Abstract: Disclosed are improved methods, systems, and media for cursor sharing and cursor pruning. According to some approaches, existing child cursors are distinguished using a cursor sharing criteria node structure. A sharing criteria node (also referred to as a “diagnostic” node) is created when a sharing criteria mismatch/failure happens. The node contains information about why the child cursor could not be shared and also information that can be used to quickly re-evaluate this sharing criterion in the future.

Abstract: A storage server maintains a number of datasets (e.g., exported file systems or other resources). For each dataset, certain clients are allowed to have access (e.g., read access, write access, root access, etc.) and certain other clients are not allowed to have access. Access permission information is maintained to specify which clients are allowed to have access and what kind of access. A method and system are introduced to use a radix tree to store access permission information in a cache, therefore allowing the storage server to quickly retrieve access information relevant to a particular client. One advantage of using radix tree to maintain access permission information is that radix tree is very efficient at storing hierarchical information, such as IP addresses. Radix tree is also very efficient at representing subnets in particular.

Abstract: Techniques are disclosed for attaching security policies to secured computing systems. A security policy is attached to a parent domain. The parent domain includes a first secured computing system. The security policy is a natural language description for controlling access to the secured computing system. Upon determining that the parent domain propagates the security policy, a first generation child domain is identified. The first generation child domain includes a second secured computing system. The first generation child domain is associated with the parent domain in a hierarchical relationship. It is determined that the first generation child domain inherits the security policy based on an inheritance rule. The security policy is attached to the first generation child domain.

Abstract: A data display apparatus comprising, a display unit operable to hierarchically display a plurality of folders, a management unit operable to manage information associated with each of the plurality of folders, a determination unit operable to, when the display unit displays each of the plurality of folders, determine based on the information associated with the folder and acquired from the management unit whether to integrally display the folder and a plurality of lower folders included under the folder as an integrated folder, and a control unit operable to control to cause the display unit to perform integral display using the integrated folder when the determination unit has determined to perform the integral display.

Abstract: Disclosed is a method, mechanism, and computer usable medium for managing and accessing static and shard data. In one approach, described is a method and mechanism for implementing group dependent keys (GDKs) in a computing system, in which the GDK is visible to all members of a distributed system, but its value(s) and subtree(s) could be different for different groups. Members of each group see the same view of the value and subtree of a GDK. Also disclosed is a method, mechanism, and computer usable medium for implementing group dependent links (GDLs) in a computing system. According to one approach, a data transformation function is used to coordinate changes to different versions of shared data.

Abstract: An employee tracking system is disclosed, in which processing, accessing or both within the system is determined according to the hierarchical structure of the underlying organization. Each employee is associated with a node in the organization, and access to employee-related data is based upon the node associated with the requester and the node of the employee being checked, as well as the type of data being requested. Employees may clock into and out of work using mobile devices that interface with the employee tracking system host computer.

Abstract: An IC card is configured to receive personalization commands which are used to transmit data to the IC card. An access control list is associated with the data. The data is stored in the IC card in a record structure that includes a plurality of entries. The access control list is stored in the IC card in the record structure. The personalization commands include a card personalization specification (CPS).

Abstract: Systems and methods for conversion and importation of models that describe system behavior into a UML meta model-based representation, include parsing through the textual model for the plurality of elements, searching for an element semantic definition, element view definitions corresponding to a semantic definition, or an element view containing diagram definition within the textual model for each of the plurality of elements, generating element reference nodes for placement on an internally constructed custom tree, attaching a listener to each of the element reference nodes, wherein the listener is configured to await population of the element reference node with an equivalent unified modeling language semantic element, wherein a listener awaiting population is an awaiting sequenced listener, completing an inheritance hierarchy between the element reference nodes up to a parent node inferred from the diagramming definitions and resolving awaiting sequenced listeners that are made aware of an awaited unified

Abstract: Described herein are techniques for global synchronization that under various scenarios eliminate or defer the acquisition of global locks. In many cases, the need to acquire global locks is eliminated, thereby saving the overhead attendant to processing global locks.

Abstract: The present invention is directed to systems for and methods of controlling access to computer systems. A method in accordance with the present invention comprises performing a test that includes comparing input responses to randomly selected questions with corresponding pre-determined responses to the questions and granting access to the system in the event the test is passed. A first condition of passing the test is that each input response matches a corresponding pre-determined response. Once passing the test, the user is granted permissions to access data based on his position. For example, a corporate director generally has greater permissions than an engineer. Preferably, the user's permissions determine an encryption key and a decryption key that the user is able to use to access protected data.

Abstract: Implementations of the present disclosure provide computer-implemented methods including generating a changelist corresponding to at least one computer code object that is digitally stored in a repository database, assigning a team to the changelist, the team comprising a plurality of members, initiating access to the computer code object using a computer that is in communication with the repository database, enabling access to the computer code object when a user of the computer is a member of the team, and prohibiting access to the computer code object when the user of the computer is not a member of the team.

Abstract: Exemplary method, system, and computer program embodiments for establishing hierarchical user management authority for storage resources organized into a plurality of resource groups in a computing storage environment are provided. In one embodiment, each of the plurality of storage resources is associated with a resource group object having a resource group attribute associating the resource group object with one of the plurality of resource groups. The resource group label attribute is assigned to the resource group object. An additional attribute of the resource group object, that specifies a plurality of management policies for the resource group object and the plurality of storage resources associated with the resource group object, is defined. One of plurality of available users of the plurality of storage resources is associated with a user resource scope attribute. A schema is defined for comparing of a plurality of values of the user resource scope attribute with the resource group label attribute.

Abstract: Aspects may include determination of a first security profile associated with a user and an information space, the information space comprising metadata indicating a plurality of objects mapped to logical entities of a hierarchical data structure, reception of a request from the user for an interface for creating queries to the hierarchical data structure, and determination, based on the first security profile, of a first subset of the plurality of objects based on which the user is allowed to create queries. A query is executed based on one or more of the first subset of objects, data of the hierarchical data structure is received in response to execution of the query, a second subset of the received data which the user is allowed to view is determined based on the first security profile, and the second subset of the received data is presented to the user.

Abstract: A system and method administers virtual servers executing on one or more physical storage systems. One or more virtual servers are created and associated with a management group. An administrator is then granted permissions to the group. Upon logging into management software, only information relating to the virtual servers associated with the group are displayed to the administrator, thereby limiting access to information related to other virtual servers and/or physical storage systems.

Abstract: A slice server includes a network port, a central processing unit, and memory. The central processing unit (CPU) is operable to receive, via the network port, a request to access a virtual digital data storage vault. The CPU then determines whether the slice server supports the virtual digital data storage vault. When the slice server supports the virtual digital data storage vault, the CPU determines whether the request is valid. When the request is valid, the CPU executes the request to generate a response.

Abstract: A method for desensitizing character strings comprises ordering an original set of character strings and generating a tree structure that has nodes corresponding to the ordered set of sensitive strings. The sensitive characters on the nodes of the tree are then desensitized in depth-first order such that a set of desensitized strings is generated that preserves the ordering of the original sensitive set.

Abstract: A system, method and computer program product for searching at high speed for documents matching a dependency pattern from document data containing a large volume of text documents. The system includes a storage device for storing, index storage means for storing in the storage device occurrence information, receiving means for receiving information, reading means for reading from the index storage means, and searching means for comparing occurrence information. The method and computer program product include the steps of storing in the storage device, receiving information, reading from the storage device, comparing occurrence information, and searching. The computer program product includes instructions to execute the steps of storing each of the plurality of document data in the storage device, storing in the storage device occurrence information.

Abstract: One or more data structures are received by a computing device, wherein the one or more data structures include at least one or more user credentials. The one or more user credentials are normalized by the computing device to generate a first graph. One or more nodes of the first graph and one or more nodes of at least a second graph are analyzed by the computing device, wherein analyzing includes at least identifying a logical correlation between the one or more nodes of the first graph and the one or more nodes of at least the second graph. A third graph is generated by the computing device based, at least in part, upon the analysis of the one or more nodes of the first graph and the one or more nodes of at least the second graph. An output data structure is generated by the computing device based, at least in part, upon the third graph.

Abstract: A provider of content may provide access to portions of content from a source, but not the source content in its entirety. In some embodiments, one or more access rules or criteria may be implemented that enable users to access portions of the source content up to an allowed limit or threshold (e.g., number or percentage of pages), after which access is prevented to the remaining content that has not previously been accessed. In other embodiments, one or more access rules or criteria may be implemented that enable users to access portions of content of only a certain type (e.g., index, bibliography, introduction, certain chapters, etc.). Unauthorized portions are suppressed or access to them is denied. The content source may be a textual work, an audio work, or a video work of any form. For example, the content may be in electronic form, such as images of pages of content.

Abstract: A system and method for updating, monitoring, and controlling applications on a workstation. The workstation includes a workstation management module configured to detect the launch or request to access a network by an application. A workstation application server receives data associated with the application from the workstation. The application server module can determine one or more policies or categories to associate with the application by referencing an application inventory database. Once the application server module has the category or policy, it forwards a hash/policy table to the workstation management module. Upon receipt of the hash/policy table, the workstation management module applies the policy that is associated with the application to control network access by the application.

Abstract: Browsing content stored in a content source. A hierarchical tree structure is accessed. The hierarchical tree structure has nodes that correspond to at least one query for recommended content of a first content type that is recommended based on a collection of data for content of a second content type, the first content type and the second content type being different. Recommended content, of the first content type, stored in the content source is browsed by executing the at least one query for recommended content, the at least one query corresponding to at least one node of the hierarchical tree structure. The browsing is performed in accordance with a hierarchy of the hierarchical tree structure.

Abstract: A computer system, methods, and programs for creating an index for aggregating data in at least one tree structure including at least one node each including one label indicating node type and values. The system includes a node ID assignment processing unit for assigning IDs to the nodes in a post order; first, second, and third index creation processing units. The first unit creates a first index having one or more sets of data including the node ID and values included in the node; the second unit creates a second index having one or more sets of data including node ID and ID of a descendant node having the minimum ID; and the third unit creates a third index having one or more sets of data including IDs of one or more nodes having specific values.

Abstract: In response to a user request, a computer generates a graphical user interface on a computer display. A schema information region of the graphical user interface includes multiple operand names, each operand name associated with one or more fields of a multi-dimensional database. A data visualization region of the graphical user interface includes multiple shelves. Upon detecting a user selection of the operand names and a user request to associate each user-selected operand name with a respective shelf in the data visualization region, the computer generates a visual table in the data visualization region in accordance with the associations between the operand names and the corresponding shelves. The visual table includes a plurality of panes, each pane having at least one axis defined based on data for the fields associated with a respective operand name.

Abstract: An apparatus, system, and method are disclosed for storage write caching. A storage address translation table is used to overlay a user image and a common image. A storage driver stack module receives a storage access call and generates a storage access request with a requested file path and a requested storage address. A storage mapper module receives the storage access request, accesses the storage address translation table, and looks up a matching entry in the storage address translation table where the requested file path matches a saved file path and the requested storage address matches a saved common storage address, and maps a saved user storage address from the matching entry if a match exists.

Abstract: A hierarchical security model for networked computer users is described. Files and resources are controlled or created by users within the network. Each user within the network has an account that is managed by a network administrator. The account specifies the user identifier and password. Users are grouped into organizations depending upon function or other organizational parameter. The groups within the network are organized hierarchically in terms of access and control privileges. Users within a higher level group may exercise access and control privileges over files or resources owned by users in a lower level group. The account for each user further specifies the group that the owner belongs to and an identifier for any higher level groups that have access privileges over the user's group. All users within a group inherit the rights and restrictions of the group.

Abstract: A method for searching a database that includes private social network data includes providing one or more databases including a plurality of database entries, a first portion of the database entries including private social network data and a second portion including non-social network data that is publicly accessible on the World Wide Web. The method further includes receiving a keyword search request from a search request user and searching the one or more databases or a keyword index thereof using one or more keywords and determining a hierarchy for search result items. The method also includes displaying at least a portion of search results items according to the hierarchy.

Abstract: A system and method for managing group policy objects in a network, including interfaces that allow access by programs or a user interface component to functions of a group policy management console that performs management tasks on group policy objects and other related objects. The interfaces abstract the underlying data storage and retrieval, thereby facilitating searching for objects, and providing the ability to delegate, view, change and permissions on those objects, and check and save those permissions. Modeling and other test simulations are facilitated by other interfaces. Other interfaces provide dynamic and interactive features, such as to convey progress and rich status messages, and allow canceling of an ongoing operation. Still other interfaces provide methods for operating on group policy related data, including group policy object backup, restore, import, copy and create methods, and methods for linking group policy objects to scope of management objects.

Abstract: A system, media, and method for selecting future queries are provided. The selected future queries are used to transmit appropriate online advertising to a user that issues queries to a search engine. The search engine is coupled to a prediction component that predicts what subject the user is going to be interested in and when the user will be interested in the subject. The prediction component returns a future query using statistical language models representing a query history of the user and aggregate query histories for a community of users.

Abstract: A method of storing and managing BOMs of different owners in the same environment. One or more BOMs have an owner. An owner's BOM may include confidential information such that unrestricted access to the confidential information is limited to the owner and any designates of the owner. In particular, one embodiment of the invention maintains a list of items that include the items in the BOMs of the different owners. A unique identifier is used for each item of the list. The item identifiers thus form one namespace. BOMs of different owners share data including confidential data within the same namespace.

Abstract: A system for provisioning content to at least one user is described. A content provisioning server is used. The content provisioning server includes a content provisioning application in communication with a user database. The content provisioning application is configured to access the user database to identify a user, determine rights of the user from the user database, and send a user interface to a client computing device that provides user interface items corresponding to the rights and associated links of the user.

Abstract: A computer-implemented method for positioning targeted sponsored content on a cellular phone includes the steps of (a) assessing a likelihood of an interaction by a user of the cellular phone with a sponsored content to be presented to the cellular phone, wherein the assessment is based on a prior interaction by the user of the cellular phone with content related to the sponsored content and/or a plurality of user characteristics associated with the cellular phone; and (b) prioritizing the placement of the sponsored content within one of a plurality of predefined areas of a graphical user interface of the cellular phone over the placement of other sponsored content within the same area, wherein the prioritization is based on the assessment of the likelihood of the interaction of the user of the cellular phone with the sponsored content.

Abstract: A viewer for displaying electronic books and having various features for restricting access to their content. A user may assign ratings to stored electronic books, or use standard ratings, and assign access levels to potential users. The ratings and access levels determine which electronic books, or portions of the electronic books, a particular user may access on the viewer.

Abstract: Every time a prescribe function is executed, a history use part 112 stores operation history information in an operation history DB 122. When an event occurs, an action control part 111 searches a rule DB 121, extracts an “action” corresponding to the event having occurred, and outputs the extracted action together with information indicating a situation of the occurrence of the event to the history use part 112. The history use part 112 searches he operation history DB 122 on the basis of the information indicating the situation of the occurrence of the event and extracts a corresponding “function”. The history use part 112 executes an action on the basis of the “action” input from the action control part 111 and the extracted “function”.

Abstract: This disclosure describes techniques that enable a subscriber of a data center to manage a site collection group hosted by the data center. A site collection group is a set of site collections that belong to a single subscriber. A site collection is a collection of websites. A website is a collection of related resources. Each of the site collections is associated with an “owner”. As described herein, the data center presents management interfaces that enable owners of site collections to manage the site collections. In addition, the data center presents management interfaces that enable subscribers to manage architectural aspects of their site collection groups.

Abstract: Methods, apparatuses, and computer program products are provided for assigning Access Control Lists (‘ACLs’) to a hierarchical namespace to optimize ACL inheritance. Embodiments include creating an entitlement matrix for a plurality of resources; creating a tree structure having a plurality of nodes for the hierarchical namespace in dependence upon the entitlement matrix; creating a plurality of ACLs in dependence upon the entitlement matrix; identifying a plurality of attachment points in the hierarchical namespace for the ACLs in dependence upon ACL attachment rules; and attaching the ACLs to the attachment points. Creating an entitlement matrix for a plurality of resources may be carried out by creating a matrix of resources and permissions for users.

Abstract: Embodiments relate to systems and methods for implementation on a mobile device to force the mobile device into a secure state upon detection or determination of a triggering event. Once it is determined that a triggering event has occurred, each application operating on the mobile device is caused to immediately unreference sensitive objects and a secure garbage collection operation is performed upon the unreferenced sensitive objects to render data associated therewith unreadable. The mobile device is then caused to enter a secure state, in which the mobile device cannot be accessed without authorization. A microprocessor within the mobile device is configured to determine the existence of the triggering event according to a configuration data structure and to perform the secure garbage collection.

Abstract: In various embodiments, techniques for role management systems are provided. According to an embodiment, a method is provided to allow a role management system to be configured, modified, and restricted. Specific roles assignments may be decorated to be meaningful to an application but which are not generally applicable to an original role specification. A Policy Enforcement Point (PEP) role request response may be modified by an augmentation service, which evaluates a resource association to identify an appropriate resource profile. Resource decorations are identified by the selected profile, and are applied to the role request response.

Abstract: Systems and methods are provided to facilitate access to documents via a set of content selection tags. According to one embodiment, information is received from a content reader. For example, a content controller may receive information from a content reader via a Web site. A set of content selection tags are then established based on the received information, each content selection tag being associated with a hierarchical tag domain. It is then arranged for the content reader to receive an indication of a document tag in accordance with the set of content selection tags. For example, a content controller may retrieve one or more documents based on a set of content selection tags and document tags and transmit indications of the retrieved documents to a content reader via a Web site.

Abstract: A system for allowing multiple users to access and unlock shared electronic documents in a computer system. A group of users are defined as potential “lock-breaker” users for a document, such that they are automatically contacted in the event that a user wishes to unlock the document after it has been locked by another user. The lock-breaker users defined for a document are given access rights to the document that allow them to break a current lock on the document, so that it can be opened for editing, and accordingly re-locked. The lock-breaker users for a document may be organized in a hierarchy, such as a hierarchy matching the relationships of employees of an organization. The lock-breaker hierarchy may define the order in which the lock-breaker users are automatically contacted when a user wishes to access a locked document (e.g. an LDAP directory tree or social network).

Abstract: A system and method for concurrency control of hierarchically structured data is provided. Lock requests on a target node are processed by exploiting ancestor-descendant information encoded into prefix encoded node identifiers (IDs). A set of implicit locks on ancestor nodes along a path from an immediate parent of a target node to a root node is derived from an explicit lock request on a target node. A logical lock tree describing existing lock modes for ancestor nodes is consulted to determine compatibility with the derived set of implicit locks. If existing lock modes for ancestor nodes are compatible with the derived set of implicit locks, a lock request on a target node is granted. Otherwise, the lock request is denied. A lock release request follows the reverse process; a target node in a particular transaction is released, as are subsequent locks on its ancestors made by the same transaction.

Abstract: A computer readable storage medium comprises executable instructions to receive a query referencing a set of members of an OLAP hierarchy. The query is parsed into a syntax tree. Changes to the OLAP hierarchy metadata are received. The syntax tree is refined in response to the changes. The query is evaluated to return results that are independent of the changes to the OLAP hierarchy metadata.

Abstract: A method, computer program, and database system are disclosed for storing element-based descriptions of documents in a database. The database system includes one or more nodes. Each of the one or more nodes provides access to one or more of a plurality of CPUs. Each of the one or more CPUs provides access to one or more of a plurality of virtual processes. Each virtual process is configured to manage data stored in one of a plurality of data-storage facilities. The data stored in the plurality of data-storage facilities includes data representing a database table. A row of the table corresponds to an element of the element-based document description and includes: data describing the element, an order identifier corresponding to the element, and a range identifier corresponding to the element.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for storing documents that are being tracked in an on-demand service. These mechanisms and methods for storing documents in an on-demand service can enable embodiments to provide the sharing of documents and the storing of the documents in association with a tag. The ability of embodiments to provide the sharing of documents and the storing can enable an efficient searching for a shared document. In an embodiment, the shared document is categorized upon being stored.

Abstract: Collecting and distributing information related to recent content publication activity of an instant messaging (IM) user provides other users in a network with timely, relevant information about people known to the user or within the same social network. A user participating in a social network can quickly and efficiently perceive new information related to other users (referred to as co-users) in a social network by reviewing the co-users' recent content publication activity. A user may be made able to do so without requiring the co-user to send a communication directly to the user regarding the new facts or new content, and also without requiring the user to actively browse or request information about the co-user.

Abstract: A system and method for a network operating system includes a complex data medium that enables the continuous reconciliation of the collaborative information process and product. The system and related methods generally increases productivity by enabling a network dynamic among knowledge workers. In another aspect, system and related method may unify e-mail and shared filed management, synchronous and asynchronous collaboration, serial and parallel work flow, top-down and bottom-up collaboration, and information lifecycle management, for examples. Moreover, a managed exclusion may be applied and/or released to control access sharing.

Abstract: Restricting access to managed content to users that are both (1) members of one or more required groups identified in an ACL associated a content item to which access is requested and (2) otherwise granted access under the ACL, e.g., by virtue of their individual identity, role, or group membership is disclosed. In some embodiments, an ACL is configured to identify one or more groups as being a “required” group, membership in which is required for a user to be granted access to a content item with which the ACL is associated. If a user is not a member of a required group, the user is denied access (or denied access above a certain level), even if the user is otherwise delegated access rights in the ACL.

Abstract: A data protection method for accepting an access request for a file stored in a file system of a storage device and referring or updating to the file based on the access request, including the steps of: determining whether a current time is within a preset monitoring period; obtaining a snapshot of the file system when the time reaches the monitoring period; and updating the file system with the snapshot when the time reaches end of the monitoring period.

Abstract: A system, media, and method for selecting future queries are provided. The selected future queries are used to transmit appropriate online advertising to a user that issues queries to a search engine. The search engine is coupled to a prediction component that predicts what subject the user is going to be interested in and when the user will be interested in the subject. The prediction component returns a future query using statistical language models representing a query history of the user and aggregate query histories for a community of users.

Abstract: The present invention relates to a system and methodology to facilitate security for data items residing within (or associated with) a hierarchical database or storage structure. A database security system is provided having a hierarchical data structure associated with one or more data items. The system includes a security component that applies a security policy to the data items from a global location or region associated with a database. Various components and processes are employed to enable explicit and/or inherited security properties to be received by and propagated to the data items depending on the type of data structure encountered or processed.

Abstract: An information processing apparatus includes a creation unit and a registration unit. The creation unit acquires first limited use information which is associated with a designated object and stored in an object storage unit from the object storage unit in accordance with an instruction to specify the designated object, and creates second limited use information containing information indicated by the acquired first limited use information and described in a different form from the acquired first limited use information. The registration unit registers the second limited use information created by the creation unit in a second limited use storage unit.