Abstract: A first device with a changing identity establishes a secure connection with a second device in a network by acting as its own certificate authority. The first device issues itself a self-signed root certificate that binds an identity of the first device to a long-term public key of the first device. The root certificate is digitally signed using a long-term private key, where the long-term public key and the long-term private key form a public/private key pair. The first device provides its root certificate to the second device in any trusted manner The first device can then create a certificate for one or more short-term identities acquired by the first device and sign the newly-created certificate using the long-term private key. The first device can authenticate itself to the second device by sending the newly-created certificate to the second device.

Abstract: A first device with a changing identity establishes a secure connection with a second device in a network by acting as its own certificate authority. The first device issues itself a self-signed root certificate that binds an identity of the first device to a long-term public key of the first device. The root certificate is digitally signed using a long-term private key, where the long-term public key and the long-term private key form a public/private key pair. The first device provides its root certificate to the second device in any trusted manner. The first device can then create a certificate for one or more short-term identities acquired by the first device and sign the newly-created certificate using the long-term private key. The first device can authenticate itself to the second device by sending the newly-created certificate to the second device.

Abstract: A system, methods and devices for the secure notification of an identity in a communications network. The methods include sending or receiving a communication including a hash of a certificate of a device to notify or detect the presence of the device in a network. Each certificate is associated with an identity which is excluded from the communication of the hash of the certificate. The received hash is compared to hashes of certificates stored in an electronic device to determine an identity. The identity may represent an electronic device or a user of the electronic device.

Abstract: A method and computing device are provided for processing user events received via a user interface, such as a touchscreen, in multiple threads. When a user event is received for a target element in a webpage, the user event is dispatched to both a main browser thread and a secondary thread. The secondary thread processes user events in accordance with established default actions defined within the browser, while the main thread processes the user events in accordance with any event handlers defined for that target element. The main thread processing may be delayed by other interleaved task, and the secondary thread may be given priority over the main thread. When the secondary thread completes processing, an updated webpage is displayed. When the main thread subsequently completes processing, its updated rendering of the webpage is displayed. The secondary thread thus provides an early user interface response to the user event.

Abstract: A method of handling cryptographic information in a communication comprising body elements and attachment elements to a mobile device includes the steps of determining if the communication includes an attachment element comprising cryptographic information and converting the attachment element into a body element upon determining that the communication includes an attachment element comprising cryptographic information.

Abstract: A method and computing device are provided for processing user events received via a user interface, such as a touchscreen, in multiple threads. When a user event is received for a target element in a webpage, the user event is dispatched to both a main browser thread and a secondary thread. The secondary thread processes user events in accordance with established default actions defined within the browser, while the main thread processes the user events in accordance with any event handlers defined for that target element. The main thread processing may be delayed by other interleaved task, and the secondary thread may be given priority over the main thread. When the secondary thread completes processing, an updated webpage is displayed. When the main thread subsequently completes processing, its updated rendering of the webpage is displayed. The secondary thread thus provides an early user interface response to the user event.

Abstract: A method and devices for providing secure data backup from a mobile communication device to an external computing device is described. In one embodiment, there is provided a method of backing up data from a mobile communication device to an external computing device, the mobile communication device being in communication with the external computing device, the method includes: receiving a request to backup one or more data items stored on the mobile communication device; encrypting a data item using an encryption key stored in a protected memory of the mobile communication device; and transferring the encrypted data item to the external computing device for storage by the external computing device. A method of restoring backup data to a mobile communication device from an external computing device is also provided, as are mobile communication devices and computing devices configured for implementing the backup and restore operations.

Abstract: A method and system for Certificate management and transfer between messaging clients are disclosed. When communications are established between a first messaging client and a second messaging client, one or more Certificates stored on the first messaging client may be selected and transferred to the second messaging client. Messaging clients may thereby share Certificates. Certificate management functions such as Certificate deletions, Certificate updates and Certificate status checks may also be provided.

Abstract: A first device establishes a connection with a second device and attempts access, via the connection to an enterprise server of an enterprise. The first device may have a number of security perimeters, ones of which are allowed to use various communications proxies provided by the second device. If the first device and the second device are associated with a same common enterprise, an enterprise perimeter of the first device may be enabled to access the enterprise using an enterprise proxy of the second device.

Abstract: A device certificate binds an identity of a first device to a public key of the first device. The first device comprises a certificate authority service that creates for a process on the first device a process certificate certifying one or more capabilities of the process on the first device. The process certificate is presented to the second device. Upon validating the process certificate using the device certificate, the second device permits the process on the first device to have on the second device one or more of the verified certified capabilities.

Abstract: Systems and methods are provided for facilitating access to an electronic device. Password information is stored on the electronic device, and on a portable authenticator. When a user attempts to access the electronic device, the user is prompted to enter a password at the electronic device. The portable authenticator determines the validity of the entered password. The electronic device receives the results of the validity determination from the portable authenticator, and provides access to the electronic device based on the received validity determination.

Abstract: A system, methods and devices for the secure notification of an identity in a communications network. The methods include sending or receiving a communication including a hash of a certificate of a device to notify or detect the presence of the device in a network. Each certificate is associated with an identity which is excluded from the communication of the hash of the certificate. The received hash is compared to hashes of certificates stored in an electronic device to determine an identity. The identity may represent an electronic device or a user of the electronic device.

Abstract: A first device with a changing identity establishes a secure connection with a second device in a network by acting as its own certificate authority. The first device issues itself a self-signed root certificate that binds an identity of the first device to a long-term public key of the first device. The root certificate is digitally signed using a long-term private key, where the long-term public key and the long-term private key form a public/private key pair. The first device provides its root certificate to the second device in any trusted manner. The first device can then create a certificate for one or more short-term identities acquired by the first device and sign the newly-created certificate using the long-term private key. The first device can authenticate itself to the second device by sending the newly-created certificate to the second device.

Abstract: A system and method for code signing. The entities may be software application developers or other individuals or entities that wish to have applications digitally signed. Signing of the applications may be required in order to enable the applications to access sensitive APIs and associated resources of a computing device when the applications are executed on the computing device.

Abstract: One embodiment of a method of authenticating data comprises: receiving, at a device, data in a plurality of indexed packets transmitted by a data server, the data of the indexed packets being at least a portion of a larger data stream; receiving, at the device, from a data authentication server connected to the device by a network, a server-computed authentication value based on a subset of the data transmitted by the data server, the data authentication server having access to the data that was transmitted from the data server to the device; and comparing a device-computed authentication value based on a subset of the received data, corresponding to the subset of the data transmitted by the data server, with the server-computed authentication value in order to determine whether the subset of the data received at the device is authentic.

Abstract: In a publish-subscribe system, a subscribing process may specify a condition relating to an object's attribute value. The condition may be retained in a data structure, and evaluated against a to be published event. If the condition is satisfied or occurred, the publish-subscribe system transmits a notification event to the subscribing process indicating the existence of the published event.

Abstract: Systems and methods are provided for facilitating access to an electronic device. Password information is stored on the electronic device, and on a portable authenticator. When a user attempts to access the electronic device, the user is prompted to enter a password at the electronic device. The portable authenticator determines the validity of the entered password. The electronic device receives the results of the validity determination from the portable authenticator, and provides access to the electronic device based on the received validity determination.

Abstract: A method and computing device are provided for processing user events received via a user interface, such as a touchscreen, in multiple threads. When a user event is received for a target element in a webpage, the user event is dispatched to both a main browser thread and a secondary thread. The secondary thread processes user events in accordance with established default actions defined within the browser, while the main thread processes the user events in accordance with any event handlers defined for that target element. The main thread processing may be delayed by other interleaved task, and the secondary thread may be given priority over the main thread. When the secondary thread completes processing, an updated webpage is displayed. When the main thread subsequently completes processing, its updated rendering of the webpage is displayed. The secondary thread thus provides an early user interface response to the user event.

Abstract: A method of rendering a representation of a webpage on a display at a portable electronic device includes identifying at least one block of the webpage having a variable width, setting the variable width to an assigned width based on an available display width, laying out the webpage using the assigned width set for the block of the webpage having the variable width, and rendering the webpage on the display of the portable electronic device.

Abstract: A method and system for Certificate management and transfer between messaging clients are disclosed. When communications are established between a first messaging client and a second messaging client, one or more Certificates stored on the first messaging client may be selected and transferred to the second messaging client. Messaging clients may thereby share Certificates. Certificate management functions such as Certificate deletions, Certificate updates and Certificate status checks may also be provided.