Abstract: A mobile communications device having a digital certificate authenticating the device itself is proposed. A server for authenticating the device and a method of authenticating the device are also disclosed. The device comprises a transmitter, a processor, a memory and a computer readable medium. The memory includes a certificate certifying the authenticity of the mobile communications device, the certificate comprising device-specific data and a digital signature signed by an authority having control of the authenticity of the mobile communications device. The computer readable medium has computer readable instructions stored thereon that when executed configure the processor to instruct the transmitter to transmit a copy of the certificate to a service provider in response to a request to authenticate the mobile communications device with the service provider.

Abstract: After a predetermined limit for decryption attempts has been exceeded by a user attempting to decrypt an encrypted electronic message or attempting to decrypt a encrypted electronic certificate associated with an electronic message, access to the electronic message may be restricted.

Abstract: Systems and methods for increasing bandwidth in a computer network are provided. A computer network can include a first lower level switch having a first port and a second port. The computer network can include a second lower level switch having a first port and a second port. The computer network can include an upper level switch having respective ports directly coupled to ports of the first and second lower level switches. A third port of the upper level switch can couple to a first port of a passive optical splitter. The passive optical splitter can have second and third ports coupled to respective ports of the first and second lower level switches. The passive optical splitter can be configured to transmit signals received at its first port as output signals on both of its second and third ports.

Abstract: Methods and devices for detecting unauthorized access to credentials of a credential store on a computing device are disclosed herein. In one broad aspect, the method comprises monitoring a plurality of credentials of the credential store accessed within a period associated with a first setting, and responsive to determining that a number of credentials accessed within the period exceeds a threshold associated with a second setting, outputting, in a user interface, an indication of potential unauthorized access to the credential store. In at least one embodiment, each of the credentials accessed within the period is associated with a different user account.

Abstract: Some aspects of what is described here relate to managing application execution and data access on a mobile device. A request to access data is received from an application associated with a first perimeter on a device. The data is associated with a second, different perimeter on the device and has a data type. It is determined, based on the data type, that a management policy associated with the first perimeter permits the application to access the data independent of a second, different management policy assigned to the second perimeter. Based on the determining, the application is provided access to the data.

Abstract: A method for differentiated access control on a computing device, and the computing device, the method including starting a timer on the computing device; resetting the timer if activity occurs on the computing device prior to the expiration of the timer; and preventing a subset of applications from being launched or enabled on expiry of the timer.

Abstract: A method and apparatus for controlling access to encrypted data is provided. The device comprises: a processor and a memory, the processor configured to: control access to encrypted data, stored at the memory, the encrypted data categorized according to a plurality of categories, using a respective encryption key for each category in the plurality of categories; and, control access to a given encryption key according to given criteria associated with a given category, respective criteria different for each respective category, access to the given encryption key including one or more of, when the respective criteria are met: generating the given encryption key and decrypting the given encryption key.

Abstract: A communication device has memory for storing a client application module, a server application module, and an operating system module which are executable by one or more processors. The client application module submits a request and, in response, the server application module causes the request to be processed with use of the operating system module. One or more client process handles of a client stack of the client application module are provided in a current process base of the operating system module. For the request, one or more permission settings associated with the one or more client process handles as well as one or more permission settings associated with the one or more server process handles are checked.

Abstract: Plural modes of operation may be established on a mobile device. Specific modes of operation of the mobile device may be associated with specific spaces in memory. By associating the existing certificate store structure and key store structure with a mode of operation, certificates and keys can be assigned to one space among plural spaces. Furthermore, management (viewing/importation/deletion) of certificates associated with specific modes of operation may be controlled based on the presence or absence of a mobile device administration server and the status (enabled/disabled) of an IT policy.

Abstract: Apparatus and methods provide control of the launching of an application based on data classification relative to one of a plurality of workspaces of a system. The apparatus can include operations, with respect to applications that conduct file access, to force generation of a prompt, prior to the application being launched, to receive a signal corresponding to the file access related to selection of a particular workspace, where the workspace is arranged in a structure to provide security to the plurality of workspaces. Additional apparatus, systems, and methods are disclosed.

Abstract: A method and computing device for managing grouped resources comprising receiving, at the computing device, a policy for a set of grouped resources; applying the policy; locking at least one of the computing device or the set of grouped resources associated with the policy; waiting for receipt of an authentication parameter at the computing device; verifying the authentication parameter; associating the set of grouped resources with the authentication parameter; and unlocking the least one of the computing device or the set of grouped resources.

Abstract: Methods and systems for mitigating the effects of a malicious software application are disclosed. A dedicated module on the computing device receives from a malicious software detector a message indicating whether the application is malicious or has a malicious component. The dedicated module obtains a set of permissions to be granted to the application, and instructs software on the computing device that controls the permissions of the application to grant the set of permissions.

Abstract: Plural modes of operation may be established on a mobile device. Specific modes of operation of the mobile device may be associated with specific spaces in memory. By associating the existing certificate store structure and key store structure with a mode of operation, certificates and keys can be assigned to one space among plural spaces. Furthermore, management (viewing/importation/deletion) of certificates associated with specific modes of operation may be controlled based on the presence or absence of a mobile device administration server and the status (enabled/disabled) of an IT policy.

Abstract: Methods and devices for detecting unauthorized access to credentials of a credential store on a computing device are disclosed herein. In one broad aspect, the method comprises monitoring a plurality of credentials of the credential store accessed within a period associated with a first setting, and responsive to determining that a number of credentials accessed within the period exceeds a threshold associated with a second setting, outputting, in a user interface, an indication of potential unauthorized access to the credential store. In at least one embodiment, each of the credentials accessed within the period is associated with a different user account.

Abstract: Methods and devices for providing a warning associated with credentials to be stored in a credential store on a computing device are disclosed herein. In one broad aspect, the method comprises receiving a request to store, in the credential store, at least one credential for a specified service, determining whether a secure connection between the computing device and the specified service is available, associating the specified service with a level of security based on at least one of an availability of the secure connection or one or more properties of the secure connection, and providing a warning in response to determining that at least one credential stored in the credential store corresponds to the at least one credential for the specified service and is for a service that is associated with a level of security different from the level of security with which the specified service is associated.

Abstract: A method and apparatus for assisting movement of a bin into a closed position. An assistance system associated with the bin may be activated in response to a manipulation of a switch associated with the bin. The assistance system may comprise a biasing system and a switch. The biasing system may be configured to generate a force in a direction towards a closed position for the bin. A switch may be connected to the biasing system and configured to activate the biasing system when a selected amount of weight is present in the bin. The force in the direction towards the closed position for the bin may be generated in response to activating the assistance system.

Abstract: Provided is a system and method for providing a certificate, and more specifically a certificate for network access upon a second system. The method includes receiving from a user a request made with a first device for network access, the request including a voucher. At least one characteristic of the first device is also determined. Upon verification of the voucher and in response to the first device having at least one characteristic corresponding to at least one predefined device criteria, the user is provided with a certificate with at least one characteristic for network access. An associated system for providing a Certificate is also provided.

Abstract: Methods and systems for mitigating the effects of a malicious software application are disclosed. A dedicated module on the computing device receives from a malicious software detector a message indicating whether the application is malicious or has a malicious component. The dedicated module obtains a set of permissions to be granted to the application, and instructs software on the computing device that controls the permissions of the application to grant the set of permissions.

Abstract: A wireless communications system may include first and second mobile wireless communications devices each comprising a respective input device, wireless transceiver, near-field communication (NFC) transceiver, and controller coupled to the input device, wireless transceiver and NFC transceiver. At least one of the controllers may be configured to establish an NFC communications link between the NFC transceivers when the first and second mobile wireless communications devices are in proximity, provide a temporary device identifier (ID) via the NFC communications link, request authorization to establish a wireless link between the wireless transceivers, provide a permanent device ID upon receiving the authorization and based upon the temporary device ID, and establish the wireless link between the wireless transceivers based upon the permanent device ID.

Abstract: In some implementations, a method for managing data in a user device includes pushing first metadata for a first resource in a first perimeter to a service external to the first perimeter. The first perimeter is configured to prevent external resources from accessing resources in the first perimeter. Second metadata for a second resource in a second perimeter is pushed to the external service. The external service is external to the second perimeter, the second perimeter being configured to prevent external resources from accessing resources in the second perimeter. Information is presented to the user based on a combination of the first metadata and the second metadata.