Abstract: A network device communication system can configure network devices, such as a first database in a multi-tenant deployment and a second database in a private deployment, to send and receive sequence messages, such as replication data, over a channel comprising a plurality of private network nodes. The first database can create a link specifying the data share and the second database. The second database selects the link and a secure area in the private deployment is created into which data is replicated and shared with further accounts in a computationally secure and efficient manner.

Abstract: Each of a plurality of servers includes a shared information storage region for storing information to be shared with other servers. The servers operate so as to match data of the shared information storage regions with each other. A first server manages a first local database. A second server generates query information for accessing the first local database, and stores the query information in the shared information storage region of the second server. The first server acquires the query information from the shared information storage region of the first server, and stores the result with respect to the query information in the shared information storage region of the first server. The second server acquires the result from the shared information storage region of the second server.

Abstract: A data process system including a unit receiving a mail data including an output data or a target output data via a network, a unit identifying a user-identification data to be associated with the output data based on an address data of a transmission source of the mail data by referring to first and second units, the first unit storing a first address data in correspondence with each user-identification data, the second unit storing a second address data in correspondence with each user-identification data, a unit storing data-identification data in correspondence with the output data in a unit in a case where the user-identification data is identified by referring to the second unit instead of by the first unit, a unit notifying the data-identification data via the network, and a unit transmitting the output data corresponding to the user-identification data or the data-identification data received via the network.

Abstract: A method of providing access control to a relational database accessible from a user interface is implemented at a policy enforcement point, which is located between the database and the user interface and includes the steps of: (i) intercepting a database query from a user; (ii) assigning attribute values on the basis of a target table or target column in the query, a construct type in the query, or the user or environment; (iii) partially evaluating an access-control policy defined in terms of said attributes, by constructing a partial policy decision request containing the attribute values assigned in step ii) and evaluating the AC policy for this, whereby a simplified policy is obtained; (iv) deriving an access condition, for which the simplified policy permit access; and (v) amending the database query by imposing said access condition and transmitting the amended query to the database.

Abstract: A logical network directory database compliant with the X.500 standard for a directory data system is disclosed. The network directory database provides a source of subscriber and service data accessible by various control and management processes that require subscriber information. The network directory database may be extensible across various communications service providers and IT domain. Further, the disclosed network directory database may be applied to new and existing services, such as, IP Multimedia Subsystem, Unlicensed Mobile Access (UMA) and other IP services.

Abstract: A method of providing access control to a relational database accessible from a user interface is implemented at a policy enforcement point, which is located between the database and the user interface and includes the steps of: (i) intercepting a database query from a user; (ii) assigning attribute values on the basis of a target table or target column in the query, a construct type in the query, or the user or environment; (iii) partially evaluating an access-control policy defined in terms of said attributes, by constructing a partial policy decision request containing the attribute values assigned in step ii) and evaluating the AC policy for this, whereby a simplified policy is obtained; (iv) deriving an access condition, for which the simplified policy permit access; and (v) amending the database query by imposing said access condition and transmitting the amended query to the database.

Abstract: The disclosed subject matter provides for event driven permissive sharing of information. In an aspect, user equipment can include information sharing profiles that can facilitate sharing information with other devices or users, such as sharing location information. The information sharing profiles can include trigger values, such that when a target value transitions the trigger value, a permission value is updated to restrict access to sharable information. As such, event driven permissive sharing of information allows for designation of temporary friend information sharing with user-defined triggers.

Abstract: File management systems and methods are presented. In one embodiment, implementation of a method for determining the accurate ownership of a file within a data system includes: identifying a first plurality of access events for a file, wherein the file is associated with a directory of related files; identifying a second plurality of access events for the related files within the directory, wherein access events in the first and second plurality of access events occur within a period; determining a pool of users accessing files within the directory within the period; and selecting a user from the pool of users as an inferred owner of the file based on access metrics related to the plurality of access events.

Abstract: A method for resolving a hang in a database system includes receiving a symbolic graph having a plurality of nodes, where each node represents a database session involved in the hang during a specified time interval. The blocking time associated with each node in the symbolic graph is recursively determined. The node that has the longest blocking time is output to a display for review by the database administrator. Alternatively, the database session represented by the node having the longest blocking time may be automatically eliminated.

Abstract: A method for securely accessing a number of computing systems within a remote facility includes, with a mobile computing system, checking out access data from a centralized database, the access data providing access to the computing systems within the remote facility. The mobile computing device then interfaces with a first computing system, the first computing system being unable to have access criteria changed from a remote location. The mobile computing system then provides a user with access to the first computing system using the checked out access data without revealing that checked out access data to the user.

Abstract: Methods and systems for identifying and ranking search results and online advertisements based on authenticity are described. A search server includes an authenticity index, which includes authenticity metric values associated with one or more web elements. The authenticity metric values may indicate the relative authority of the web element with respect to a specific category, keyword, search term, phrase, context, filter, etc. Search results may be generated and ranked based on the authenticity metric values.

Abstract: Methods and systems for monitoring privileged user access of a database using a computer having at least one processor are provided. The system monitors database transactions. If a transaction is made by a privileged user, the system records information relating to the transaction in an audit database and/or in an audit file. If a transaction is made by a terminated or otherwise unauthorized privileged user, the system can be adapted to alert management of a possible security breach.

Abstract: A system and method for managing a virtual appliance lifecycle is provided. In particular, a hosted web service may provide a collaborative environment for and unified environment for developing, configuring, personalizing, building, testing, deploying, and otherwise managing a lifecycle for one or more virtual appliances, wherein the collaborative and unified environment may provide various features for-creating virtual appliances, monitoring upstream changes and modifications to the virtual appliances, and providing real-time analysis and feedback during various phases of the virtual appliance lifecycle, among other things.

Abstract: A method, and computer-readable media for performing the method, for managing business transactions. Electronic transaction documents are received from authenticated users and stored in a database, with system usage data regarding users' access to and use of the system captured and stored in the database. Only specified parties are afforded access to system usage data for each user.

Abstract: A central data warehouse includes embedded data marts. These embedded data marts, referred to as workspaces, are assigned centrally manage data by reference only but rely directly on the centrally managed data and the underlying infrastructure. Workspaces still allow departments in an enterprise to perform certain actions on their own (like adding new data and building new models) without having to instantiate copies of the centrally managed data in a locally managed data mart.

Abstract: In a dispersed storage network where slices of secure user data are stored on geographically separated storage units, a managing unit connected to the network may seek to broadcast and update secure access control list information across the network. Upon a target device receiving the broadcast the target device creates and sends an access control list change notification message to all other system devices that should have received the same broadcast if the broadcast is a valid request to update access control list information. The target device waits for responses from the other system devices to validate that the broadcast has been properly sent to a threshold number of other system devices before taking action to operationally change local data in accordance with the broadcast.

Abstract: Graphical user interfaces (GUIs) support the collaborative generation of life stories by helping the user view the development of the life stories of other users and facilitating interaction with them through these GUIs. A GUI according to a first type helps the user keep track of recent life stories and comments posted by other users of the collaborative system, and a GUI according to a second type helps the user view life stories of any user in a chronological manner.

Abstract: Methods and apparatuses for constructing a multi-level solver, comprising decomposing a graph into a plurality of pieces, wherein each of the pieces has a plurality of edges and a plurality of interface nodes, and wherein the interface nodes in the graph are fewer in number than the edges in the graph; producing a local preconditioner for each of the pieces; and aggregating the local preconditioners to form a global preconditioner.

Abstract: A computer-implemented method for generating online search results includes receiving, over the Internet, referring URL data including a query, and a network site ID for a network site that was visited based on third party search engine analysis of the query; generating indexed query and network site data based on the received referring URL data and network site; receiving a new query from a user; determining a network site relevant to the new query based on the indexed query and network site data; and displaying to the user a link to the network site. Systems for generating online search results are also disclosed.

Abstract: An identification system that may be used in heterogeneous computing environments provides a fail-free path to providing identifiers from a single canonical namespace. Objects or gateways requiring an identifier for access are accessed using an identifier for the canonical namespace. If an entity requests access using an identifier from another namespace, an external database is consulted to determine if a mapping exists for the identifier to another identifier the canonical namespace. If no mapping exists, or the external database is unavailable, then an identifier is automatically generated in the canonical namespace and is used for the access. An internal database is updated with the automatically generated identifier, providing a mechanism to add mappings without administrative intervention. To access resources requiring an identifier from another particular namespace, a canonical namespace identifier may be mapped to another identifier in the particular namespace, or a generic identifier may be used.

Abstract: A user-interface method of selecting and presenting a collection of content items based on user navigation and selection actions associated with the content is provided. The method includes associating a relevance weight on a per user basis with content items to indicate a relative measure of likelihood that the user desires the content item. The method includes receiving a user's navigation and selections actions for identifying desired content items, and in response, adjusting the associated relevance weight of the selected content item and group of content items containing the selected item. The method includes, in response to subsequent user input, selecting and presenting a subset of content items and content groups to the user ordered by the adjusted associated relevance weights assigned to the content items and content groups.

Abstract: A SEQUENCED request a) to apply a temporal Source table to a temporal Target table under a predicate is received. The Source table includes a plurality of rows that qualify to apply to a single Target table row under the predicate. The predicate specifies a Source table join column. Each of the plurality of Source table rows and the single Target table row include a ValidTime dimension. The plurality of Source table rows is b) ordered by the Source table join column and a period-to-be-modified. The next of the ordered plurality of Source table rows is c) applied by determining that the Target table row has a TransactionTime and, in response, closing out the TransactionTime of the Target table row. Applying the next of the ordered plurality of Source table rows includes identifying an RDIFF range as the period-to-be-modified of the Source table row being applied that is later than the ValidTime range of the single Target table row.

Abstract: A system (101) for implementing redaction rules in compliance with an organization's privacy policy, where the system intercepts messages between an information source (103) and an information destination (102), modifies the message contents based on redaction rules (106) and forwards the redacted contents over to the client. The system also maintains a record of the redacted information and updates the contents of any message submitted by the client (102) in order to maintain database integrity.

Abstract: An apparatus to manage an account is provided. The account managing apparatus includes an account management unit which manages a user account of at least one user who uses an image forming apparatus, a storage unit which stores guest information related to the user account, a guest account generating unit which generates a guest account dependent on the user account based on stored guest information and the user account when a request to generate an account to use the image forming apparatus is received from a guest, and a control unit which controls the image forming apparatus according to a generated account policy.

Abstract: Embodiments are directed to providing a plurality of data provisioning tiers for datasets and to throttling access to dataset data based on the dataset's data provisioning tiers. In an embodiment, a computer system receives an input that specifies a maximum number of queries that a user is allowed to perform on a given dataset over a specified period of time. The computer system generates data provisioning tiers for the dataset based on the received input. Each data provisioning tier indicates a maximum number of queries that the user is allowed to perform on a given dataset over a specified period of time. The computer system also applies the generated data provisioning tiers to the dataset so that the user is limited to the maximum number of queries specified in the data provisioning tier.

Abstract: Provided are techniques for creating one or more fine-grained access control rules that are associated with a base table. A materialized query table is created from the base table without applying the one or more fine-grained access control rules associated with the base table when obtaining data from the base table. A fine-grained access control protection indicator is turned on for the materialized query table. In response to receiving a direct access request to the materialized query table in a query referencing the materialized query table, access is provided to the data in the materialized query table by applying one or more fine-grained access control rules associated directly with the materialized query table to the data in the materialized query table before returning the data.

Abstract: An information retrieval system having: a client adapted for accessing a plurality of file sets stored on one of a plurality of file servers; a plurality of file servers configured to operate with a federated file system namespace; and a memory for storing re-direction information accessible by the client for identifying a request issued by the client for a file set at a first location in the namespace where the file set is located at a second, different location on one of the file servers and wherein the client in examining the re-direction information in the memory, re-directs the request to the second location in accordance with the re-direction information.

Abstract: The embodiment of this invention provides a method for classifying and processing data in an instant messaging system, which includes: classifying the data of every service included in the instant messaging system into confidential data and non-confidential data; obtaining and processing the non-confidential data of every service after a first authentication is passed successfully; and obtaining and processing the confidential data of every service after a second authentication is passed successfully. The embodiment of this invention also provides a device for classifying and processing data in an instant messaging system. According to the embodiment of the present invention, the security requirements of the instant messaging system are met, and the user is facilitated to use various services provided by the instant messaging system.

Abstract: A user-interface method of selecting and presenting a collection of content items based on user navigation and selection actions associated with the content is provided. The method includes associating a relevance weight on a per user basis with content items to indicate a relative measure of likelihood that the user desires the content item. The method includes receiving a user's navigation and selections actions for identifying desired content items, and in response, adjusting the associated relevance weight of the selected content item and group of content items containing the selected item. The method includes, in response to subsequent user input, selecting and presenting a subset of content items and content groups to the user ordered by the adjusted associated relevance weights assigned to the content items and content groups.

Abstract: When an application activation instruction is input, it is decided whether the application is expected to access a high-level protection resource or low-level protection resource (step S31). If the decision is affirmative, display is done to prompt the user to select whether to permit activation of the application (step S32). When the user inputs an activation permission instruction, the application is activated (steps S33 to S36). As a result, only when the user permits an application, which is expected to access a high-level protection resource or low-level protection resource, to access a predetermined resource immediately before its execution, the application is executed. Hence, the basic processing part and application can operate in cooperation with each other while limiting access to various kinds of resources by the application in a reasonable range.

Abstract: Automatically accepting applications, and testing, training, certifying, assigning, allocating, controlling, and scheduling remote agents. An applicant (100) transmits an application to a remote agent center (RAC) (130) via a Communications Network (120). The application contains the person's profile, training, and experience. The RAC validates the skills via testing or third party confirmation, accepts the person as a remote worker, certifies the person's skill levels, and places the person in the remote worker pool. The remote worker can also obtain remote training on new or additional topics. The RAC evaluates the business demands of an external party, identifies remote workers with the needed skills who are available, and transmits the work at the appropriate time to the remote workers. The work is transmitted via or through the RAC. The external parties thus do not have to recruit, train, or test persons, or be concerned with staffing issues.

Abstract: In one embodiment the present invention includes a computer-implemented method for generating constraints for use in an access control system. In one embodiment, roles, document types, and permissions are stored in a 3-D model, such as a matrix or table. The 3-D model is converted to 2-D models, where users are inserted for roles and documents are inserted for document types. The 3-D model and 2-D models represent access rights. Supplemental information about the access rights is added to the 2-D tables. In one embodiment, attribute exploration is used to generate supplemental information. Constraints are generated from the 2-D tables for use in controlling access rights in a computer system.

Abstract: A user-interface method of selecting and presenting a collection of content items based on user navigation and selection actions associated with the content is provided. The method includes associating a relevance weight on a per user basis with content items to indicate a relative measure of likelihood that the user desires the content item. The method includes receiving a user's navigation and selections actions for identifying desired content items, and in response, adjusting the associated relevance weight of the selected content item and group of content items containing the selected item. The method includes, in response to subsequent user input, selecting and presenting a subset of content items and content groups to the user ordered by the adjusted associated relevance weights assigned to the content items and content groups.

Abstract: A method and an apparatus for specifying a time-varying, intelligent service-oriented model are provided. A method implemented in a computer infrastructure having computer executable code embodied on a computer readable storage medium having programming instructions, includes defining information of a service which is to be provided to one or more users having access to a system storing the defined information. The method further includes defining policies associated with the defined information to allow and deny access to selected portions of the defined information, and exposing to a user of the one or more users the selected portions of the defined information based on the defined policies allowing access to the selected portions of the defined information.

Abstract: Aspects of the invention relate to sharing content stored on an object addressable storage (OAS) system among a plurality of users of the OAS system and authenticating users to an OAS system. In some embodiments, a user may store content units on the OAS system and control access by other users to these content units. In some embodiments, when a user grants one or more other users access to a content unit stored on the OAS system, the OAS system may send a notification of grant of access to the other user(s).

Abstract: The present invention provides a method and system for facilitating access to always current contact information. Users submit their personal contact information or a collection of third party contact information or both to a storage location, where records are being searched for identical or similar entries. In case of a match the third party contact information is replaced with a link or pointer to the personal contact information entry of the owner of the information. As long as the owner of the information updates his records in the storage location, all third party contact information collections are also kept up to date and users will benefit from the most accurate and current contact information available.

Abstract: A storage server maintains a number of datasets (e.g., exported file systems or other resources). For each dataset, certain clients are allowed to have access (e.g., read access, write access, root access, etc.) and certain other clients are not allowed to have access. Access permission information is maintained to specify which clients are allowed to have access and what kind of access. A method and system are introduced to use a radix tree to store access permission information in a cache, therefore allowing the storage server to quickly retrieve access information relevant to a particular client. One advantage of using radix tree to maintain access permission information is that radix tree is very efficient at storing hierarchical information, such as IP addresses. Radix tree is also very efficient at representing subnets in particular.

Abstract: A method, system and article of manufacture for data processing and more particularly for managing access to data in a database that should be available for a limited number of accesses. One embodiment provides a method comprising receiving, from a requesting entity, a query against a database having consumable data that is configured to be accessible for only a predefined number of accesses. The query is configured to access the consumable data and is executed against the database to obtain a query result that includes the consumable data. The method further comprises determining whether the predefined number of accesses is reached as a result of the execution of the query against the database. If so, the consumable data is made inaccessible. The obtained query result is returned to the requesting entity.

Abstract: The method is for granting access to data of a first object that has at least one temporally access controlled public attribute and a clock capable of measuring time independently of the clocks of other objects. A request to access a value of the public attribute of the first object is received. The value of the clock of the first object is compared with the value of the clock of at least one second object. If necessary, the clock values of the first and the second objects are synchronized. Access to the value of the attribute of the first object is granted. Also an arrangement and a computer program product are disclosed.

Abstract: An IC card is configured to receive personalization commands which are used to transmit data to the IC card. An access control list is associated with the data. The data is stored in the IC card in a record structure that includes a plurality of entries. The access control list is stored in the IC card in the record structure. The personalization commands include a card personalization specification (CPS).

Abstract: Described herein are techniques for global synchronization that under various scenarios eliminate or defer the acquisition of global locks. In many cases, the need to acquire global locks is eliminated, thereby saving the overhead attendant to processing global locks.

Abstract: Role-based access controls improve user access in a computer system. A profile associated with a role is generated. The profile is enforced with respect to one or more users associated with the role. Optionally, the profile is generated based at least in part on a user interaction.

Abstract: Implementations of the present disclosure provide computer-implemented methods including generating a changelist corresponding to at least one computer code object that is digitally stored in a repository database, assigning a team to the changelist, the team comprising a plurality of members, initiating access to the computer code object using a computer that is in communication with the repository database, enabling access to the computer code object when a user of the computer is a member of the team, and prohibiting access to the computer code object when the user of the computer is not a member of the team.

Abstract: Selectively shared and filtered personal information collections are provided. Personal information collections include calendars, task lists, address books, and other collections of information that may be provided by personal information manager (PIM) software. Personal information collections published on a server may be limited on a user-by-user basis as to who may access the collections. Furthermore, collections may be automatically filtered based on a rolling window of dates, reducing file size and maintaining privacy of items outside the rolling window.

Abstract: A system and method for managing group policy objects in a network, including interfaces that allow access by programs or a user interface component to functions of a group policy management console that performs management tasks on group policy objects and other related objects. The interfaces abstract the underlying data storage and retrieval, thereby facilitating searching for objects, and providing the ability to delegate, view, change and permissions on those objects, and check and save those permissions. Modeling and other test simulations are facilitated by other interfaces. Other interfaces provide dynamic and interactive features, such as to convey progress and rich status messages, and allow canceling of an ongoing operation. Still other interfaces provide methods for operating on group policy related data, including group policy object backup, restore, import, copy and create methods, and methods for linking group policy objects to scope of management objects.

Abstract: A method, apparatus, and system of a sequencing technique to account for a clock error in a storage area network are disclosed. In one embodiment, a system of a backup server includes a processing module to examine a data timestamped with a sequence of characters denoting a time according to a clock source, an analysis module to determine that the data has been timestamped at an earlier time than an other data previously received, a substitution module to provide the data an incremental sequence number placed with the data using an algorithm until a new data is received that includes a future timestamp with a later timestamp than the timestamp of the other data, and a storage module to store the data.

Abstract: A document managing system includes: a document use controller; and a document storage device, the document use controller including: a managing unit; and an instructing information transmitting unit, and the document storage device including: an index information holding unit; an instructing information receiving unit; and an index information updating unit, wherein the index information updating unit updates an index information so as to change the permission/inhibition of the use of contents of the storage document on the basis of an identifier of a storage document included in instructing information received by the instructing information receiving unit.

Abstract: In a system and method for updating a remote replicated destination file system snapshot with changes in a source file system snapshot, users and processes are redirected to a local exported snapshot of the replicated snapshot on the active file system on the destination before beginning the next update of the active file system's replicated snapshot. In this manner, an unstable replicated snapshot is not accessed. Indirection is introduced into inode lookup at the destination as the destination's active file system is being updated. The indirection can be based upon a snapshot ID that conforms to a latest exported snapshot ID.

Abstract: A computer-implemented method for providing protection for a data file is disclosed. The method includes employing allowable location information to control access to information of the data file, wherein the allowable location information is associated with the data file The information in the data file is inaccessible if a location of a computer employed to access the data file is not within an allowable geographic area defined by the allowable location information.

Abstract: A user feedback system for improving a performance of a software application is described. The feedback system includes a telemetry collection system and a user feedback collection system. A context aggregator collects data from both the telemetry collection system and the user feedback collection system, and constructs a data model that characterizes the data. Using this data model, the feedback system is able to provide or enable software support in a timely, convenient, and useful way. Specifically, data in the data model is standardized across a number of software applications and/or users, so that multiple data models, along with other data sources, may be meaningfully compared to identify a problem, and possibly a solution, associated with an operation of the software application. Additionally, users of the feedback system may be connected with a virtual community of other users who the system has determined may be helpful in assisting one another.