Abstract: Applications are stored on removable storage of a mobile device in an encrypted form to provide isolation and piracy protection. In one implementation, each application is encrypted using its own associated encryption key that is generated based on an identifier of the application and a master key that is associated with a trusted platform module of the mobile device. In another implementation, each application is encrypted using two associated encryption keys. One key is used to encrypt binary data associated with the application such as source code, and the other key is used to encrypt application data such as graphics and configuration files. The encryption keys are each generated using the identifier of the application, the master key, and identifiers of the folders where the corresponding data types are stored on the mobile device. The removable storage includes SD cards formatted using the FAT or exFAT file systems.

Abstract: A method and system for providing a multi-user application executing in a user privilege mode with access to resources of multiple users is described. The multi-user application identifies a first user and a second user of the multi-user application. The multi-user application retrieves an access token for the first user and an access token for the second user. Each access token provides evidence of authorization to access a resource in accordance with access rights of the user. The multi-user application accesses resources by providing one of the access tokens as evidence of authorization to access the resource in accordance with the access rights of the user. The multi-user application can thus access resources of multiple users without having to execute in a system privilege mode.

Abstract: A method and system for providing a multi-user application executing in a user privilege mode with access to resources of multiple users is described. The multi-user application identifies a first user and a second user of the multi-user application. The multi-user application retrieves an access token for the first user and an access token for the second user. Each access token provides evidence of authorization to access a resource in accordance with access rights of the user. The multi-user application accesses resources by providing one of the access tokens as evidence of authorization to access the resource in accordance with the access rights of the user. The multi-user application can thus access resources of multiple users without having to execute in a system privilege mode.

Abstract: Two-factor authentication can be provided transparently to a user by virtue of proof information available at a mobile communication device. For example, after an access request for a service is sent, an authentication code can be intercepted from a responsive incoming message. The technologies can incorporate a cost proof as part of a cost optimization. Other features such as obfuscation and separate channels can be incorporated into the technologies to provide a superior user experience while implementing superior security.

Abstract: Applications are stored on removable storage of a mobile device in an encrypted form to provide isolation and piracy protection. In one implementation, each application is encrypted using its own associated encryption key that is generated based on an identifier of the application and a master key that is associated with a trusted platform module of the mobile device. In another implementation, each application is encrypted using two associated encryption keys. One key is used to encrypt binary data associated with the application such as source code, and the other key is used to encrypt application data such as graphics and configuration files. The encryption keys are each generated using the identifier of the application, the master key, and identifiers of the folders where the corresponding data types are stored on the mobile device. The removable storage includes SD cards formatted using the FAT or exFAT file systems.

Abstract: Applications are stored on removable storage of a mobile device in an encrypted form to provide isolation and piracy protection. In one implementation, each application is encrypted using its own associated encryption key that is generated based on an identifier of the application and a master key that is associated with a trusted platform module of the mobile device. In another implementation, each application is encrypted using two associated encryption keys. One key is used to encrypt binary data associated with the application such as source code, and the other key is used to encrypt application data such as graphics and configuration files. The encryption keys are each generated using the identifier of the application, the master key, and identifiers of the folders where the corresponding data types are stored on the mobile device. The removable storage includes SD cards formatted using the FAT or exFAT file systems.

Abstract: Two-factor authentication can be provided transparently to a user by virtue of proof information available at a mobile communication device. For example, after an access request for a service is sent, an authentication code can be intercepted from a responsive incoming message. The technologies can incorporate a cost proof as part of a cost optimization. Other features such as obfuscation and separate channels can be incorporated into the technologies to provide a superior user experience while implementing superior security.

Abstract: Applications are stored on removable storage of a mobile device in an encrypted form to provide isolation and piracy protection. In one implementation, each application is encrypted using its own associated encryption key that is generated based on an identifier of the application and a master key that is associated with a trusted platform module of the mobile device. In another implementation, each application is encrypted using two associated encryption keys. One key is used to encrypt binary data associated with the application such as source code, and the other key is used to encrypt application data such as graphics and configuration files. The encryption keys are each generated using the identifier of the application, the master key, and identifiers of the folders where the corresponding data types are stored on the mobile device. The removable storage includes SD cards formatted using the FAT or exFAT file systems.

Abstract: A technique allows software developers to develop applications for a smart phone or other terminal by unlocking the terminal so that it can run unsigned applications. A developer registers with a web-based service, agrees to registration terms, and provides authentication credentials. Data which verifies the authentication credentials is provided back to the developer's computer. The terminal is connected to the developer's computer, and via a user interface, the developer requests registration of the terminal. In response, the terminal receives the data from the developer's computer, and provides the data and a unique terminal identifier to the service. If authorized, the service returns a persistent token or license which is stored at, and used to unlock, the terminal. The service can also provide a command which enforces an expiration date. The terminal checks in with the service to determine if the account is in good standing, and is re-locked if warranted.

Abstract: Access control for an application is described. An exemplary method includes receiving a first command of an application to invoke a function of a user interface, identifying a first authorization context based on a first user context and the function of the user interface invoked, retrieving a first access policy providing access criteria associated with the first authorization context, and applying the first access policy to the accessibility of the function. The method includes receiving a second command to invoke the function in a second instance of the application and identifying a second authorization context based on a second user context and the function of the user interface invoked. The second authorization context is different than the first authorization context. The method includes retrieving a second access policy providing second access criteria associated with the second authorization context and applying the second access policy to the accessibility of the function.

Abstract: Access control for an application is described. An exemplary method includes receiving a first command of an application to invoke a function of a user interface, identifying a first authorization context based on a first user context and the function of the user interface invoked, retrieving a first access policy providing access criteria associated with the first authorization context, and applying the first access policy to the accessibility of the function. The method includes receiving a second command to invoke the function in a second instance of the application and identifying a second authorization context based on a second user context and the function of the user interface invoked. The second authorization context is different than the first authorization context. The method includes retrieving a second access policy providing second access criteria associated with the second authorization context and applying the second access policy to the accessibility of the function.

Abstract: A context based access control system that includes a set of one or more authorization contexts that are activated in response to selection of different functions or tasks or other functional boundary object of an application program. The authorization contexts are associated with one or more access policies that are invoked in response to activation of the one or more authorization contexts.

Abstract: A technique allows software developers to develop applications for a smart phone or other terminal by unlocking the terminal so that it can run unsigned applications. A developer registers with a web-based service, agrees to registration terms, and provides authentication credentials. Data which verifies the authentication credentials is provided back to the developer's computer. The terminal is connected to the developer's computer, and via a user interface, the developer requests registration of the terminal. In response, the terminal receives the data from the developer's computer, and provides the data and a unique terminal identifier to the service. If authorized, the service returns a persistent token or license which is stored at, and used to unlock, the terminal. The service can also provide a command which enforces an expiration date. The terminal checks in with the service to determine if the account is in good standing, and is re-locked if warranted.

Abstract: A context based access control system that includes a set of one or more authorization contexts that are activated in response to selection of different functions or tasks or other functional boundary object of an application program. The authorization contexts are associated with one or more access policies that are invoked in response to activation of the one or more authorization contexts.

Abstract: The invention relates to a closure device (1) with or without a drinking mechanism (30) for bottles/receptacles, arranged to be attached to the bottle/receptacle, and where the device comprises a first cavity (2) preferably for additive. The invention is characterised in that at least one second cavity is provided in the device, where the first and the at least second cavity can be opened individually by means of opening mechanisms which are integrated in the device and can be influenced from the outside of the device.

Abstract: A method of providing Resource-Event-Agent (REA) model based security includes identifying an association between a first object and a second object, where the first object is the Agent type and the second object is any REA object. Then, an association class is created for the association between the first object and the second object. The association class, for example called a Security Policy Association Class, defines security between the first object and the second object.

Abstract: A separator assembly for use “downhole” in an oil well, comprising an elongate body member including longitudinally extending oil and water passages, the elongate body member defining a longitudinally extending mounting face to which at least one hydrocyclone is secured, the hydrocyclone having its axis extending generally longitudinally of the elongate body, a first connecting union at the overflow end of the hydrocyclone whereby the overflow outlet of the hydrocyclone communicates with the oil passage of the body member, a second connecting union at the underflow end of the hydrocyclone whereby the underflow outlet of the hydrocyclone communicates with the water passage of the elongate body member, and, connecting means at opposite axial ends respectively of the elongate body member for establishing communication with the oil and water passages respectively.