Abstract: An approach is provided for backend based computation closure oriented distributed computing. A computational processing support infrastructure receives a request for specifying one or more processes executing on a device for distribution over a computation space. The computational processing support infrastructure also causes, at least in part, serialization of the one or more processes as one or more closure primitives, the one or more closure primitives representing computation closures of the one or more processes. The computational processing support infrastructure further causes, at least in part, distribution of the one or more closure primitives over the computation space based, at least in part, on a cost function.

Abstract: A mobile wireless device operable to install code on a removable medium, in which the device is programmed to calculate and store a digest of this code into a persistent non-removable store inside the device. When the removable medium is plugged back, and when the code is invoked, the device recalculates a digest from the code it wants to load from the removable medium and compares it with the one stored inside the persistent non-removable store. If they do not match, the code has been tampered with and therefore cannot be trusted by the device. The digest is accessible only by components in the Trusted Computing Base so is itself secure. The digest may be a hash or other unique and representative value.

Abstract: An approach is provided for backend based computation closure oriented distributed computing. A computational processing support infrastructure receives a request for specifying one or more processes executing on a device for distribution over a computation space. The computational processing support infrastructure also causes, at least in part, serialization of the one or more processes as one or more closure primitives, the one or more closure primitives representing computation closures of the one or more processes. The computational processing support infrastructure further causes, at least in part, distribution of the one or more closure primitives over the computation space based, at least in part, on a cost function.

Abstract: A secure mobile wireless device in which executable code to be installed on the device is assigned a set of capabilities which define the protected resource(s) on the device which it can access. Hence, the present invention takes the idea of capabilities (known in the context of defining the capabilities or access privileges of different users in a multi-user system) and applies it to defining the capabilities or access privileges of different native executable code for secure, single-user mobile wireless devices.

Abstract: An installer for a computing device determines firstly whether or not a software package for installation has been signed. If the package is signed it is installed on the device. However, if the package is unsigned, the installer will only install the package on the device if it contains a non-null VID (vendor identity).

Abstract: Installable files installed on a first computing device are backed up to a second computing device and restored from the second device to the first device and/or a further device using the same means to verify the integrity of the files as used for the original installation of the files on the first device.

Abstract: A mobile wireless device programmed with a file system which is partitioned into multiple root directories. The partitioning of the file system ‘cages’ processes as it prevents them from seeing any files they should not have access to. A Trusted Computing Base verifies whether or not a process has the required privileges or capabilities to access root sub-trees. The particular directory a file is placed into automatically determines its accessibility to different processes—i.e. a process can only access files in certain root directories.

Abstract: To install software on a computing device, a decision phase is used to decide whether or not to install the software followed by an installation phase for installing the software. Information required by the decision phase is provided in the form of metadata having an integrity protected by a digital signature and including a respective hash for files to be installed so as to enable the integrity of the file data to be verified before commencing the installation phase.

Abstract: A secure mobile wireless device in which executable code to be installed on the device is assigned a set of capabilities which define the protected resource(s) on the device which it can access. Hence, the present invention takes the idea of capabilities (known in the context of defining the capabilities or access privileges of different users in a multi-user system) and applies it to defining the capabilities or access privileges of different native executable code for secure, single-user mobile wireless devices.

Abstract: A mobile wireless device operable to install code on a removable medium, in which the device is programmed to calculate and store a digest of this code into a persistent non-removable store inside the device. When the removable medium is plugged back, and when the code is invoked, the device recalculates a digest from the code it wants to load from the removable medium and compares it with the one stored inside the persistent non-removable store. If they do not match, the code has been tampered with and therefore cannot be trusted by the device. The digest is accessible only by components in the Trusted Computing Base so is itself secure. The digest may be a hash or other unique and representative value.

Abstract: A mobile wireless device programmed with a file system which is partitioned into multiple root directories. The partitioning of the file system ‘cages’ processes as it prevents them from seeing any files they should not have access to. A Trusted Computing Base verifies whether or not a process has the required privileges or capabilities to access root sub-trees. The particular directory a file is placed into automatically determines its accessibility to different processes—i.e. a process can only access files in certain root directories. This is a light weight approach since there is no need for a process to interrogate an access control list associated with a file to determine its access rights over the file—the location of the file taken in conjunction with the access capabilities of a process intrinsically define the accessibility of the file to the process.

Abstract: A mobile wireless device programmed with software which provides a trusted user interface for the device by allowing the content of a secure screen memory to be modifiable only by authorised applications. Normally, the entire screen memory address is public information, making the entire screen memory fully available to any application; hence, even sensitive dialogs would use screen memory which can in theory be looked at by malicious software, enabling that malicious code to grab PIN data etc. or corrupt a trusted user interface. But with the present invention, unauthorised applications are prevented from accessing the data displayed by the secure frame buffer because they are able to access only the non-secure screen memory. Hence, malicious applications cannot retrieve data from a trusted dialog or compromise that data. Further, as the present invention is a software only solution, it requires no new hardware per se—the only requirement is that components (e.g. a software window server; a video chip etc.