Abstract: A method for processing events comprising time series data may include inferring different schema associated with the events. The method may also include storing property definitions corresponding to the events. Each property definition may include a name and a data type. The method may also include storing schema definitions corresponding to the different schema that are inferred. Each schema definition may include a set of one or more properties. The method may also include updating at least one data structure for storing information about the events based on the different schema that are inferred.

Abstract: A method for processing events comprising time series data may include inferring different schema associated with the events. The method may also include storing property definitions corresponding to the events. Each property definition may include a name and a data type. The method may also include storing schema definitions corresponding to the different schema that are inferred. Each schema definition may include a set of one or more properties. The method may also include updating at least one data structure for storing information about the events based on the different schema that are inferred.

Abstract: A method for improving readability of a heatmap representing time series data may include obtaining a set of time series. Each time series may be associated with a key property and may include a set of values. The set of values in a time series may include results of performing an aggregate function with respect to a measure property in events that are associated with the key property, and at time intervals having an interval size. For each time series, an average value may be determined for the set of values within the time series. A heatmap may be rendered based on the set of time series. The set of time series may be ordered vertically in the heatmap based on the set of average values that are determined for the set of time series.

Abstract: A method for facilitating access to information contained within stored events may include receiving a request to provide information about a set of events. The set of events may correspond to time series data from a plurality of devices. The method may also include identifying patterns within the set of events in response to the request. Identifying the patterns within the set of events may include performing basket analysis. The method may also include selecting a subset of the patterns based at least partially on percentage of occurrence within the set of events and pattern similarity.

Abstract: Embodiments are directed to securing data in the cloud, securely encrypting data that is to be stored in the cloud and to securely decrypting data accessed from the cloud. In one scenario, an instantiated trust service receives information indicating that a trust server is to be instantiated. The trust service instantiates the trust server, which is configured to store key references and encrypted keys. The trust service receives the public key portion of a digital certificate for each publisher and subscriber that is to have access to various specified portions of encrypted data. A data access policy is then defined that specifies which encrypted data portions can be accessed by which subscribers.

Abstract: Embodiments include method, systems, and computer program products for filtering trust services records. Embodiments include receiving a trust services record that includes a plurality of security components and that is usable to secure data that is stored in an untrusted location. It is determined whether the trust services record has been tampered with, including verifying each of the plurality of security components of the trust services record. The trust services record is filtered based on the determination of whether the trust services record has been tampered with. The filtering includes, when the trust services record is determined to have not been tampered with, allowing performance of at least one task with respect to the secured data; and, when the trust services record is determined to have been tampered with, disallowing performance of any task with respect to the secured data.

Abstract: Embodiments are directed to mapping encryption policies to data stored in a database using a policy identifier, and to accessing data stored in a database using a policy identifier. In one scenario, a computer system receives an indication that identifies which type of encryption is to be applied when encrypting a specified portion of data stored in a database. The database has a database schema identified by a database schema identifier, where the database schema defines relationships for data stored in the database. The computer system then accesses a namespace that identifies a set of databases in which the specified portion of data is accessed in the same manner. The computer system also generates a policy identifier, which contains information including the namespace and the database schema identifier.

Abstract: Embodiments include method, systems, and computer program products for filtering trust services records. Embodiments include receiving a trust services record that includes a plurality of security components and that is usable to secure data that is stored in an untrusted location. It is determined whether the trust services record has been tampered with, including verifying each of the plurality of security components of the trust services record. The trust services record is filtered based on the determination of whether the trust services record has been tampered with. The filtering includes, when the trust services record is determined to have not been tampered with, allowing performance of at least one task with respect to the secured data; and, when the trust services record is determined to have been tampered with, disallowing performance of any task with respect to the secured data.

Abstract: Embodiments are directed to securely filtering trust services records. In one scenario, a client computer system receives at least one of the following trust services records: a trust services certificate, a principal certificate, a group certificate and a trust services policy. The client computer system performs a time validity check to validate the trust services record's timestamp, performs an integrity check to validate the integrity of the trust services record and performs a signature validity check to ensure that the entity claiming to have created the trust services record is the actual creator of the trust services record. The client computer system then, based on the time validity check, the integrity check and the signature validity check, determines that the trust services record is valid and allows a client computer system user to perform a specified task using the validated trust services record.

Abstract: Embodiments are directed to mapping encryption policies to data stored in a database using a policy identifier, and to accessing data stored in a database using a policy identifier. In one scenario, a computer system receives an indication that identifies which type of encryption is to be applied when encrypting a specified portion of data stored in a database. The database has a database schema identified by a database schema identifier, where the database schema defines relationships for data stored in the database. The computer system then accesses a namespace that identifies a set of databases in which the specified portion of data is accessed in the same manner. The computer system also generates a policy identifier, which contains information including the namespace and the database schema identifier.

Abstract: Embodiments are directed to mapping encryption policies to user data stored in a database using a policy column uniform resource identifier (URI). In one scenario, a computer system receives the following: a database schema name that identifies the name of a specified schema within a relational database in which user data is stored, a table name that identifies a specified table within the relational database, a column name that identifies a specified column in the specified table and a namespace identifier that identifies a set of relational databases. The computer system also receives an indication that identifies which type of encryption is to be applied when encrypting the column of data specified by the column name. The computer system then generates a policy column URI that includes a hierarchical string comprising the namespace identifier, the database schema name, the table name and the column name.

Abstract: In one scenario, a computer system accesses a first principal's public key to generate a group private key that is encrypted using the first principal's public key. The generated group private key provides access to data keys that are used to encrypt data resources. The computer system accesses a second principal's public key to encrypt the generated group private key using the second principal's public key and encrypts at least one of the data keys using a group public key, where the data key allows access to encrypted data resources. The first principal then decrypts the group private key using the first principal's private key, decrypts the data key using the decrypted group private key and accesses the data resource using the decrypted data key. The second principal also performs these functions with their private key to access the data resource.

Abstract: Embodiments are directed to mapping encryption policies to user data stored in a database using a policy column uniform resource identifier (URI). In one scenario, a computer system receives the following: a database schema name that identifies the name of a specified schema within a relational database in which user data is stored, a table name that identifies a specified table within the relational database, a column name that identifies a specified column in the specified table and a namespace identifier that identifies a set of relational databases. The computer system also receives an indication that identifies which type of encryption is to be applied when encrypting the column of data specified by the column name. The computer system then generates a policy column URI that includes a hierarchical string comprising the namespace identifier, the database schema name, the table name and the column name.

Abstract: Embodiments are directed to securing data in the cloud, securely encrypting data that is to be stored in the cloud and to securely decrypting data accessed from the cloud. In one scenario, an instantiated trust service receives information indicating that a trust server is to be instantiated. The trust service instantiates the trust server, which is configured to store key references and encrypted keys. The trust service receives the public key portion of a digital certificate for each publisher and subscriber that is to have access to various specified portions of encrypted data. A data access policy is then defined that specifies which encrypted data portions can be accessed by which subscribers.

Abstract: Embodiments are directed to securely filtering trust services records. In one scenario, a client computer system receives at least one of the following trust services records: a trust services certificate, a principal certificate, a group certificate and a trust services policy. The client computer system performs a time validity check to validate the trust services record's timestamp, performs an integrity check to validate the integrity of the trust services record and performs a signature validity check to ensure that the entity claiming to have created the trust services record is the actual creator of the trust services record. The client computer system then, based on the time validity check, the integrity check and the signature validity check, determines that the trust services record is valid and allows a client computer system user to perform a specified task using the validated trust services record.

Abstract: A computer implemented communications method and protocol is provided which utilizes an XML based communications protocol for security monitoring purposes. The XML based communications protocol consists of numerous modules which receive and convert data messages from varying security devices and sensors, standardize and send converted messages, and encrypt and decrypt said data messages as necessary. With a security system core application (SCA) running on various integrated checkpoint, base station and headquarter based computers and/or other data processing units, the data messages are filtered and transmitted from checkpoint computers to base station computers, then received by a headquarters data processing unit. The SCA running on base station and/or headquarters computers analyzes, reports and logs environmental as well as security events within one or more subject sites.