Abstract: A computing device which runs non-pageable real time and pageable non-real time processes is provided with non-pageable real time and pageable non-real time versions of operating system services where the necessity to page in memory would block a real-time thread of execution. In one embodiment, a real time operating system service has all its code and data locked, and only supports clients that similarly have their code and data locked. This ensures that such a service will not block due to a page fault caused by client memory being unavailable. A non-real time operating system service does not have its data locked and supports clients whose memory can be paged out. In a preferred embodiment servers which are required to provide real time behaviour are multithreaded and arrange for requests from real time and non-real time clients to be serviced in different threads.

Abstract: A component of a computing device, such as the kernel of an operating system, is arranged to identify real time processes running on the device and transparently lock the memory owned by such processes to avoid them being paged out. The kernel is also able to inspect all inter-process communications originated by the real time threads running in such processes, in order to ascertain what other processes they invoke, and, if they have the potential to block a real time operation, the kernel is arranged to lock the areas of memory these processes reference. This procedure operates recursively, and ensures that page faults which might affect the operation of any real time process do not occur.

Abstract: An operating system for a computing device comprises a kernel portion having a publish and subscribe facility for retrieving a property published by a first process and notifying the retrieved property to one or more further processes requesting to subscribe to that property. By providing the publish and subscribe mechanism within the operating system kernel, changes to properties can be notified to subscribers in real time and without the need for dedicated client server mechanisms. The publish and subscribe mechanism may be provided with access control properties established when a property is defined. The mechanism may also be used for a message and message queue facility in the computing device.

Abstract: A dynamic link library (DLL) in a computing device is provided in the form of a first part and an extension part. The first part has selected entry point ordinals by which an application program may link to first functions. The application program may only link to further functions via the extension part of the DLL.

Abstract: A computing device which runs non-pageable real time and pageable non-real time processes is provided with non-pageable real time and pageable non-real time versions of operating system services where the necessity to page in memory would block a real-time thread of execution. In one embodiment, a real time operating system service has all its code and data locked, and only supports clients that similarly have their code and data locked. This ensures that such a service will not block due to a page fault caused by client memory being unavailable. A non-real time operating system service does not have its data locked and supports clients whose memory can be paged out. In a preferred embodiment servers which are required to provide real time behaviour are multithreaded and arrange for requests from real time and non-real time clients to be serviced in different threads.

Abstract: A component of a computing device, such as the kernel of an operating system, is arranged to identify real time processes running on the device and transparently lock the memory owned by such processes to avoid them being paged out. The kernel is also able to inspect all inter-process communications originated by the real time threads running in such processes, in order to ascertain what other processes they invoke, and, if they have the potential to block a real time operation, the kernel is arranged to lock the areas of memory these processes reference. This procedure operates recursively, and ensures that page faults which might affect the operation of any real time process do not occur.

Abstract: A mobile wireless device programmed with a file system which is partitioned into multiple root directories. The partitioning of the file system ‘cages’ processes as it prevents them from seeing any files they should not have access to. A Trusted Computing Base verifies whether or not a process has the required privileges or capabilities to access root sub-trees. The particular directory a file is placed into automatically determines its accessibility to different processes—i.e. a process can only access files in certain root directories.

Abstract: In operation of a computing device, a secure handle is allocated to a process to enable the process to use a resource allocated to another process. The secure handle ensures that the process is not able to identify the resource and that further access to the resource is inhibited after the process has terminated any use of the resource enabled by the allocation of the secure handle.

Abstract: An operating system for a computing device comprises a kernel portion having a punish and subscribe facility for retrieving a property published by a first process and notifying the retrieved property to one or more further processes requesting to subscribe to that property. By providing the publish and subscribe mechanism within the operating system kernel, changes to properties can be notified to subscribers in real time and without the need for dedicated client server mechanisms. The publish and subscribe mechanism may be provided with access control properties established when a property is defined. The mechanism may also be used for a message and message queue facility in the computing device.

Abstract: A dynamic link library (DLL) in a computing device is provided in the form of a first part and an extension part. The first part has selected entry point ordinals by which an application program may link to first functions. The application program may only link to further functions via the extension part of the DLL.

Abstract: A mobile wireless device programmed with a file system which is partitioned into multiple root directories. The partitioning of the file system ‘cages’ processes as it prevents them from seeing any files they should not have access to. A Trusted Computing Base verifies whether or not a process has the required privileges or capabilities to access root sub-trees. The particular directory a file is placed into automatically determines its accessibility to different processes—i.e. a process can only access files in certain root directories. This is a light weight approach since there is no need for a process to interrogate an access control list associated with a file to determine its access rights over the file—the location of the file taken in conjunction with the access capabilities of a process intrinsically define the accessibility of the file to the process.

Abstract: A mobile wireless device programmed with software which provides a trusted user interface for the device by allowing the content of a secure screen memory to be modifiable only by authorised applications. Normally, the entire screen memory address is public information, making the entire screen memory fully available to any application; hence, even sensitive dialogs would use screen memory which can in theory be looked at by malicious software, enabling that malicious code to grab PIN data etc. or corrupt a trusted user interface. But with the present invention, unauthorised applications are prevented from accessing the data displayed by the secure frame buffer because they are able to access only the non-secure screen memory. Hence, malicious applications cannot retrieve data from a trusted dialog or compromise that data. Further, as the present invention is a software only solution, it requires no new hardware per se—the only requirement is that components (e.g. a software window server; a video chip etc.