Abstract: A mobile device user is able to execute an app in a federation of wrapped apps without having to login to that app provided that the user has already logged into another app in that federation. The federation of apps on the device uses multi-app authentication to enable the user to start subsequent apps after explicitly entering login credentials for another app in that federation. This feature is loosely referred to as single sign-on for apps in the federation. The multi-app authentication is implemented by giving the second app a chance to prove two facts. One that it knows where in the operating system keychain a login ticket is stored and two, what the hash value of a random byte array is. By showing these facts, the logged-into app can safely provide login credentials to subsequent app without the user having to enter a login name or password.

Abstract: A keystore is installed on a mobile app where the keystore is created and provisioned on a server, such as an app wrapping server, under the control of an enterprise. A generic (non-provisioned) wrapped app is installed on a device. The app prompts the user to enter a passphrase. When the user does this, an app keystore is created. It has a user section and a table of contents. The keystore files are hashed, creating “first” keystore hash values. The first keystore hash values are stored in the TOC. The TOC is then hashed, creating a TOC hash value. The passphrase entered by the user is then combined with the TOC hash value. This creates a “first” master passphrase for the keystore. The keystore is then transmitted to the device where it is installed in the generic (non-provisioned) wrapped app.

Abstract: A mobile device user is able to execute an app in a federation of wrapped apps without having to login to that app provided that the user has already logged into another app in that federation. The federation of apps on the device uses multi-app authentication to enable the user to start subsequent apps after explicitly entering login credentials for another app in that federation. This feature is loosely referred to as single sign-on for apps in the federation. The multi-app authentication is implemented by giving the second app a chance to prove two facts. One that it knows where in the operating system keychain a login ticket is stored and two, what the hash value of a random byte array is. By showing these facts, the logged-into app can safely provide login credentials to subsequent app without the user having to enter a login name or password.

Abstract: A keystore is installed on a mobile app where the keystore is created and provisioned on a server, such as an app wrapping server, under the control of an enterprise. A generic (non-provisioned) wrapped app is installed on a device. The app prompts the user to enter a passphrase. When the user does this, an app keystore is created. It has a user section and a table of contents. The keystore files are hashed, creating “first” keystore hash values. The first keystore hash values are stored in the TOC. The TOC is then hashed, creating a TOC hash value. The passphrase entered by the user is then combined with the TOC hash value. This creates a “first” master passphrase for the keystore. The keystore is then transmitted to the device where it is installed in the generic (non-provisioned) wrapped app.

Abstract: A security-wrapped app that is locked and inaccessible is unlocked and recovered using a secure and user-friendly protocol. Apps that are security wrapped are passphrase protected. The app security keystore on the device becomes locked. The keystore is encrypted with a recovery key which is only in an encrypted form on the device and cannot be decrypted or otherwise accessed by the user. As such, the user cannot unlock the keystore on the device and therefore is not able to unlock the app. The app can be unlocked using a recovery mechanism that is highly secure in all communications between the mobile device and the service provider server. At the same time the recovery mechanism is easy for the end user to carry out.

Abstract: A system is disclosed including a reconfigurable logic circuit having programmable logic, a first memory, and a second memory. The first memory stores a number of logic designs each operable to configure the programmable logic. Also included is a computer coupled to the reconfigurable logic circuit that concurrently executes one or more application programs and an interface program. The application programs generate a number of requests to utilize the reconfigurable logic circuit and the interface program responds to the requests by opening a number of coexisting program interfaces. These interfaces each correspond to an instance of one of the logic designs stored in the first memory. The reconfigurable logic circuit is responsive to the interface program to provide a number of interface buffers in the second memory that each belong to a corresponding one of the interfaces and are each operable to store data passing between the computer and the reconfigurable logic circuit.