In prior systems, security management has typically been static. Implementing a policy file is usually achieved by inserting it under the device where the application management system is coded to read that policy file and then apply security measures to applications, such as Java applications, based upon how the policy file is structured and some of the system rules put in place by the device provider. This is implemented to control and manage access to restricted or protected APIs and to determine whether the user has to confirm access to an API, or whether there is digital signing required for access to the APIs, for example.
The typical policy file is a text file residing on the mobile device above the device operating system which reads, deciphers, and then applies the rules to any executing applications. Once the device is deployed in the market place, there is currently no efficient method to change or update any aspect of the policy file as initially deployed. For example, both Java ME MIDlets based on the MIDP specification are each implementations as compiled into device binary that have a static security policy that is not updateable once deployed in the market place.