Abstract: Augmented reality (AR) technology can be used to perform a real-time overlay on an image displayed on a user device. A user device can receive image data of an area comprising an item from the real-world. Based on the image data, an identity and a value of the item can be obtained by the user device. If the value of the item is greater than a pre-determined value for the item or a category of the item, then the user device can obscure in real-time on the displayed image the item or category of the item having the value that is greater than the pre-determined value.

Abstract: Embodiments of the present disclosure provide methods, electronic devices and computer program products for accessing data. A method comprises receiving, at a first device, a file system operation request for accessing target data, the target data being stored at a second device after being pre-processed, and the first device providing a file system interface for data stored at the second device; forwarding the file system operation request to the second device, such that the target data is restored at the second device; receiving the restored target data from the second device; and providing the target data as a response to the file system operation request. Embodiments of the present disclosure allow users to access backup data stored after being pre-processed through normal file system operations and can achieve high data access performance.

Abstract: In an approach for anonymizing data, a processor receives a mixed-type dataset with at least two relational attributes and at least one textual attribute. A processor runs the mixed-type dataset through a text annotator to discover a set of personally identifiable information (PII). A processor creates a set of ghost attributes to add to the mixed-type dataset. A processor anonymizes data of the at least two relational attributes and the set of ghost attributes. A processor replaces each PII in the textual attribute with the corresponding anonymized data in the at least two relational attributes or the set of ghost attributes to create an anonymized mixed-type dataset. A processor removes the set of ghost attributes from the anonymized mixed-type dataset. A processor shuffles records of the anonymized mixed-type dataset to create a shuffled anonymized mixed-type dataset. A processor outputs the shuffled anonymized mixed-type dataset.

Abstract: Systems and methods for downloading and updating save data to a data center are described. Save data is downloaded from a cloud storage to the data center before play of a game to cache the save data in the data center. Any updates to the save data that occur during a play of a game are stored in the data center and are uploaded to the cloud storage. Next time, a user desires to access the game, there is no need to transfer the updates to the data center from the cloud storage.

Abstract: Systems, methods, and devices for generating a secure join of database data are disclosed. A method includes determining data stored in a first account to be compared with data stored in a second account. The method includes determining a function for generating a secure join key, wherein the secure join key includes a hashed string that hashes one or more of a data entry of the first account and a data entry of the second account. The method includes providing the secure join key to the first account and/or the second account.

Abstract: Systems, methods, and devices for generating a secure join of database data are disclosed. A method includes creating a secure view of datapoints of a consumer account and processing, using a secure user defined function (UDF), the datapoints of the consumer account and datapoints of a provider account to generate a secure join key. The secure join key comprises a hash string of the datapoints of the provider account and the datapoints of the consumer account, and wherein the datapoints of the consumer account are processed via the secure view. The method further includes executing a consumer function to analyze the hash string of datapoints of the secure join key for common data points.

Abstract: A method and apparatus for the creation of simulated records from a small sample data set with configurable levels of variability, the creation of simulated data from an encrypted token that uniquely identifies an individual, and the creation of simulated values using as the basis retained data (birth years, 3-digit zip areas, gender, etc.) from the de-identification process.

Abstract: Techniques are described for real time anonymization. In one example, a first a first query associated with a table is received, the table associated with a first anonymization operation satisfying satisfies a privacy requirement. The first anonymization operation is applied at runtime to generate a first anonymized data set against which the first query is executed. At T2 after T1, a subsequent query is received. A determination is made as to whether a change to the table has occurred since T1. If so, a determination is made as to whether the first anonymization operation satisfies the privacy requirement as applied to the current table. If the operation does not satisfy the privacy requirement when applied to the current table, a second anonymization operation satisfying the defined privacy requirement is determined and applied at runtime to generate a second anonymized data set against which the subsequent query can be executed.

Abstract: Systems, methods, and devices for generating a secure join of database data are disclosed. A method includes determining data stored in a first account to be compared with data stored in a second account. The method includes determining a function for generating a secure join key, wherein the secure join key includes a hashed string that hashes one or more of a data entry of the first account and a data entry of the second account. The method includes providing the secure join key to the first account and/or the second account.

Abstract: Disclosed are systems and methods preventing data loss of confidential data in a computer system. The described technique includes searching text data for one or more keywords, and then calculating a density of keywords in the text data based on the one or more keywords that match the text data. The technique classifies the text data as containing confidential data based on whether the density of keywords exceeds a threshold value. If so, the described systems may block the use of the text data containing confidential data in a variety of ways.

Abstract: Augmented reality (AR) technology can be used to perform a real-time overlay on an image displayed on a user device. A user device can receive image data of an area comprising an item from the real-world. Based on the image data, an identity and a value of the item can be obtained by the user device. If the value of the item is greater than a pre-determined value for the item or a category of the item, then the user device can obscure in real-time on the displayed image the item or category of the item having the value that is greater than the pre-determined value.

Abstract: Embodiments include a method for data masking such as receiving, by a first data masking component, data including unmasked data for a first attribute, the first data masking component including a data set and a masking algorithm; generating, by the first data masking component, masked attribute data for the first attribute by applying the masking algorithm to the unmasked data associated with the first attribute using the data set; and replacing, by the first data masking component, the data for the first attribute in the first data with the masked attribute data.

Abstract: Methods and systems for managing persistent volumes include receiving a request from a container on a processing node to access a local mount point. A distributed filesystem located outside the processing node is mounted to a local mount point. Access to the local mount point is provided to the container.

Abstract: A method and system are provided including at least one tabular data set, wherein each data set includes one or more attribute categories defining a record, each attribute category including one or more data values; an anonymization module; and an anonymization processor in communication with the anonymization module and operative to execute processor-executable process steps to cause the system to: receive a first data set at the anonymization module; determine at least one of the attribute categories in the first data set is a first-class identifier; generate a pseudonymous data set by removing the at least one first-class identifier attribute category from the first data set; determine at least two of the attribute categories in the pseudonymous data set are a second-class identifier; manipulate the at least two second-class attribute categories; and generate an anonymized data set based on the at least two manipulated second-class identifier attribute categories. Numerous other aspects are provided.

Abstract: Systems and methods for downloading and updating save data to a data center are described. Save data is downloaded from a cloud storage to the data center before play of a game to cache the save data in the data center. Any updates to the save data that occur during a play of a game are stored in the data center and are uploaded to the cloud storage. Next time, a user desires to access the game, there is no need to transfer the updates to the data center from the cloud storage.

Abstract: Technical solutions are described for preventing unauthorized transmission of data by a communication apparatus. An example computer-implemented method includes monitoring a data transmission request from an application being executed by the communication apparatus. The data transmission request is associated with transmission data. The method further includes securing the transmission data, where the securing includes identifying a content of a predetermined type in the transmission data, and generating secured transmission data. The secured transmission data includes a corresponding modified version of the content of the predetermined type. The computer-implemented method also includes transmitting the secured transmission data in response to the data transmission request.

Abstract: Systems, methods, and devices for generating a secure join of database data are disclosed. A method includes determining data stored in a first account to be compared with data stored in a second account. The method includes determining a function for generating a secure join key, wherein the secure join key includes a hashed string that hashes one or more of a data entry of the first account and a data entry of the second account. The method includes providing the secure join key to the first account and/or the second account.

Abstract: Embodiments described herein provide a privacy mechanism to protect user data when transmitting the data to a server that estimates a frequency of such data amongst a set of client devices. In one embodiment, a differential privacy mechanism is implemented using a count-mean-sketch technique that can reduce resource requirements required to enable privacy while providing provable guarantees regarding privacy and utility. For instance, the mechanism can provide the ability to tailor utility (e.g. accuracy of estimations) against the resource requirements (e.g. transmission bandwidth and computation complexity).

Abstract: A computer-implemented method of a database statement for a relational database. The database comprises one or more tables comprising one or more data rows. A database statement is received. A set of predicates from the database statement and a set of data rows from the tables to use to generate the result of the database statement are determined. A set of interdiction statements applicable to one or more data rows is obtained. For each predicate, a set of masks applicable to one or more data rows is obtained, where for each mask, the data masked by the mask is used by the predicate. It is determined if a data row has an applicable interdiction statement, and contains data masked by a mask. If so, the result of the database statement without using the result of applying the predicate to the data row.

Abstract: Systems and methods for overlay-based file tagging using virtual file systems. An example method may include: receiving, from a file system client, a request to perform a file operation with respect to a file; identifying a part of the file name representing a mount point of a virtual file system associated with the file; identifying a memory pointer associated with the mount point; identifying, using the memory pointer, an instance of a class implementing the virtual file system; retrieving the metadata associated with a file using a memory data structure associated with the instance of the class, the memory data structure comprising a plurality of records, each record associating a file identifier with a metadata item; and performing the file operation using the metadata associated with the file.

Abstract: On-demand content filtering of snapshots within a storage system, including: associating an access policy with a snapshot, the access policy specifying a transformation to apply to a predefined data object; receiving a first request to access a portion of the snapshot; and responsive to receiving the first request: creating a transformed snapshot portion by applying the transformation specified in the access policy to one or more data objects contained within the portion of the snapshot; and presenting the transformed snapshot portion.

Abstract: A data protection system for online data is described that can be used to obfuscate sensitive data to relieve security compliance requirements for one or more entities involved in processing, storing, and/or communicating the sensitive data to complete an online purchase transaction. The data protection system can receive online purchase data from a client application, and then remove the sensitive information of the online purchase data to sanitize the online purchase data. The data protection system can also maintain the sensitive information, and communicate the sanitized online purchase data to an eCommerce server that then communicates with a payment service provider for payment authorization of the online purchase, where the sanitized online purchase data relieves security compliance requirements at the eCommerce server.

Abstract: The privacy of linear queries on histograms is protected. A database containing private data is queried. Base decomposition is performed to recursively compute an orthonormal basis for the database space. Using correlated (or Gaussian) noise and/or least squares estimation, an answer having differential privacy is generated and provided in response to the query. In some implementations, the differential privacy is ?-differential privacy (pure differential privacy) or is (?,?)-differential privacy (i.e., approximate differential privacy). In some implementations, the data in the database may be dense. Such implementations may use correlated noise without using least squares estimation. In other implementations, the data in the database may be sparse. Such implementations may use least squares estimation with or without using correlated noise.

Abstract: Systems and methods for evaluating elements of a computer network using deidentified production data are described. The production data can include a set of alias records, which include deidentified data, and can be generated from corresponding real records of actual users. Evaluating elements can include passing the production data to the elements as messages for processing.

Abstract: A method for generating anonymized data includes: (A) extracting, from plural data blocks, each of which includes a secret attribute value and a numeric attribute value, plural groups of data blocks, wherein each of the plural groups includes data blocks that include a first data block, which has not been grouped, whose frequency distribution of the secret attribute value satisfies a predetermined condition and whose numeric attribute values are within a certain area that has a predetermined size; and (B) replacing the numeric attribute values of the data blocks that belong to each group of the plural groups with a numeric attribute value calculated for the group. And, the certain area is determined without any relation with other certain areas for other groups.

Abstract: Embodiments relate to systems and methods for the enforcement of security profiles in a multi-tenant database. A multi-tenant database can be populated with data from different users or other entities. Different users may enjoy different sets of permissions to access, modify, store, and/or otherwise manipulate sets of data within the database. After authentication, a user's associated set of permissions are retrieved. When data is requested, matching tables or other objects located in the database are identified based on the user's query. Rather than retrieving matching tables or other objects directly, a meta data security engine can check the requesting user's permissions, and apply any filters or restrictions required by those permissions to the data present in the table(s). A substitution can be made of a table-valued function, including any filtered data entries, for the table itself. Flexible and granular data security rules can thereby be applied, transparently to the user.

Abstract: In some embodiments, a computer-implemented method includes receiving a first location-based service (LBS) request from a requesting device. One or more peer devices are selected from a plurality of actual peer devices. A set of false queries is generated, by a computer processor, based on the selected peer devices. Transmitted to a service provider are a real query, representing the first LBS request of the requesting device, and the set of false queries representing the selected peer devices. A set of query responses are received from the service provider. From the set of query responses, a real query response is extracted, corresponding to the real query. The real query response is transmitted to the requesting device in reply to the first LBS request.

Abstract: An access filtering device includes a receiving unit that receives a URL of a prohibited site or a prohibited page; an executing unit that accesses the page by using the URL; an acquiring unit that acquires page information corresponding to the URL; a prohibited site list that includes character strings of prohibited sites and prohibited pages; a determining unit that determines whether the URL is a character string of a prohibited site or a prohibited page; a display control unit that, when the URL is a character string of a prohibited site or a prohibited page, displays the page in a decreased page-readability state, i.e., in a transparent state.

Abstract: A method, system and computer-usable medium are disclosed for controlling the distribution of data. Data stored in a datastore is filtered according to a data release policy to generate filtered data. A data release policy agreement, corresponding to the data release policy, is generated. The filtered data and the data release policy agreement are then provided to an information consumer. The data release policy agreement is then used to enforce the data release policy.

Abstract: A service delivery platform receives a request for a catalogue. The system obtains subscriber-specific multi-media catalogue entries based on profile information stored with the service delivery platform. The system sends the subscriber-specific catalogue entries along with service details of the subscription back to the subscriber.

Abstract: Apparatuses, Methods and programs are provided. A method may comprise receiving a first request to verify an identifier associated with a destination from a first requester, responding to the request with a response, the response indicating an existence of a physical address associated with the identifier, the response further comprising a list of authorized entities authorized to access information specifying the physical address, receiving a second request from a second requester to access information specifying the physical address associated with the identifier, determining if the second requester is authorized to have access to information specifying the physical address by analyzing the list of authorized entities corresponding to the identifier; and providing the physical address to the second requester if the second requester is authorized.

Abstract: Systems and methodologies that enhance a Tabular Data Stream (TDS) protocol by enabling efficient transmission of a row(s) with null columns(s). An identification component employs a bit map that can be positioned at beginning of a row, to indicate to the receiving side (e.g., a client) columns that are to be sent. Accordingly, by distinguishing columns that are null from columns that are not null—followed by sending columns that are not null—transmission resources can be effectively employed.

Abstract: A method and apparatus are disclosed herein for classification. In one embodiment, the method comprises performing tree-based classification of a user input by a classifier with a classification tree at a first location, including exchanging data with a second location, different from the first location, to obtain the user input and provide results of classification to a user using singly homomorphic encryption so that the user input is not revealed to the classifier, the classification tree is not revealed to the user and the classifier's output is not revealed to the classifier.

Abstract: Access to a data element stored within a database object is controlled. A request is received from a user to perform an operation in relation to the database object, the operation including retrieval of information from the data element of the database object. Prior to retrieving information from the data element, a determination is made whether at least a portion of the information from the data element is subject to masking in accordance with an access policy. In response to determining that information from the data element is subject to masking, the request is modified to require that information from the data element be retrieved in a masked condition.

Abstract: A method includes defining a host capability; creating for a storage device a second directory tree from a first directory tree of the storage device that is included in a file system within the storage device; and, for a data file that is stored in the storage device and is selectable for consumption by a host through the first directory tree that is included in the storage device's file system, determining whether the data file requires for consumption a host having the defined host capability. If the data file requires a host having the defined host capability, an entry is created in the second directory tree in which the data file is not selectable for consumption by the host. Otherwise, an entry is created in the second directory tree in which the data file is selectable for consumption by the host.

Abstract: The present invention concerns a method for processing a structured document to render, such as XML or HTML files. The method comprises the steps of: parsing the structured document into parsed tokens TK of structured data; constructing a first tree structure DTree storing the structured data of parsed tokens; constructing a render tree structure RTree storing the document content to render, said render tree structure being synchronized with the first tree structure; rendering the structured document based on the render tree structure RTree; wherein constructing the first tree structure DTree comprises deciding, for each parsed token TK, whether or not the parsed token is to be stored in said first tree structure, and storing the structured data of the parsed token therein only in case of positive decision. Partial first (DOM) tree DTree is therefore stored in memory, reducing memory use and processing time before rendering the structured document.

Abstract: Methods and systems are disclosed for anonymizing a dataset that correlates a set of entities with respective attributes. The method comprises determine clusters of similar entities. Determining the clusters comprises (1) partitioning the entities into a first group with similar attributes to one another and a complement group of entities with similar attributes to one another and (2) recursively repeating the partitioning on the groups until every group meets one or more criteria. The partitioning a group comprises choosing a reference entity from the group, determining a symmetric set of attributes based on the reference entity attributes and on an average of the group's attributes, and assigning each entity to the first or second group depending on whether its attributes are more similar to those of the reference user or to those of the symmetric set.

Abstract: A first server is configured to receive one or more summarized data groups from a second server. Each summarized data group may include: information regarding a quantity of a group of records, where the group of records includes records associated with a record type and a time interval; information regarding a quantity of records associated with an indicator within the group of records; and information regarding a failure rate associated with the group of records based on the quantity of records associated with the group of records and the quantity of records associated with the indicator within the group of records. The first server is further configured to determine a threshold based on the summarized data groups and based on the failure rates associated with the summarized data groups and send an indication to the client device based on determining that the failure rate does not satisfy the threshold.

Abstract: Methods, systems, and computer readable media for content item purging are provided. A contact item purger, such as may be incorporated within a local client application of a content management system running on a user device, may leverage knowledge as to which items have been uploaded to the content management system, and how long such content items have been stored on the user device, to propose items for deletion from the user device so as to reclaim storage space. A contact item purger may run on one or more user devices, and may activate upon various triggering events, based on various conditions and parameters, with or without user interaction, thus maintaining available memory capacity at all times.

Abstract: When redacting natural language text, a classifier is used to provide a sensitive concept model according to features in natural language text and in which the various classes employed are sensitive concepts reflected in the natural language text. Similarly, the classifier is used to provide an utility concepts model based on utility concepts. Based on these models, and for one or more identified sensitive concept and identified utility concept, at least one feature in the natural language text is identified that implicates the at least one identified sensitive topic more than the at least one identified utility concept. At least some of the features thus identified may be perturbed such that the modified natural language text may be provided as at least one redacted document. In this manner, features are perturbed to maximize classification error for sensitive concepts while simultaneously minimizing classification error in the utility concepts.

Abstract: A method and system for controlling disclosure of trace data related to moving object. The method includes the steps of: receiving, for at least one moving object in a first region, a first record aggregate; receiving, for at least one moving object in a second region, a second record aggregate; calculating trace data from at least one attribute value of a first identifier that is in received first and second record aggregates in response to data search request; calculating to satisfy a condition of the moving object passing through at least one region and to satisfy another condition of at least two of the moving objects being present in each of the region; and returning calculated trace data as a search result if the moving object moves in calculated ranges and if the moving object has the first identifier that is in both the received first and second record aggregates.

Abstract: A mechanism is provided for secure data access in a parallel processing system. A database having two tables is provided. A subset of the tables' primary key attributes is considered sensitive. A first user is authorized to access the primary key's sensitive attribute in an unmasked format, while a second user is authorized to access same data in a masked format. Two security tables are generated having a plurality of entries mapping the values of the primary key attribute in the unmasked format to the values of the primary key attribute in the masked format. A security view is generated joining the two security tables. The security view grants the first user access to the values of the primary key's sensitive attribute in the unmasked format only and grants the second user access to the values of the primary key's sensitive attribute in the masked format only.

Abstract: Various techniques, including a method, system and computer program product for restoring encrypted files are disclosed. The method includes accessing a file table record for an encrypted file. The file table record includes an encrypted file stream and extent information identifying a location of one or more portions of the encrypted file in a virtual machine image. In response to accessing the file table record a consecutive data stream is stored. Storing the consecutive data stream includes encapsulating the encrypted file stream and the one or more portions of the encrypted file.

Abstract: A method of transferring files in a data-processing network using a current node within the network includes reading an outbound content and outbound characteristics of an outbound file. An outbound message is created having outbound strings including a first set of the outbound strings representing the outbound characteristics and a second set of the outbound strings representing the outbound content. The outbound message is sent to a receiver node within the network. An inbound message is received from a sender node within the network. The inbound message has inbound strings including a first set of the inbound strings representing inbound characteristics and a second set of the inbound strings representing inbound content. An inbound file having the inbound content is stored, and the inbound characteristics are applied to the inbound file.

Abstract: A system and method for logically masking data by implementing masking algorithms is provided. The method includes receiving one or more inputs from user regarding type of data masking to be implemented depending on type of data entry. Data entries include alphabetical data, data comprising unique codes, data comprising dates and numerical data. Based on inputs received, the data entries are classified and appropriate masking algorithms are executed. For masking numerical data entries, the data entries are first grouped using clustering algorithms and are then shuffled using shuffling algorithms. For low level of data masking selected by a user, numerical data entries are shuffled within groups and for high level of data masking selected by a user, numerical data entries are shuffled across groups.

Abstract: A method for rearranging a data segment. The method comprises providing a data segment containing digital content, generating a set of human dependent variables according to a plurality of human related activities, rearranging the data segment according to the set of human dependent variables, and updating a log according to the rearranging. The digital content may be retrieved from the rearranged data segment according to the log.

Abstract: A method and apparatus for a non-revealing do-not-contact list system in which a do-not-contact list of one-way hashed consumer contact information is provided to a set of one or more entities. The set of entities determine whether certain consumers wish to be contacted with the do-not-contact list without discovering actual consumer contact information.

Abstract: The present invention is a method and system for searching for items on a computer network, such as the internet, based on a query and an exclusion specification comprising a specification of a characteristic of sources of the items, to create a list of identifiers of items relevant to the query that are not excluded by the exclusion specification. Such characteristics include measures of popularity of the sources of the items so that items from sources having popularity greater than the specified popularity may be excluded from the list.

Abstract: Various embodiments of systems and methods for automatic obfuscation of sensitive data in a database schema are described herein. The technique uses static detection of sensitive data by application type, static detection by column name, and data profiling by examining a sample of the tables data from the database schema.

Abstract: A method and system for a secured search. The method includes the steps of: receiving a search request from a searching user; determining search results to be returned to the searching user based on a security schema; and returning the search results to the searching user, where at least one of the steps is carried out by using a computer device.