Abstract: A signed application descriptor file (206) is used instead of X.509 certificates to authenticate a portable application code, such as a JAVA archive (JAR) file. The signed ADF includes an application descriptor file (302), file hash (304) of the JAR file (301), a developer descriptor file (308), signed time stamp (310), and a developer's certificate (312). A network client device (202) includes limited computing resources (212) and a virtual machine environment for executing the portable code (208). Furthermore the client device contains a set of cryptographic, digital keys for authenticating parts of the signed ADF, which are further used to authenticate the JAR file.

Abstract: An embedded environment, such as that found in a portable communication device, has a non-volatile memory (106) for storing application files. The non-volatile memory includes sections designated as play areas (202) where applications are installed, and from which the application are executed. Upon installing an application, the physical addresses used by the application to call other portions of code, as well as the portions of code that may be called, are determined (308), and the application is written into the play area with the physical addresses, and executed from the play area.

Abstract: A developer (102) develops a software application (204) which needs to be tested or debugged, or both. To eliminate the need to either intentionally compromise the security environment of the target portable device, or having to request a certificate for each version of the software under development, the developer obtains a development certificate (208). The development certificate includes a device identifier unique to the particular portable device on which the software is to be tested, and some development parameter. The target device uses these two pieces of data to determine if the software is valid, and executable. If either of these pieces of data are not valid, the security mechanism of the target device will disable the software, or otherwise refuse to permit it to execute. The developer signs the software with the development certificate, and then loads the signed software onto the target device, which then authenticates the developer's signature and development certificate.