Abstract: Methods and apparatus for providing an application credential for an application running on a device. In one embodiment, a method provides an application credential to an application running on a device, wherein the application credential is used by the application to authenticate to a data server. The method comprises receiving a request to generate the application credential, wherein the request includes an application identifier. The method also comprises generating the application credential using the application identifier and a master credential associated with the device.

Abstract: An application's access to storage is limited on a per application basis. The application is granted access to a portion of the storage. The application may manipulate that portion of the storage by creating distinct file structures within that portion, modifying, reading and writing files contained therein. The application is denied access to the storage area outside the granted portion. Similarly, other applications stored in the storage area follow a similar paradigm. In one embodiment, the storage area is a hierarchical file structure and applications are stored as children in the file structure. The applications, however, are mapped to indicate each are stored at the root of the file structure to prevent access to other areas of the file structure. In another embodiment, the file structure supports a shared directory that multiple applications are mapped to, also as a root directory but to another drive.

Abstract: Systems and methods consistent with the present invention provides safe and secure application distribution and execution and controls the risk of providing a test environment associated with the testing of applications. Test enabled permissions are created and distributed to selected application test entities. A management function is used to aid in distributing the test-enabled permissions. The risk is controlled by providing closer scrutiny of the identity of the test entity prior to distributing a test enabled permission to the test entity, providing expiration times associated with the test enabled permissions, and limiting the number of test enabled permissions distributed. The management function tracks the distribution of the test-enabled permissions.

Abstract: Resources to a device are granted access to an application based on privileges associated with the application. A permission list may be created by a server. The permission list may be created using information from authorities, entities, or parties and information about the device resources. The permission list indicates what device resources the application may access. During application execution when the application requests a resource, a control program executing on the device may be used to check the permission list associated with the application to determine if the application may access the resource. The control program can then grant or deny access based on the privileges defined in the permission list. Digital signatures may be used to detect modifications to the application and/or permission list. In addition, multiple permission lists may be associated with the same application.

Abstract: The present invention provides safe and secure application distribution and execution by providing systems and methods that test an application to ensure that it satisfies predetermined criteria associated with the environment in which it will execute. Furthermore, by using rules and permission lists, application removal, and a modification detection technique, such as digital signatures, the present invention provides mechanisms to safely distribute and execute tested, or untested, applications by determining whether the application has been modified, determining if it has permission to execute in a given wireless device environment, and removing the application should it be desirable to do so.