Abstract: In one embodiment, an object in a database schema may be verified as having a valid digital signature associated with a trusted entity. An application may be permitted access to the object of the database schema only when the object of the database schema is verified to have a valid digital signature associated with the trusted entity. In another embodiment, an object in a database schema may be verified as having a digital signature associated with at least one trusted entity. An application may be permitted access to the object of the database schema only when the digital signature for the object is verified to be associated with the at least one trusted entity.

Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.

Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.

Abstract: Computer-executable instructions that are directed to the performance of consequential actions and automatically elevate to execute at a higher privilege level to do so can perform such consequential actions only after user notification. Doing so can enable monitoring processes to avoid presenting duplicative user notification upon detection of such auto-elevation. In addition, prior to presenting user notification, input from the execution environment can be ignored and access to DLLs for performing consequential actions can be avoided. A static analyzer can identify non-conforming computer-executable instructions. A wrapper can be utilized to provide compliance by otherwise unknown or non-conforming computer-executable instructions.

Abstract: A computer based system and method of providing document isolation during routing of a document through a workflow is disclosed. The method comprises maintaining a separate “working” copy of the original base document while the document is routed through a workflow. Access controls, which define who may access the original document as well as any versions of the working copy document, are defined and stored in relation to the documents. The access controls further define the types of actions users may take with respect to the document. Users are selectively directed to the appropriate document, either the base document or working copy, and selectively granted permission to perform publishing operations on the working copy document, as determined by the access controls.

Abstract: In one embodiment, an object in a database schema may be verified as having a valid digital signature associated with a trusted entity. An application may be permitted access to the object of the database schema only when the object of the database schema is verified to have a valid digital signature associated with the trusted entity. In another embodiment, an object in a database schema may be verified as having a digital signature associated with at least one trusted entity. An application may be permitted access to the object of the database schema only when the digital signature for the object is verified to be associated with the at least one trusted entity.

Abstract: Abstract Syntax Trees (ASTs) are generated using the source code of a programming language that include information relating to the structure of the program. The generation of the ASTs may be performed in parallel. The types are split into a number of modules (e.g. configurable) that form an assembly. During the different stages of the compilation process, each module may be compiled in parallel. As the different modules are being compiled (e.g. in parallel), compiler metadata from the different modules may be written to a repository accessible by the different compilation processes. After flowing through the compilation pipeline, each of the enriched ASTs are used for code generation where they are transformed into the target language (e.g. a code stream that can be executed on hardware). The executable code is then stored as part of the assembly. The storage of the code may also be performed in parallel.

Abstract: In one embodiment, an object in a database schema may be verified as having a valid digital signature associated with a trusted entity. An application may be permitted access to the object of the database schema only when the object of the database schema is verified to have a valid digital signature associated with the trusted entity. In another embodiment, an object in a database schema may be verified as having a digital signature associated with at least one trusted entity. An application may be permitted access to the object of the database schema only when the digital signature for the object is verified to be associated with the at least one trusted entity.

Abstract: This disclosure describes methods, systems and application programming interfaces for creating an advanced security negotiation package. This disclosure describes creating an advanced security negotiation protocol under a Simple and Protected Negotiation Mechanism (SPNEGO) protocol to negotiate an authentication scheme. The protocol describes defining a Windows Security Type (WST) Library message to protect negotiation data during the advanced security negotiation protocol. The protocol sends an initial message that carries multiple authentication messages to reduce redundant roundtrips and implements key exchanges by a mini Security Support Provider (SSP).

Abstract: A search system, separate from a relational database, generates an index of information in the relational database that can be used to look up business records (or entities). A search system, that is also separate from the relational database, receives typing or other character inputs in a search user input mechanism and generates queries against the index based on the typing inputs, or other character inputs, received. The search system returns results and modifies those results as additional typing inputs, or characters, are received.

Abstract: A computer related security mechanism requires that a human participate in an access verification sequence. Upon a request to access secure data, a puzzle is provided to the requester. Proper solution of the puzzle requires human participation. The puzzle is chosen such that its solution is within the capabilities of a human, but beyond the current state of the art for computer systems. The puzzled can be visually and/or audibly rendered to the user. In one configuration, the puzzle is obtained via a library of pluggable puzzle generators. Puzzle generators in the library can be replaced as the state of the art of computing technology improves.

Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.

Abstract: Example embodiments are provided for integrating operating systems with content offered by internet based entities.

Abstract: Modern network communications often require a client application requesting data to authenticate itself to an application providing the data. Such authentication requests can be redundant, especially in the case of stateless network protocols. When a full authentication is performed, a conversation identifier and one or more encryption keys can be agreed upon. Subsequent authentication requests can be answered with a fast reconnect token comprising the conversation identifier and a cryptographically signed version of it using the one or more encryption keys. Should additional security be desirable, a sequence number can be established and incremented in a pre-determined or a random manner to enable detection of replayed fast reconnect tokens. If the recipient can verify the fast reconnect token, the provider can be considered to have been authenticated based on the prior authentication. If an aspect of the fast re-authentication should fail, recourse can be had to the original full authentication process.

Abstract: Security elevation techniques are described. In an implementation, a request is received for additional security access beyond that which is currently specified for a program. An identity that describes the program is checked with a plurality of conditions. The security level is automatically elevated to grant the additional security access when the identity corresponds to one of the conditions that indicates that the security level is to be automatically elevated.

Abstract: Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use.

Abstract: The subject invention relates to systems and methods that provide region-based security to database objects having hierarchical relationships. In one aspect, a system is provided that facilitates database security and management. The system includes a database component that stores a plurality of objects having a hierarchical relationship between the objects. A region component defines security zones for a subset of the objects and maps security data to the subset, wherein the security zones are independent, decoupled, or disassociated from the hierarchical relationships between the objects.

Abstract: A secure (e.g., HTTPS) connection is established between a client and a server. Communication over the connection may utilize an application (e.g., a Web browser) that is not part of the client's trusted computing base. A password is sent from the client to the server over the connection such that the clear text password is unavailable to the application. For example, the password can be encrypted and inserted directly into the HTTPS stream from the client's trusted computing base.

Abstract: Data security is implemented through a query based policy constraining a primary table. Nested tables inherit the security policy by implementing the policy queries of the primary table. Operations on nested tables such as join actions execute the security policy queries once due to inheritance from the primary table therefore optimizing query modeling. A security policy may respond to a context or a role by executing queries responsive to the context.

Abstract: One or more labels are associated with a data object. One or more policies are associated with each of the labels. Based on the labels associated with the data objects, the associated policies are dispatched to policy decision engines to take one or more actions to enforce the policy. The labels, and the policies associated with the labels, are chosen by a business administrator within an enterprise, and are implemented by an Information Technology (IT) administrator. The association between labels and polices allows the policy to be applied to an object to be decoupled from the characterization of the nature of the object, or its purpose and/or role within an enterprise, business purpose and/or context of the object. Examples of policies are: access, backup, retention, isolation, audit, etc.