Abstract: Methods, systems and computer program products for maintaining components of networked nodes with distributed data dependencies are described. For example, in accordance with one or more embodiments, a method can comprise identifying, by a device comprising a processor, in a group of dependent nodes of a cluster of nodes, a first portion of the dependent nodes for which an update is implicated. The method can further comprise selecting, by the device, from the first portion, a second portion of the dependent nodes that are predicted to be able to be updated with the update without affecting access to data of the group of dependent nodes. Further, the method can comprise communicating, by the device, the update to the second portion of the dependent nodes.

Abstract: Described herein is a system and method of application container access, the method includes performing a foreground unlock on an application container; creating a copy of a container key of the application container; locking the application container; receiving a background unlock trigger; determining whether a background unlock is authorized; performing the background unlock on at least a portion of the application container using the copy of the container key in response to determining the background unlock is authorized; and storing data in the at least a portion of the application container while the application container is in the background unlock.

Abstract: Systems and methods are provided for management of processor thread used in support of workspaces operating on an IHS (Information Handling System), where the workspaces operate in isolation from the operating system of the IHS. A remote workspace orchestration service manages deployment of workspaces on the IHS. The workspaces are instantiated and operate according to a workspace definition provided by the workspace orchestration service. A remote access controller of the IHS determine one or more processor threads of the IHS used in support of the workspaces. The remote access controller monitors memory utilization by the processor threads used in support of the workspaces in order to detect memory thrashing resulting from the operation of a particular workspace. Based on the monitored memory utilization, the processor threads used in support of the workspaces are modified in order to reduce memory thrashing during the operation of the workspaces.

Abstract: A computer-based method is provided for managing a transaction including provision of a process intelligence engine comprising a workflow aligner and process tool box, receiving deal parameters at the process intelligence engine, defining transaction subjects, each requiring the participation of at least one network partner, where each transaction subject is a requirement for achieving the objective of the transaction, defining, for each transaction subject, a plurality of subject goals to be addressed by a network partner, and defining, for each subject goal at least one action item required for satisfying the subject goal. The subject goals are then sequenced by the workflow aligner by defining prerequisites for at least one subject goal and transaction modules are defined based on the sequencing. During execution of a deal using the method, subject goals are not made available until prerequisite subject goals have been completed.

Abstract: Methods and systems are disclosed for generating a summary view of raw data to emphasize similar orders or patterns. Raw data is received comprising a set of orders in a non-standard format, each order including a quantity and a value. The raw data is disaggregated, which includes converting the raw data to a standard format and identifying similar orders. The similar orders are identified using a data disaggregation model. A graphical object is generated to represent some orders in the set of orders based on the disaggregated data. Each graphical object is defined based on a quantity at a particular value and sized in proportion to a total number of orders at a particular price or differentiated from a quantity of orders associated with other groups of orders. A summary view comprising the graphical objects is displayed in a graphical user interface.

Abstract: A method and system for facilitating collaboration between two groups without impairing or affecting the structure of the two groups is provided.

Abstract: A database access, monitoring, and control system and method monitor database access, detect suspicious database activities, and react to suspicious database activities by initiating one or more control functions. In at least one embodiment, suspicious database activities include activities related to a number of rows of data retrieved in response to one or more queries within a predetermined threshold window of time. Data retrieval row count above a predetermined threshold that represents an anticipated maximum request for legitimate users can indicate a suspicious database activity. In at least one embodiment, the database access, monitoring, and control system and method detects suspicious database activities even if a data requestor has thwarted other security measures or if the data requestor has authorized access but is potentially accessing data inappropriately.

Abstract: An information processing apparatus includes a memory storing, in an associated form, attribute information assigned to a document and information that indicates whether the attribute information is first attribute information that a user is not enabled to assign or second attribute information that the user is enabled to assign and one or multiple processors configured to perform first search on the attribute information on the document using the first attribute information in a search formula and second search on the attribute information on the document using the second attribute information in the search formula.

Abstract: There is provided an information processing system including: a first apparatus (10a) that divides a user key (UK) of a share-source user through a secret distribution process to generate a plurality of distribution keys (S1 and S2); a second apparatus (10b) that sends a processing request to execute a predetermined process by using one of a plurality of the distribution keys generated by the first apparatus; and a third apparatus (20) that makes a determination based on one of a plurality of the distribution keys generated by the first apparatus and the processing request received from the second apparatus.

Abstract: Data ownership of a single record data object comprising a plurality of individual data elements may be distributed across a plurality of users, such that each individual user is capable of separately controlling access to those data elements for which the data owner has ownership privileges. These data ownership privileges, and corresponding access rights which may be individually provided by distinct data owners, is managed by a data management computing entity such that a single composite user interface may be generated for a user viewing a particular record data object such that the viewer is provided with viewing access to only those data elements for which the viewer has access. Thus, separate user interfaces may be generated and provided for different viewers accessing the same record data object.

Abstract: A privacy management system that is configured to process one or more data subject access requests and further configured to: (1) enable a data protection officer to submit an audit request; (2) perform an audit based on one or more parameters provided as part of the request (e.g., one or more parameters such as how long an average request takes to fulfill, one or more parameters related to logging and/or tracking data subject access requests and/or complaints from one or more particular customer advocacy groups, individuals, NGOs, etc.); and (3) provide one or more audit results to the officer (e.g., by displaying the results on a suitable display screen).

Abstract: A system for data security includes a processor and a non-transitory, tangible, computer-readable storage medium having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations including: (i) logging a plurality of data access events initiated by a user; (ii) analyzing the plurality of data access events; (iii) generating, based upon the analyzing, a user profile, the user profile including at least one historical data access pattern associated with the user; (iv) comparing a data access event initiated by the user to the user profile; and (v) determining, based upon to the comparing, whether the data access event initiated by the user corresponds to the at least one historical data access pattern included in the user profile.

Abstract: Attributing consumed storage capacity among entities storing data in a storage array includes: identifying a data object stored in the storage array and shared by a plurality of entities, where the data object occupies an amount of storage capacity of the storage array; and attributing to each entity a fractional portion of the amount of storage capacity occupied by the data object.

Abstract: A discovery computing system may receive an account identifier (ID) and a set of credentials required to access a first service account. The discovery computing system may transmit a first API query to a remote computing system. The discovery computing system may receive an organization identifier (ID) of the organization from the remote computing system. The discovery computing system may further transmit a second API query to the remote computing system. The discovery computing system may be further configured to receive information about a set of projects, in the organization, from the remote computing system. The discovery computing system may further generate a set of service accounts and further determine the set of resources, in the remote computing system, associated with each of the generated set of service accounts. The discovery computing system may further store the determined set of resources, as configuration items in a persistent storage.

Abstract: Providing quantum file permissions is disclosed herein. In one example, a quantum computing device includes a permissions database that stores permissions information for a plurality of quantum files. A quantum file permissions service, executing on a processor device of the quantum computing device, receives from a requestor a permissions query for a permissions status (i.e., a read permission indicator, a write permission indicator, and/or an execute permission indicator, as non-limiting examples) of a quantum file including a plurality of qubits. In response, the quantum file permissions service accesses permissions information for the quantum file from the permissions database. The quantum file permissions service uses the permissions information from the permissions database to determine a permissions status of the quantum file. The quantum file permissions service then sends a response to the requestor indicating the permissions status of the quantum file.

Abstract: Representative embodiments disclose mechanisms to complete partial queries entered by a user. Users enter a partial query. The partial query is used to search a short text index comprising the titles of documents. The search yields a list results. The top k entries of the list are selected and a language model is created from the top k entries. The language model comprises n-grams from the top k entries and an associated probability for each n-gram. A query completion generator creates query completion suggestions by matching n-grams with the partial query, removing candidate suggestions that to not comply with suggestion rules, and filtering the remaining suggestions according to a filtering criteria. The top N results are returned as suggestions to complete the query.

Abstract: A pseudonym credential configuration method and apparatus are provided. The method includes: receiving an identifier of a terminal device and information about N to-be-requested pseudonym credentials from the terminal device, sending N second request messages to a pseudonym credential generation server, and storing a tag of each second request message in association with the identifier of the terminal device in the registration server, so that the registration server can obtain, based on the tag, the identifier that is of the terminal device and that is associated with the tag; and generating N pseudonym credentials. The pseudonym credential generated in this application may enable a behavior investigation server to learn of a real identity of the terminal device.

Abstract: Systems and methods are provided for registering with a given application. The systems and methods include operations for receiving, with a messaging application, a request to authenticate a phone number from the given application, the phone number being input by a user to register an account with the given application; determining that the phone number received in the request matches a user phone number stored in a user account associated with the messaging application; in response to determining that the phone number received in the request matches the user phone number stored in the user account, transmitting a communication from the messaging application to the given application indicating that the phone number has been authenticated; and causing the given application to register the account for the user to enable the user to log into the given application.

Abstract: A method for setting an operation time range of mailbox content and instant messaging content in a system is disclosed in the present invention, wherein a method for setting an operation time of mailbox content includes: selecting a role, a user or an employee as a mailbox user; setting a permission time range for each mailbox user, wherein said permission time range includes one or more of the following types: a time range from a time point, which is determined by going backwards from a current time for a fixed time length, to the current time, a time range from a start time to a current time, a time range from a deadline to a system initial time, and a time range from a start time to a deadline; and the content within the permission time range of the mailbox user in a mailbox account used by the mailbox user being operated by said mailbox user.

Abstract: Techniques and solutions are described for storing and processing metadata, including to instantiate database artefacts at a target system based on metadata for database artefacts maintained at a source system. The target system can query the source system for metadata associated with database artefacts of the source system. The target system can instantiate database artefacts based on such metadata. The database artefacts of the target system are linked to corresponding database artefacts of the source system, such as by associating a database artefact of the target system with an API useable to obtain data or metadata from the source system for a corresponding database artefact of the source system. The target system obtains additional data or metadata for a database artefact of the target system using a corresponding API.

Abstract: Systems and methods are provided for receiving a first media content item associated with a first interactive object of an interactive message, receiving a second media content item associated with a second interactive object of the interactive message, generating a third media content item based on the first media content item and second media content item, wherein the third media content item comprises combined features of the first media content item and the second media content item, and causing display of the generated third media content item.

Abstract: A method for execution by a storage unit in a dispersed storage network (DSN) includes selecting a storage zone of a memory device of the storage unit based on zone allocation parameters, and designating the selected storage zone as open for writes. A data slice is received via a network for storage. The data slice is written sequentially at a memory location of the one of storage zone based on determining that the storage zone is designated as open for writes. A pointer corresponding to the data slice that indicates the storage zone and the memory location is generated. A read request is received via the network from a requesting entity that indicates the data slice. The data slice is retrieved from the memory device based on the pointer, and is transmitted to the requesting entity.

Abstract: A datastore engine at an edge location of a content delivery network (CDN) may perform low-latency query processing and data retrieval for multiple types of databases at one or more origin servers. When a client sends a query to the edge location, the datastore engine translates the query from a back-end database format into a native format of the local edge datastore. If the requested data is not there, then the datastore engine retrieves the data from the back-end table and inserted inserts the data into the local edge datastore. By using multiple queries over time to re-construct data from the backend database tables at the edge, the datastore engine may provide low-latency access to data from the backend database tables (avoiding the need to retrieve data from the back-end tables to serve subsequent queries).

Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). For example, a first data asset may include any software or device (e.g., server or servers) utilized by a particular entity for such data collection, processing, transfer, storage, etc.

Abstract: Techniques of implementing partition level operations with concurrent activities are disclosed. A first operation can be performed on a first partition of a table of data. The first partition can be one of a plurality of partitions of the table, where each partition has a plurality of rows. A first partition level lock can be applied to the first partition for a period in which the first operation is being performed on the first partition, thereby preventing any operation other than the first operation from being performed on the first partition during the period the first partition level lock is being applied to the first partition. A second operation can be performed on a second partition of the table at a point in time during which the first operation is being performed on the first partition.

Abstract: In one embodiment, a processing device receives a first digital fingerprint of a media item along with a first content management rule. The processing device separately receives a second digital fingerprint of the media item along with a second content management rule. The processing device determines that the received digital fingerprints are for the same media item based upon a match between the first digital fingerprint and the second digital fingerprint. The processing device determines that all rights to the media item have been accounted for, and then determines a set of actions to be performed for hosted media items comprising the media item based at least in part upon the first content management rule and the second content management rule. Processing logic may also perform a conflict resolution process for conflicting rights claims to the media item.

Abstract: Technologies related to generating and continuously maintaining a record of data processing activities are described herein, where the processing record is generated on behalf of an enterprise that operates an enterprise computing system. The processing record includes numerous fields related to the processing of data by the enterprise computing system, and such fields are automatically generated based upon information pertaining to the enterprise computing system that is acquired from several different sources.

Abstract: The present disclosure describes techniques for changing a required authentication type based on a request for a particular type of information. For example, consider a situation where a user has asked a virtual assistant “who owns this device?” By default, the device may allow biometric authentication to unlock. In response to identification of the owner by the virtual assistant, however, the device may require one or more other types of authentication (e.g., manual entry of a passcode) to unlock the device. In various embodiments, the disclosed techniques may increase the security of the device by making it more difficult for malicious entities to obtain the sensitive information or to access device functionality once the sensitive information has been disclosed. In various embodiments, this may prevent or reduce unauthorized access to the device.

Abstract: A system supporting a networked database service includes a controller configured to receive one or more data request and authenticate the one or more data request. A gateway (GW) in communication with the controller, is configured to receive at least one of the one or more data request from the controller, perform data classification on data received in the request, and generate a cryptographic key based on the data classification, a hardware-protected key of the GW, and a second (encryption) key. The cryptographic key is for accessing a database. The controller and the GW are operated by different parties.

Abstract: Examples described herein relate to a system for orchestrating a security object, including a memory and processor configured to define a plurality of complex policies in a database, wherein the complex policies comprises one or more of EQUAL policy, ONE-OF policy, MEMBER OF policy, NULL policy, NOT-NULL policy, GREATER-THAN policy, GREATER-THAN-OR-EQUAL-TO policy, LESS-THAN policy, or LESS-THAN-OR-EQUAL-TO policy, receive the security object and at least one object attribute associated with the security object, determine acceptability of the security object based, at least in part, on the at least one object attribute and at least one of the plurality of complex policies corresponding to the at least one object attribute, and distribute the security object to at least one communication device associated with the processor when the security object is determined to be acceptable, wherein the at least one communication device establishes communication based, at least in part, on the security object.

Abstract: An agent and a configuration interface permit custom-level customizations for synchronizing a replica of an enterprise system over a network connection with a replicator. The replicator produces the replica as a Virtual Machine (VM) that is maintained on a portal server that is remote from an enterprise server that hosts the enterprise system.

Abstract: An online data hub/portal that provides for data to be extracted from production environments, sanitized (removal of non-public information NPI) and loaded into non-production environment (e.g., testing and development environment). The online data hub/portal allows users to extract data from a disparate production applications into a first secure staging location that triggers identification of Non-Public Information (NPI), sanitization of the identified NPI and validation of the data (e.g., verifying that NPI has been identified and sanitized and that all relationships between data elements in downstream and upstream applications are kept intact). Once sanitized and validated, the data hub places the data in a second secure staging location that provides for loading the sanitized data into the non-production environment.

Abstract: A communication system comprises a communication device and a server system. The communication system obtains permission to perform a function related to the communication device from a user, performs a predetermined process of obtaining permission to perform a predetermined function from the user, if the predetermined function that the user does not permit the server system to perform is added as the function, performs the function that the user permits the server system to perform in advance, if an instruction for performing the function that the user permits the server system to perform in advance is inputted into a voice control device with a voice, after the predetermined process is performed and in a state where the permission to perform the predetermined function is not obtained from the user, and performs a process corresponding to the function.

Abstract: Some embodiments provide a method for defining an adaptable monitoring profile for a network. The defined network monitoring profile is independent of the security policy defined for the network and includes one or more log generation rules, each of which defines a logging policy for a set of data compute nodes (DCNs) that share a common attribute. A log generation rule specifies whether the network activities of a set of DCNs that share a common attribute should be logged or not. A log generation rule can also specify other logging parameters such as priority level of the logs and the required logging protocol for transmission of the logs. The logging policy of a log generation rule is associated with a set of service rules (e.g., firewall rules) through a dynamic service group, and is applied to the service rules when any of these rules is triggered.

Abstract: A communication apparatus configured to acquire information in a distributed ledger shared in a network, the communication apparatus includes a memory; and a processor coupled to the memory and configured to acquire one or more digital certificates used by a user of another apparatus to apply to the communication apparatus from the other apparatus, acquire type information that identifies a combination of the user and the type of information certified by the one or more digital certificates, by using the distributed ledger, acquire certificate issue history that is recorded in the distributed ledger in association with the type information, and determine whether the issue history contains information of another digital certificate that has not been acquired from the other apparatus.

Abstract: Techniques for creating compelling extended reality (XR) environments, including virtual reality (VR) and mixed reality (MR), and other computer-generated experiences, are provided. In some embodiments, a VR and MR system, including a computer hardware- and software-based control system, controls a specialized headset, hand controls, and a distributed array of sensors and actuators to produce a VR or MR environment with compelling VR and MR display and social interaction features. In some embodiments, the VR and MR system creates and provides escalating levels of data access, permissions and experiences for users, based on different, multi-phased ratings. In some embodiments, a first rating sets a level of access to gameplay leading to a second rating. In some such embodiments, one user's VR or MR experience related to another user is modified aesthetically, haptically or otherwise, depending on the levels granted by another user, and other attributes.

Abstract: Disclosed are a method for automatically encrypting a short message, a storage device and a mobile terminal. The method comprises: matching a number and content of a short message respectively with a pre-set short message encryption number group and a key word database; if the matching succeeds, performing encryption processing on the short message; and distributing the short message to an application program having the authority to monitor the short message. The short message content is encrypted before the application program receives the short message, preventing important information from being maliciously stolen by the application program.

Abstract: A method includes receiving a request from an internet content provider to provide data about a subscriber associated with an IP address, where the data allows the internet content provider to maintain stateful and persistent information about an HTTP session with a user endpoint device associated with the IP address determining whether the Internet content provider is a trusted Internet content provider pre-authorized to receive at least some of the data about the subscriber, determining a subset of the data about the subscriber that is allowed to be shared with the Internet content provider, when the Internet content provider is determined to be a trusted Internet content provider, providing the subset of the data to the Internet content provider, when the subset of the data is determined, and denying the request to provide the data, when the Internet content provider is determined not to be a trusted Internet content provider.

Abstract: Embodiments of the present disclosure provide a method, a computer program product and apparatus for processing transactions in a synchronized replication system, wherein the method comprises, at a source site in the synchronized replication system: serializing commits of transactions in the synchronized replication system so that only one of the transactions can be committed at the same time; in response to initiating the commit of the one transaction, generating a log for each of transactions that are ongoing in the synchronized replication system, so as to record impact of all operations of a respective transaction on the synchronized replication system; marking transactions for which the logs have been generated; and completing commits of the marked transactions.

Abstract: A system includes a hardware processor that executes a software code to receive an authorization request on behalf of a user for a stacked resource including resources offered separately by multiple resource providers, determine resource provider computers associated with the stacked resource, and send a look-up request including an electronic identity of the user to those computers, where the electronic identity is used as a look-up key for determining user attribute(s) of the user. The software code further receives the user attribute(s) from the resource provider computers, generates an accumulated access profile of the user based on the user attribute(s), applies the profile to a rules engine to determine a stacked access result, and routes the authorization request and the stacked access result to one of the resource provider computers, where that computer completes an authorization process for access to the stacked resource based on the stacked access result.

Abstract: A method for servicing document search requests. The method includes receiving, by a document management service, a document search query from a requesting user, and injecting, into the document search query, a user access vector. The user access vector specifies, for the requesting user, access control lists that are associated with the requesting user. The method further includes identifying, in a document repository, documents that match the document search query with the injected user access vector. A matching document requires a match of terms in the search query with terms in the matching document, and a match of at least one access control list specified in the matching document and at least one of the access control lists specified in the user access vector.

Abstract: Methods, systems, and apparatus for determining that a native application limits access to the native application using account credential requirements, the native application generating an application environment for display on a user device within the native application and operating independent of a browser application that can operate on the user device; obtaining a set of account credentials for indexing environment instances of the native application; instantiating the native application with the set of account credentials; and accessing environment instances of the native application, and for each of the environment instances: generating environment instance data describing content of the environment instance, the content described by the environment instance data including text that a user device displays on the environment instance when the user device displays the environment instance; and indexing the environment instance data for the native application in an index that is searchable by a search en

Abstract: A policy generation agent automatically generates a security policy for an application and a security manager. The agent runs the application in a development environment, causing the application to request permissions from the security manager. The agent passes the permissions request to the security manager. The security manger determines whether to approve or deny the request based on a permissions policy. Responsive to a determination to deny the request, the agent generates an updated permissions policy by updating the permissions policy to approve subsequent requests for the permissions. The agent also associates the updated permissions policy with the application, and suppresses any exceptions generated by the security manager in denying the request before approving the request for the permissions in the development environment.

Abstract: Data associated with a user account is stored at the cloud-based storage service. A portion of the data is associated with a heightened authentication protocol. A request for an application to access data that is associated with the heightened authentication protocol is received at the cloud-based storage service. The request may include an indication that the application is configured to interact with data with the heightened authentication protocol. The request is authenticated based on the heightened authentication protocol. In response to authenticating the first request, permission is granted to the application to access the data that is associated with the heightened authentication protocol. In response receiving requests that do not include the indication that the application is configured to interact with data with the heightened authentication protocol, data pertaining to the portion of the data with the heightened authentication protocol is hidden.

Abstract: Row-level security (RLS) may provide fine-grained access control based on flexible, user-defined access policies to databases, tables, objects, and other data structures. A RLS policy may be an entity or object that defines rules for row access. A RLS policy may be decoupled or independent from any specific table. This allows more robust and flexible control. A RLS policy may then be attached to one or more tables. The RLS policy may include a Boolean-valued expression.

Abstract: A face recognition unlocking device includes a collection device configured to obtain information of a user, a controller configured to determine whether face recognition of the user succeeds, based on the information of the user, and calculate a location of the user for success in the face recognition, and an output device configured to guide the user to move.

Abstract: A method for access control of resources in a distributed storage system using an API level model. An ownership object is created corresponding to a volume. The ownership object includes a string defining the owner of the resource. Access rights are given to collaborators or groups and stored as property list fields in the ownership object. Any requestor not listed as the owner, a collaborator, or part of a user group is denied access to the resource.

Abstract: Technology is disclosed for using geographic information that reflects the current locations for a plurality of image providers to find image providers that are capable of fulfilling image requests from image requesters, where the image requests are associated with various geographic locations. In an example embodiment, the technology can be used to find video footage of news events in a timely and cost-efficient manner.

Abstract: The disclosed computer-implemented method for prioritizing and detecting file datasets based on metadata may include (i) receive a group of files from a data storage, (ii) train a machine-learning model utilizing a set of properties derived from metadata associated with the files, (iii) identify, utilizing the machine-learning model, a dataset including at least one candidate file that performs an action in a set of predetermined actions, and (iv) prioritize the action based on the dataset. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods are provided for production and display of map based slide presentations. The system may provide a map of a geographic region via a map interface and select a portion of the geographic region for creation of a slide. The slide may be created to incorporate all of the data within the selected portion and may be part of a series of slides in a presentation. The user may further provide access controls to data aspects within the slide and the system may use the access controls to regulate display of the slide.