Abstract: Embodiments of the present disclosure include systems and methods of conflict resolution, retry condition management and/or handling of problem files in the synchronization architecture of the cloud-based platform. One embodiment of the disclosed technology detects conflicts between incompatible changes made on opposite file systems based on file system sync results when executing a sync event on the file system. In one embodiment, the disclosed technology applies self-healing strategies when unexpected failures occur. For example, if a synchronization action fails repeatedly, an external action (e.g., from user, file system, etc.) can return the system back to a consistent state again.

Abstract: As a default, a global permissions model is established. The global permissions model serves for applying a first set of resource access permissions to shared content objects. Additionally, a set of context-aware access policies that govern user interactions over the shared content object is established. When a particular user requests an interaction over a shared content object, then interaction attributes associated with the request are gathered. The context-aware access policies are applied to the request by determining a set of extensible access permissions that are derived from the interaction attributes. The context-aware access policies are enforced by overriding the first set of resource access permissions with dynamically-determined access permissions. When a particular access request is denied, a response is generated in accordance with the set of extensible access permissions and the user is notified. In some cases, the access request is permitted, but only after the user provides a justification.

Abstract: Methods, systems and computer program products for computing system security. Techniques for classifying a potentially unauthorized user as an authorized user involve comparisons of two or more access request times that occur at different computing devices in different geographical locations. Based on those comparisons and the distance between the geographical locations of the different computing devices, a determination is made as to whether or not travel (e.g., via overland travel, via air travel, etc.) between those different geographical locations can be reasonably accomplished within a given time period. If it is determined that the required time for travel between the different geographical locations is greater than the time between the access request times—thus suggesting a spoofing attack or other malfeasance—then the potentially unauthorized (i.e.

Abstract: A collaboration system manages a plurality of content objects that are shared by multiple users at corresponding user devices in corresponding computing environments. Policies that govern interactions over the plurality of content objects are established. A content object upload request from a first user belonging to a first enterprise is processed by the collaboration system and then the content object is shared with a second user of a second enterprise. Security characteristics pertaining to the second user, and/or the second enterprise, and/or the second user's devices are initially unknown or unverified. As such, upon receiving interaction events raised by a user device of the second user, a set of interaction attributes associated with the interaction events are gathered. One or more trust policies are applied to the interaction attributes to evaluate security conditions that correspond to the interaction events. A response is generated based on the evaluated security conditions.

Abstract: Methods and systems for managing application performance in a distributed computing environment. Embodiments commence when an application seeks to perform a function over a content object. The application submits a request to perform the function on the content object, and the request is received by an application programming interface processor. The application programming interface processor accesses a data structure comprising entries that relate the requested function to one or more code instances that are accessible at one or more code locations. An evaluator predicts performance of the function using a first location of a first code instance and compares that predicted performance to a predicted or measured performance of the same function using a second location of a second code instance that implements the same function. The better performing code instance at the determined code location is invoked. Results are collated, formatted, and returned to the calling application.

Abstract: Systems for secure cloud-based collaboration over shared objects. Embodiments operate within systems in a cloud-based environment, wherein one or more servers are configured to interface with storage devices that store objects accessible by one or more users. A process receives an electronic message comprising a user request to access an object. Before providing user access to the object, the system generates a requestor-specific steganographic message that is derived from some portion of requestor identification information and/or other user attributes, and/or object storage parameters. Various forms of a requestor-specific steganographic message are applied to selected portions of the object to generate a requestor-specific protected object, which is then provided to the requestor. A web crawler can identify posted unauthorized protected object disclosures.

Abstract: Systems for enforcing multiple object deletion policies over shared content objects that are accessible in a cloud-based service platform. A method embodiment commences upon receiving two or more sets of file deletion parameters that describe respective two or more object deletion policies covering a portion of the shared content objects. Records that form associations between the file deletion parameters and at least some of the shared content objects are made available to event listeners in the system. Upon detecting events associated with access to the shared content by the users, the event listeners analyze the events to identify objects of the shared content that are associated with the multiple object deletion policies. If an object is covered by conflicting deletion policy actions, then actions of the deletion policy having a higher priority are applied. Some actions prevent or delay modification of the objects. Lower priority data retention deletions are suppressed.

Abstract: Systems for curating and presenting relevant collaboration activity to newly-added users in a cloud-based content management platform. A method embodiment commences by observing and recording user events that correspond to interactions between any number of users and any number of content objects. When a new person who does not have an event history is added, his/her user profile is updated to indicate he/she is a new user, and a start-up proxy user is identified. The proxy user refers to either a real user that is in some way similar to the newly-added user, or the proxy user is a virtual user as amalgamated from previously recorded user history records. The events in the history records of the proxy user are associated with the newly-added user.

Abstract: Systems and methods for filtering collaboration activity to present in an activity feed. A cloud-based collaboration system is configured to identify collaboration interactions that users have taken over collaboration objects. Some of the collaboration objects or interactions are subject to access permissions as well as policy-based access rules. When a subject user interacts with a user interface, system components select a first set of user interaction events that in some way pertain to the subject user. A first filtering pass applies a first filter to determine object access permissions. After reducing the first set to a smaller second set, then a second filter corresponding to policy-based access rules is applied to the second set to form a still smaller third set of user interaction events. Characteristics of user interaction events in the third set are used to generate user-specific activity feed entries that are presented in a user interface.

Abstract: Disclosed is an improved systems, methods, and computer program products that use a cluster-based probability model to perform anomaly detection, where the clusters are based upon entities and interactions that exist in content management platforms.

Abstract: Methods, systems and computer program products for content management systems. In a computing environment having multiple interconnected computer systems, one or more network communication links between a first computer system that hosts a first application and a second computer system that hosts one or more second applications are established. The first computer system hosts a plurality of shared content objects that can be operated over by any second applications that are interfaced with the first application. Particular interaction events over a shared content object take place at the second applications and/or at the interfaces between the first and second applications. Such particular interaction events are recorded as they occur, after which, based on event attributes associated with the particular interaction events, at least one workflow of the first application is selected. The selected workflow of the first application is executed to perform operations over the shared content object.

Abstract: Methods, systems and computer program products for shared content management systems. In a content management system that supports multiple applications that operate on shared documents, multiple modules are operatively interconnected to make and present activity-based application recommendations. Techniques for making activity-based application recommendations include recording a series of interaction events from multiple users, which events correspond to a series of interactions performed by a plurality of applications over a shared content object. Constituent interaction events from the series of interactions are analyzed to determine a set of recommended applications. The set of recommended applications is presented to a user in a dynamically-populated user interface.

Abstract: Leakage of secure content (e.g., unauthorized dissemination of secure content) is prevented even after a user has downloaded a copy of the secure content. In a content management system, the secure content object is accessible by users who access the secure content by downloading copies. While the downloading of a copy to a user device is permitted, further dissemination is not allowed. To enforce this degree of security, the user downloads a virtual file system that is configured to store a local instance of the secure content object in a secure container of the user device. During ongoing operation of the user device, every data movement operation request associated with the local instance of the secure content object is intercepted. Logic implemented in the downloaded a virtual file system will deny any data movement operation request when a target storage location associated with the data movement operation request is other than a location in the secure container.

Abstract: A collaboration system provides network access to a plurality of content objects. The collaboration system facilitates collaboration interactions between particular users by allowing or denying network access to the plurality of content objects based on user invitations. A computing module observes and records user-to-user or user-to-content collaboration invitations over the plurality of content objects. On an ongoing basis, a collaboration network graph is constructed and maintained, with updates to the collaboration network graph being continually applied based on observed collaboration interactions. On demand, such as upon receipt of a user request for access to a content object, the updated collaboration network graph is consulted so as to generate a then-current sharing boundary.

Abstract: Methods, systems and computer program products for managing content objects in a content management system. A metadata template is assigned to a content object of the content management system. Extensible metadata pertaining to the content object is allocated in accordance with the assigned metadata template. Various operations over the content object result in population of the allocated extensible metadata. When the content object is subjected to a workflow, the execution flow and/or the form of responses associated with execution of the workflow are informed by the populated extensible metadata. A single content object can take on an association with multiple sets of extensible metadata and each set of extensible metadata can take on association with a respective workflow.

Abstract: Methods, systems and computer program products for content management systems. The techniques of the methods, systems and/or computer program products automatically determine activity-based content object access permissions and/or make a recommendation of activity-based content object access permissions. A machine learning model is formed from observations of user interactions over a plurality of content objects. The model is continually updated based on ongoing observation and analysis of user interaction events. When a collaborative relationship is formed between an invitor and one or more invitees, the activity-based permissions model is accessed to determine a set of access permissions to assign to the collaborative relationship. A single collaborative relationship may cover many collaboration objects. In some cases, a set of access permissions are automatically assigned to the collaborative relationship. In other cases, a set of access permissions is presented to the invitor as a recommendation.

Abstract: A user interface is configured to present a stream of activities that arise from operation of two or more heterogeneous applications that access shared content objects of a content management system. A first application of a first type among the heterogeneous applications interoperates with a second application of a second type. Application activity records that correspond to interactions by the second application over the shared content objects are stored. Additional interactions that are raised by the first application and that pertain to a common content object are also stored. When a user requests access to a content object of the content management system, recent application activity records are selected. Some of the selected activity records are filtered out based on permissions attributes corresponding to the content object and/or based on permissions attributes corresponding to the requesting user. An application activity stream is generated based on the selected application activity records.

Abstract: Systems and methods for ransomware protection in collaboration systems. One embodiment operates in conjunction with a collaboration system that manages one or more user devices that store device-local copies of content objects in storage areas of the one or more user devices. The collaboration system is accessed by the one or more user devices to facilitate collaboration activity over the content objects. Patterns of collaboration activity are classified, and in some cases, such patterns are deemed to be indicative of ransomware. If ransomware is indicated to be running on a user device, the collaboration system is notified that a ransomware process has been detected on the user device. The collaboration system delivers a prevention policy to other user devices that interface with the collaboration system. The prevention policy is in turn enforced by the other user devices to prevent synchronization of content object changes made by the ransomware.

Abstract: Systems and methods are disclosed for facilitating remote key management services in a collaborative cloud-based environment. In one embodiment, the remote key management architecture and techniques described herein provide for local key encryption and automatic generation of a reason code associated with content access. The reason code is logged by a hardware security module which is monitored by a remote client device (e.g., an enterprise client) to control a second (remote) layer of key encryption. The remote client device provides client-side control and configurability of the second layer of key encryption.

Abstract: A system and method for facilitating cache alignment in a cross-enterprise file collaboration system. The example method includes maintaining a plurality of messages in a cache, each message associated with a message offset; determining a message batch size; receiving a first request for a message characterized by a first offset; responding to the first request at least in part by sending an amount of data equal to the batch size starting at the first offset; receiving a second request for a second message of characterized by a second offset; and if the second offset plus the data batch size spans across a boundary determined by the first offset plus the data batch size, then responding to the second request by sending an amount of data equal to the first offset plus the data batch size minus the second offset. In a more specific embodiment, the first and second requests are received from different committers.