Abstract: A facility for managing filesystem object storage quotas (i.e., size limits) in a storage environment is disclosed. The facility enables users to establish, modify, and remove quotas on directories and files within a filesystem. Each quota acts as a soft limit on the size of the associated filesystem object, including any child objects of the filesystem object. The facility improves the speed at which the system can test for and identify violations of quotas established for individual filesystem objects by using aggregation and reconciliation techniques rather than constantly traversing a filesystem in its entirety to test for violations of quotas.

Abstract: A method of updating and editing realized topologies, comprising presenting a realized topology to a user, receiving input indicating modification of portions of the realized topology, and with a processor, executing logic associated with the modified portions based on a number of lifecycle management actions (LCMAs) of the realized topology. A system to update and edit a realized topology, comprising a processor and a graphical user interface (GUI) communicatively coupled to the processor, in which the GUI presents to a user a graphical representation of the realized topology, and in which the system receives input indicating modification of portions of the realized topology, and with a processor, executes logic associated with the modified portions based on a number of lifecycle management actions (LCMAs) of the realized topology.

Abstract: A content management system for collecting files from one or more authenticated submitters in a collection folder. A collector, who generates the collection folder, can invite one or more submitters to submit one or more files to the collection folder. The one or more submitters have limited rights to the collection folder. The limited rights can include uploading rights and prohibiting a submitter from viewing files that other submitters associated with the collection folder submitted. Thus, the collection folder is able to store files from the one or more submitters, but prevent them from viewing other's submissions.

Abstract: Methods, computer-readable media, software, and apparatuses may assist a consumer in deleting personal information held by a data broker. Entities holding the consumer's personal information may be discovered and automated actions for purging or deleting the consumer's personal information may be determined. The methods, computer-readable media, software, and apparatuses may assist the consumer in updating privacy settings associated with accounts at various entities.

Abstract: A method includes generating, by a computing device, a unique identifier (ID) based on copyright information associated with textual content, wherein the copyright information and the textual content are recorded on a blockchain of a blockchain network; identifying, by the computing device, one or more attributes associated with punctuation marks included in the textual content; and embedding, by the computing device, the unique ID in the textual content by changing the one or more attributes associated with the punctuation marks in a manner representative of the unique ID, wherein the embedding produces information-embedded text configured to enable retrieval of the copyright information from the blockchain based on the unique ID, and wherein visual difference between the textual content and the information-embedded text is not apparent to an unaided human eye.

Abstract: Eyes of an operator of a device are tracked with respect to an interface element of an interface presented on a display of the device. An interface operation that is directed to an interface element is determined based on a gaze of the eyes, a predefined movement of the eyes, and/or predefined movements of eyelids for the eye. The interface operation is processed on the interface element within the interface.

Abstract: Systems and methods described herein relate to generation of media collections in a messaging system. The media collection may be created by the user, other users, or an entity. Example embodiments further allow users to set access criteria through privacy settings assigned to one or more media content items themselves, as well as to a media collection, such that some or all of the media collection may only be viewed by users authorized by the user sharing the media content item or media collection (e.g., only to one or more users designated by the user as a “friend”).

Abstract: A method for capturing and querying pseudonymous video data is provided. The method may include capturing a video using one or more video cameras. The method may include transmitting the captured video, via a video transformation encryption module. The video transformation encryption module may transform the captured video into an encrypted documentation file. The method may include receiving and storing the captured video as an encrypted documentation file in a storage location. The method may include receiving a binary query from a first user. The query may relate to the captured video. The method may include using an executable file to peruse the encrypted documentation file to determine a binary response to the binary query. The method may include transmitting the binary response to the first user.

Abstract: In some examples, a computer system may receiving a request to allow a second user associated with a second user account to access at least one of a folder or a link associated with a first user account of a first user. The computer system may determine a first profile associated with the first user account, and may further determine whether sharing whitelisting is enabled for the first profile. Additionally, the computer system may determine a second profile associated with the second user account, and may determine whether the second profile is included in a sharing whitelist of the first profile. When sharing whitelisting is enabled for the first profile, the computer system may allow a client device associated with the second user account to access the folder and/or the link when the second profile is included in the sharing whitelist of the first profile.

Abstract: A computer-implemented method is provided for detecting characteristics of usages of problem expressions for each of multiple authors. The method includes providing, by a hardware processor, a set of regular expression patterns configured to detect the problem expressions. The method further includes detecting, by the hardware processor based on the set of regular expressions, respective sets of the problem expressions which are (i) used in each of multiple analysis units, (ii) associated with a respective one of each of the multiple authors, and (iii) associated with a respective one of each of multiple artifact types. The method also includes finding, by the hardware processor using automatic feature selection, a set of important expressions in the respective sets of problem expressions. The method additionally includes detecting, by the hardware processor, a typical tendency of the usages of the problem expressions for each of the multiple authors, based on the important expressions.

Abstract: To achieve mutual monitoring of an operating state in consideration of an object storage. A calculator (10) according to the invention, which forms a cluster together with another calculator (20), includes a storage request unit (11) that requests an object storage (30) that manages data on an object-by-object basis to store first state information indicating a normal state of its own calculator, an acquisition request unit (12) that requests the object storage (30) to acquire second state information indicating a normal state of the other calculator (20), and a cluster control unit (13) that performs cluster control based on a result of storing the first state information and a result of acquiring the second state information, and when a result of acquiring the second state information is not the latest result, the acquisition request unit (12) requests acquisition of the second state information a specified number of times.

Abstract: A method for execution by a query processing system includes determining a first set of query rules for first data received from a first data provider and to determine a second set of query rules for second data received from a second data provider. A query received from a requesting entity is determined to involve at least one query function that accesses a subset of the first data. Compliance data is generated by determining whether the query complies with the first set of query rules. When the compliance data indicates the query complies with the first set of query rules, a query result is for the query based on execution of the query, and the query result is transmitted to the requesting entity. The query result is not transmitted to the requesting entity when the compliance data indicates the query does not comply with the first set of query rules.

Abstract: An apparatus is capable of sharing information through a presence service in a communication network and capable of providing presence information of a Mobile Station (MS). The apparatus extracts at least one of application information and contents indication information from an application in execution. Presence information is generated that includes at least one of the application information and the contents indication information, and transmitting the presence information to a presence server.

Abstract: A server kernel processing system receives an input/output (I/O) request from a user mode computing environment. The I/O request is analyzed to determine whether it is a modification request to modify data in a target volume. If so, target analysis logic determines whether the request is for a target volume that is within a first or second protected volume. If the request is to modify data stored in the first protected volume, the request is blocked. If the request is to modify data in a second protected volume, then a whitelist is examined to determine whether the requesting process and user are on the whitelist. If not, the request is also blocked.

Abstract: Example distributed storage systems, cross-protocol engines, and methods support cross storage protocol access response for object data stores. Data storage operations targeting the same data object using distinct data storage protocols may be received and detected. A routine based on the data storage protocols being distinct from one another may be executed in response.

Abstract: A method for managing data in an enterprise by identifying data of interest from among a multiplicity of data elements in an enterprise, the method including characterizing data of interest at least by at least one non-content based data identifier thereof and at least one access metric thereof, the at least one access metric being selected from data access permissions and actual data access history and selecting data of interest by considering only data elements from among the multiplicity of data elements which have the at least one non-content based data identifier thereof and the at least one access metric thereof.

Abstract: Techniques are provided for storing data in a distributed storage system. A server stores an object according to a first storage policy in the distributed storage system that includes a plurality of storage nodes. Storing the object according to the first storage policy results in a first storage overhead for the object. The server receives a triggering event associated with the object, and the triggering event changes an attribute of the object. In response to the triggering event, the server identifies a second storage policy for the object. Storing the object according to the second storage policy results in a second storage overhead for the object different from the first storage overhead.

Abstract: In some aspects, there is provided a method for database query execution planning. In some aspects, a method may include receiving, at a database execution engine, a query; generating, by the database execution engine, a query algebra for the query, the query algebra optimized by a query optimizer at the database execution engine; generating, based on the optimized query algebra, a query plan for execution, the query plan including pre-compiled code and code generated just-in-time; and executing, by the database execution engine, at least part of the query plan including pre-compiled code and code generated just-in-time. Related systems, methods, and articles of manufacture are also described.

Abstract: In an embodiment of the present invention, a command for performing a database operation with respect to a table of a database is received, whereby the table has a visible key column for identification information and one or more invisible token columns for token information. The user's role from the command is obtained. A record is identified in the table based on a combination of the identification information and the token information corresponding to the user's role. The database operation is performed on the identified record.

Abstract: The described implementations relate to an access control framework for a database system. One implementation can receive, from a user, a request for data that identifies a resource, such as a view that obtains data from a database. The implementation can check the identity of the user to identify user roles associated with the user. The implementation can identify an access policy that is associated with the resource, and a rule that is associated with the access policy and applies to the user roles associated with the user. The rule can be applied to the request for data using attributes of the access policy. For example, if the request for data is a query on a view, the query can be rewritten to apply the rule.

Abstract: Synchronization techniques for computing systems that interface with external service providers. A method for accessing status and other attributes of an external service provider commences upon identifying an external service such as a firewall appliance or backup repository that provides computing-related functions to computing entities of the computing system. One or more access mechanisms such as an application programming interface is exposed to the external service. The external service is registered with the computing system to use the access mechanism. When the external service detects a change of its state, the external service can communicate that change to the computing system through a “push” operation. The computing system processes the “pushed” data from the external service by verifying the status of the registration and authorization permissions, and then modifies one or more entity attributes of the computing resource entity.

Abstract: In some embodiments, a method receives a set of objects for creating clusters based on a similarity measure between the objects and generates a data structure for the objects. The method generates link counts for objects by constructing links between objects in the set of objects based on entries between the objects. A link is constructed between the objects when the entry for the respective objects includes a first value. An object is selected that has a largest link count. The link count being a number of objects that are linked to the selected object. A cluster is created including the selected object and any objects that are linked to the selected object via the links. Then, the objects in the cluster are removed from the set of objects and a link count is reduced for objects that are linked to the removed objects. This process is continued for remaining objects.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing, and enforcing policies on data security. A policy appliance includes a policy administration point, a policy decision point, a policy enforcement point and, optionally, an auditing module. The policy appliance can execute in a self-contained environment, e.g., a single virtual machine, a single physical machine, or a cluster of virtual machines or physical machines identically configured. The self-contained policy appliance can receive, manage, enforce and audit multiple policies that specify access privileges of multiple users on multiple databases. The databases can include heterogeneous databases that are configured separately and differently from one another. A single configuration of the policy appliance centralizes and unifies policy management of the heterogeneous database in the self-contained environment.

Abstract: The system may be configured to perform operations including identifying, by a processor, personally identifiable information (PII) within a data model based on processing rules, to create identified PII, wherein the data model comprises entity information about an entity; comparing the identified PII with established PII in a standard data bank; validating the identified PII in response to the identified PII matching the established PII, to create validated PII; and marking the validated PII with a PII marker in response to the validating the identified PII.

Abstract: A method for transporting data from a source location to a destination location includes receiving the data from at least one sender at the source location, the sender specifying at least one recipient at the destination location; splitting the data into a plurality of portions; and finding one or more couriers who will travel from the source location to the destination location. The method also includes: while at least a given courier is at the source location, sending at least one of the plurality of portions to a mobile device of at least the given courier; once the given courier travels to the destination location, receiving the at least one of the portions from the mobile device of the given courier; and once the plurality of portions of the data have been received at the destination location, sending the data set to the at least one recipient.

Abstract: Systems and methods for managing content in a flash memory and to managing a lifespan of the flash memory. The lifespan is managed by throttling writes when usage exceeds certain quotas. The throttling may be performed in a cooperative manner such that the clients writing to the flash memory can implement their own throttling. The quotas are not rigid and allow flexibility to certain situations. When excessive quota is used, future quotas can be managed to bring the overall usage into an expected range.

Abstract: Embodiments of a multi-tenant cloud system include a first data center adapted to authenticate a first plurality of registered clients and located in a first geographic area, and a second data center adapted to authenticate a second plurality of registered clients and located in a second geographic area that is different from the first geographic area. The first data center receives a request from a first client of the first plurality of registered clients to access a resource of the second data center and validates the request from the first client and issues a global access token. The second data center receives the request with the global access token. A cloud gate at the second data center, based on the global access token, validates the request and provides the resource to the first client.

Abstract: Systems and methods obtain personal identity information, identify a user's personal documents containing sensitive information, and can optionally protect the sensitive documents. A user's personal identity information can be obtained from various sources such as operating system, email clients, web browsers, Active Directory or from user's documents. The user's documents on hard drives, cloud storage etc. can be searched. Sensitive documents with personal identities are identified and optionally protected against misuse and theft.

Abstract: Systems and methods of Exact Data Matching (EDM) for identifying related tokens in data content using structured signature data implemented in a cloud-based system receiving data sets and customer configuration from a customer, wherein the data sets include customer specific sensitive data from a structured data source with each token represented by a hash value and the customer configuration includes one or more primary keys for a plurality of records in the data sets; distributing the data sets and the customer configuration to a plurality of nodes in the cloud-based system; performing monitoring of content between a client of the customer and an external network; detecting a presence of a plurality of tokens associated with a record in the customer specific sensitive data based on the monitoring; and performing a policy-based action in the cloud-based system based on the detecting.

Abstract: Methods and apparatus for partitioned private interconnects to provider networks are described. At least a portion of available bandwidth of a private physical interconnect between a provider network and a connectivity intermediary's network is designated as the bandwidth limit of an interconnect partition set up on behalf of a customer at the request of the intermediary. The intermediary's network comprises one or more devices to which at least one of the customer's devices is connected. Access to one or more resources of the provider network via the interconnect is enabled. Traffic monitoring results associated with the interconnect are used to enforce the designated bandwidth limit of the partition.

Abstract: Transforming a user-interface modality of a software application can include identifying a first workflow segment corresponding to a UI modality of an application developed to run on a predetermined data processing platform and selecting one or more other workflow segments to transform the UI modality of the application. Each other workflow segment performs on a different data processing platform a function comparable to a function performable by the first workflow segment. The one or more other workflow segments can be selected from a multi-member set of alternative workflow segments that are semantically similar to the first workflow segment. The selecting can be based on classifying the first workflow segment with a classification model trained using machine learning to map workflow segments and corresponding UI modalities to different processing platforms.

Abstract: A method, computer system, and a computer program product for document clearance is provided. The present invention may include receiving content. The present invention may also include extracting the received content features. The present invention may then include determining a level of sensitivity based on the extracted content features. The present invention may further include identifying an approver based on the determined level of sensitivity. The present invention may also include transmitting the content to the identified approver.

Abstract: A computer-implemented method includes receiving, by a computing device via an application programming interface (API) or user interface, compliance definitions identifying compliance checks for endpoints in a cloud network; generating, by the computing device, a compliance check inventory identifying the compliance checks and actions associated with the compliance checks; storing, by the computing device, the compliance check inventory in a computer storage system identifying, by the computing device, redundant actions in the compliance check inventory; identifying, by the computing device, outdated actions in the compliance check inventory; and updating, by the computing device, the compliance check inventory by eliminating the redundant actions and the outdated actions.

Abstract: A system is configured to authorize client access to an application programming interface (API) of a host device. A proxy is configured to handle network traffic between a host and a client. Clients engage the host through the proxy to access an API of the host. An authorized client-side application permitted use of the API includes a Software Development Kit configured to generate a unique token and provide the token in association with an API request to the proxy. The proxy determines whether an internet protocol (IP) address of the client and the token match an existing IP-token pair. If no match exists, the proxy determines whether the token matches an existing token. The proxy authorizes the client access to the API when the IP and token match an existing pair or if the token does not match an existing token and the token is verified by the proxy.

Abstract: A system for providing management of contact records includes a contact record that is associated with an initiator and is indexed by a phone number of the originator. To initiate delivery of the contact record of the originator, the originator enters a phone number of a recipient and a subset of the fields of the contact record are transmitted to a device of the recipient where they are stored in the recipient's contact list. When changes are made to the contact record, the recipient device will receive updated information. Features are provided for automatic deletion of the subset of fields from the recipient device upon request or after a specified time period. Features are provided for selecting the subset of fields based upon a restriction such as family, co-worker, acquaintance, friend, stranger, etc.

Abstract: A method for updating and formatting a local file is described. An update file, having a newer version of the local file, is accessed from a server over a network and a list of new hash values corresponding to data blocks of the update file is retrieved. Divisions between the data blocks are located when a value of a rolling checksum reaches a particular value, the data blocks being of variable size. New hash values of the update file are compared with local hash values of the local file. For each of the new hash values not having a matching local hash value, the corresponding data block is downloaded from the server and written to a new file. For each of the new hash values having a matching local hash value, the corresponding block is copied from the local file to the new file.

Abstract: A personal information assistant computing system may include a user computing device having a processor and a non-transitory memory device storing instructions. The personal information assistant may receive a user accessible input as a natural language communication from the user, which may be analyzed by a personal information assistant to determine a task to be performed by the virtual information assistant. The personal information assistant may be personalized to the user using encrypted user information. The personal information assistant communicates with a remote computing system in performance of a computer-assisted task, wherein the first personal information assistant interacts as a proxy for the user in response to at least one response received from the remote computing system. The personal information assistant may communicate the results of the task to the user via a user information screen and/or an audio device.

Abstract: A system includes at least one hardware processor and a memory storing instructions that, when executed by the at least one hardware processor, cause the at least one hardware processor to perform operations including receiving consumption data associated with a user consuming content on one or more user computing devices, determining a preference associated with content consumption of the user based on the received consumption data, the preference including one or more of a delivery time, a computing device of the one or more user computing devices, and a venue, receiving a new content item, determining one or more of a target delivery time, a target computing device of the one or more user computing devices, and a target venue based on the determined preference, and transmitting the new content item to the target computing device for presentation to the user.

Abstract: In various embodiments, methods and systems for cross-filtering based on configurable direct relationships are provided. A selection of a first endpoint of a first table and a second endpoint of a second table is received. A direct relationship object is configured between the first table and the second table based on the first endpoint and the second endpoint. A cross-filtering direction and endpoint cardinality settings can also be configured for the direct relationship object. The direct relationship object may be configured as a many-to-one, one-to-many, or one-to-one. Automatic cross-filtering is configurable and can be set to cross-filter in one direction, the reverse direction, or both directions, with bidirectional cross filtering being a default configuration. The direct relationship object between the first endpoint and the second is configurable, such that, cross-filtering the first table and the second table to select rows for cross-filtering results is based on the cross-filtering direction.

Abstract: Systems and methods for opening a file via a user device. One system includes an electronic processor. The electronic processor is configured to receive a request to open the file, determine a file type of the file, determine an application installed on the user device configured to open files of the file type, and determine a version of the application installed on the user device. The electronic processor is also configured to compare the version of the application installed on the user device to a predetermined version, and selectively open the file using a web-based adaptation of the application based on comparing the version of the application installed on the user device to the predetermined version.

Abstract: Concepts and technologies disclosed herein are directed to aspects of customer service based upon in-store field-of-view and analytics. According to one aspect disclosed herein, a store analytics system can collect user information associated with a plurality of users located within an environment. The store analytics system also can collect user device information associated with a plurality of user devices associated with the plurality of users. The store analytics system also can collect estimated fields-of-view associated with the plurality of users. The store analytics system can analyze the user information, the user device information, and the estimated fields-of-view to identify at least one commonality shared among at least two of the plurality of users. The store analytics system can create a logical group. The logical group can include the at least two users of the plurality of users that share the commonality.

Abstract: Various embodiments of systems and methods for detecting database blocking are described herein. The method includes detecting a non-responding state of an application. Once the non-responding state is detected, a request is sent to a database to retrieve blocking information related to the application. The blocking information is received from the database. The blocking information indicates whether the non-responding state of the application is due to database blocking or other issues. When the non-responding state is detected due to the database blocking, the blocking information also indicates whether the application is a victim or the application is a root blocker. When the application is the victim, one or more IDs and contact information related to the root blocker is provided to resolve database blocking, e.g., by discussion. When the application is the root blocker, IDs and contact information related to one or more victims of the application is provided.

Abstract: A computing system providing access to electronic files is provided. The computing system includes a processor and a data store coupled to the processor and configured to store the electronic files. A user interface component is coupled to the processor and is configured to generate a user interface that allows a first user to select an electronic file to be re-shared with second user. The processor is configured to detect re-sharing of the selected electronic file by the first user and automatically generate a notification to a third user. The notification is configured to allow the third user to cancel the re-sharing of the electronic file.

Abstract: A device, system and method for screening of personally identifiable information is provided. An incident type of a particular incident is determined. Responsive to determining that potential evidence associated with the particular incident includes personally identifiable information, the potential evidence being of a particular evidence type including one or more of media and metadata generated by a user or a device associated with the user, a personally identifiable information processing mode is selected to process the potential evidence as a function of the incident type of the particular incident and an evidence type of the potential evidence. When selected mode is a storing mode, a record of the potential evidence is generated that included the personally identifiable information to be stored in an electronic storage device.

Abstract: Database report subscription technology, in which subscriptions are delivered to multiple, different recipients on a customized basis. In response to detection of an event that triggers generation and delivery of a database report, customized versions of the report are generated for the multiple, different recipients based on a definition of the data used to generate the report included in the subscription, report parameters that define presentation aspects of the report included in the subscription, and profile data associated with at least one of the multiple, different recipients. The customized versions of the report include at least a first version of the report and a second version of the report that differs from the first version of the report and the customized versions of the report are delivered to the multiple, different recipients.

Abstract: In some examples, a method of privacy preservation in a security information sharing platform includes comparing, by a system comprising a hardware processor in the security information sharing platform that enables sharing of security information among a plurality of users, a set of profiles wherein each profile of the set of profiles is associated with an individual user; identifying, by the system based on the comparing, that a badge associated with a particular profile of the set of profiles is predictive of an identity of the individual user, the badge based on a contribution of security information by the individual user to the security information sharing platform, and the badge comprising user attributes associated with the individual user; and modifying, by the system based on the identifying, a visibility of the badge within the security information sharing platform.

Abstract: The present disclosure relates generally to threat detection, and more particularly, to techniques for managing user access to resources in an enterprise environment. Some aspects are directed to the concept of managing access to a target resource based on a threat perception of a user that is calculated using a rule or policy based risk for the user and a behavior based risk for the user. Other aspects are directed to preventing insider attacks in a system based on a threat perception for each user logged into the system that is calculated using a rule or policy based risk for each user and a behavior based risk for each user. Yet other aspects are directed to providing a consolidated view of users, applications being accessed by users, and the threat perception, if any, generated for each of the users.

Abstract: Orchestration and/or management of services on deployed computing, electronic, appliance and like devices are described. A service orchestration and/or management system (“SOMS”) may be configured to provide for orchestration and/or management of services to one or more deployed devices. The SOMS may obtain information from deployed devices, such as status, capabilities and service metadata. The SOMS may then encapsulate and store the obtained information for later use. The SOMS may also store service information, facilitate creation of services based on stored service definition meta-data, modeling or simulating a service prior to deployment, and deployment of a service to remotely deployed devices followed by activation to begin operation of the service. Other embodiments may be described and claimed.

Abstract: A system for cross verification of data captured by a consumer electronic device is disclosed. Primary data, for example, a photograph, is captured by a mobile capture device, metadata including the time and location of the capture is associated with the primary data. Environmental data, for example, pressure, temperature, visible WiFi networks, visible cell towers, is also measure by the mobile capture device. Other capture devices are identified in the vicinity and those other devices also measure environmental data. The measurements of environmental data can then be compared in order to calculate a confidence level in the position metadata associated with the primary data.

Abstract: Disclosed herein is technology to capture and distribute a state of a file system that updates, removes, or adds a computer program to a computing device. An example method may include: analyzing a program package associated with a plurality of objects of a computer program; determining a state of a file system after an installation of the program package; generating a manifest that corresponds to the computer program and represents the state of the file system after the installation, the manifest comprising a hash tree that comprises object identification data of an object of the plurality of objects of the computer program; and providing the manifest to one or more computing devices.