresponding to the received key exchange initiation message to the terminating terminal. The keying data is identified on the basis of data associated with the initiating terminal.

Abstract: A data access application key is generated. The data access application key is for use by a data access application to enable decryption of data that is stored in encrypted form on a computing device using the data access application key. The data access application key is generated using an identifier of the data access application and an application key that is specific to at least one of the computing device and/or a user of the computing device.

Abstract: A system and method for confirming an application change event associated with a device infrastructure of a mobile device, the method comprising the steps of: storing an application authorization list identifying a plurality of mobile applications, the application authorization list being remote from the mobile device over a communications network; receiving an application authorization request from the mobile device over the communications network, the application authorization request including application identification information; comparing the application identification information with one or more listed mobile applications of the plurality of mobile applications identified in the application authorization list; determining whether the application information matches any of the plurality of mobile applications to produce a decision instruction containing an authorization decision; and sending the decision instruction to the mobile device for subsequent processing of the decision instruction by a mobile

Abstract: Embodiments of the invention are concerned with providing access credentials associated with a user of a service to a server hosting the service, e.g. enabling single sign on by the user to a number of servers. The embodiments include functionality for establishing a first data connection with a terminal associated with the user and a second data connection with the server, and bridging the first and second data connections in order to establish a first communications session, using a first communications protocol, between the terminal and the server. A second communications session, using a second communications protocol, is also established with the server, via which a request for access credentials associated with the user is received. This request includes information received by the server in the first communications session, which is used to identify access credentials of the user that are transmitted to the server via the second communications session.

Abstract: A method, system and computer program product for controlling the installation of applications on a user terminal is disclosed. In one aspect, a catalog server identifies a first and a second installation control setting corresponding to a first and a second application on the basis of user identification data from a data store comprising entries for a plurality of applications and their corresponding installation control settings. Subsequently, the catalog server determines installation control data for at least one of the first and second application on the basis of the first and the second installation control setting. The determined installation control data is transmitted to the user terminal for controlling installation of at least one of the first and the second application.

Abstract: This invention discloses a system and method for selective erasure, encryption and or copying of data on a remote device if the remote device has been compromised or the level of authorization of a roaming user in charge of the remote device has been modified.

Abstract: A data retrieval system includes a gateway server and an access client. The gateway server is communicatively connected to the access client through a network. The gateway server provides a presentation service (PS) and a real-time service (RTS), which cooperate with the access client to retrieve data from a data store and then provide the retrieved data to a user's remote communication device. More particularly, when a user wishes to retrieve data from the data store or to send data to the data store, the user establishes a communication connection between his or her remote communication device and the gateway server, and then requests the desired data from the gateway server. In response, the gateway server sends a command to the access client, instructing it to retrieve the requested data. The access client retrieves the requested data from the data store, and returns the retrieved data to the gateway server.

Abstract: A contact enrichment system is provided to determine whether contacts stored in a mobile device match profiles stored on a social network server. Profiles matching the contacts are used to enrich the contacts by appending information such as images and video to the contacts. The appended information in the contacts are also linked to the source profile so that the contact information may be periodically updated. Information may be drawn from multiple profiles on multiple social network servers to fully enrich the contacts stored on the mobile device.

Abstract: A client stores a first set of workspace data, and is coupled via a computer network to a global server. The client may be configured to synchronize portions of the first set of workspace data with the global server, which stores independently modifiable copies of the portions. The global server may also store workspace data which is not downloaded from the client, and thus stores a second set of workspace data. The global server may be configured to identify and authenticate a user seeking global server access from a remote terminal, and is configured to provide access to the first set or to the second set. Further, services may be stored anywhere in the computer network. The global server may be configured to provide the user with access to the services. The system may further include a synchronization-start module at the client site (which may be protected by a firewall) that initiates interconnection and synchronization with the global server when predetermined criteria have been satisfied.