Abstract: Methods, systems, and computer program products are provided for automatically enriching data in tables of report documents. A table of data contained in a document is received. A category of data stored in a column of the table of data is determined Enhancement information associated with the determined category is retrieved. The enhancement information may include visual enhancements (e.g., symbols, images, etc.) and/or may include reference data that is related to the determined category of column data. A user is enabled to select enhancement information of the retrieved enhancement information. The selected enhancement information is displayed in the document. The user is enabled to accept the selected enhancement information to be stored in the document.

Abstract: Embodiments of the invention provide techniques for basing access control decisions at the network layer at least in part on information provided in claims, which may describe attributes of a computer requesting access, one or more resources to which access is requested, the user, the circumstances surrounding the requested access, and/or other information. The information may be evaluated based on one or more access control policies, which may be pre-set or dynamically generated, and used in making a decision whether to grant or deny the computer access to the specified resource(s).

Abstract: Embodiments of the invention make the issuance of trustworthy device claims available to client devices as a service, so that a client device to which device claims are issued may use the device claims in relation to an attempt to access a network application. The service may conduct an assessment of the device's characteristics and/or state, characterize the results of this assessment in device claims, and issue the device claims to the device. The service may be accessible to a client device from outside administrative boundaries of an entity that makes a network application accessible, and thus may be useful to entities making network applications accessible in business-to-consumer (B2C) and business-to-business (B2B) topologies, such as over the publicly accessible Internet.

Abstract: Systems, methods and apparatus for accessing at least one resource hosted by at least one server of a cloud service provider. In some embodiments, a client computer sends authentication information associated with a user of the client computer and a statement of health regarding the client computer to an access control gateway deployed in an enterprise's managed network. The access control gateway authenticates the user and determines whether the user is authorized to access the at least one resource hosted in the cloud. If the user authentication and authorization succeeds, the access control gateway requests a security token from a security token service trusted by an access control component in the cloud and forwards the security token to the client computer. The client computer sends the security token to the access component in the cloud to access the at least one resource from the at least one server.

Abstract: Embodiments of the invention provide a trusted intermediary for use in a system in which access control decisions may be based at least in part on information provided in claims. The intermediary may request claims on behalf of a network resource to which access is requested, and submit the claims for a decision whether to grant or deny access. The decision may be based at least in part on one or more access control policies, which may be pre-set or dynamically generated. Because the intermediary requests the claims and submits the claims for an access control decision, the network resource (e.g., a server application) need not be configured to process claims information.

Abstract: Methods, systems, and computer program products are provided for automatically enriching data in tables of report documents. A table of data contained in a document is received. A category of data stored in a column of the table of data is determined Enhancement information associated with the determined category is retrieved. The enhancement information may include visual enhancements (e.g., symbols, images, etc.) and/or may include reference data that is related to the determined category of column data. A user is enabled to select enhancement information of the retrieved enhancement information. The selected enhancement information is displayed in the document. The user is enabled to accept the selected enhancement information to be stored in the document.

Abstract: A social marketing system may have an incentive system that may be optimized dynamically for each user during the course of a marketing campaign. The social marketing system may use a simulated model of social interactions to predict the performance of a marketing campaign and may use the output of the simulation to adjust incentives during a campaign for various users, as well as use the actual results of changes in incentives as feedback to the simulation. The simulation may assume several different types of users within the social network and that several types of financial and non-financial incentives may be applied to different users. Some embodiments may use machine learning algorithms to analyze actual results and feed those results into the simulation. The system may be able to categorize users into the simulated types and adjust incentives according to the models associated with those types of users.

Abstract: Online sellers may be ranked based on feedback given by people trusted by an individual user. The user may trust people in their social networks, as well as people who may be experts in a particular field, and the seller's ranking may be calculated by weighting reviews or feedback from trusted people higher than people unknown to the user. When used with a social campaign management system, ranking of products from multiple online sellers may include coupons or incentives that are available through the user's social network, as well as discounts or incentives that may be targeted to the user's status within their own social network.

Abstract: A social marketing system may measure the performance of marketing campaigns using the effective click through rates that include impressions that are due to propagation of items through social networks. A social marketing system may track an initial effectiveness in starting a campaign, as well as track the propagation of the campaign information through multiple social networks. The effectiveness of the campaign may be measured using the effective click through rates for various target audiences. The social marketing system may create links to advertising materials and thereby track interactions when users click through the links to interact with the materials. The effectiveness of the social media campaign may be based in part by measuring the actual or estimated number of impressions through social media networks.

Abstract: A policy enforcement system may have a mechanism for assisting a user in obtaining an exception to a given policy. The mechanism may collect information from the user as to why the exception is requested, then manage the exception throughout a security system. An exception policy may define the conditions when a user may be granted an exception automatically, as well as when the exception may be granted only through an approval process. An exception created by the mechanism may be logged in an audit file so that each exception is documented. Different exceptions may be defined for different conditions and each exception may have one or more paths by which the exception may be granted. The policy enforcement system may be used for any type of access control to any resource, including URL resources, physical peripherals or networks, data or applications, or any other resource.

Abstract: A policy enforcement system may use device location as a parameter for granting or denying access to a resource. An access policy may include location parameters that may permit or deny access to the resource based on the physical location of the device. In some cases, the location may be authenticated by a server that may verify the device's location. The access policy may grant or deny full or partial access to the resource, which may be a data resource, such as a file, database, URL, or other information, an application resource, or a physical resource such as a network or a peripheral device. The policy enforcement system may use the device location for regulatory compliance, restricting access to sensitive information, or as a primary or secondary condition for limiting access to a resource.

Abstract: Social influencers may be identified for specific usage contexts and for influencer type. Influencers may be categorized by mavens, connectors, salesmen, or other categories. Within each usage context, a unified data model may be used to collect data from multiple sources, including multiple social networks, as well as to collect data from different levels of influencers in each usage context. The relevance of various communication media as well as the frequency and quality of use of the media may be factors used to determine a person's effectiveness as a specific type of influencer within a usage context.

Abstract: A ranked set of users may be calculated from an expertise categorization for each user and a person's trust in the users for specific categories. The ranked set of users may be used for presenting search results, recommendations, social marketing, or other uses. A person's reputation may be determined through various online activities. A person's trust in another person may be related to their proximity and activity in one or more social networks.

Abstract: A social marketing system may reward and incentivize participants, and may also have a fraud detection system. The manager may create social marketing campaigns that may be simulated to determine an expected set of activities, which may be compared to an actual set of activities. A fraud detection system may detect abnormal activity and may bring the activity to a manager's attention and may also punish the participants by withholding rewards, lowering the participant's reputation, or some other punishment mechanism.

Abstract: A ranked set of users may be calculated from an expertise categorization for each user and a person's trust in the users for specific categories. The ranked set of users may be used for presenting search results, recommendations, social marketing, or other uses. A person's expertise may be determined through various online activities. A person's trust in another person may be related to their proximity and activity in one or more social networks.

Abstract: The subject disclosure is directed towards protecting virtual machines on guest partitions from malware in a resource-efficient manner. Antimalware software is divided into lightweight agents that run on each malware-protected guest partition, a shared scanning and signature update mechanism, and a management component. Each agent provides the scanning mechanism with files to scan for malware, such as by running a script, and receives results from the scanning mechanism including possible remediation actions to perform. The management component provides the scanning mechanism with access to virtual machine services, such as to pause, resume, snapshot and rollback guest partitions as requested by the scanning mechanism.

Abstract: Embodiments of the invention make the issuance of trustworthy device claims available to client devices as a service, so that a client device to which device claims are issues may use the device claims in relation to an attempt to access a network application. The service may conduct an assessment of the device's characteristics and/or state, characterize the results of this assessment in device claims, and issue the device claims to the device. The service may be accessible to a client device from outside administrative boundaries of an entity that makes a network application accessible, and thus may be useful to entities making network applications accessible in business-to-consumer (B2C) and business-to-business (B2B) topologies, such as over the publicly accessible Internet.

Abstract: Embodiments of the invention enable a client device to procure trustworthy device claims describing one or more attributes of the client device, have those device claims included in a data structure having a format suitable for processing by an application, and use the data structure which includes the device claims in connection with a request to access the application. The application may use the device claims to drive any of numerous types of application functionality, such as security-related and/or other functionality.

Abstract: Embodiments of the invention provide techniques for basing access control decisions at the network layer at least in part on information provided in claims, which may describe attributes of a computer requesting access, one or more resources to which access is requested, the user, the circumstances surrounding the requested access, and/or other information. The information may be evaluated based on one or more access control policies, which may be pre-set or dynamically generated, and used in making a decision whether to grant or deny the computer access to the specified resource(s).

Abstract: Embodiments of the invention provide a trusted intermediary for use in a system in which access control decisions may be based at least in part on information provided in claims. The intermediary may request claims on behalf of a network resource to which access is requested, and submit the claims for a decision whether to grant or deny access. The decision may be based at least in part on one or more access control policies, which may be pre-set or dynamically generated. Because the intermediary requests the claims and submits the claims for an access control decision, the network resource (e.g., a server application) need not be configured to process claims information.