Abstract: A method of designing an acoustic microwave filter in accordance with frequency response requirements comprises generating a modeled filter circuit design having a plurality of circuit elements comprising an acoustic resonant element defined by an electrical circuit model that comprises a parallel static branch, a parallel motional branch, and one or both of a parallel Bragg Band branch that models an upper Bragg Band discontinuity and a parallel bulk mode function that models an acoustic bulk mode loss. The method further comprises optimizing the modeled filter circuit design to generate an optimized filter circuit design, comparing a frequency response of the optimized filter circuit design to the frequency response requirements, and constructing the acoustic microwave filter from the optimized filter circuit design based on the comparison.

Abstract: Aspects of the disclosed technology relate to techniques of design implementation for FPGA prototyping. An initial FPGA-mapped netlist and a generic RTL design associated with the initial FPGA-mapped netlist are generated based on an original RTL (register-transfer level) design for a circuit design and optionally on verification-related features. Based on the initial FPGA-mapped netlist, the circuit design is partitioned into design partitions for implementing the circuit design across a plurality of FPGA chips. Final FPGA-mapped netlists are then generated based on the design partitions represented by the generic RTL design or by a combination of the generic RTL design and the initial FPGA-mapped netlist.

Abstract: Methods for integrated circuit design are provided. In one embodiment, a method for determining a physical layout pattern includes accessing a layout pattern configuration graph. The graph includes layout pattern configurations meeting a circuit requirements. At least two of the layout pattern configurations are annotated with characteristics by analyzing sample layout patterns. An integrated circuit electrical design is partitioned into circuit design configurations. One of the circuit design configurations meets one of the circuit requirements. One of the layout pattern configurations is selected from the layout pattern configuration graph to meet the selected circuit requirements. In another embodiment, a method for determining a netlist for an integrated circuit electrical design is provided. In a further embodiment, a method for determining a tool configuration for a manufacturing process is provided.

Abstract: Embodiments relate an emulation environment that places debugging logic in a manner that connections between the debugging logic and logic components outputs can be efficiently routed. In one embodiment, the host system places the debugging logic after placing the logic components of the DUT, but before routing the logic components. In another embodiment, the host system places debugging logic after placing and routing logic components of the DUT. In another embodiment, for one or more emulator FPGAs, the host system places debugging logic units of the debugging logic evenly across the FPGA before placing logic components of the DUT.

Abstract: A method, system, and computer program product to characterize and adaptively instantiate timing abstracts to perform timing analysis of an integrated circuit include generating an adaptable timing abstract for one or more macro models of a macro, the macro including two or more primitives of a component of the integrated circuit, the adaptable timing abstract being a parameterized timing model with at least one aspect represented by two or more models, and estimating requirements for the timing analysis, the requirements including accuracy, runtime, or memory requirements. Selecting a specific timing abstract, obtained by setting parameters of the adaptable timing abstract, is to perform the timing analysis based on the requirements.

Abstract: The disclosure details the implementation of an apparatus, method, and system for brokering SmartAds. The disclosure teaches a efficient ad brokering as between advertisers, broadcast service providers, and media consumers by employing a SmartAds Client (SAC) and a SmartAds Server (SAS). The SAC may provide viewers with programming and integrate ads in an intelligent manner based on criteria supplied to it. The SAC is used to display SmartAds to television viewers. The ad brokering SAS is complementary to the SAC media consumer and provides services, ads, and ad related information to the SAC. By employing intelligence from a SAC and SAS, ads may be dynamically provided, changed, and/or augmented with programming. The SAS collects and matches media consumer profiles and advertiser bids against one another and an ad database to provide better targeted ads to media consumers. The manner and way in which this is achieved, results in the expiration of stale ads.

Abstract: Methods and compositions related to the selective, specific disruption of multiple ligand-receptor signaling interactions, such as ligand-receptor interactions implicated in disease, are disclosed. These interactions may involve multiple cytokines in a single receptor family or multiple ligand receptor interactions from at least two distinct ligand-receptor families. The compositions may comprise polypeptides having composite sequences that comprise sequence fragments of two or more ligand binding sites. The methods and compositions may involve sequence fragments of two or more ligand binding sites that are arranged to conserve the secondary structure of each of the ligands from which the sequence fragments were taken.

Abstract: Embodiments are provided for securely messaging healthcare entities. In one scenario, a computer system receives an input from a user indicating that a message including text or other characters is to be securely transmitted to a specified healthcare entity. The message is part of a conversation between a user and the specified healthcare entity. The computer system encrypts the characters of the message using at least one encryption algorithm, so that the message is encrypted during the transfer from the user to the specified healthcare entity. The computer system then initiates transmission of the encrypted message such that the encrypted message is sent to the specified healthcare entity. Throughout the process, the encrypted message is transferred in accordance with legal regulations governing healthcare communications.

Abstract: An example method includes monitoring healthcare information employed by a local information system of a first healthcare entity via an edge device located at a facility of the first healthcare entity and in communication with a local information system. The edge device is to implement a local cloud system. The local cloud system is to be accessible by only the first healthcare entity and healthcare entities affiliated with the first healthcare entity. The example method also includes determining if the healthcare information has a first characteristic via the edge device, determining if the healthcare information has a second characteristic via the edge device, and automatically uploading the healthcare information onto the local cloud system if the healthcare information has the first characteristic. The example method also includes automatically uploading the healthcare information onto a remote cloud system if the healthcare information has the second characteristic.

Abstract: Method for tracking sanitary materials and goods with a RFId identification system; the materials and goods provided with at least one label containing a microchip containing data of the material or good and an antenna; the materials and goods placeable in a storage area provided with a plurality of transceiving radio frequency identification antennae and associated connectivity devices; the plurality of antennae and connectivity devices placed so as to receive and exchange information via RFId technology inside the set area, so as to automatically record and detect the loading and/or collecting of the labeled materials and goods and exchange information relative to the identified objects; the method includes: a) carrying out the exchange of tag-antenna information in a range of radiofrequencies comprised between 850 and 960 MHz (UHF); and b) restricting the range of radiofrequencies (UHF) through the shielding of the area arranged for storage of the materials and goods.

Abstract: A system for storing stimulation programs or sets of stimulation parameters includes at least one memory; at least one of i) multiple stimulation programs or ii) a multiple sets of stimulation parameters stored on the at least one memory from multiple different devices remote from the system and used to stimulate different patients; at least one processor coupled to the at least one memory to retrieve the stored stimulation programs or sets of stimulation parameters from the at least one memory when requested and to store additional stimulation programs or sets of stimulation parameters on the at least one memory; and a communications arrangement coupled to the at least one processor to deliver the stored stimulation programs or sets of stimulation parameters to external device and to receive additional stimulation programs and sets of stimulation parameters from external devices.

Abstract: A system includes a parameter generation system to determine at least one parameter for an injection procedure (for example, a parameter of an injection protocol or an imaging system parameter), the parameter generator system includes a physiologically based pharmacokinetic model to model propagation of a contrast medium injected into a patient including at least one of a non-linear saturation term in a peripheral venous compartment, at least one configurable transport delay term through at least one compartment, or an adaptation to model volumetric flow rate of blood and an effect thereof on the propagation of contrast medium after injection of contrast medium ceases. The physiologically based pharmacokinetic model can, for example, be discretizable.

Abstract: A medical modeling system and method predict a risk of a physiological condition, such as mortality, for a patient. Measurements of a plurality of predictive variables for the patient are received. The plurality of predictive variables are predictive of the risk of the physiological condition. The risk of the physiological condition is calculated by applying the received measurements to at least one model modeling the risk of the physiological condition using the plurality of predictive variables. The at least one model includes at least one of a hidden Markov model and a logistic regression model. An indication of the risk of the physiological condition is output to a clinician.

Abstract: Methods, systems, and devices are disclosed for administering a medicament to a patient. In one aspect, a system includes an injection pen device in wireless communication with a mobile communication device. The injection pen device includes a housing including a chamber to encase a cartridge containing medicine, a dose setting and dispensing mechanism to set the mechanism to dispense a particular dose of the medicine from the loaded cartridge, a sensor unit to detect a dispensed dose based on positions and/or movements of the dose setting and dispensing mechanism, and an electronics unit in communication with the sensor unit to process the detected dispensed dose and time data associated with a dispensing event and to wirelessly transmit the dose data to a user's device. The mobile communication device provides a software application to provide the user with health information using the processed dose data.

Abstract: An odorant mixture is disclosed. The odorant mixture comprises N odorant components wherein N equals at least 20. Each odorant component is characterized by a multidimensional vector of attributes. A z score of an average of characteristic distances between vectors corresponding to odorant components in the mixture and vectors corresponding to odorant components in a group of M odorant components but not in the mixture is less than 2.

Abstract: Testing tamper protection of a field device includes arrangement of at least one test element in the material of a housing of the field device. The test element is supplied with a first test signal, and the first test signal is measured for determining a physical fingerprint. The physical fingerprint is measured, and the test element is supplied with a second test signal. The second test signal is measured, and the second test signal is compared with the physical fingerprint. If the second test signal deviates from the physical fingerprint, a tamper signal is output.

Abstract: The invention relates to a device for decrypting protected content and for providing the decrypted content for playback. The device comprises one or more system software modules providing functions for facilitating the decryption of the protected content and at least one client software module assigned to a provider of protected content. The client software module is adapted to access functions of the system software modules in order to control the system software to decrypt the protected content of the provider. Moreover, the device is adapted to validate the system software and/or a further client software module and to prevent the decryption and/or provision of the protected content of the provider, if the system software and/or the further client software module are not validated successfully.

Abstract: A digital rights management system includes two digital rights management servers (RMS servers) connected to a client computer. The two RMS servers implement different but related digital rights management (DRM) policies, with the first RMS server implementing conventional DRM policies and the second RMS server implementing extended DRM policies. An application program on the client computer interacts with a document on the client computer, and communicates with the first RMS server to obtain access authorization for the document. A plug-in program in the client computer cooperates with the application program, and communicates with the second RMS server to obtain additional access authorization for the document. Access to the document is granted when both RMS servers grant access to the document. This achieves extended digital rights management control which can provide a more flexible access control than that provided by existing DRM systems.

Abstract: System and methods for obtaining digital multimedia files from a server based on optically scanned digital rights management information tag imprinted on physical media is described. A greeting card or gift card can be provided with indicia containing a code printed thereon. Then the code can be optically scanned by client device. The code can then be provided by the client device to a remote server for retrieval of multimedia files identified by the code if the code authorizes multimedia file retrieval from the remote server by the client device. Then the client device retrieves multimedia files identified by the code from the remote server following authorization of multimedia file retrieval by the remote server based on the code.

Abstract: Systems and methods are provided for handling Personally Identifiable Information (PII) in a globally compliant manner, across and within governmental or defined synthetic jurisdictions without violating the privacy laws or rules of the involved jurisdictions. Disclosed systems for distributing PII include a regional server in a first jurisdiction with a first set of jurisdictional rules, a central computer and a recipient computer. The recipient computer is located in a second jurisdiction and inputs data conforming to a second set of jurisdictional rules. The central computer communicates with both the regional server and the recipient computer. The central computer masks data coming from the first jurisdiction and from the second jurisdiction so that the data complies with the rules of the destination jurisdiction.

Abstract: System and a method to dynamically authenticate and optionally dynamically authorize a user at a user device or at a server, the method including: receiving a request from the user to access a service; determining contextual data associated with the user; determining, based on at least the contextual data, at least one rule from a rules database to authenticate the user; and authenticating the user based on the determined at least one rule, wherein the user is authorized to access the service based on the authentication.

Abstract: Methods, systems, computer-readable media, and apparatuses may provide a mobile device with the ability to locally detect fraudulent activity by an unauthorized user. A mobile device may include a fraud detection module that may build a historical usage pattern of a user of the mobile device. The fraud detection module may monitor usage of the mobile device for multiple parameters and record events pertaining to the parameters. Periodically or in response to each event, the fraud detection module may compute a current usage pattern using each of the current parameter values. The fraud detection module may compare the current usage pattern with the historical usage pattern and may use the comparison result to compute a confidence score. The fraud detection module may then compare the confidence score with a preset confidence score to determine whether fraudulent activity is occurring at the mobile device.

Abstract: The invention relates to accessing user interfaces for atmosphere controlling, particularly to comfortably accessing dedicated user interfaces of a complex atmosphere control system. A basic idea of the invention is to provide several user interfaces, each of which is provided for a certain control configuration for atmosphere control with an atmosphere creation system and to control the access to the user interfaces.

Abstract: A system connected to an existing computer includes a unit for monitoring the screen and provides input, a storage unit that stores data that pairs screen buffer regions with authentication details, wherein the system learns new pairs via user training and presents stored authentication details when the screen buffer regions match a related stored region which is paired with a region of the screen, and a unit that determines which of stored passwords need to be presented to the system by a pattern matching of regions of screen pixels.

Abstract: An MFP sets an access condition for an external device with respect to a cloud box. The access condition is transmitted from the MFP to a relay device, and is registered in a memory of the relay device. When the relay device receives an access request made by the external device with respect to the MFP serving as an internal device, the relay device determines whether to permit or deny access to the MFP by comparing the access request with the access condition. When the access is permitted, the access request is transferred from the relay device to the MFP, whereas when the access is denied, the relay device notifies the external device of it.

Abstract: The communication device sends an authentication code (N) to a semiconductor memory to instruct the semiconductor memory to authenticate the communication device. The semiconductor memory authenticates the communication device based on the authentication code (N), and if the communication device is determined to be valid, sends an authentication code (N+1) to the communication device to instruct the communication device to authenticate the semiconductor memory in response to the authentication code (N). The communication device authenticates the semiconductor memory based on the authentication code (N+1).

Abstract: Computer-implemented methods and systems for creating or updating approved-file and trusted-domain databases and verifying the legitimacy of files are disclosed. A method for creating or updating an approved-file database may include intercepting a first file, identifying a source domain associated with the first file, identifying a trusted-domain database, determining whether a database record for the source domain associated with the first file exists within the trusted-domain database, creating a hash value for the first file if a database record for the source domain associated with the first file exists within the trusted-domain database, and storing the hash value for the first file in an approved-file database. Methods and systems for verifying the legitimacy of a file and for creating or updating a trusted-domain database are also disclosed.

Abstract: A method and apparatus of a device for security management by sandboxing third-party components is described. The device can determine whether a third-party component supports network access. If the third-party component supports network access, the device can request a user input regarding whether to restrict the network access of the component. The device can receive a user input to restrict network access of the third-party component. Upon receiving the user input to restrict network access, the device can construct a sandbox for the third-party component to restrict network access of the component and prevent the component from performing data exfiltration. Other embodiments are also described and claimed.

Abstract: The various embodiments herein disclose a system and method for detecting zero-day privilege escalation malware at host level. The method identifies whether a privileged escalation state is initiated and executed by a user or by a malware program. The method uses keystrokes, Mouse events along with OCR output extracted from recorded background screen image for checking if user has initiated the privilege escalation. If a new process starts automatically without any pattern in Key Strokes, Mouse Strokes and background screen, then the process is identified as zero-day privilege escalation malware.

Abstract: A computer-implemented method for identifying potentially malicious singleton files may include (1) identifying a set of benign singleton files and a set of malicious singleton files, (2) obtaining, for each singleton file in the sets of benign and malicious singleton files, file identification information that identifies the singleton file, (3) using the file identification information of the singleton files from the sets of benign and malicious singleton files to train a classifier to classify unknown singleton files, (4) detecting an unclassified singleton file, (5) analyzing, with the trained classifier, information that identifies the unclassified singleton file, (6) determining, based on the analysis of the information that identifies the unclassified singleton file, that the unclassified singleton file is suspicious, and (7) triggering a security action in response to determining that the unclassified singleton file is suspicious.

Abstract: In some embodiments, a content management system can initiate a scan of a content item when the content management system detects that activity associated with the content item triggers a scan policy. In some embodiments, a content management system can initiate a scan of a user's account when the content management system detects that activity associated with the content item triggers a scan policy. A scan policy can specify, for example, a number of shares, downloads and/or previews of the content item allowable in a period of time. When the number of shares, downloads, and/or previews exceeds the specified number in the policy in the specified period of time, the content management system can initiate a scan (e.g., virus scan, malware scan, etc.) of the content item and/or the user's account.

Abstract: A processor of an aspect includes a decode unit to decode a user-level instruction. The user-level instruction is to indicate a page of a secure enclave and is to indicate a linear address. An execution logic is coupled with the decode unit. The execution logic is operable, in response to the user-level instruction, to change an initial linear address of the page of the secure enclave. The initial linear address is to be stored in an enclave page storage metadata unit. The initial linear address is to be changed by the execution logic to the linear address that is to be indicated by the user-level instruction. The change to the linear address is performed without contents of the page of the secure enclave being lost.

Abstract: An encryption and decryption method in a virtualization system is disclosed. The virtualization system includes a VMM and an encryption and decryption virtual machine. The VMM includes a control module, the encryption and decryption virtual machine records a first association relationship between a hard disk image identifier and a key, the key includes an encryption key, and the virtualization system records a second association relationship between the hard disk image identifier and a hard disk image attribute. The control module in the VMM is configured to determine whether to-be-written data needs to be encrypted and forward the to-be-written data, which makes it easy to implement a function and reduces system complexity of the VMM. In addition, encryption or decryption is processed without occupying a resource in the VMM.

Abstract: Identifying security vulnerabilities on computing devices by detecting an inter-process communication on a computing device, determining whether the inter-process communication is consistent with a predefined specification of a security vulnerability, and causing a predefined action to be performed on the computing device responsive to determining that the inter-process communication is consistent with a predefined specification of a security vulnerability.

Abstract: An online system obtains risk scores determined by a machine learning model for a content item provided by a user of an online system for display to users of the online system, where the risk scores indicate the likelihood of content items violating a content policy. The online system uses the risk scores to determine sampling weights used to select content items for inclusion in a sampled subset of content items. The sampling weights are determined from risk score counts indicating the relative frequency of the obtained risk scores and impression counts indicating the number of times content items have been presented to the users of the online system. The online system presents the selected content items for evaluation by a human reviewer using a quality review interface. Using the results of the quality review, the online system determines quality performance metrics of the machine learning model.

Abstract: In one example, a method of protecting customer data in a networked system comprises collecting sensor data available at sensor nodes within a sensor network in communication with a service data platform over a network. The method includes encrypting the sensor data using a certified public key associated with a customer key-pair, the sensor data representing the customer data associated with sensitive identification information. The sensor data is cryptographically signed with a device private key. The method includes transporting the encrypted sensor data to the service data platform for storage, and decrypting at the service data platform, the encrypted sensor data using a private key sharing scheme that reconstructs the private key associated with the customer key-pair using a first share and a password encrypted second share, the first share assigned to the service data platform and the password encrypted second share assigned to a customer of the customer key-pair.

Abstract: A method and apparatus is provided for the virtualization of cryptographic resources which enables memory speed encryption and decryption that is not bound by the speed at which processor resources can compute the result of a symmetric-key algorithm. This is achieved through a time-memory tradeoff via empty space at provisioning time. When implementing the apparatus, un-initialized memory is filled with the output of a symmetric-key algorithm uniquely keyed for the specific set of data that is going to be written to the provisioned area. Since the provisioning operation stores cryptographically structured data, rather than redundant data, plaintext that is xor'ed into memory is automatically encrypted and ciphertext that xor'ed into memory is automatically decrypted without the need for additional cryptographic computation. This reduced computation requirement enables cryptographic function to be implemented at the ends of communication, rather than the middle, and treated as a virtualized resource.

Abstract: Methods and apparatus for use in presenting information from a plurality of security domains. A first request for first data from a first data source and a second request for second data from a second data source are transmitted by a computing device. The first data source is associated with a first security domain, and the second data source is associated with a second security domain. A bridge computing device forwards the first request and/or the second request based on determining that the requests are authorized. The first data and the second data may be received and combined by the computing device.

Abstract: A method includes receiving, at a meeting server, a first input from a first computing device associated with a first user; identifying, at the meeting server, a second user who is connected to an in-progress meeting using the first input; transmitting an access request message from the meeting server to a computing device associated with the second user; and in response to receiving a positive response to the access request message at the meeting server from the second computing device, granting the first user access to the in-progress meeting.

Abstract: A technique for preventing selected sets of data words from unauthorized transmission out of the secure perimeter of a computer system is disclosed. A set of security rules is applied to an outgoing data message and if one of the set of rules is triggered, at least a portion of the message is transmitted to a central server that is within the secure perimeter, for scanning by another set of security rules. The central server then sends a security command back to the remote device, which executes the security command before transmitting the outgoing message out of the secure perimeter of the computer system.

Abstract: A processor implementing techniques for supporting configurable security levels for memory address ranges is disclosed. In one embodiment, the processor includes a processing core a memory controller, operatively coupled to the processing core, to access data in an off-chip memory and a memory encryption engine (MEE) operatively coupled to the memory controller. The MEE is to responsive to detecting a memory access operation with respect to a memory location identified by a memory address within a memory address range associated with the off-chip memory, identify a security level indicator associated with the memory location based on a value stored on a security range register. The MEE is further to access at least a portion of a data item associated with the memory address range of the off-chip memory in view of the security level indicator.

Abstract: A device to apply a digital fingerprint to a digital signal comprises a means of intercepting or acquiring a signal, a storage element and a processor for executing computer implemented program code components in the storage element to effect the methods. The methods include transforming a plurality of signal samples onto a discrete orthonormal basis and ranking the transformed samples according to their magnitude. The n largest principal components of the ranked transformed samples are optionally permuted to generate a re-ordered set of principal components, which are then altered by a marking angle. The marked principal components and unmarked non-principal components are converted and combined and applying an inverse of the transform function to the combined principal and non-principal components to generate a fingerprinted digital signal. Methods to prepare the signal for marking, recover the digital fingerprint and verify the distributor and/or recipients of the signal are also disclosed.

Abstract: A cloud-based platform (e.g., cloud-based collaboration and/or storage platform/service) is described that provides administrators with better visibility into content and activity across an enterprise account via advanced search tools and activity reports. Administrator tools are also provided that allow for actively managing content and passively monitoring content with real-time alerts sent to the administrator if usage of the cloud-based platform changes within the enterprise account. A reporting API is also supported by the cloud-based platform to permit the platform's activity logs to be retrieved by a third-party platform. Additionally, administrators are provided with the option to select two-step login verification of enterprise account users.

Abstract: A system and method for monitoring and diagnostics in an application server environment. A system can comprise one or more computers, which can include an application server environment executing thereon, together with a plurality of deployable resources configured to be used within the application server environment, and a plurality of partitions, wherein each partition provides an administrative and runtime subdivision of a domain. A diagnostic framework, such as a WebLogic Diagnostic Framework (WLDF) can also be provided, wherein the diagnostic framework is configured to perform at least one action from the group consisting of partition scoped logging, partition scoped monitoring, and partition scoped diagnostic imaging.

Abstract: Techniques and technologies for providing limited-access functionality accessible at a “login screen” (or “lock screen”) of a device are described. In at least some embodiments, a system includes a user interface operatively coupled to a processing component; and one or more instructions stored on a memory that, when executed by the processing component, are configured to: (a) generate a login portion displayed on the user interface, the login portion configured to receive at least one user access credential to determine whether to provide access to one or more authorized-access functionalities; and (b) generate a limited-access functionality access portion displayed on the user interface concurrently with the login portion, the limited-access functionality access portion configured to provide access to at least one limited-access functionality without requiring receipt of the at least one user access credential.

Abstract: A multi-tenant hosting system receives business data and tenant-identifying data, from a tenant. The data from multiple different tenants is stored on a single database, but the data corresponding to each tenant is partitioned by marketing the data with a partition identifier, within the database. Therefore, the hosting system only allows individual tenants to have access to their own data.

Abstract: A method for enabling a user to customize, prioritize, and view information filtered to align with the user's life state that includes interaction with an online market place. The user provides priority, positioning, and custom information about the user's life state which allows the user to view information in a life view. This information may include at least demographic information, logistical information, ethnic information, social information and psychological information. The partners may use the information about the user's life to filter its information according to the information about the user's life, which is then viewed in a life view by a user, according to the user defined positioning, prioritization, and other custom parameters. The method also enables the user to view partner and user participation in a marketplace to procure the information about the user's life, user ratings according to the user's behavior, and partner ratings according to the partner's information delivery.

Abstract: An efficient and robust system 100 of privacy protection to provide security of a computing device by identifying and detecting unauthorized intrusion/peek problems related to computing device's environment/surrounding is disclosed. The system 100 includes a detector unit 102 for detecting data related to environment/surrounding of the computing device; a processing unit 104 for processing the detected data and a recommendation unit 106 to notify the user about the threat posed by environment/surrounding. The present disclosure enables device owner to access his device more freely in vulnerable surroundings.

Abstract: A method and an apparatus for specifying a time-varying, intelligent service-oriented model are provided. A method implemented in a computer infrastructure having computer executable code embodied on a computer readable storage medium having programming instructions, includes defining information of a service which is to be provided to one or more users having access to a system storing the defined information. The method further includes defining policies associated with the defined information to allow and deny access to selected portions of the defined information, and exposing to a user of the one or more users the selected portions of the defined information based on the defined policies allowing access to the selected portions of the defined information.

Abstract: An information determination apparatus includes a first storage unit configured to store stream data pieces obtained in time sequence; a first determining unit configured to determine whether the number of stream data pieces stored in the first storage unit is at least equal to a predetermined value; and a second determining unit configured to determine, when the number of the stream data pieces stored in the first storage unit is equal to or greater than the predetermined value, whether an individual can be identified based on a dataset composed of a plurality of the stream data pieces stored in the first storage unit, and output the dataset used for the determination and the determination result.