Abstract: A system and method for sharing data and a risk assessment of the data comprises receiving data in a first application and obtaining a risk level of the data, performing an action in the first application necessitating passing a message comprising at least the data and the risk level to a second application, passing the message from the first application to the second application, receiving, at the second application, the message, determining by said second application whether the risk level exceeds a predetermined threshold, when the risk level exceed the predetermined threshold, implementing a protocol to perform actions in the second application using the data in accordance with the protocol, and when the risk level does not exceed the predetermined threshold, running the second application using the data.

Abstract: Embodiments of the present invention disclose a method, system, and computer program product for intelligent access control. A computer detects a new user or modifications made to an existing user in an access control list. The computer determines which other users share an attribute with the newly added or modified employee and then determines which asset(s) are associated with the determined group(s). The computer determines the correlation value between the group(s) and the asset. Based on the determined correlation value, the computer determines whether the newly added or modified employee should have access to the asset.

Abstract: Embodiments of the present invention disclose a method, system, and computer program product for intelligent access control. A computer detects a new user or modifications made to an existing user in an access control list. The computer determines which other users share an attribute with the newly added or modified employee and then determines which asset(s) are associated with the determined group(s). The computer determines the correlation value between the group(s) and the asset. Based on the determined correlation value, the computer determines whether the newly added or modified employee should have access to the asset.

Abstract: A user's required password change is postponed according to context information determined to indicate that the current password change timing is at an inconvenient time for the user. A user is permitted to extend the use of an expired password when a pre-determined password validity period ends.

Abstract: A method of controlling access to a remote system includes granting a connecting device full access to the system upon determining the device is registered to a user, upon determining the device is not registered, determining whether the device has connected to the system before, granting the device full access to the system if the device has connected before and a trust index based on a trust level for the device and a trust level of a location the device is currently connecting from exceeds a threshold, and granting the device limited access to the system otherwise.

Abstract: A user's required password change is postponed according to context information determined to indicate that the current password change timing is at an inconvenient time for the user. A user is permitted to extend the use of an expired password when a pre-determined password validity period ends.

Abstract: An embodiment of the invention provides a method for anonymizing data from multiple data sources according to an embodiment of the invention. The data sources include record identifiers identifying entities associated with the data, wherein the record identifiers are only stored by the data sources. The data is collected by a central data aggregation module connected to the data sources. A record identifier is received by an anonymization engine from a first data source; and, a first anonymous identifier is generated with the anonymization engine to replace the record identifier. A map is sent to a mapping module if the anonymization engine has anonymized the record identifier before, wherein the map includes a list of anonymous identifiers that have been used to replace the record identifier. The first anonymous identifier and first data associated with the first anonymous identifier are sent to the data aggregation module.

Abstract: A method of controlling access to a remote system includes granting a connecting device full access to the system upon determining the device is registered to a user, upon determining the device is not registered, determining whether the device has connected to the system before, granting the device full access to the system if the device has connected before and a trust index based on a trust level for the device and a trust level of a location the device is currently connecting from exceeds a threshold, and granting the device limited access to the system otherwise.

Abstract: A system and method for sharing data and a risk assessment of the data comprises receiving data in a first application and obtaining a risk level of the data, performing an action in the first application necessitating passing a message comprising at least the data and the risk level to a second application, passing the message from the first application to the second application, receiving, at the second application, the message, determining by said second application whether the risk level exceeds a predetermined threshold, when the risk level exceed the predetermined threshold, implementing a protocol to perform actions in the second application using the data in accordance with the protocol, and when the risk level does not exceed the predetermined threshold, running the second application using the data.

Abstract: A client computer extracts contextual information associated with a file that is created. The client computer generates scores for the file by utilizing the contextual information that is extracted. The client computer assigns a value to the file, based on an aggregation of the scores that are generated. The client computer monitors activities on the client computer, wherein the activities trigger an event on the client computer. The client computer determines whether the event is in violation of one or more computer security policies on a server computer, wherein the one or more computer security policies require work-related files to be deleted or encrypted. The client computer classifies the file as personal data or work-related business data. The client computer secures the file, if the file is classified as work-related business data.

Abstract: An embodiment of the invention provides a method for controlling access to a system, wherein a request to access the system and metadata of the request are received from a user, the request including a user identification. The metadata includes: information obtained from a history of prior accesses to an application access system, information obtained from a history of prior accesses to a wireless authentication system, and/or confirmation of the user identification by an entity physically proximate to the user. A database is queried with the user identification and the metadata to identify relationship data. The relationship data indicates the relationship between the individual assigned the user identification and an entity owning the system, an entity leasing the system, and/or an entity operating the system. The relationship data is input into a rules engine; and, security measure(s) are selected with the rules engine based on the relationship data.

Abstract: An embodiment of the invention provides a method for controlling access to a system, wherein a request to access the system and metadata of the request are received from a user, the request including a user identification. The metadata includes: information obtained from a history of prior accesses to an application access system, information obtained from a history of prior accesses to a wireless authentication system, and/or confirmation of the user identification by an entity physically proximate to the user. A database is queried with the user identification and the metadata to identify relationship data. The relationship data indicates the relationship between the individual assigned the user identification and an entity owning the system, an entity leasing the system, and/or an entity operating the system. The relationship data is input into a rules engine; and, security measure(s) are selected with the rules engine based on the relationship data.

Abstract: A client computer extracts contextual information associated with a file that is created. The client computer generates scores for the file by utilizing the contextual information that is extracted. The client computer assigns a value to the file, based on an aggregation of the scores that are generated. The client computer monitors activities on the client computer, wherein the activities trigger an event on the client computer. The client computer determines whether the event is in violation of one or more computer security policies on a server computer, wherein the one or more computer security policies require work-related files to be deleted or encrypted. The client computer classifies the file as personal data or work-related business data. The client computer secures the file, if the file is classified as work-related business data.

Abstract: A method of controlling access to a remote system includes granting a connecting device full access to the system upon determining the device is registered to a user, upon determining the device is not registered, determining whether the device has connected to the system before, granting the device full access to the system if the device has connected before and a trust index based on a trust level for the device and a trust level of a location the device is currently connecting from exceeds a threshold, and granting the device limited access to the system otherwise.

Abstract: A method of controlling access to a remote system includes granting a connecting device full access to the system upon determining the device is registered to a user, upon determining the device is not registered, determining whether the device has connected to the system before, granting the device full access to the system if the device has connected before and a trust index based on a trust level for the device and a trust level of a location the device is currently connecting from exceeds a threshold, and granting the device limited access to the system otherwise.

Abstract: An embodiment of the invention provides a method for controlling access to a system, wherein a request to access the system and metadata of the request are received from a user, the request including a user identification. The metadata includes: information obtained from a history of prior accesses to an application access system, information obtained from a history of prior accesses to a wireless authentication system, and/or confirmation of the user identification by an entity physically proximate to the user. A database is queried with the user identification and the metadata to identify relationship data. The relationship data indicates the relationship between the individual assigned the user identification and an entity owning the system, an entity leasing the system, and/or an entity operating the system. The relationship data is input into a rules engine; and, security measure(s) are selected with the rules engine based on the relationship data.

Abstract: An embodiment of the invention provides a method for controlling access to a system, wherein a request to access the system and metadata of the request are received from a user, the request including a user identification. The metadata includes: information obtained from a history of prior accesses to an application access system, information obtained from a history of prior accesses to a wireless authentication system, and/or confirmation of the user identification by an entity physically proximate to the user. A database is queried with the user identification and the metadata to identify relationship data. The relationship data indicates the relationship between the individual assigned the user identification and an entity owning the system, an entity leasing the system, and/or an entity operating the system. The relationship data is input into a rules engine; and, security measure(s) are selected with the rules engine based on the relationship data.

Abstract: An embodiment of the invention provides a method of character recognition wherein user input is received with a sensor. The user input includes movement on a first axis and movement on a second axis. The receiving of the user input also includes determining the amount of pressure of the movement on the second axis of the key, and/or the duration of the movement on the second axis of the key. A processor matches the movement on the first axis of the key with a first character and the movement on the second axis of the key with a second character. The first character followed by the second character are displayed when the amount of pressure of the movement on the second axis of the key is above a threshold pressure and/or the duration of the movement on the second axis of the key is above a threshold duration.

Abstract: An embodiment of the invention provides a method of character recognition wherein user input is received with a sensor. The user input includes movement on a first axis and movement on a second axis. The receiving of the user input also includes determining the amount of pressure of the movement on the second axis of the key, and/or the duration of the movement on the second axis of the key. A processor matches the movement on the first axis of the key with a first character and the movement on the second axis of the key with a second character. The first character followed by the second character are displayed when the amount of pressure of the movement on the second axis of the key is above a threshold pressure and/or the duration of the movement on the second axis of the key is above a threshold duration.

Abstract: Personalization of content of a web site for a user based on a web site that a user arrives from is disclosed. For example, the content of the web site from which the user arrives (i.e., the originating page), as well as the content of the web page the user has arrived to (i.e., the target page), may be categorized as pertaining to particular subjects or topics. Any time a user comes from an originating page, the subject categories for the originating page and the target page may be compared to determine if like categories exist between the pages. In the event that like categories are found, the target page may be personalized based on those categories.