Abstract: A system that includes multiple nodes is disclosed. A first node in the system has a first local storage and a first portion of a distributed index. A second node in the system has a second local storage and a second portion of the distributed index. A third node in the system has a third local storage and a third portion of the distributed index. Each of the first, second, and third nodes includes application logic. If any one of the nodes is removed from the system, neither application nor data availability is impacted.

Abstract: A system that includes multiple nodes is disclosed. A first node in the system has a first local storage and a first portion of a distributed index. A second node in the system has a second local storage and a second portion of the distributed index. A third node in the system has a third local storage and a third portion of the distributed index. Each of the first, second, and third nodes includes application logic. If any one of the nodes is removed from the system, neither application nor data availability is impacted.

Abstract: Distributing data is disclosed. A first request for data associated with a first file is received at a first node. It is determined, at the first node, that the first file is located on a second node. A second request for data associated with the first file is received at the first node. It is determined that a third node should have an instance of the first file. The third node is caused to have an instance of the first file.

Abstract: Distributing data is disclosed. A first request for data associated with a first file is received at a first node. It is determined, at the first node, that the first file is located on a second node. A second request for data associated with the first file is received at the first node. It is determined that a third node should have an instance of the first file. The third node is caused to have an instance of the first file.

Abstract: A mobile communication device (104) loads an application bundle (200), which includes a software application (202) and an indication of a time limited license (206). To enforce the time limited license, the mobile communication device, upon attempting to invoke the application code (310), obtains a secure time reading (312). It is contemplated that a secure time server (116) may be used to facilitate license enforcement. Once the secure time reading is obtained, the mobile communication device compares the time with the license period, and executes the code only if the time reading is within the license period.

Abstract: A wireless domain (602) sets a security policy for all mobile communication devices (606) within the domain by use of a system entry proxy server (604). A developer makes an application or code segment available at a developer station (600). The application is certified by a certificate defining a developer security setting. The user of the mobile communication device initiates a download of the application so that it can be installed onto the mobile communication device. The application is downloaded through the system entry proxy server which authenticates the application, then re-certifies it with a compact certificate including an operator defined security policy. In this way the operator can control which resources of the mobile communication device are accessed by all applications coming into the wireless domain.

Abstract: A signed application descriptor file (206) is used instead of X.509 certificates to authenticate a portable application code, such as a JAVA archive (JAR) file. The signed ADF includes an application descriptor file (302), file hash (304) of the JAR file (301), a developer descriptor file (308), signed time stamp (310), and a developer's certificate (312). A network client device (202) includes limited computing resources (212) and a virtual machine environment for executing the portable code (208). Furthermore the client device contains a set of cryptographic, digital keys for authenticating parts of the signed ADF, which are further used to authenticate the JAR file.

Abstract: A new process for determining the administrator of a mobile communications device, e.g., a wireless cellular telephone, two-way pager, or laptop computer, connectable to a telecommunications network. The system and methods described provide processes for determining whether a Subscriber Entity Module (SIM) is present with a digital certificate for a domain of an administrator, e.g., a network operator, for designating administrative responsibilities in a mobile communications device. A mechanism is provided to designate administrative privileges to an entity by the owner of the mobile communications device.

Abstract: A method of conducting transactions in a wireless electronic commerce system, where the system comprises a wireless network operator certification authority (400) having a root public key certificate and at least one attribute authority (404, 405, 406) having a digital certificate that is dependent from the root public key certificate. The attribute authority is accessible by a wireless client device (450, 452) via a wireless network. The digital certificate is delivered from the attribute authority to the wireless device, the attribute authority is verified to the wireless client device using the digital certificate and the root public key certificate pre-loaded in the wireless client device under authority of the wireless network operator. An attribute (software, service, right/permission or other content item) is delivered to the wireless client device over the wireless network and ultimately enabled at the wireless client device.

Abstract: A developer (102) develops a software application (204) which needs to be tested or debugged, or both. To eliminate the need to either intentionally compromise the security environment of the target portable device, or having to request a certificate for each version of the software under development, the developer obtains a development certificate (208). The development certificate includes a device identifier unique to the particular portable device on which the software is to be tested, and some development parameter. The target device uses these two pieces of data to determine if the software is valid, and executable. If either of these pieces of data are not valid, the security mechanism of the target device will disable the software, or otherwise refuse to permit it to execute. The developer signs the software with the development certificate, and then loads the signed software onto the target device, which then authenticates the developer's signature and development certificate.

Abstract: Location information is generated for a mobile device using a global positioning system (GPS) receiver (17) or by other means. A request for receipt of location information is received at the mobile device, over a wireless communications channel from a requesting entity (25), and a confirmation of permission to receive location information is sent to the requesting entity, over the wireless communication channel. The confirmation includes a digital signature for the requesting entity to use as verifiable proof of confirmation of permission. The requesting entity can use the digital signature to obtain the location information from a location server (21). The requesting entity and/or the location server are optionally located in the mobile communications device.

Abstract: A data communication system employs a method (400) for transmitting packetized data (100) using a combination of well known transmission techniques, such as TCP/IP and a novel compression process. A message type identifier (300) for the packet to be transmitted is first identified, which identifier comprises a packet type identifier (113) and a protocol identifier (114). The packet type identifier (113) distinguishes between control information and user information in the data packet. The packet is then selectively encoded (407, 411) using either a first or a second header compression technique, depending on the packet type identifier (113) and the protocol identifier (114). In this manner, an improved packet transmission scheme is envisaged, which gives a reliable solution for data transmission in a noisy RF environment and/or a bandwidth-limited environment.

Abstract: A data communication system (100) employs a method and apparatus for adaptively companding (compressing and expanding) data packets therein. A first communication device (e.g., 107) generates a plurality of data packets (201-207) and selects one or more, but not all, of the data packets. The first device then performs a compression of each data packet in a first group of data packets that includes the selected data packets (202-205). The first device transmits the compressed data packets to a second communication device (e.g., 108). Upon receiving the compressed data packets, the second device determines whether the received compressed data packets include one or more of the data packets selected by the first device. When the received data packets include one or more of the selected data packets, the second device transmits a response packet (301) to the first device indicating which, if any, of the selected data packets were received.