Abstract: A collaboration system manages a plurality of content objects that are shared by multiple users at corresponding user devices in corresponding computing environments. Policies that govern interactions over the plurality of content objects are established. A content object upload request from a first user belonging to a first enterprise is processed by the collaboration system and then the content object is shared with a second user of a second enterprise. Security characteristics pertaining to the second user, and/or the second enterprise, and/or the second user's devices are initially unknown or unverified. As such, upon receiving interaction events raised by a user device of the second user, a set of interaction attributes associated with the interaction events are gathered. One or more trust policies are applied to the interaction attributes to evaluate security conditions that correspond to the interaction events. A response is generated based on the evaluated security conditions.

Abstract: A collaboration system provides network access to a plurality of content objects. The collaboration system facilitates collaboration interactions between particular users by allowing or denying network access to the plurality of content objects based on user invitations. A computing module observes and records user-to-user or user-to-content collaboration invitations over the plurality of content objects. On an ongoing basis, a collaboration network graph is constructed and maintained, with updates to the collaboration network graph being continually applied based on observed collaboration interactions. On demand, such as upon receipt of a user request for access to a content object, the updated collaboration network graph is consulted so as to generate a then-current sharing boundary.

Abstract: Methods, systems and computer program products for content management systems. The techniques of the methods, systems and/or computer program products automatically determine activity-based content object access permissions and/or make a recommendation of activity-based content object access permissions. A machine learning model is formed from observations of user interactions over a plurality of content objects. The model is continually updated based on ongoing observation and analysis of user interaction events. When a collaborative relationship is formed between an invitor and one or more invitees, the activity-based permissions model is accessed to determine a set of access permissions to assign to the collaborative relationship. A single collaborative relationship may cover many collaboration objects. In some cases, a set of access permissions are automatically assigned to the collaborative relationship. In other cases, a set of access permissions is presented to the invitor as a recommendation.

Abstract: Leakage of secure content (e.g., unauthorized dissemination of secure content) is prevented even after a user has downloaded a copy of the secure content. In a content management system, the secure content object is accessible by users who access the secure content by downloading copies. While the downloading of a copy to a user device is permitted, further dissemination is not allowed. To enforce this degree of security, the user downloads a virtual file system that is configured to store a local instance of the secure content object in a secure container of the user device. During ongoing operation of the user device, every data movement operation request associated with the local instance of the secure content object is intercepted. Logic implemented in the downloaded a virtual file system will deny any data movement operation request when a target storage location associated with the data movement operation request is other than a location in the secure container.

Abstract: Systems and methods for ransomware protection in collaboration systems. One embodiment operates in conjunction with a collaboration system that manages one or more user devices that store device-local copies of content objects in storage areas of the one or more user devices. The collaboration system is accessed by the one or more user devices to facilitate collaboration activity over the content objects. Patterns of collaboration activity are classified, and in some cases, such patterns are deemed to be indicative of ransomware. If ransomware is indicated to be running on a user device, the collaboration system is notified that a ransomware process has been detected on the user device. The collaboration system delivers a prevention policy to other user devices that interface with the collaboration system. The prevention policy is in turn enforced by the other user devices to prevent synchronization of content object changes made by the ransomware.

Abstract: Techniques to provide mobile access to content are disclosed. A request from a mobile application running on a mobile device to access content is received at a connector node. A user credential associated with the request is used to identify at the connector node a policy associated with the request. A policy metadata associated with the policy is provided from the connector node to the mobile application running on the mobile device. The mobile application may include application code that is responsive to the policy metadata to perform, with respect to the request to access content, an action indicated by the policy.

Abstract: Techniques to perform secure authentication to provide mobile access to shared content are disclosed. In various embodiments, a user credential associated with a request to access content is received at a connector node from a mobile application running on a mobile device. The user credential is used to create at the connector node a secure credential token that includes the user credential. The secure credential token is used to provide to the mobile application on the mobile device, via the connector node, access to content on two or more servers residing on a protected network with which the user credential is associated.

Abstract: Techniques to provide mobile access to content are disclosed. A request from a mobile application running on a mobile device to access content is received at a connector node. A user credential associated with the request is used to identify at the connector node a policy associated with the request. A policy metadata associated with the policy is provided from the connector node to the mobile application running on the mobile device. The mobile application may include application code that is responsive to the policy metadata to perform, with respect to the request to access content, an action indicated by the policy.

Abstract: Techniques to perform secure authentication to provide mobile access to shared content are disclosed. In various embodiments, a user credential associated with a request to access content is received at a connector node from a mobile application running on a mobile device. The user credential is used to create at the connector node a secure credential token that includes the user credential. The secure credential token is used to provide to the mobile application on the mobile device, via the connector node, access to content on two or more servers residing on a protected network with which the user credential is associated.

Abstract: Techniques to perform secure authentication to provide mobile access to shared content are disclosed. In various embodiments, a user credential associated with a request to access content is received at a connector node from a mobile application running on a mobile device. The user credential is used to create at the connector node a secure credential token that includes the user credential. The secure credential token is used to provide to the mobile application on the mobile device, via the connector node, access to content on two or more servers residing on a protected network with which the user credential is associated.

Abstract: Methods, apparatus and articles of manufacture for assisted learning for document classification are provided herein. A method includes analyzing a collection of documents within a document repository to identify a set of multiple documents corresponding to a sample document, presenting at least a portion of the set of multiple documents to a user for user classification, and calculating a confidence measure based on the user classification of the at least a portion of the set of multiple documents, wherein said confidence measure corresponds to a level of accuracy by which a document classification algorithm detects one or more documents related to the sample document.