Abstract: A computer-implemented system and method for flexibly taking actions upon activation of rule-based triggers are provided. A collection of documents is stored in a storage device within a computing environment. An activity of a user performed on a document from the collection is observed. At least one of an application, operation, key word, time, place, project, topic, different document from the collection, and different user is identified. A connection associated with the user is determined to at least one of the application, operation, key word, time, place, project, topic, different document from the collection, and different user based on the observed activity. A rule based on the connection and the observed activity is defined. The rule and a corresponding action are stored as a trigger. Rule satisfaction by at least one of a further activity, event, and stimuli activates the trigger, which causes performance of the corresponding action.

Abstract: A computer-implemented system and method for flexibly taking actions in response to detected activities is provided. A trigger in a computing environment is defined and includes at least one of specifying one or more documents, persons, key words, times, and projects associable with the activities of at least one user, and defining one or more actions associable with the activities of at least one such user. At least one of activities, events, and stimuli occurring within the computing environment is monitored in relation to the documents, persons, key words, times, and projects, and to the activities. Action is taken within the computing environment upon activation of the trigger by the at least one activity, event, and stimuli.

Abstract: A computer-implemented system and method for flexibly taking actions in response to detected activities is provided. A trigger in a computing environment is defined and includes at least one of specifying one or more documents, persons, key words, times, and projects associable with the activities of at least one user, and defining one or more actions associable with the activities of at least one such user. At least one of activities, events, and stimuli occurring within the computing environment is monitored in relation to the documents, persons, key words, times, and projects, and to the activities. Action is taken within the computing environment upon activation of the trigger by the at least one activity, event, and stimuli.

Abstract: Techniques for providing privacy protection are provided. A query is received. Privacy policy information, extracted knowledge and optional information about available public information are determined. Information about the knowledge extraction transformations applied to create the extracted knowledge and the source data is determined. Privacy protecting transformations are determined and applied to transform the extracted knowledge based on the selected privacy policy, optional information about available public information, the characteristics of the applied knowledge extractions transformations, the source data and optional previous user queries.

Abstract: Techniques for protecting non-public information in a mobile environment are provided. A request for non-public information about users in a mobile environment is received. Privacy policies, non-public and optional public information about the users affected by the request are determined. An optional privacy impact indicator is determined based on how satisfying the request increases the current public information about the users. Crowds of users having similar attribute name/values are optionally determined. User and optional requestor privacy policies which associate threshold release criteria such minimum crowd size, minimum consideration with the non-public information are determined. A privacy agreement is reached for the disclosure of the requested non-public information based on the compatibility of the requester and user privacy policies. Privacy protecting transformations are optionally determined and applied to create crowds or groups associated with the requested attribute.

Abstract: A system, method and article of manufacture are provided for pricing a cryptographic service. A request for a cryptographic service is received. An identification is made of one or more of a computational burden required to perform the cryptographic service, a privacy level of the cryptographic service, and/or a speed of performing the cryptographic service. A price of the cryptographic service is determined based on the computational burden, privacy level, and/or speed. A method is also provided for pricing a cryptographic service based on a compactness of a cryptographic message. A request for encrypting a message is received. The message is encrypted and is also compressed during the encryption. An amount of compression of the message is determined. A price of the encryption is determined based on the amount of compression.

Abstract: One embodiment of the present invention provides a system that detects malicious data in an ad-hoc network. During operation, the system receives data at a node in the ad-hoc network, wherein the data was sensed and redundantly communicated to the node by other nodes in the ad-hoc network. Note that in this ad-hoc network, a given node senses data associated with itself and with proximate nodes in the ad-hoc network. In this way, proximate nodes in the ad-hoc network can redundantly sense data about each other. Next, the system determines at the node if the received data, along with data sensed locally by the node, is consistent. If not, the system uses a model which accounts for malicious nodes to determine an explanation for the inconsistency.

Abstract: A print management system includes a policy that determines a protection level for a document to be printed. The document is printed using forgery detection and deterrence technologies, such as fragile and robust watermarks, glyphs, and digital signatures, that are appropriate to the level of protection determined by the policy. A plurality of printers are managed by a print management system. Each printer can provide a range of protection technologies. The policy determines the protection technologies for the document to be printed and the print management system routes the print job to a printer that can apply the appropriate protections and sets the appropriate parameters in the printer. Copy evidence that can verify that a document is a forgery and/or tracing information that identifies the custodian(s) of the document and restrictions on copying of the document and use of the information in the document are included in the watermark that is printed with the document information.

Abstract: A system, method, and article of manufacture are provided for pricing a cryptographic service on a network utilizing one or more cryptoservers. A request for a cryptographic service is received from a user utilizing a network. The request is received by a cryptographic service provider. A contract is generated based on a variable pricing scheme in response to the request. The contract is sent from the cryptographic service provider to the user utilizing the network. A method is also provided for auditing a security provision on a network utilizing a cryptoserver. A cryptographic key is obtained such as by obtaining it from a trusted source or generating the key. A plurality of users are allowed to request that a cryptoserver use the cryptographic key to sign a message in violation of a security provision. It is determined whether the cryptoserver signed the message in response to the request.

Abstract: A print management system includes a policy that determines a protection level for a document to be printed. The document is printed using forgery detection and deterrence technologies, such as fragile and robust watermarks, glyphs, and digital signatures, that are appropriate to the level of protection determined by the policy. A plurality of printers are managed by a print management system. Each printer can provide a range of protection technologies. The policy determines the protection technologies for the document to be printed. The print management system routes the print job to a printer that can apply the appropriate protections and sets the appropriate parameters in the printer. Copy evidence that can establish that a document is a forgery and/or tracing information that identifies the custodian of the document and restrictions on copying of the document and use of the information in the document are included in the watermark that is printed on the document.

Abstract: A system, method and article of manufacture are provided for secure operation of a network device. A digital certificate is assigned to a network user. A command for operation of a network device and the digital certificate are received from the network user. A cryptographic key stored in the network device is utilized to authenticate the digital certificate of the network user. Operation of the network device is enabled if the digital certificate of the network user is authenticated. According to another aspect of the present invention, a system, method and article of manufacture are provided for secure identification of a network device. A digital certificate is assigned to a network device. A command for operation of the network device is received from a network user. The digital certificate is sent to the network user. The network user utilizes a cryptographic key to authenticate the digital certificate of the network device.

Abstract: A system, method and article of manufacture are provided for transition state-based cryptography in an application including at least one state having a state key associated with it. A request for access is sent to a server utilizing a network upon reaching a state in the application. The request includes a state key associated with the state. A reply is received from the server in response to the request. The reply includes an access key for providing the access if the state key is valid. According to another embodiment of the present invention, a method is provided for transition state-based cryptography in an application including at least one state having a state key associated with it. A request for access is received from a client to a server utilizing a network. The state key is verified at the server. A reply is sent from the server in response to the request. The reply includes an access key for providing the access if the state key is verified.