Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: Methods for remotely configuring application software on a user device are described. The application software defines at least one operating parameter having a set of pre-defined values which change the way the application interacts with the operating system. The operating parameter can be configured remotely and pushed to the user device where it is enforced by the application. Methods for providing information of the operating parameter to a remote device and for updating the configuration of an application are also described.

Abstract: A method for monitoring user activity in respect of a plurality of applications on a computing device. The method comprises storing, by a first application running on the computing device, a first timestamp indicating the time that user activity was last detected with respect to the first application. The first application receives a message from a second application running on the computing device. The message comprises a second timestamp indicating the time that user activity was last detected with respect to the second application. The first application updates the first timestamp based on the second timestamp when the time indicated by the second timestamp is later than the time indicated by the first timestamp. Thus, user activity across the plurality of application can be monitored, such that an inactivity timer running on a particular application in the group of applications can account for user activity with respect to the other application in the plurality.

Abstract: A method of managing a plurality of applications on a computing device. The method comprises receiving, by a first application running on the computing device, a lock message comprising a timestamp and a digital signature associated with the timestamp, from a second application miming on the computing device. Upon receipt of the lock message, the first application verifies the digital signature to confirm the authenticity of the timestamp. Once the timestamp has been confirmed by the first application, the first application locks the first application. Accordingly, a lock event with respect to an application in the plurality of applications can be propagated to other applications in the plurality of applications.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device. The method comprises: storing data comprising, for each of a plurality of access levels associated with the application, first data indicative of a combination of one or more credentials associated with the respective access level and an access level key corresponding to the respective access level, the access level key being encrypted by the combination of one or more credentials associated with the respective access level; determining, based on the first data, an access level in the plurality of access levels corresponding to a combination of one or more credentials available to the application; decrypting the access level key in the stored data corresponding to the determined access level; and providing access to encrypted application data associated with the application and corresponding to the determined access level.

Abstract: Embodiments of the invention are concerned with facilitating service provision between software applications. In embodiments of the invention, a first user terminal includes an application which causes the first user terminal to delegate execution of a first service to a different application. In response to determining that the first service is to be executed on behalf of the first service, a request message is sent to a data store including an identifier of the first service. The data store comprising entries indicating applications held on one or more user terminals, and indicating one or more services that may be executed, on request, by a corresponding application. The first user terminal receives a response message from the data store identifying one or more applications to which execution of the first service may be delegated.

Abstract: Devices and methods for managing a network communication channel are provided. The electronic device is configured to determine a list of available intermediate servers for establishing a network communication channel between the electronic device and an enterprise entity. The electronic device generates a list of aggregate round trip times. The list of aggregate round trip times include an aggregate round trip time associated with each intermediate server in the list of available intermediate servers. Each aggregate round trip time includes a front end round trip time and a back end round trip time. The electronic device selects one of the intermediate servers based on the list of aggregate round trip times and establishes the network communication channel using the selected intermediate server.

Abstract: A method and system for negotiating a secure device-to-device communications channel between a first computing device and a second computing device, wherein the first computing device is associated with a first user and the second computing device is associated with a second user. The method comprises receiving, at a server, a first connection request comprising first address data and a first cryptographic key associated with the first computing device, the first connection request being received over a first secure communications channel, and receiving, at the server, a second connection request comprising second address data and a second cryptographic key associated with the second computing device, the second connection request being received over a second secure communications channel.

Abstract: Methods and systems for managing access to a resource by one of a plurality of applications. The method comprises: storing, in a first storage area associated with a first application, a first credential for use in accessing the resource; receiving, at a second application, a message comprising data for determining that the first application stores a validated credential for accessing the resource; sending a request for the validated credential from the second application to the first application; receiving the first credential at the second application from the first application in response to the request sent; and storing the first credential in a second storage area associated with the second application; wherein the message received at the second application is received from a server system, remote from the plurality of applications, which maintains data indicating a subset of the plurality of applications which store respective validated credentials for accessing the resource.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: Embodiments provide methods, devices and computer program arranged to facilitate authenticated communication between a user device and a service associated with a network. One embodiment comprises an apparatus which, in response to authenticating a user device on the basis of a first authentication protocol, transmits a request for a credential of a first type to an authentication server associated with the network via a communications link therebetween, the credential of the first type being for use by the apparatus to obtain a credential of a second type on behalf of the user device from the authentication server. Subsequently, the apparatus transmits a request for a credential of a second type to the authentication server via the communications link therebetween, the credential of the second type being for use by the user device in establishing authenticated communication with the service. The credential of the second type is then transmitted to the user device.

Abstract: Devices and methods for managing a network communication channel are provided. The electronic device is configured to determine a list of available intermediate servers for establishing a network communication channel between the electronic device and an enterprise entity. The electronic device generates a list of aggregate round trip times. The list of aggregate round trip times include an aggregate round trip time associated with each intermediate server in the list of available intermediate servers. Each aggregate round trip time includes a front end round trip time and a back end round trip time. The electronic device selects one of the intermediate servers based on the list of aggregate round trip times and establishes the network communication channel using the selected intermediate server.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: A method for monitoring user activity in respect of a plurality of applications on a computing device. The method comprises storing, by a first application running on the computing device, a first timestamp indicating the time that user activity was last detected with respect to the first application. The first application receives a message from a second application running on the computing device. The message comprises a second timestamp indicating the time that user activity was last detected with respect to the second application. The first application updates the first timestamp based on the second timestamp when the time indicated by the second timestamp is later than the time indicated by the first timestamp. Thus, user activity across the plurality of application can be monitored, such that an inactivity timer running on a particular application in the group of applications can account for user activity with respect to the other application in the plurality.

Abstract: A method of managing a plurality of applications on a computing device. The method comprises receiving, by a first application running on the computing device, a lock message comprising a timestamp and a digital signature associated with the timestamp, from a second application miming on the computing device. Upon receipt of the lock message, the first application verifies the digital signature to confirm the authenticity of the timestamp. Once the timestamp has been confirmed by the first application, the first application locks the first application. Accordingly, a lock event with respect to an application in the plurality of applications can be propagated to other applications in the plurality of applications.

Abstract: Embodiments of the invention are concerned with facilitating service provision between software applications. In embodiments of the invention, a first user terminal includes an application which causes the first user terminal to delegate execution of a first service to a different application. In response to determining that the first service is to be executed on behalf of the first service, a request message is sent to a data store including an identifier of the first service. The data store comprising entries indicating applications held on one or more user terminals, and indicating one or more services that may be executed, on request, by a corresponding application. The first user terminal receives a response message from the data store identifying one or more applications to which execution of the first service may be delegated.

Abstract: Methods for remotely configuring application software on a user device are described. The application software defines at least one operating parameter having a set of pre-defined values which change the way the application interacts with the operating system. The operating parameter can be configured remotely and pushed to the user device where it is enforced by the application. Methods for providing information of the operating parameter to a remote device and for updating the configuration of an application are also described.