Abstract: Methods for activating a second application on a user device using a first application already installed and activated on the user device are described. In one embodiment the second application requests activation from the first application. The first application then authenticates a user before providing an activation response. The activation response can be requested from a remote server by the first application on behalf of the second application. The methods improve the ease of activating new software on a user device.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: A method for monitoring user activity in respect of a plurality of applications on a computing device. The method comprises storing, by a first application running on the computing device, a first timestamp indicating the time that user activity was last detected with respect to the first application. The first application receives a message from a second application running on the computing device. The message comprises a second timestamp indicating the time that user activity was last detected with respect to the second application. The first application updates the first timestamp based on the second timestamp when the time indicated by the second timestamp is later than the time indicated by the first timestamp. Thus, user activity across the plurality of application can be monitored, such that an inactivity timer running on a particular application in the group of applications can account for user activity with respect to the other application in the plurality.

Abstract: A method of managing a plurality of applications on a computing device. The method comprises receiving, by a first application running on the computing device, a lock message comprising a timestamp and a digital signature associated with the timestamp, from a second application miming on the computing device. Upon receipt of the lock message, the first application verifies the digital signature to confirm the authenticity of the timestamp. Once the timestamp has been confirmed by the first application, the first application locks the first application. Accordingly, a lock event with respect to an application in the plurality of applications can be propagated to other applications in the plurality of applications.

Abstract: Embodiments of the invention are concerned with facilitating service provision between software applications. In embodiments of the invention, a first user terminal includes an application which causes the first user terminal to delegate execution of a first service to a different application. In response to determining that the first service is to be executed on behalf of the first service, a request message is sent to a data store including an identifier of the first service. The data store comprising entries indicating applications held on one or more user terminals, and indicating one or more services that may be executed, on request, by a corresponding application. The first user terminal receives a response message from the data store identifying one or more applications to which execution of the first service may be delegated.

Abstract: Methods for remotely configuring application software on a user device are described. The application software defines at least one operating parameter having a set of pre-defined values which change the way the application interacts with the operating system. The operating parameter can be configured remotely and pushed to the user device where it is enforced by the application. Methods for providing information of the operating parameter to a remote device and for updating the configuration of an application are also described.

Abstract: Methods and systems for managing access to a resource by one of a plurality of applications. The method comprises: storing, in a first storage area associated with a first application, a first credential for use in accessing the resource; receiving, at a second application, a message comprising data for determining that the first application stores a validated credential for accessing the resource; sending a request for the validated credential from the second application to the first application; receiving the first credential at the second application from the first application in response to the request sent; and storing the first credential in a second storage area associated with the second application; wherein the message received at the second application is received from a server system, remote from the plurality of applications, which maintains data indicating a subset of the plurality of applications which store respective validated credentials for accessing the resource.

Abstract: Embodiments of the invention are concerned with facilitating service provision between software applications. In embodiments of the invention, a first user terminal includes an application which causes the first user terminal to delegate execution of a first service to a different application. In response to determining that the first service is to be executed on behalf of the first service, a request message is sent to a data store including an identifier of the first service. The data store comprising entries indicating applications held on one or more user terminals, and indicating one or more services that may be executed, on request, by a corresponding application. The first user terminal receives a response message from the data store identifying one or more applications to which execution of the first service may be delegated.

Abstract: Methods for remotely configuring application software on a user device are described. The application software defines at least one operating parameter having a set of pre-defined values which change the way the application interacts with the operating system. The operating parameter can be configured remotely and pushed to the user device where it is enforced by the application. Methods for providing information of the operating parameter to a remote device and for updating the configuration of an application are also described.

Abstract: A method, system and computer program product for generating a list of applications available for installation on a user terminal is disclosed. In one aspect, a catalogue server identifies a first and a second installation control setting corresponding to an application on the basis of user identification data from a data store comprising entries for a plurality of applications and their corresponding installation control settings. Subsequently, the catalogue server determines installation control data for at least one of the first and second application on the basis of the first and the second installation control setting. The determined installation control data is used to generate the list of application available for installation on the user terminal.

Abstract: A method and system for negotiating a secure device-to-device communications channel between a first computing device and a second computing device, wherein the first computing device is associated with a first user and the second computing device is associated with a second user. The method comprises receiving, at a server, a first connection request comprising first address data and a first cryptographic key associated with the first computing device, the first connection request being received over a first secure communications channel, and receiving, at the server, a second connection request comprising second address data and a second cryptographic key associated with the second computing device, the second connection request being received over a second secure communications channel.

Abstract: A computing device has a first application and a second application. The first application generates a data access application key for use by the second application to enable decryption of data that is stored in encrypted form on the computing device using the data access application key. In operation, the second application generates a public/private key pair. The second application sends a request to the first application for the first application to send the second application a data access application key, the request including the public key. The first application derives the requested data access application key as a function of at least the public key. The first application sends the derived data access application key to the second application.

Abstract: Data is stored on a computing device in an encrypted form using a control application. A data access application requests access to the data. It is determined whether the data access application has available a shared encryption key that is available to the control application. If a shared encryption key is available, the shared encryption key is used to encrypt a request for access to the data. If a shared encryption key is not available, a shared encryption key is negotiated with the control application, and the negotiated shared encryption key is used to encrypt the request for access to the data. The control application receives the encrypted request, decrypts the encrypted request using the shared encryption key, and makes the data stored on the computing device in encrypted form available to the data access application in response to the decrypted request.

Abstract: A smartphone that includes a communications interface to communicate via one or more Internet communications channels is provided. The smartphone also includes a service engine that communicates with a global server via an Internet channel using the communications interface to provide identification data to the global server. In response to providing the identification data, the service engine receives configuration data to configure the service engine with a selectable set of downloadable executables. The selectable set of downloadable executables include a selection of downloadable executables that is made at least in part by the global server using the identification data. A display presents at least some of the selectable set of downloadable executables on the smartphone, and an input device selects a downloadable executable from the selectable set. The service engine initiates a download of the selected downloadable executable using the communications interface.

Abstract: Data is stored on a computing device in encrypted form in respective digital containers. At least one data access application is stored on the computing device. A control application of the computing device connects to a remote control center. A command from the remote control center is received at the connected control application. The command contains an action to be taken in respect of at least one of the at least one data access application and the containers stored on the computing device. The command is passed from the connected control application to the data access application or container, and the data access application or container carries out the command.

Abstract: A data access application key is generated. The data access application key is for use by a data access application to enable decryption of data that is stored in encrypted form on a computing device using the data access application key. The data access application key is generated using an identifier of the data access application and an application key that is specific to at least one of the computing device and/or a user of the computing device.

Abstract: A system and method for provisioning a push notification session via a communications network between an application on a client terminal and a server corresponding to the application. In one aspect, a push provisioning entity transmits a message to the client terminal, whereby to configure the client terminal into a state in which it is able to request a push notification session with the server. An application on the client terminal can then request establishment of a push notification session by transmitting a push notification session request message to the push provisioning entity. The push provisioning entity generates a token for use in validating the push notification session, associates the generated token with the application and transmits the token to the application, which uses it to establish the push notification session.

Abstract: Methods for activating a second application on a user device using a first application already installed and activated on the user device are described. In one embodiment the second application requests activation from the first application. The first application then authenticates a user before providing an activation response. The activation response can be requested from a remote server by the first application on behalf of the second application. The methods improve the ease of activating new software on a user device.

Abstract: A method, system and computer program product for generating a list of applications available for installation on a user terminal is disclosed. In one aspect, a catalogue server identifies a first and a second installation control setting corresponding to an application on the basis of user identification data from a data store comprising entries for a plurality of applications and their corresponding installation control settings. Subsequently, the catalogue server determines installation control data for at least one of the first and second application on the basis of the first and the second installation control setting. The determined installation control data is used to generate the list of application available for installation on the user terminal.

Abstract: Embodiments of the invention are concerned with providing access credentials associated with a user of a service to a server hosting the service, e.g. enabling single sign on by the user to a number of servers. The embodiments include functionality for establishing a first data connection with a terminal associated with the user and a second data connection with the server, and bridging the first and second data connections in order to establish a first communications session, using a first communications protocol, between the terminal and the server. A second communications session, using a second communications protocol, is also established with the server, via which a request for access credentials associated with the user is received. This request includes information received by the server in the first communications session, which is used to identify access credentials of the user that are transmitted to the server via the second communications session.