Abstract: This disclosure describes techniques of using a centralized rule database to control the abilities of software processes to perform actions with regard to resources provided by a computer. As described herein, each software process executing in a computer executes within a chamber and each resource provided by the computer is associated with a canonical name that uniquely identifies the resource. Furthermore, the computer stores a set of security rules in a centralized rule database. In addition, this disclosure describes techniques of enforcing the rules stored in the centralized rule database.

Abstract: This disclosure describes techniques of using a centralized rule database to control the abilities of software processes to perform actions with regard to resources provided by a computer. As described herein, each software process executing in a computer executes within a chamber and each resource provided by the computer is associated with a canonical name that uniquely identifies the resource. Furthermore, the computer stores a set of security rules in a centralized rule database. In addition, this disclosure describes techniques of enforcing the rules stored in the centralized rule database.

Abstract: The present invention provides an efficient application oriented security model. Prior to execution, an application is authenticated, and security information associated with the application is retrieved. The security information is then used to generate a token that is attached to the application. The security information may include a principle account associated with the application, a list of group accounts, and a corresponding privilege list.

Abstract: Translators are provided that enable automated and remote device configurations in an efficient and abstract manner. In one aspect, a device configuration system is provided. A configuration component stores one or more remote configuration trees for various devices. A translator component maps the remote configuration trees to at least one device configuration tree associated with the respective devices to enable device configuration in an automated manner.

Abstract: A pluggable file-based DRM (digital rights management) API (application program interface) layer for applications and engines. The invention defines a pluggable file-based DRM API layer such that mobile operators can choose to use any file-based DRM (FDRM) engine in their final product. An FDRM engine can be content agnostic (e.g., can range from an executable to a media file or ring-tone). In accordance with the invention, an application can become DRM aware by calling the novel file-based DRM APIs. Any FDRM engine can be plugged into the novel API layer such that applications can use the protected content. The API layer of the subject invention can be designed such that applications that are DRM aware by using the file-based DRM API layer can be DRM engine agnostic.

Abstract: Described is a provisioning system for receiving configuration changes to and queries of settings on a mobile device. One implementation includes a router component and a configuration manager component. The router component is responsible for receiving messages delivered to the mobile device and parsing the messages into requests for information. The messages may be delivered in document format, such as in the eXtensible Markup Language (XML) format. The requests may take the form of a request to respond with existing configuration settings, or to set certain configuration settings on the mobile device. The router component is also responsible for authenticating and decrypting the messages. Once properly authenticated and decrypted, the router component passes the message to the configuration manager component. The configuration manager component is responsible for determining what configuration settings are affected by the message and for processing the requests within the message.

Abstract: Increasing the level of automation when establishing and managing network connections. A connection manager operates between system level APIs and application programs, providing a level of abstraction. When a user wishes to access a remote resource included in destination network, the user simply identifies the remote resource and the connection manager performs the underlying operations. The connection manager relieves users from having to know detailed information about the remote resource and the destination network. When the connection manager receives a request to access a remote resource, connection manager may utilize extensible decision logic to identify a most appropriate connection method for connecting to a destination network. Such decision logic may include comparing prioritized connection requests to local resources available in a local computing device, as well as, comparing connection parameters associated with connection methods.

Abstract: The present invention provides an efficient application oriented security model. Prior to execution, an application is authenticated, and security information associated with the application is retrieved. The security information is then used to generate a token that is attached to the application. The security information may include a principle account associated with the application, a list of group accounts, and a corresponding privilege list.

Abstract: Described is a provisioning system for receiving configuration changes to and queries of settings on a mobile device. One implementation includes a router component and a configuration manager component. The router component is responsible for receiving messages delivered to the mobile device and parsing the messages into requests for information. The messages may be delivered in document format, such as in the eXtensible Markup Language (XML) format. The requests may take the form of a request to respond with existing configuration settings, or to set certain configuration settings on the mobile device. The router component is also responsible for authenticating and decrypting the messages. Once properly authenticated and decrypted, the router component passes the message to the configuration manager component. The configuration manager component is responsible for determining what configuration settings are affected by the message and for processing the requests within the message.

Abstract: Described is a provisioning system for receiving configuration changes to and queries of settings on a mobile device. One implementation includes a router component and a configuration manager component. The router component is responsible for receiving messages delivered to the mobile device and parsing the messages into requests for information. The messages may be delivered in document format, such as in the eXtensible Markup Language (XML) format. The requests may take the form of a request to respond with existing configuration settings. The configuration manager component is responsible for determining what configuration settings are affected by the message and for processing the requests within the message. For example, the configuration manager component may process a request to query a configuration setting by retrieving the requested information from a hardware register or a software registry.

Abstract: Described is a system and method in which a system and method in which a device manufacturer or software image provider controls which devices are allowed to install or to run a software image. An image keying mechanism uses package data and UUID associated with the device or class of devices to key an image. Because the UUID is used in the key, an installer verifier and/or boot-time verifier can ensure that the device is authorized to install and/or run the image. Any package, including existing device packages or the package for which installation is requested can demand that keying be enforced. An installer mechanism checks whether the device is allowed to install the image. A boot-time enforcement mechanism prevents an improperly installed image from operating by halting the boot process if a demanded key is invalid or missing.

Abstract: Described is a system and method in which software updates in the form of self-contained, secure entities are applied to an embedded device's non-volatile storage in a failsafe manner. Various types of software updates may be applied, and updates may contain executable code and/or data. Following a reboot, an initial program loader determines an update mode, and if updating, boots to a special update loader. The update loader processes update packages to apply the updates. Kernel partition, system partition and reserve section updates may be updated with entire files or binary difference files, with failure handling mechanisms are provided for each type of update. Updates may be simulated before committing them. Updates may be relocated in memory as appropriate for a device.

Abstract: A system and method is disclosed for synchronizing certain periodic activities and/or processes in a computer system or device. The synchronization allows more efficient use of the computer system's or device's processing capabilities, and may result in conservation of electrical power. In one example embodiment, a periodic scheduler is implemented to periodically verify the continued existence of critical processes operating in the computer system or device. Corrective, or other appropriate, action may be taken in the event of a failure of a critical process. A schedule list, which may be a linked list, may be used to track the periodic processes that are to occur. Upon registration of a critical process, the schedule list may be modified to synchronize the new periodic process with the existing schedule list.

Abstract: Described is a system and method in which software images including updates are provided as packages. The package is self-describing, thereby facilitating the replacement of only component parts of an image. A software build process maps operating system features (comprising files, metadata, configuration information and so forth) into the packages, and executable code is processed for relocation purposes. The final package includes a device manifest file that describes the package and conveys dependency information and information about the priority of settings (shadow data).

Abstract: Installing software using the configuration manager so that the rollback and security features of the configuration manager may be used during the installation process. A mobile computing device accesses files that are to be installed on the mobile computing device, and well as computer-executable instructions that define how the files are to be installed on the mobile computing device. The configuration manager then causes the computer-executable instructions to be executed (e.g., using configuration service providers), and causes a mirroring rollback document to be constructed. If the installation fails, the installation process is reversed by executing the rollback document. The configuration manager may also be used to implement security when executing the installation instructions by checking to determine whether or not execution of each installation instruction is authorized.

Abstract: Described is a system and method by which a collection of software packages for installing (e.g., on an embedded computing device) are reviewed for their dependent relations, whereby it is possible to choose a maximal set of install possibilities to allow for maximal version updates for any given package in the fewest update steps possible, while honoring package dependency constraints. An update validation process organizes and validates update packages that have been downloaded to a device, and builds a graph for each group. The graph data including paths between updates are processed to validate the updates and to determine a minimal and optimal set of packages that can be applied to the existing image on the device to produce the desired update, with the least amount of weight (cost) when more than one path can be used to get to the same version.

Abstract: A system and method is disclosed for synchronizing certain periodic activities and/or processes in a computer system or device. The synchronization allows more efficient use of the computer system's or device's processing capabilities, and may result in conservation of electrical power. In one example embodiment, a periodic scheduler is implemented to periodically verify the continued existence of critical processes operating in the computer system or device. Corrective, or other appropriate, action may be taken in the event of a failure of a critical process. A schedule list, which may be a linked list, may be used to track the periodic processes that are to occur. Upon registration of a critical process, the schedule list may be modified to synchronize the new periodic process with the existing schedule list.

Abstract: A cellular telephone clock is automatically set to correlate to a timestamp contained in a Short Messaging Service (SMS) status report. Accordingly, an exemplary cell phone clock can be properly set any time the cell phone receives a status report. By setting the cell phone device time to correlate to the world time, the exemplary cell phone clock can be automatically set, without requiring any action by the user and without requiring a special time set control message. When the cell phone transmits an SMS message, the cell phone stores the device time corresponding to the time that the message was sent (DTS). When a status report is received, the exemplary cell phone stores the device time corresponding to the time that the status report was received (DTR). Additionally, the cell phone stores the world time that is included in the status report by the SMSC that handled the message (WT).