Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: Methods for remotely configuring application software on a user device are described. The application software defines at least one operating parameter having a set of pre-defined values which change the way the application interacts with the operating system. The operating parameter can be configured remotely and pushed to the user device where it is enforced by the application. Methods for providing information of the operating parameter to a remote device and for updating the configuration of an application are also described.

Abstract: A method for monitoring user activity in respect of a plurality of applications on a computing device. The method comprises storing, by a first application running on the computing device, a first timestamp indicating the time that user activity was last detected with respect to the first application. The first application receives a message from a second application running on the computing device. The message comprises a second timestamp indicating the time that user activity was last detected with respect to the second application. The first application updates the first timestamp based on the second timestamp when the time indicated by the second timestamp is later than the time indicated by the first timestamp. Thus, user activity across the plurality of application can be monitored, such that an inactivity timer running on a particular application in the group of applications can account for user activity with respect to the other application in the plurality.

Abstract: A method of managing a plurality of applications on a computing device. The method comprises receiving, by a first application running on the computing device, a lock message comprising a timestamp and a digital signature associated with the timestamp, from a second application miming on the computing device. Upon receipt of the lock message, the first application verifies the digital signature to confirm the authenticity of the timestamp. Once the timestamp has been confirmed by the first application, the first application locks the first application. Accordingly, a lock event with respect to an application in the plurality of applications can be propagated to other applications in the plurality of applications.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: A computing device stores a set of executable code comprising first, second and third subsets of data. The first and second subsets of data comprise first and second encrypted data, respectively. Responsive to receipt of first authentication data for authenticating a respective user, the computing device is arranged to decrypt one of the first and second encrypted data to generate decrypted data, and to configure the third subset of data based on the decrypted data. The third subset of data, having been so configured, is executable by the one or more processors using the operating system to perform one or more tasks on behalf of the respective user. Thus an application-level log in is provided.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device. The method comprises: storing data comprising, for each of a plurality of access levels associated with the application, first data indicative of a combination of one or more credentials associated with the respective access level and an access level key corresponding to the respective access level, the access level key being encrypted by the combination of one or more credentials associated with the respective access level; determining, based on the first data, an access level in the plurality of access levels corresponding to a combination of one or more credentials available to the application; decrypting the access level key in the stored data corresponding to the determined access level; and providing access to encrypted application data associated with the application and corresponding to the determined access level.

Abstract: Embodiments of the invention are concerned with facilitating service provision between software applications. In embodiments of the invention, a first user terminal includes an application which causes the first user terminal to delegate execution of a first service to a different application. In response to determining that the first service is to be executed on behalf of the first service, a request message is sent to a data store including an identifier of the first service. The data store comprising entries indicating applications held on one or more user terminals, and indicating one or more services that may be executed, on request, by a corresponding application. The first user terminal receives a response message from the data store identifying one or more applications to which execution of the first service may be delegated.

Abstract: Devices and methods for managing a network communication channel are provided. The electronic device is configured to determine a list of available intermediate servers for establishing a network communication channel between the electronic device and an enterprise entity. The electronic device generates a list of aggregate round trip times. The list of aggregate round trip times include an aggregate round trip time associated with each intermediate server in the list of available intermediate servers. Each aggregate round trip time includes a front end round trip time and a back end round trip time. The electronic device selects one of the intermediate servers based on the list of aggregate round trip times and establishes the network communication channel using the selected intermediate server.

Abstract: A method and system for negotiating a secure device-to-device communications channel between a first computing device and a second computing device, wherein the first computing device is associated with a first user and the second computing device is associated with a second user. The method comprises receiving, at a server, a first connection request comprising first address data and a first cryptographic key associated with the first computing device, the first connection request being received over a first secure communications channel, and receiving, at the server, a second connection request comprising second address data and a second cryptographic key associated with the second computing device, the second connection request being received over a second secure communications channel.

Abstract: A system and method for provisioning a push notification session via a communications network between an application on a client terminal and a server corresponding to the application. In one aspect, a push provisioning entity transmits a message to the client terminal, whereby to configure the client terminal into a state in which it is able to request a push notification session with the server. An application on the client terminal can then request establishment of a push notification session by transmitting a push notification session request message to the push provisioning entity. The push provisioning entity generates a token for use in validating the push notification session, associates the generated token with the application and transmits the token to the application, which uses it to establish the push notification session.

Abstract: Methods and systems for managing access to a resource by one of a plurality of applications. The method comprises: storing, in a first storage area associated with a first application, a first credential for use in accessing the resource; receiving, at a second application, a message comprising data for determining that the first application stores a validated credential for accessing the resource; sending a request for the validated credential from the second application to the first application; receiving the first credential at the second application from the first application in response to the request sent; and storing the first credential in a second storage area associated with the second application; wherein the message received at the second application is received from a server system, remote from the plurality of applications, which maintains data indicating a subset of the plurality of applications which store respective validated credentials for accessing the resource.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: A system and method for provisioning a push notification session via a communications network between an application on a client terminal and a server corresponding to the application. In one aspect, a push provisioning entity transmits a message to the client terminal, whereby to configure the client terminal into a state in which it is able to request a push notification session with the server. An application on the client terminal can then request establishment of a push notification session by transmitting a push notification session request message to the push provisioning entity. The push provisioning entity generates a token for use in validating the push notification session, associates the generated token with the application and transmits the token to the application, which uses it to establish the push notification session.

Abstract: Devices and methods for managing a network communication channel are provided. The electronic device is configured to determine a list of available intermediate servers for establishing a network communication channel between the electronic device and an enterprise entity. The electronic device generates a list of aggregate round trip times. The list of aggregate round trip times include an aggregate round trip time associated with each intermediate server in the list of available intermediate servers. Each aggregate round trip time includes a front end round trip time and a back end round trip time. The electronic device selects one of the intermediate servers based on the list of aggregate round trip times and establishes the network communication channel using the selected intermediate server.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: A system and method for provisioning a push notification session via a communications network between an application on a client terminal and a server corresponding to the application. In one aspect, a push provisioning entity transmits a message to the client terminal, whereby to configure the client terminal into a state in which it is able to request a push notification session with the server. An application on the client terminal can then request establishment of a push notification session by transmitting a push notification session request message to the push provisioning entity. The push provisioning entity generates a token for use in validating the push notification session, associates the generated token with the application and transmits the token to the application, which uses it to establish the push notification session.

Abstract: Methods for activating a second application on a user device using a first application already installed and activated on the user device are described. In one embodiment the second application requests activation from the first application. The first application then authenticates a user before providing an activation response. The activation response can be requested from a remote server by the first application on behalf of the second application. The methods improve the ease of activating new software on a user device.

Abstract: A computing device stores a set of executable code comprising first, second and third subsets of data. The first and second subsets of data comprise first and second encrypted data, respectively. Responsive to receipt of first authentication data for authenticating a respective user, the computing device is arranged to decrypt one of the first and second encrypted data to generate decrypted data, and to configure the third subset of data based on the decrypted data. The third subset of data, having been so configured, is executable by the one or more processors using the operating system to perform one or more tasks on behalf of the respective user. Thus an application-level log in is provided.