Abstract: A computer-implemented method for metadata-based retention of personal data may be provided. The method comprises recording data by a recording system. The data comprise payload data and metadata comprising information about the payload data and an event type; and a rule is associated with the event type, wherein the rule is indicative whether the data shall be stored persistently or temporary. The method comprises further segmenting the recorded data into a plurality of non-overlapping data segments, encrypting each data segment of the plurality of non-overlapping data segments with a unique key each, transmitting the encrypted data segments wirelessly, and storing, using a secure service container, selected ones of the plurality of non-overlapping data segments as a function of the rule.

Abstract: A computer-implemented method for metadata-based retention of personal data may be provided. The method comprises recording data by a recording system. The data comprise payload data and metadata comprising information about the payload data and an event type; and a rule is associated with the event type, wherein the rule is indicative whether the data shall be stored persistently or temporary. The method comprises further segmenting the recorded data into a plurality of non-overlapping data segments, encrypting each data segment of the plurality of non-overlapping data segments with a unique key each, transmitting the encrypted data segments wirelessly, and storing, using a secure service container, selected ones of the plurality of non-overlapping data segments as a function of the rule.

Abstract: An example operation may include one or more of receiving, by a document server, a hash of data generated by an author registered with a blockchain, sending, by the document server, the hash of the data to a timestamp authority (TSA) to be time stamped, receiving, by the document server, a timestamp reflecting when the hash of the data was received by the TSA and forwarding the timestamp to the author, receiving a combination of the hash of the data and the timestamp (time/hash) signed by the author and forwarding the time/hash to the blockchain, receiving, by the document server, the time/hash signed by the TSA, and forwarding the time/hash signed by the TSA to the blockchain.

Abstract: Disclosed aspects perform a join operation between a database table and second in-memory data of an application may be provided. The operation is expressed as an join query between first data residing in the relational database and second data residing in a memory space of an application. Aspects can include serializing rows of the second data into a character large binary object, generating a composite statement by decoding, using a table function, rows of the character large binary object into columns of associated database data-types. The rows are substrings of the character large binary object. Aspects may include sending the character large binary object and the composite statement to a relational database, executing it, and receiving a result.

Abstract: An example operation may include one or more of receiving, by a document server, a hash of data generated by an author registered with a blockchain, sending, by the document server, the hash of the data to a timestamp authority (TSA) to be time stamped, receiving, by the document server, a timestamp reflecting when the hash of the data was received by the TSA and forwarding the timestamp to the author, receiving a combination of the hash of the data and the timestamp (time/hash) signed by the author and forwarding the time/hash to the blockchain, receiving, by the document server, the time/hash signed by the TSA, and forwarding the time/hash signed by the TSA to the blockchain.

Abstract: A Processing method for processing SQL statements of different flavors by a database management system may be provided. The method comprises receiving SQL statements of different SQL flavors, parsing each received SQL statement for identifying an SQL flavor characteristic, tracking an SQL statement identifier of a related SQL PREPARE operation for determining the SQL flavor characteristic at subsequent DMBS operations, adapting a DBMS mode of the DBMS dynamically to the identified SQL flavor characteristic, adapting another received SQL statement to a DBMS mode of the database management system, and sending each of the adapted SQL statements to the DBMS for the SQL PREPARE operation under the adapted database management system mode.

Abstract: A method for handling e-mail communication by an e-mail server is provided. The method includes receiving an e-mail by the e-mail server, parsing the e-mail to identify a large content item within the e-mail, generating a modified e-mail by replacing the large content item within the e-mail with an identifier, storing the large content item and the large content item forms a basis for a weblog associated with the identifier, sending the modified e-mail, and receiving a reply e-mail to the modified e-mail and the content of the reply e-mail builds an extension to the weblog.

Abstract: Disclosed aspects relate to establishing a secure communication connection between a server and a client. The server and a gateway reside within a first network realm. The server's public key certificates are signed by a certifying authority not certifiable from a the client residing within a second network realm. Aspects relate to verifying a server's certificate signed by a certificate authority of the first network realm before establishing the communication connection between the server and the client. Aspects relate to verifying a client's certificate signed by a certificate authority of the second network realm before establishing the communication connection between the server and the client. Aspects relate to verifying, a trusted secure gateway's certificate signed by a public key certificate authority certifiable from the client's network before establishing the communication between the server and the client.

Abstract: Disclosed aspects relate to establishing a secure communication connection between a server and a client. The server and a gateway reside within a first network realm. The server's public key certificates are signed by a certifying authority not certifiable from a the client residing within a second network realm. Aspects relate to verifying a server's certificate signed by a certificate authority of the first network realm before establishing the communication connection between the server and the client. Aspects relate to verifying a client's certificate signed by a certificate authority of the second network realm before establishing the communication connection between the server and the client. Aspects relate to verifying, a trusted secure gateway's certificate signed by a public key certificate authority certifiable from the client's network before establishing the communication between the server and the client.

Abstract: Disclosed aspects perform a join operation between a database table and second in-memory data of an application may be provided. The operation is expressed as an join query between first data residing in the relational database and second data residing in a memory space of an application. Aspects can include serializing rows of the second data into a character large binary object, generating a composite statement by decoding, using a table function, rows of the character large binary object into columns of associated database data-types. The rows are substrings of the character large binary object. Aspects may include sending the character large binary object and the composite statement to a relational database, executing it, and receiving a result.

Abstract: The invention relates to a computer-implemented method for secure web browsing. The method includes: receiving a request submitted from a browser, the browser running in a default runtime environment; evaluating by the proxy module, the received request and/or evaluating the requested content; in case the request is determined to request insecure content and/or in case the requested content is determined to comprise insecure content, sending, by the proxy module, a copy of the received request to a receiver module running in a secure runtime environment; in case the request is determined to request secure content, sending a copy of the request to the remote server.

Abstract: A method for handling e-mail communication by an e-mail server is provided. The method includes receiving an e-mail by the e-mail server, parsing the e-mail to identify a large content item within the e-mail, generating a modified e-mail by replacing the large content item within the e-mail with an identifier, storing the large content item and the large content item forms a basis for a weblog associated with the identifier, sending the modified e-mail, and receiving a reply e-mail to the modified e-mail and the content of the reply e-mail builds an extension to the weblog.

Abstract: A Processing method for processing SQL statements of different flavors by a database management system may be provided. The method comprises receiving SQL statements of different SQL flavors, parsing each received SQL statement for identifying an SQL flavor characteristic, tracking an SQL statement identifier of a related SQL PREPARE operation for determining the SQL flavor characteristic at subsequent DMBS operations, adapting a DBMS mode of the DBMS dynamically to the identified SQL flavor characteristic, adapting another received SQL statement to a DBMS mode of the database management system, and sending each of the adapted SQL statements to the DBMS for the SQL PREPARE operation under the adapted database management system mode.

Abstract: The invention provides a method for rendering dynamic web contents with static file based graphical user interface (GUI) form control The method includes the steps of trapping an event which requires to draw or redraw an image in a file based GUI image control in a current local environment; initiating a WebCrawler function with parameters derived from the current local environment to retrieve data from the web; generating a locally accessible file with web content in a format interpretable by the file based GUI image control; and having the file based GUI image control render the web content contained in the locally accessible file.

Abstract: When software is delivered to a customer, there are often programs or routines of programs that a software distributor intended to run under the credentials of a specific user other than the user who started the program. A secure method is proposed for software running in a process to acquire rights to issue restricted operations. A trusting entity trusts a process based on verifying ownership of code residing in the process. The trusted process is granted rights by the trusting entity to perform any or specific operations under the credentials of a specific user, not necessarily the current process user.

Abstract: The disclosure relates to authenticating a secondary communication channel between a client application and a server application when an authenticated primary communication channel has already been established between the client application and a resource application, on which the server application can store a generated authentication token that only privileged users including the client application user can read-access and send back to the server application by way of the secondary communication channel.

Abstract: Methods and apparatus, including computer systems and program products, that implement a description language and a parser for a description language. A method includes receiving input including a specification of base items, a specification of contexts, and a specification of a selected context from the contexts. The method further includes generating an output set of items by evaluating the selected context. In that method, each item in the output set of items includes core attributes of a corresponding base item and can include attributes from a context. Generating an output set of items can include generating a specific bill of materials.

Abstract: The invention provides a method for rendering dynamic web contents with static file based graphical user interface (GUI) form control The method includes the steps of trapping an event which requires to draw or redraw an image in a file based GUI image control in a current local environment; initiating a WebCrawler function with parameters derived from the current local environment to retrieve data from the web; generating a locally accessible file with web content in a format interpretable by the file based GUI image control; and having the file based GUI image control render the web content contained in the locally accessible file.

Abstract: When software is delivered to a customer, there are often programs or routines of programs that a software distributor intended to run under the credentials of a specific user other than the user who started the program. A secure method is proposed for software running in a process to acquire rights to issue restricted operations. A trusting entity trusts a process based on verifying ownership of code residing in the process. The trusted process is granted rights by the trusting entity to perform any or specific operations under the credentials of a specific user, not necessarily the current process user.

Abstract: A computing system is provided and includes first computing resources representing a fraction of total computing resources, second computing resources representing at least a partial remainder of the total computing resources except for the first computing resources, and a memory unit. The memory unit includes a computer-readable medium having computer-readable executable instructions stored thereon that are accessible to at least the second computing resources. When executed, the executable instructions cause the second computing resources to monitor a process running on the first computing resources in accordance with pre-selected parameters, to determine that a potential lock or wait situation that impedes the process is in effect from a result of the monitoring and to execute an action in response to the potential lock or wait situation.