Desktop applications provide rich user interface experience, are not complex or difficult to develop and use local hardware and software resources which allow them to be responsive and to interact with other connected devices. One example of a desktop application is Microsoft Outlook™ an application designed for checking e-mail, managing a calendar and contact information. On the other hand, web-based applications are applications accessed with a web browser over a network. One example of a web-based application is Hotmail™, a website for checking e-mail. Web-based applications are easy to deploy and manage and can be deployed even on mobile devices that are sporadically connected to a network. Smart-client applications are applications that combine the best of the desktop applications and web-based applications. They use local hardware and software resources and provide a rich user interface experience. They are connected applications that exchange data on the Internet or any other enterprise network. They are also capable of running offline and can be easily deployed and updated. Smart-client applications are poised to replace traditional web-based applications on desktop computing devices and eventually on remote mobile devices because computer users are accustomed to a rich media experience and expect to have a similarly rich experience when they use web-based applications, even on mobile devices. When we use the term desktop applications we specifically include both applications developed for the desktop and applications developed for remote devices using traditional desktop methodologies.
Rich Internet Applications (RIA) are smart-client web-applications that have the functionality of traditional desktop applications, but transfer the processing necessary for the user interface to the web client while maintaining the state of the program and keeping the bulk of the data back on the application server.
Mobile remote devices include mobile phones, personal digital assistants (PDAs), point of sale (POS) devices, tablets, pagers and laptop computers, among others. Mobile remote devices are usually underpowered, only sporadically connected to a server and usually via a limited bandwidth connection. Mobile devices have extremely limited storage and processing capacity and are often out of their areas of coverage, or not connected to the network for other reasons. Furthermore, mobile devices are susceptible to loss and/or theft, have varying capabilities, and usually run on varying platforms and operating systems. Applications for remote mobile devices (i.e., mobile remote applications) are difficult to develop and deploy due to the varying platforms and operating systems. Mobile applications are also difficult to certify and control once deployed. They are inherently insecure due to the remote device's mobility and susceptibility to theft/loss and due to the fact that they are usually developed based on assumptions and/or methodologies valid for the desktop environment.
Historically, mobile application development has been performed by highly trained programmers. However, more and more lay people are attempting to develop applications, but the currently available development languages and environments make the task difficult for non-highly trained programmers. The intermittent connectivity of mobile devices makes downloading and deploying of applications an error-prone process, which becomes more error-prone the richer and larger the application becomes. In addition, mobile devices often require the use of device-specific mechanisms to install applications above and beyond the effort needed to get the actual bytecodes onto the device. High-value applications, such as mobile payment applications, often have to be certified by a neutral third party to adhere to best security practices. The certification process for wireless applications is extremely lengthy, involving certification of all elements of the application, such as the server software, the client software, the communications protocol, among others. In some cases, certification can last several years, so that the majority of the development cycle is spent waiting. Once an application is deployed in a mobile device, it is difficult to control it because one can not assume that the device is in a single physical location and/or under the control of the ‘the person who usually sits at that location’. Applications deployed on mobile devices are inherently insecure due to the mobility of the device and the ease of becoming lost. Data stored on a lost mobile device can be intercepted by people for whom they were not intended and the device itself is easily ‘intercepted’. Enterprise desktop applications are designed to run on a physical desktop contained within the physical enterprise as a logical node on the enterprise network. Their physical security is contained within the physical security of the enterprise and their network activities are bounded by whatever restrictions the enterprise network administrator chooses to impose on them. On the other hand, mobile applications run outside the physical boundaries of the enterprise and are logical network nodes on the public network and thus typically not subject to any restrictions as to what other network nodes they might contact. Therefore, mobile devices are insecure in practice when running applications developed for the desktop or applications developed using traditional desktop methodologies.
Ideally, rich internet applications (RIAs) designed to run on mobile devices must address all of these limitations. Furthermore, it is desirable for applications to be platform independent, allowing an enterprise to deploy it on its mobile devices as well as its desktop machines and other devices. However, existing client pieces for delivering RIAs are too heavy for cellphones, and existing smart client solutions require programming knowledge, which excludes many potential developers. Prior art smart-client solutions include the following:                J2ME, the Java 2 Micro Edition is a pared-down version of the Java Virtual Machine (JVM) designed to run on cell-phones, personal digital assistants (PDAs), and other mobile devices. However, J2ME solutions are not secure when networked as J2ME does not address the issue of how to restrict devices from promiscuous/dangerous network connectivity. J2ME is an enabling technology and platform. JVM type solutions require custom client-side programming, network programming, and server-side integration.        NET Compact Framework s a version of the .NET Framework that is designed to run on mobile devices such as PDAs and mobile phones. The .NET Framework is a key Microsoft offering, and is intended to be used by most new applications created for the Windows platform. Similar to the J2ME, it is an enabling technology and platform, but lacks security when networked.        AJAX, Asynchronous JavaScript and XML, is a collection of technologies used to bring RIAs to browsers. AJAX applications are complex to develop and deploy, and impossible to access-control. Furthermore AJAX calls can go anywhere, which makes it not suitable for enterprise.        FLEX is a combination of a simplified XML language translated into flash and integrated with server components FLEX can call any URL, web-service oriented or not, and so is not bound by or compliant with any web-service standards, and thus sacrifices security.        Flash Lite is a pared-down version of the Macromedia Flash Player designed to run on cell-phones, personal digital assistants (PDAs), and other mobile devices. Flash solutions are not inherently secure when networked as Flash does not address the issue of how to restrict devices from promiscuous/dangerous network connectivity. Flash again is an enabling technology, a platform upon which an application player can run.        LAZSLO, a development platform for RIAs that incorporates the Lazslo server. LAZSLO lacks security focus and addresses only a single aspect of the problem, i.e., how to deliver the same application to multiple device types.        Wireless Application Protocol (WAP) browser-type applications. WAP is an open international standard for applications that use wireless communications for providing Internet access to a mobile device. WAP sites are websites written in Wireless Markup Language (WML) and are accessed via a WAP browser. WAP based solutions have limited off-line capabilities, make bandwidth demands proportional to the sophistication of the UT, require custom server-side integration, and suffer from the security vulnerabilities of non-stated, open-endpoint network applications. They also have severe restrictions with respect to which client-side peripherals they can access.        
Therefore there is a need for a method of delivering RIAs to a variety of devices, including both desktop and mobile devices that overcomes the above mentioned security, access control, computing power, bandwidth and platform problems.