Abstract: Methods and systems for mitigating the effects of a malicious software application are disclosed. A dedicated module on the computing device receives from a malicious software detector a message indicating whether the application is malicious or has a malicious component. The dedicated module obtains a set of permissions to be granted to the application, and instructs software on the computing device that controls the permissions of the application to grant the set of permissions.

Abstract: Plural modes of operation may be established on a mobile device. Specific modes of operation of the mobile device may be associated with specific spaces in memory. By associating the existing certificate store structure and key store structure with a mode of operation, certificates and keys can be assigned to one space among plural spaces. Furthermore, management (viewing/importation/deletion) of certificates associated with specific modes of operation may be controlled based on the presence or absence of a mobile device administration server and the status (enabled/disabled) of an IT policy.

Abstract: Methods and devices for detecting unauthorized access to credentials of a credential store on a computing device are disclosed herein. In one broad aspect, the method comprises monitoring a plurality of credentials of the credential store accessed within a period associated with a first setting, and responsive to determining that a number of credentials accessed within the period exceeds a threshold associated with a second setting, outputting, in a user interface, an indication of potential unauthorized access to the credential store. In at least one embodiment, each of the credentials accessed within the period is associated with a different user account.

Abstract: Methods and devices for providing a warning associated with credentials to be stored in a credential store on a computing device are disclosed herein. In one broad aspect, the method comprises receiving a request to store, in the credential store, at least one credential for a specified service, determining whether a secure connection between the computing device and the specified service is available, associating the specified service with a level of security based on at least one of an availability of the secure connection or one or more properties of the secure connection, and providing a warning in response to determining that at least one credential stored in the credential store corresponds to the at least one credential for the specified service and is for a service that is associated with a level of security different from the level of security with which the specified service is associated.

Abstract: Methods and systems for mitigating the effects of a malicious software application are disclosed. A dedicated module on the computing device receives from a malicious software detector a message indicating whether the application is malicious or has a malicious component. The dedicated module obtains a set of permissions to be granted to the application, and instructs software on the computing device that controls the permissions of the application to grant the set of permissions.

Abstract: A wireless communications system may include first and second mobile wireless communications devices each comprising a respective input device, wireless transceiver, near-field communication (NFC) transceiver, and controller coupled to the input device, wireless transceiver and NFC transceiver. At least one of the controllers may be configured to establish an NFC communications link between the NFC transceivers when the first and second mobile wireless communications devices are in proximity, provide a temporary device identifier (ID) via the NFC communications link, request authorization to establish a wireless link between the wireless transceivers, provide a permanent device ID upon receiving the authorization and based upon the temporary device ID, and establish the wireless link between the wireless transceivers based upon the permanent device ID.

Abstract: In some implementations, a method for managing data in a user device includes pushing first metadata for a first resource in a first perimeter to a service external to the first perimeter. The first perimeter is configured to prevent external resources from accessing resources in the first perimeter. Second metadata for a second resource in a second perimeter is pushed to the external service. The external service is external to the second perimeter, the second perimeter being configured to prevent external resources from accessing resources in the second perimeter. Information is presented to the user based on a combination of the first metadata and the second metadata.

Abstract: In some implementations, a method for managing data in a user device includes pushing first metadata for a first resource in a first perimeter to a service external to the first perimeter. The first perimeter is configured to prevent external resources from accessing resources in the first perimeter. Second metadata for a second resource in a second perimeter is pushed to the external service. The external service is external to the second perimeter, the second perimeter being configured to prevent external resources from accessing resources in the second perimeter. Information is presented to the user based on a combination of the first metadata and the second metadata.

Abstract: A security system may include an access control device associated with a personnel access position. The access control device may include a first Near-Field Communication (NFC) sensor, and a first controller configured to selectively grant personnel access based upon receiving a valid security code from the first NFC sensor, and to deny personnel access and generate an access denial electronic message(s) based upon receiving an invalid security code from the first NFC sensor. The system may also include a mobile wireless communications device(s) including a second NFC sensor and a second controller, which may be configured to communicate a security code via the second NFC sensor to the first NFC sensor based upon proximity therewith, and to receive a corresponding access denial electronic message from the first controller based upon the security code being invalid.

Abstract: A wireless communications system may include first and second mobile wireless communications devices each comprising a respective input device, wireless transceiver, near-field communication (NFC) transceiver, and controller coupled to the input device, wireless transceiver and NFC transceiver. At least one of the controllers may be configured to establish an NFC communications link between the NFC transceivers when the first and second mobile wireless communications devices are in proximity, provide a temporary device identifier (ID) via the NFC communications link, request authorization to establish a wireless link between the wireless transceivers, provide a permanent device ID upon receiving the authorization and based upon the temporary device ID, and establish the wireless link between the wireless transceivers based upon the permanent device ID.

Abstract: A mobile communications device having a digital certificate authenticating the device itself is proposed. A server for authenticating the device and a method of authenticating the device are also disclosed. The device comprises a transmitter, a processor, a memory and a computer readable medium. The memory includes a certificate certifying the authenticity of the mobile communications device, the certificate comprising device-specific data and a digital signature signed by an authority having control of the authenticity of the mobile communications device. The computer readable medium has computer readable instructions stored thereon that when executed configure the processor to instruct the transmitter to transmit a copy of the certificate to a service provider in response to a request to authenticate the mobile communications device with the service provider.

Abstract: Operations or functions on a device may require an operational certificate to ensure that the user of the device or the device itself is permitted to carry out the operations or functions. A system and a method are provided for providing an operational certificate to a device, whereby the operational certificate is associated with one or more operations of the device. A manufacturing certificate authority, during the manufacture of the device, obtains identity information associated with the device and provides a manufacturing certificate to the device. An operational certificate authority obtains and authenticates at least a portion of the identity information associated with the device from the manufacturing certificate and, if at least the portion of the identity information is authenticated, the operational certificate is provided to the device.

Abstract: Some aspects of what is described here relate to managing application execution and data access on a mobile device. A request to access data is received from an application associated with a first perimeter on a device. The data is associated with a second, different perimeter on the device and has a data type. It is determined, based on the data type, that a management policy associated with the first perimeter permits the application to access the data independent of a second, different management policy assigned to the second perimeter. Based on the determining, the application is provided access to the data.

Abstract: A security system may include an access control device associated with a personnel access position. The access control device may include a first Near-Field Communication (NFC) sensor, and a first controller configured to selectively grant personnel access based upon receiving a valid security code from the first NFC sensor, and to deny personnel access and generate an access denial electronic message(s) based upon receiving an invalid security code from the first NFC sensor. The system may also include a mobile wireless communications device(s) including a second NFC sensor and a second controller, which may be configured to communicate a security code via the second NFC sensor to the first NFC sensor based upon proximity therewith, and to receive a corresponding access denial electronic message from the first controller based upon the security code being invalid.

Abstract: A near-field communication (NFC) system may include a plurality of spaced-apart NFC sensors and at least one mobile wireless communications device. The at least one mobile wireless communications device may include a portable housing, an NFC circuit carried by the portable housing and configured to establish NFC communications with the NFC sensors when moved in close proximity therewith, and a controller carried by the portable housing and coupled to the NFC circuit. The controller may be configured to perform different mobile device operations based upon a timing and sequence in which the NFC sensors are communicated with.

Abstract: Some aspects of what is described here relate to managing application execution and data access on a mobile device. A request to access data is received from an application associated with a first perimeter on a device. The data is associated with a second, different perimeter on the device and has a data type. It is determined, based on the data type, that a management policy associated with the first perimeter permits the application to access the data independent of a second, different management policy assigned to the second perimeter. Based on the determining, the application is provided access to the data.

Abstract: A mobile communications device having a digital certificate authenticating the device itself is proposed. A server for authenticating the device and a method of authenticating the device are also disclosed. The device comprises a transmitter, a processor, a memory and a computer readable medium. The memory includes a certificate certifying the authenticity of the mobile communications device, the certificate comprising device-specific data and a digital signature signed by an authority having control of the authenticity of the mobile communications device. The computer readable medium has computer readable instructions stored thereon that when executed configure the processor to instruct the transmitter to transmit a copy of the certificate to a service provider in response to a request to authenticate the mobile communications device with the service provider.

Abstract: A cryptographic module and a computing device implemented method for securing data using a cryptographic module is provided. The cryptographic module may include an input component for receiving a password, an output component for outputting data to the computing device, a random number generator for generating a random number and a module processor operative to generate at least one cryptographic key using the generated random number, and to record an association between the received password linking the received password with the at least one cryptographic key in a data store accessible to the cryptographic module.

Abstract: Some aspects of what is described here relate to managing the use of network resources on a mobile device. User input received at the device indicates whether to allow an application associated with a first perimeter on the device to access a network resource associated with a second perimeter on the device. For example, in some instances user input may indicate whether to allow data from applications associated with a personal perimeter on the device to be transmitted over an enterprise communication system. When outbound data associated with the first perimeter are received, the device determines, according to the indication from the user input, whether to route the outbound data to the network resource associated with the second perimeter.

Abstract: A method for network access is provided. The method includes establishing a secure link between a user equipment (UE) and a wireless local area network (WLAN) when an authentication and authorization server determines that credentials provided by the UE to the authentication and authorization server allow the UE secure access to the WLAN. The method further includes establishing a secure link between the UE and an application access server via the WLAN when the application access server, using the same credentials, determines that the UE is allowed secure access to the application access server.