Abstract: A system and method for providing secure communications between remote computing devices and servers. A network, device sends characteristics of a client computing device over the network. A network device receives characteristics of a client computing device over the network. A plurality of credentials are generated where at least one of the plurality of credentials based on both the received characteristics of the client computing device and a unique client key, and at least one of the plurality of credentials based on both the received characteristics of the client computing device and a generic key. A network device sends the plurality of credentials over the network. A network device receives the plurality of credentials via the network.

Abstract: The present invention provides safe and secure application distribution and execution by providing systems and methods that test an application to ensure that it satisfies predetermined criteria associated with the environment in which it will execute. Furthermore, by using rules and permission lists, application removal, and a modification detection technique, such as digital signatures, the present invention provides mechanisms to safely distribute and execute tested, or untested, applications by determining whether the application has been modified, determining if it has permission to execute in a given wireless device environment, and removing the application should it be desirable to do so.

Abstract: Resources to a device are granted access to an application based on privileges associated with the application. A permission list may be created by a server. The permission list may be created using information from authorities, entities, or parties and information about the device resources. The permission list indicates what device resources the application may access. During application execution when the application requests a resource, a control program executing on the device may be used to check the permission list associated with the application to determine if the application may access the resource. The control program can then grant or deny access based on the privileges defined in the permission list. Digital signatures may be used to detect modifications to the application and/or permission list. In addition, multiple permission lists may be associated with the same application.

Abstract: The present invention provides safe and secure application distribution and execution by providing systems and methods that test an application to ensure that it satisfies predetermined criteria associated with the environment in which it will execute. Furthermore, by using rules and permission lists, application removal, and a modification detection technique, such as digital signatures, the present invention provides mechanisms to safely distribute and execute tested, or untested, applications by determining whether the application has been modified, determining if it has permission to execute in a given wireless device environment, and removing the application should it be desirable to do so.

Abstract: A method for transferring data that includes the formulation of a set of criteria that includes a first subset of the criteria and a second subset of the criteria, the first subset of the criteria corresponding to one or more triggering events, the second subset of the criteria corresponding to a group of conditions of a communication link required for a data transfer between a first entity and a second entity, the group consisting of a timing to request data and a timing for the data transfer, a determination that the criteria in the first subset has been met which triggers an evaluation of the criteria in the second subset, a determination that the set of criteria has been met; and the initiation of the data transfer between the first entity and the second entity in response to meeting the set of criteria.

Abstract: Methods and devices provide for creating, managing, modifying, and/or enforcing flexible digital rights management license policies for protecting games, media, data, or other software with a time-based license. Embodiments are especially directed toward situations in which a source of time is unavailable, untrustworthy, or unreliable. Licenses are defined by a small number of parameters. Parameter values may be defined by and included with protected content or applications. The parameter values may be chosen to define and enforce a desired level of compromise between usability and security characteristics.

Abstract: A method for executing an application on a wireless device is provided. The method includes receiving, at the wireless device, a test permission that indicates the wireless device is authorized to execute the application on a wireless network in a testing capacity. The test permission is associated with the wireless device. The method further includes requesting the execution of the application on the wireless device and evaluating whether the wireless device includes the test permission. If the wireless device includes the test permission, the method further includes executing the application on the wireless device. The application is executed on the wireless device even if the application includes other permissions necessary to execute the application on the wireless device or the wireless network.

Abstract: Described are techniques and mechanisms for enforcing trust between an application and a library loaded by the application. Very generally stated, the application declares one or more trusted code groups (“TCGs”) of which a library must be a member to be authorized for execution with the application. Libraries that are authorized to assert membership in one or more TCGs include a secure indicator of that membership. As the application executes and attempts to load a library, that libraries membership in a TCG authorized by the application is verified prior to loading the library.

Abstract: Described are various mechanisms and techniques for influencing or controlling a content update schedule for a content-based software application on a mobile device. A content server issues one or more commands to the mobile device that establish a content update schedule for the mobile device. The mobile device then performs content update sessions with the content server based on that schedule. During any one or more refresh sessions, the content server delivers another command to establish a new content update schedule. This system provides the advantage of allowing the content server to regulate how frequently the mobile device retrieves new content.

Abstract: A method for operating a device to protect an application from unauthorized operation is provided. The application will fail to operate on the device when the device is defined outside a selected operating region. The method includes transmitting the selected operating region for the application, and receiving the application and a geographic identifier associated with the application. The geographic identifier is configured to identify the selected operating region wherein the application will operate on the device. The method further includes transmitting a request to execute the application on the device. The request includes the geographic identifier. Further included in the method is receiving a code. The code prevents an execution of the application on the device if the code is a disable code. The disable code indicates that the device is operating outside the selected operating region. An apparatus for content protection in a wireless network is also provided.

Abstract: Methods and apparatus for content protection in a wireless network. A method is provided for operating a protection system to protect an application from unauthorized distribution, wherein the application will fail to operate on a device that is outside a predetermined operating region. The method includes associating a geographic identifier with the application, wherein the geographic identifier identifies the predetermined operating region, and downloading the application and the geographic identifier to the device. The method also includes receiving a request to execute the application on the device, wherein the request includes the geographic identifier, and determining a device location. The method also includes comparing the device location with the predetermined operating region identified by the geographic identifier, and preventing the application from executing when the device is outside the predetermined operating region.

Abstract: The present invention provides safe and secure application distribution and execution by providing systems and methods that test an application to ensure that it satisfies predetermined criteria associated with the environment in which it will execute. Furthermore, by using rules and permission lists, application removal, and a modification detection technique, such as digital signatures, the present invention provides mechanisms to safely distribute and execute tested, or untested, applications by determining whether the application has been modified, determining if it has permission to execute in a given wireless device environment, and removing the application should it be desirable to do so.

Abstract: Systems and methods consistent with the present invention provides safe and secure application distribution and execution and controls the risk of providing a test environment associated with the testing of applications. Test enabled permissions are created and distributed to selected application test entities. A management function is used to aid in distributing the test-enabled permissions. The risk is controlled by providing closer scrutiny of the identity of the test entity prior to distributing a test enabled permission to the test entity, providing expiration times associated with the test enabled permissions, and limiting the number of test enabled permissions distributed. The management function tracks the distribution of the test-enabled permissions.

Abstract: Embodiments describe a system and/or method for multiple party digital signatures. According to a first aspect a method comprises establishing a first validity range for a first key, establishing a first validity range for at least a second key, and determining if the validity range of the first key overlaps the first validity range of the at least a second key. A certificate is signed with the first validity range of the first key and the first validity range of the at least a second key if the validity ranges overlap. According to another embodiment, signage of the certificate is refused if the first validity range of the first key does not overlap with the first validity range of the at least a second key.

Abstract: The present invention provides safe and secure application distribution and execution by providing systems and methods that test an application to ensure that it satisfies predetermined criteria associated with the environment in which it will execute. Furthermore, by using rules and permission lists, application removal, and a modification detection technique, such as digital signatures, the present invention provides mechanisms to safely distribute and execute tested, or untested, applications by determining whether the application has been modified, determining if it has permission to execute in a given wireless device environment, and removing the application should it be desirable to do so.

Abstract: Systems and methods consistent with the present invention provides safe and secure application distribution and execution and controls the risk of providing a test environment associated with the testing of applications. Test enabled permissions are created and distributed to selected application test entities. A management function is used to aid in distributing the test-enabled permissions. The risk is controlled by providing closer scrutiny of the identity of the test entity prior to distributing a test enabled permission to the test entity, providing expiration times associated with the test enabled permissions, and limiting the number of test enabled permissions distributed. The management function tracks the distribution of the test-enabled permissions.

Abstract: Methods and apparatus for enforcing application level restrictions on local and remote content rendered on a device. One method comprises receiving a permissions list associated with the content, receiving a content descriptor that identifies the content, and receiving a modification detection indicator that was created by an authority, wherein the modification detection indicator binds the permissions list and the content descriptor. The method further comprises retrieving the content identified by the content descriptor, and rendering the content on the device, wherein the content is restricted based on the permissions list.

Abstract: A system and method for providing secure communications between remote computing devices and servers. A network, device sends characteristics of a client computing device over the network. A network device receives characteristics of a client computing device over the network. A plurality of credentials are generated where at least one of the plurality of credentials based on both the received characteristics of the client computing device and a unique client key, and at least one of the plurality of credentials based on both the received characteristics of the client computing device and a generic key. A network device sends the plurality of credentials over the network. A network device receives the plurality of credentials via the network.

Abstract: Systems and methods for application-based billing in a wireless subscriber billing system are disclosed. A wireless client device can generate and transmit a billing request to the billing system. The billing system generates a validation response to the billing request and transmits the validation response to the client device. The validation response can be processed by the client device to enable a service linked to the billing request.

Abstract: A method for transferring data that includes the formulation of a set of criteria that includes a first subset of the criteria and a second subset of the criteria, the first subset of the criteria corresponding to one or more triggering events, the second subset of the criteria corresponding to a group of conditions of a communication link required for a data transfer between a first entity and a second entity, the group consisting of a timing to request data and a timing for the data transfer, a determination that the criteria in the first subset has been met which triggers an evaluation of the criteria in the second subset, a determination that the set of criteria has been met; and the initiation of the data transfer between the first entity and the second entity in response to meeting the set of criteria.