Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing, and enforcing policies on data security. A policy appliance includes a policy administration point, a policy decision point, a policy enforcement point and, optionally, an auditing module. The policy appliance can execute in a self-contained environment, e.g., a single virtual machine, a single physical machine, or a cluster of virtual machines or physical machines identically configured. The self-contained policy appliance can receive, manage, enforce and audit multiple policies that specify access privileges of multiple users on multiple databases. The databases can include heterogeneous databases that are configured separately and differently from one another. A single configuration of the policy appliance centralizes and unifies policy management of the heterogeneous database in the self-contained environment.

Abstract: Systems and methods for monitoring the quality of document reviews used in continuous active machine learning are described herein. Two orthogonal processes may be run simultaneously, asynchronously, and continuously. The first process performs continuous active machine learning for training machine classification models. The second process classifies documents that have been reviewed as part of the first process to generate classification scores of the reviewed documents. The original review may be compared to the classification scores using false negative and a false positive thresholds to identify documents that may have been incorrectly reviewed. A master review of identified documents is used to correct original reviews that were incorrect. Original incorrect reviews may be replaced in a training corpus by corrected reviews, and the models may be retrained using the corrected reviews.

Abstract: Systems and methods are disclosed for detecting confidential information emails. In accordance with one implementation, a method is provided for detecting confidential information emails. The method includes obtaining a sender address of an electronic message, the sender address comprising a first username and a first domain name, and obtaining at least one recipient address of the electronic message, the recipient address comprising a second username and a second domain name. The method also includes determining whether the recipient address and the sender address are different addresses of a user, and based on the determination, flagging the electronic message.

Abstract: Techniques are described for cooperative delegation of request processing by digital assistants (DAs) in a computing environment. An initial request (e.g., voice command) may be received by a first DA, and a communication session may be initiated during which the first DA handles the initial request and/or subsequent requests. On receiving a request that it is unable to handle, the first DA may transfer control of the session to a second DA. The second DA may handle the request and/or subsequent requests before passing control of the session back to the first DA or to another appropriate DA. Each handling DA may provide output (e.g., voice output or otherwise) associated with their handling of the various requests during the session. In some instances, transfer of control among DAs may be mediated by a broker based on information describing the different capabilities of various DAs.

Abstract: Various embodiments are directed to techniques for controlling access to data in a decentralized manner. An apparatus includes an apportioning component to divide an item of data into multiple portions based on an organizational structure of the item of data; a tree component to generate a PRN tree including a multitude of nodes and a branching structure based on the organizational structure, the multitude including at least one branching node and multiple leaf nodes that correspond to the multiple portions; a PRN component to generate a PRN for each node of the multitude, the PRN component to use a PRN of a branching node of the PRN tree to generate a PRN for a leaf node that depends therefrom; and a communications component to transmit the multiple portions and multiple addresses based on PRNs of leaf nodes of the PRN tree to a server. Other embodiments are described and claimed.

Abstract: This disclosure provides a document management method and system to monitor activity associated with a processed document according to an exemplary embodiment of the disclosure, the document management system is configured to apply security controls to a document and provide a full organizational audit history of documents processed.

Abstract: A high availability (HA) Identity Bridge (IDBridge) between an on-premises Active Directory (AD) and a cloud-based Identity Cloud Service (IDCS) is provided. A connection to an AD, coupled to a first network, is established. A connection to an IDCS, coupled to a second network, is established, the IDCS including a System for Cross-domain Identity Management (SCIM) directory. A plurality of selectable AD OUs are displayed in a GUI, and a selection of one or more OUs is then received. Each member group of the selected OUs is displayed in the GUI, and a selection of one or more member groups of the selected OUs is then received. The users of the selected OUs and the selected member groups of the selected OUs are monitored to identify users and groups that have been added, modified or deleted. The identified users and groups are then synchronized to the SCIM directory.

Abstract: Various embodiments of systems and methods for decentralized image management are described herein. The method includes generating, distributing, and retrieving images on peer-to-peer network. Request for generating an image is received. One or more components/layers of a to-be-generated image is identified. A layer is stored as a file. Files corresponding to the layers are packaged as an image file representing the image. The packaged image file and/or files of respective layers are distributed across the network, e.g., across a plurality of available nodes upon receiving a distribution command/request. When a request for retrieving the image is received, the nodes storing the one or more layers of the image are identified. The layers are retrieved from the identified one or more nodes. Using the retrieved one or more layers, the image is recreated/generated.

Abstract: The present disclosure relates to methods and apparatus where a user may enter information into a computing device that may allow the computing device to classify data or files that are stored on one or more computing devices to be quickly classified. Methods and systems consistent with the present disclosure allow a user to identify data by a type of data or file and provide classification information such that the computing device may identify data by the data type and to classify that data automatically according to a rule. The information entered by a user that wishes to classify stored data may be entered over a graphical user interface (GUI) at a user device.

Abstract: The disclosure relates to technology for processing data sets to generate data rules for the data sets in a communications network. A first set of data including key quality indicators (KQIs) indicative of a quality of service and a second set of data including key performance indicators (KPIs) indicative of a performance level are received. The first data set and the second data set are categorized using a first value into a plurality of KQI groups and a second value into a plurality of KPI groups, respectively. Each of the KQI and KPI groups are identified with a label. Each of the KQI and KPI groups identified with a same label are processed by application of association rule learning to generate the data rules. The data rules model a relationship between the KQIs and the KPIs by calculating association frequencies.

Abstract: Various embodiments relate generally to data science and data analysis, computer software and systems, and wired and wireless network communications to provide an interface between repositories of disparate datasets and computing machine-based entities that seek access to the datasets, and, more specifically, to a computing and data storage platform that facilitates consolidation of one or more datasets, whereby a collaborative data layer and associated logic facilitate, for example, efficient access to, and implementation of, collaborative datasets. In some examples, a method may include receiving data representing a query of a consolidated dataset that may include datasets formatted atomized datasets, analyzing the query to classify portions of the query to form classified query portions, partitioning the query into sub-queries as a function of a classification type for each of the classified query portions, and retrieving data representing a query result from distributed data repositories.

Abstract: A system and method for efficient inode enumeration is disclosed. The system and method for enumerating inodes, comprises locating one or more inode files associated with the file system. For each of the one or more inode files, determining a physical address range for each inode within the inode file. The system and method further comprises creating a list of the physical address range for each of the inodes within the one or more inode files. The system and method comprises sorting the list based on physical addresses of the inodes.

Abstract: Methods and systems for processing, analyzing, and managing information are disclosed. An example method can comprise receiving at least two data groups. Each of the at least two data groups can comprise one or more values. An example method can also comprise associating the at least two data groups based on a first value being in each of the at least two data groups. Associating the at least two data groups can comprise iteratively performing a union operation on the at least two data groups. An example method can further comprise providing a suggestion to add a second value from one data group of the at least two data groups to another data group of the at least two data groups.

Abstract: Methods of preserving and protecting user data from modification or loss due to malware are disclosed, as well as systems and computer program products related to the same.

Abstract: Embodiments allow, within database security policies, the grant of data change operation-specific privileges to particular users to be applied within particular data realms in a given table. Furthermore, according to one or more embodiments, User Privilege column-level privileges are explicitly associated with one or more data access operations such that the grant of such a column-level privilege allows the user to perform only those data access operations that are explicitly associated with the column-level privilege. Enforcement of the data security policies includes prevention of data leakage via WHERE and RETURNING INTO clauses. According to one or more embodiments, a two-phase rewrite is used to optimize enforcement of column-level privileges. During the two-phase rewrite of a given query, the privileges checked during enforcement of the User Privilege data security policies are pruned to avoid unnecessary privilege checks given the columns that are accessed in the query.

Abstract: A processor selects a first database and a second database from a plurality of databases. The processor determines one or more terms found in the first and second database, wherein each term of the one or more terms includes metadata of a database of the plurality of databases. The processor identifies one or more common terms between the first database and the second database and determines the one or more common terms found in each of a plurality of groups of databases of the plurality of databases, wherein each group of databases corresponds to a number of databases which constitute the group of databases. The processor determines a similarity score between the first database and the second database of the plurality of databases based on the one or more common terms found in each group of databases of the plurality of databases.

Abstract: Embodiments presented herein provide techniques for preserving data integrity of a records management deletion workflow. According to one embodiment, a records management system identifies a set of records subject to a document retention policy. The set of records includes electronic records and physical records. The records management system generates a disposal report listing the records and information associated with the records. The disposal report is associated with an identifier. The records management system performs a deletion workflow to remove the records listed in the report. After the records are removed, physical media corresponding to the deleted physical records are destroyed.

Abstract: A method, a computer program product, and a computer system for controlling dispatching work tasks in a multi-tier storage environment. A computer system receives storage demands of work tasks. The computer system determines placement and migration policies for data in storage tiers in a storage system. The computer system prepares the storage tiers for meeting the storage demands of work tasks, based on the placement and migration policies. The computer system determines a state of preparation of the storage tiers for meeting the storage demands of work tasks. The computer system determines a list including work tasks that can proceed and work tasks that cannot proceed, based on the state of the preparation. The computer system modifies a schedule of the work tasks, based on the list.

Abstract: A method of managing NAND flash memory in an electronic device whereby system performance of the electronic device is minimally impacted is disclosed. The method comprises collecting files that are marked for deletion or truncation; monitoring an activity level of the electronic device; monitoring a total size of the list of files that are marked for deletion or truncation; determining if the electronic device is idle; and trimming the flash memory of the electronic device if predetermined criteria are met.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for predictive modeling for unintended outcomes are disclosed. In one aspect, a method includes the actions of accessing an order history that, for each of one or more past orders, indicates (i) one or more order details associated with the order, and (ii) a fulfillment outcome associated with the order. The actions further include selecting one or more particular past orders that are associated with the particular unintended order fulfillment outcome. The actions further include generating a predictive model. The actions further include receiving one or more order details associated with a subsequently received order. The actions further include providing the one or more order details as input to the predictive model. The actions further include, identifying a remedial action. The actions further include providing data indicating the remedial action.

Abstract: Various Data Subject Access Request (DSAR) processing systems are adapted for presenting a first webform on a first website, the first webform being adapted to receive DSAR's and to route the requests to a first designated individual for processing; presenting a second webform on a second website, the second webform being adapted to receive DSAR's and to route the requests to a second designated individual for processing; receiving, via the first webform, a first DSAR; at least partially in response to the receiving the first DSAR, automatically routing the first DSAR to the first designated individual for handling; receiving, via the second webform, a second DSAR; at least partially in response to the receiving the second DSAR, automatically routing the second DSAR to the second designated individual for handling; and communicating a status of both the first DSAR and the second DSAR via a single user interface.

Abstract: The described technologies can be used for consent handling during data harvesting. In one example, a method can include receiving social media data associated with a user identifier and a first country code. A stored consent configuration rule can specify whether to store the social media data anonymously or non-anonymously. The consent configuration rule can be associated with a second country code. It can be determined whether the second country code associated with the consent configuration rule matches the first country code associated with the social media data. When the second country code associated with the consent configuration rule does not match the first country code associated with the social media data, the social media data can be stored in a quarantine.

Abstract: A method for performing crowd-sourced native application crawling is disclosed. The method includes determining a list of installed native applications installed on a user device and determining whether a set of crawling conditions are met. The method includes generating a work request in response to the set of crawling conditions being met by the user device and transmitting the work request to a content acquisition server. The work request includes the list of installed native applications. The method includes receiving a crawling task including an application access mechanism corresponding to a state of a native application. The method include launching the native application and setting the state of the native application based on the application access mechanism. The native application issues a content request to a content server. The method further includes receiving the content from the content server and transmitting the content to the content acquisition server.

Abstract: In one embodiment, a method is executed by an information handling system comprising computer hardware. The method includes monitoring a desktop environment of a user for a desktop-administration event. The method further includes, responsive to a detected occurrence of the desktop-administration event, identifying at least one script-execution process to invoke. The at least one script-execution process executes at least one privilege-agnostic desktop-administration script. The method also includes determining whether the at least one script-execution process is designated for privilege elevation. Moreover, the method includes, responsive to a determination that the at least one script-execution process is designated for privilege elevation, injecting a security token of the at least one script-execution process with elevated privileges to yield a privilege-injected script-execution process.

Abstract: Embodiments include method, systems and computer program products for secure logging of host security module. In some embodiments, an event may be received. The event may include data to be written to a secure log file. A hash may be generated using data of the event. The hash may be stored in a first field of an event record associated with the event. The event record may be stored in the secure log file. The hash may be stored in a second field of a next event record in the secure log file.

Abstract: A system for applying access permissions to read requests may write a file to a storage media. The file may contain data, an embedded flag, and an embedded verification datum of the embedded flag. The embedded flag may indicate an access permissions requisite for file access. The system may also receive a request to access the file from a user and retrieve an access permission for the user. The system may also compare the embedded flag to the access permission for the user to determine the user has permission to access the file. A verification datum may be calculated, and the calculated verification datum may be compared to the embedded verification datum to determine the embedded flag has not changed.

Abstract: As disclosed herein a method, executed by a computer, includes analyzing historical I/O data, corresponding to one or more applications, to determine an expected available bandwidth for a plurality of storage devices of a distributed storage system, and generating a data retrieval plan for the plurality of storage devices storage devices based on a historical I/O access pattern and according to the expected available bandwidth for the plurality of storage devices. The method further includes accessing data for a backend computational job from the plurality of storage devices according to the data retrieval plan, and throttling I/O throughput for the backend computational job according to the expected available bandwidth for the plurality of storage devices. A computer system and computer program product corresponding to the above method are also disclosed herein.

Abstract: A method for execution by dispersed storage failure detection unit of a dispersed storage network includes generating a storage unit weights and storage set weights based on the storage unit weights. One storage unit that meets a weight-adjustment trigger condition is identified, and a new storage unit weight for the identified storage unit is generated. A first data migration within the storage set that includes the identified storage unit is facilitated based on the storage unit weights. A failing set of storage units in a second storage set is identified. A new storage set weight for the second storage set is generated when the number of storage units in the failing set compares favorably to a failure threshold number. A second data migration that includes transferring data slices stored in the second storage unit to other storage sets is facilitated based on the storage set weights.

Abstract: Systems and methods for incrementally repairing physical locality for live or active data are provided. Files that are enumerated to determine their locality are identified using dataless consistency points. The files are walked in order to measure their locality or at least the locality of their data segments. Locality repair is performed when the locality is greater than a threshold locality.

Abstract: The subject matter described herein includes processing file system metadata in host write requests to determine information about future host write operations. The information regarding future host write operations can be used by a device controller to prepare the non-volatile memory for the future host write operations. For example, the device controller may prepare the non-volatile storage device for future sequential host write access patterns or random host write access patterns depending on the content of the file system metadata. The file system metadata may also be usable to determine when it is optimal to perform memory management operations.

Abstract: Systems, methods, and computer program products to perform an operation comprising upon determining that a received query requests values of sensitive data stored in a secure database table of a database, computing a security score for the received query based on a determined specificity of a selection predicate of the received query, and upon determining that the security score exceeds a security threshold, performing a predefined operation to restrict access to the requested values of the sensitive data.

Abstract: Data loss prevention (DLP) systems may be implemented in conjunction with collaborative services that may be integrated with or work in coordination with productivity services. Administrators may be enabled to configure DLP policies in the collaborative service to mitigate their organization's information disclosure risks, along with the detection and remediation of sensitive information. Access blocking may be one feature of the DLP system, where provision of access blocking may include determining if a detected action associated with content processed by the collaborative service matches access blocking criteria defined by DLP policy rules. In response to the determination that the action matches at least one access blocking criterion defined by the DLP policy rules, a block access tag associated with the content may be activated, previously defined permissions associated with the content may be ignored or altered, and access to the content may be restricted to a number of predefined users.

Abstract: Embodiments relate to processing a data set stored in a computer system. In one aspect, a method of processing a data set stored in a computer system includes providing one or more parameters for quantifying data quality of the data set. A processor generates, for each parameter of the one or more parameters, a reference pattern indicating a dysfunctional behavior of the values of the parameter. The data set is processed to obtain values of the one or more parameters. A parameter of the one or more parameters is identified whose obtained values match a corresponding reference pattern of the generated reference patterns. The identified parameter is assigned a resource weight value indicating the amount of processing resources required to fix the dysfunctional behavior of the identified parameter.

Abstract: Provided is a GUI including: an unadded pane region that hierarchically displays folders which are sets of images having no class information added thereto; an image pane region that displays the images displayed in the unadded pane region, the displayed images having no classification added thereto; and a class pane region that displays images having classification added thereto, wherein by externally inputting class information for one image having the class information added thereto, the input class information is displayed.

Abstract: Some embodiments provide, for a policy framework that manages application of a plurality of policies to a plurality of resources in a computing environment, a method for providing a user interface. The method displays a first display area for viewing and editing policies imported by the policy framework from a first several heterogeneous sources. The method displays a second display area for viewing and editing information regarding computing resources imported by the policy framework from a second several heterogeneous sources. The method displays a third display area for viewing and editing binding rules for binding the policies to the computing resources.

Abstract: Embodiments of the present invention relate to systems and protocols for a media management application to be used by a supervisor to monitor, manage, and control what a subject is watching, listening to, or interacting with on a media delivery device. A media interaction application executes on a media delivery device and is configured to collect media interaction data based on tracked user interactions with media content on the media delivery device. A remote media management application executes on a portable electronic device and is configured to monitor the media interaction data and further configured to issue media management instructions to the media interaction application. A communications broker executes on a first network server and is configured to provide secure communications between the media interaction application and the remote media management application.

Abstract: One of n?2 servers, connectable via a network, implements a cryptographic protocol using a secret key K which is shared between the n servers, and includes first and second server compartments. The first is connectable to the network, adapted to implement the cryptographic protocol, and stores a current key share of the secret key K. The second is inaccessible from the network in the operation of the server, stores a set of master keys, and is adapted, for each of successive time periods, to unilaterally generate a new key share of the secret key K and to supply it to the first as the current key share for that time period. The new key share includes a random share of a predetermined value p which is shared between the n servers, and the random share includes a function of the set of master keys.

Abstract: A storage device according to the present application includes a receiving unit and a control unit. The receiving unit receives a write request for writing a file with a specified directory name. The control unit writes the file in association with a directory of the specified directory name into a memory device, within a range up to an upper limit set for the number of files to be written in the memory device in association with each directory, in response to the write request received by the receiving unit.

Abstract: Methods and systems are disclosed for real-time transactional database transformation implemented as part of a real-time transactional database management system.

Abstract: Systems and methods for storage pruning can enable users to delete, edit, or copy backed up data that matches a pattern. Storage pruning can enable fine-grain deletion or copying of these files from backups stored in secondary storage devices. Systems and methods can also enable editing of metadata associated with backups so that when the backups are restored or browsed, the logical edits to the metadata can then be performed physically on the data to create a custom restore or a custom view. A user may perform operations such as renaming, deleting, modifying flags, and modifying retention policies on backed up items. Although the underlying data in the backup may not change, the view of the backup data when the user browses the backup data can appear to include the user's changes. A restore of the data can cause those changes to be performed on the backup data.

Abstract: The present disclosure relates to a system for providing a multi-technology visual integrated data management and analytics development and deployment environment. In an embodiment, the system is configured to generate executable code suitable to carry out a data analytics request using a first software platform, migrate executable code for the first software platform to a second software platform, and cause executable code to be processed on the first or second software platform to perform the data analytics request.

Abstract: A method for optimizing the allocation of extents to data sets is disclosed. In one embodiment, such a method includes providing multiple storage classes. These storage classes may include a first storage class configured to allocate larger extents to data sets, a second storage class configured to allocate smaller extents to data sets, and a mixed-mode storage class configured to allocate a combination of the smaller and larger extents to data sets. The method further enables data sets to be assigned to one of the multiple storage classes. Upon assigning a data set to the mixed-mode storage class, the method causes an initial portion of the data set to be allocated the larger extents, and an ending portion of the data set to be allocated the smaller extents. A corresponding system and computer program product are also disclosed.

Abstract: Provided are a user authenticating electrical outlet or connector by which there is no standby power consumption, a power mediating module for receiving power from the electrical outlet or connector and supplying the same to a power consuming device, and the power consuming device that is provided with the power mediating module or receives power via the power mediating module. A user authenticating electrical outlet or connector according to an embodiment of the present invention comprises: an authenticating terminal for receiving authenticating power for user authentication and a transmitted electrical outlet operating password; an authenticating device operated by the authenticating power and determining whether the electrical outlet operating password corresponds to electrical outlet ID information; and a micro-current limiting device for allowing a micro-current to flow when a power consuming device is connected to the user authenticating electrical outlet or connector.

Abstract: Structures and processes for garbage collection of search trees under Multi-Version Concurrency Control (MVCC). Such search trees may be used to store data within a distributed storage system. A process detects live search tree elements using tracing and then identify storage chunks having no live elements as garbage to be reclaimed. The process can be paused and resumed to reduce impact on other system processing. To reduce disk fragmentation, a garbage collector may copy pages between chunks prior to reclaiming chunk capacity. Also described is a resource efficient scheduler for a garbage collection.

Abstract: Conditional policies can be defined that change based on security measurements of network endpoints. In an example embodiment, a network traffic monitoring system can monitor network flows between the endpoints and quantify how secure those endpoints are based on analysis of the network flows and other data. A conditional policy may be created that establishes one or more first connectivity policies for handling a packet when a security measurement of an endpoint is a first value or first range values, and one or more second connectivity policies for handling the packet. The connectivity policies may include permitting connectivity, denying connectivity, redirecting the packet using a specific route, or other network action. When the network traffic monitoring system detects a change to the security measurement of the endpoint, one or more applicable policies can be determined and the system can update policy data for the network to enforce the policies.

Abstract: Various methods and communications devices to reduce a bandwidth utilization of a backhaul link in a wireless communications system are provided. By way of example, bandwidth utilization is reduced by relegating the compression of data to the downlink transmission, storing only reference keys in the cache of the transmitting device, and taking advantage of an asymmetrical cache structure between communicating devices. Support is provided for a user equipment to move from one node to another node.

Abstract: Methods, systems, and computer program products for resolving textual numerical queries using natural language processing techniques are provided herein.

Abstract: A method of genetic testing utilizing a system of servers, databases, computers, software applications, or any other computing module. The computing modules allow for creation of a genetic test script and the analysis of genetic information based on the genetic test script. The system can also account for the use of proprietary biomarkers.

Abstract: In one example of the disclosure, code lines for a software program are received, the code lines including a unit of code lines. Code entities within the unit are identified. Each code entity includes a line or consecutive lines of code implementing a distinct program requirement or defect fix for the program. Context changes are identified within the unit, each context change including an occurrence of a first code line set implementing an entity, adjacent to a second code line set implementing another entity, within a same code scope. A code complexity score is determined based upon counts of entities identified and context changes identified within the unit, and upon counts of code lines and entities within the program.

Abstract: A method, system and computer-readable recording medium for storing metadata of a log-structured file system. The method includes receiving a block management request signal including information about a block number and indicating whether it is an allocation request or a deallocation request for a block, calculating a segment number to which the block belongs with reference to the block number, obtaining a metadata segment usage (MSU) item corresponding to the segment number, wherein the metadata segment usage (MSU) item includes information about a segment number and a number of valid blocks, and increasing the number of valid blocks of the metadata segment usage (MSU) item by one when the block management request signal corresponds to the allocation request, and decreasing the number of valid blocks of the metadata segment usage (MSU) by one item when the block management request signal corresponds to the deallocation request.