Abstract: A system assigns a byte value to document identifiers in a table. The table includes forward and secondary indexes referenced in key/value pairs of the table, and the keys of the key/value pairs each include a document identifier. The system defines byte ranges, and each of the byte ranges includes a byte value of one of the byte values assigned to the document identifiers. Document identifiers are located in the table using their associated byte values. Keys of the located document identifiers are modified to include a reference to a byte range that encompasses the byte value associated each of the identified document identifiers.

Abstract: Policy-based, cell-level access control is provided in association with a sorted, distributed key-value data store. As data representing a hierarchical document is ingested into the data store, the data is interpreted to identify fields and any sub-fields in the document, each identified field and its associated protection level as identified are translated into a set of one or more fieldname and visibility label pairs. Each fieldname and visibility label pair has a fieldname identifying a field and its zero or more sub-fields, together with a visibility label that is a function of the associated protection levels of the field and any sub-fields therein. At query time, and in response to receipt of a query including an authorization label, the fieldname and visibility labels are applied against the authorization label in the query to control which fields in the document are retrieved and used to generate the response to the query.

Abstract: A method, apparatus and computer program product for policy-based access control in association with a sorted, distributed key-value data store in which keys comprise n-tuple structure that includes a cell-level access control. In this approach, an information security policy is used to create a set of pluggable policies. A pluggable policy may be used during data ingest time, when data is being ingested into the data store, and a pluggable policy may be used during query time, when a query to the data store is received for processing against data stored therein. Generally, a pluggable policy associates one or more user-centric attributes (or some function thereof), to a particular data-centric label. By using pluggable policies, preferably at both ingest time and query time, the data store is enhanced to provide a seamless and secure policy-based access control mechanism in association with the cell-level access control enabled by the data store.

Abstract: A method and apparatus are operative in association with a table in a sorted, distributed key-value primary store. The table has associated therewith one or more tablets, wherein each tablet being a partition of the table and that contains key-value pairs in a given sub-range of keys. According to the method, a secondary index that is adapted to optimize particular search and query operations against the primary store is created. The secondary index is stored in a manner such secondary index entries are co-partitioned with entries of the primary store to which the secondary index entries refer. This co-partitioning of the secondary index is then maintained throughout various tablet lifecycle operations (e.g., ingest, minor compaction, major compaction, scan, split and merge) associated with at least one tablet. An information retrieval system may leverage the secondary indexing scheme together with query processing to find and retrieve documents matching a user's query.

Abstract: A method of data analysis is enabled by receiving raw data records extracted from one or more data sources, and then generating from the data records an entity-relationship model. The entity-relationship model comprises more entity instances, and one or more relationships between those entity instances. Data analysis of the model is facilitated using one or more provenance links. A provenance link associates raw data records and one or more entity instances. Using a visual explorer that displays a set of entity instances and relationships from a selected entity-relationship model, a user can display details for an entity instance, and see relationships between and among entity instances. By virtue of the underlying linkage provided by the provenance links, the user can also display source records for an entity instance, and display entity instances for a source record. The technique facilitates Big Data analytics.

Abstract: A method, apparatus and computer program product for policy-based access control in association with a sorted, distributed key-value data store in which keys comprise n-tuple structure that includes a cell-level access control. In this approach, an information security policy is used to create a set of pluggable policies. A pluggable policy may be used during data ingest time, when data is being ingested into the data store, and a pluggable policy may be used during query time, when a query to the data store is received for processing against data stored therein. Generally, a pluggable policy associates one or more user-centric attributes (or some function thereof), to a particular data-centric label. By using pluggable policies, preferably at both ingest time and query time, the data store is enhanced to provide a seamless and secure policy-based access control mechanism in association with the cell-level access control enabled by the data store.

Abstract: A method, apparatus and computer program product for policy-based access control in association with a sorted, distributed key-value data store in which keys comprise a cell-level access control. In this approach, an information security policy is used to create a set of pluggable policies. A pluggable policy may be used during data ingest time, when data is being ingested into the data store, and a pluggable policy may be used during query time, when a query to the data store is received for processing against data stored therein. Generally, a pluggable policy associates one or more user-centric attributes (or some function thereof), to a particular set of data-centric attributes. By using pluggable policies, preferably at both ingest time and query time, the data store is enhanced to provide a seamless and secure policy-based access control mechanism in association with the cell-level access control enabled by the data store.

Abstract: Policy-based, cell-level access control is provided in association with a sorted, distributed key-value data store. As data representing a hierarchical document is ingested into the data store, the data is interpreted to identify fields and any sub-fields in the document, each identified field and its associated protection level as identified are translated into a set of one or more fieldname and visibility label pairs. Each fieldname and visibility label pair has a fieldname identifying a field and its zero or more sub-fields, together with a visibility label that is a function of the associated protection levels of the field and any sub-fields therein. At query time, and in response to receipt of a query including an authorization label, the fieldname and visibility labels are applied against the authorization label in the query to control which fields in the document are retrieved and used to generate the response to the query.