Abstract: Provided are mechanisms and processes for computational risk analysis and intermediation. Security practices information characterizing security measures in place at a first computing system may be received from the first computing system via a network. Computing services interaction information characterizing data transmitted from a second computing system to the first computing system may be received from the second computing system via the network. A processor may determine a risk profile for the first computing system based on the security practices information. Based on the risk profile and the computing services interaction information, the processor may then determine an estimate of the information security risk associated with transmitting the data from the second computing system to the first computing system. A risk assessment message including the estimate of the information security risk may be transmitted to the second computing system.

Abstract: Methods, systems, and computer storage media for providing a multi-tenant system that executes graph language requests using graph operations of a graph language. A graph language request—that configures tenant data for tenants in a multi-tenant system—is executed using a graph operations engine. The graph operations engine receives and parses a graph language request that includes a list of tenants and a definition of data operations. The set of data operations of the definition are executed on a tree of data operation nodes comprising a plurality of leaf nodes and a root node. Executing the data operations is based on graph language actions (e.g., composition, transformation, and aggregation) that support asynchronously returning results data associated with configuring the Tenant data. Executing the data operations of the definition causes generation of results data (e.g., root node results or leaf node results) configuration of the tenant data in the multi-tenant system.

Abstract: Aspects discussed herein relate to the storage of data in graph databases and detecting fraudulent behavior in the stored data. Fraud detection systems may use graph databases to store data, allowing for querying the graph database to obtain data using a variety of graph semantics such as nodes, edges, and properties. Graph databases in accordance with embodiments of the invention may include account nodes and attribute nodes, where nodes of the same type are not directly linked to each other. When a particular node is updated, an updated node may be created with a higher version number than the existing node. Each node may include an indication of the node being associated with fraudulent activity. Fraud indicators may be calculated based on the relationships between the nodes and fraud indicators for the nodes.

Abstract: A method and indexing system indexes the content of a body of documents into a content index, and the metadata of the documents into a metadata index which is a parallel index to the content index. The metadata is copied into a data store that is easily accessible by the indexing system and is stored in native form. The indexing system can dynamically re-index the metadata from the native metadata in the data store to produce a new metadata index which is used to replace the original metadata index. Search queries received by a search engine associated with the indexing system are applied to both the content and metadata index and the results are merged for return.

Abstract: Embodiments of the present disclosure include systems and methods for generating names for cloud storage containers. A unique identifier associated with a user of the client device is received from the client device. Next, a hash value is generated based on the unique identifier associated with the user of the client device. A character encoding scheme is then used to encode the hash value into a first encoded value. Instances of a first character in the encoded value is replaced with a defined second character to form a second encoded value. Finally, the second encoded value is sent to a cloud storage service for the cloud storage service to create a storage container using the second encoded value as a name of the storage container.

Abstract: Techniques for automatically determining different data types found in databases are disclosed. In one example, a computer implemented method comprises receiving a portion of identifying information for one or more components of a database, and generating one or more descriptions for the one or more components based at least in part on the portion of the identifying information for the one or more components. The one or more descriptions are inputted to one or more machine learning models, and, using the one or more machine learning models, one or more data types associated with the one or more components are predicted. The prediction is based at least in part on the one or more descriptions.

Abstract: A memory image can be captured by generating metadata indicative of a state of volatile memory and/or byte-addressable PMEM at a particular time during execution of a process by an application. This memory image can be persisted without copying the in-memory data into a separate persistent storage by storing the metadata and safekeeping the in-memory data in the volatile memory and/or PMEM. Metadata associated with multiple time-evolved memory images captured can be stored and managed using a linked index scheme. A linked index scheme can be configured in various ways including a full index and a difference-only index. The memory images can be used for various purposes including suspending and later resuming execution of the application process, restoring a failed application to a previous point in time, cloning an application, and recovering an application process to a most recent state in an application log.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for reducing latency in presenting content. In one aspect, a system includes a native application that presents an interactive item and a latency reduction engine. The latency reduction engine detects interaction with the interactive item that links to a first electronic resource that is different from the native application and provided by a first network domain and in response to the detecting, reduces latency in presenting the first electronic resource, including executing a first processing thread and a second processing thread in parallel. The first processing thread requests a second electronic resource from a second network domain and loads the second electronic resource and, in response to the loading, stores a browser cookie for the second network domain. The second processing thread requests the first electronic resource and presents the first electronic resource.

Abstract: A movable photographing system is provided. The movable photographing system includes a carrier, an image capturing device, a storage device and a processing device. The image capturing device is carried by the carrier and configured to generate a first image. The storage device stores a plurality of image data. The processing device obtains the feature information of a target object in the first image, and according to the feature information, compares the first image with the plurality of image data to select a reference image from the plurality of image data. In addition, the processing device generates motion information using the first image and the reference image and the carrier moves according to the motion information to adjust the shot position of the image capturing device to generate a second image.

Abstract: Client devices can send access request messages to resource management computers to request access to a resource. A data security hub can provide centralized routing between different client devices, resource management computers, and authentication data processing servers. The data security hub can reduce the risk of sensitive authentication information from leaking (e.g., due to a breach) by limiting the amount or types of authentication information distributed to the data processing servers. The data security hub can limited the authentication information being distributed based on its sensitivity, the trust level of the client device, and the security level of the requested resource. The data security hub can also evaluate the client devices and data processing servers to identify security breaches and can cancel or reroute access requests accordingly Thus, the data security hub can maintain resource security while better preserving the privacy of the client device's authentication information.

Abstract: Systems and methods which provide for intelligent and/or optimized use of shipping services through facilitating consolidation of shipped items with respect to one or more leg of shipments are described. Embodiments provide a shipping consolidation management system operable to analyze various shipping parameters and identify situations in which consolidation of shipped items with respect to one or more legs of a shipment may be desired. Shipping consolidation management systems may provide operation to identify situations appropriate for forming consolidated shipments associated with a single shipper and/or a plurality of shippers. A shipping consolidation management system of embodiments operates to print consolidated shipment documentation for use with respect to the consolidated shipment.

Abstract: A database reporting device that includes a network interface in signal communication with a database. The network device further includes a processor configured to receive a report request comprising a project key and to identify data records associated with the project key. The processor is further configured to identify a report template for a user associated with the report request and to identify data record element types corresponding with sections of the identified report template. The processor is further configured to generate a search query for data record elements corresponding with the identified data record element types and to send the search query to the database. The network device is further configured to receive a plurality of data record elements, to populate the report template with data record elements that correspond with data record element types for each section, and to output a report based on the populated report template.

Abstract: Systems and methods are disclosed for reducing redundancy in medical database management. An example system may include an application program interface communicatively linked to a user interface associated with each of: a plurality of hospital information systems, a plurality of source devices associated with each of the plurality of hospital information systems, and a plurality of electronic data management systems. The system may further include a mapping module configured to map lexical tokens between patient-specific data forms used by each of the system components. An example method may performed by a computing device having one or more processors may include receiving, from the source devices, patient-specific health data; generating updates to patient-specific electronic health records (EHR) for patients; generating patient-specific electronic data capture (EDC) data associated with the patients, and updating electronic data management systems with the patient-specific EDC data.

Abstract: A network connection method includes: establishing a backup connection between a smart device and a network access device when the smart device fails to establish a network connection with the network access device due to incorrect networking verification information; receiving updated networking verification information sent by the network access device through the backup connection; and establishing the network connection with the network access device by using the updated networking verification information.

Abstract: A database-management system (DBMS) dynamically adjusts the logical and physical partitioning of data stored in database tables. An artificially intelligent DBMS partition manager draws expert inferences from the DBMS's current workload, execution logs, and data statistics, in order to identify ranges of database key values that are frequently accessed by incoming queries. The ranges are allocated to logical partitions that are then mapped to physical partitions, such that database records identified by a pair of subranges are stored in proximate areas of physical storage. This partitioning reduces the number of physical-storage accesses by populating each physical partition with records likely to be accessed together.

Abstract: A software code optimizer automatically detects inefficiencies in software code and corrects them. Generally, the software code optimizer converts software code into a graph representing the workflows and relationships in the software code. The graph is then converted into vectors that represent each workflow in the software code. The vectors are assembled into a matrix that represents the software code. The matrix may be stored in a cluster in a database as an example of optimized software code or be compared with other matrices stored as clusters in the database to determine whether the software code is optimized. The software code optimizer can change the software code to be more efficient if a matrix for an optimized version of the software code is found in the database.

Abstract: A system and method detects and handles replay attacks using counters maintained for each of several different periods for various values of IP addresses and browser description attributes encountered.

Abstract: An application freezing management method, a device and a terminal are provided, and the method includes: acquiring at least one application freezing condition. Corresponding application unfreezing strategies for the application freezing conditions is configured, and a mapping relation between the corresponding application freezing conditions and the application unfreezing strategies is generated. Thus different application unfreezing strategies can be configured for different application freezing conditions according to actual acquirements of user, the user's individualized requirements can be satisfied, diversities of the application unfreezing strategies and practicality of the application freezing management are improved, and user experience is improved.

Abstract: A system and method for distributed exchange and transformation of structured data with reproducibility and complete provenance are described. Data enters the system through the plurality of data publishers that share data in the form of append-only historical logs of events. Plurality of parties can then collaborate on improving and enriching data by defining the transformation rules, forming a potentially distributed computational graph. Data from any stage of such graph can be accessed by plurality of consumers. Stream processing techniques are used to minimize the propagation latency of data through the graph. Bitemporal data modelling and determinism of transformations enable reproducibility and verifiability of the results. Every event that influences how data looks like is tracked in the temporal metadata which enables provenance and dataset evolution.

Abstract: A policy-based printing system is implemented to allow access to a private domain to print using a public domain. The private domain includes private servers that store documents. The public domain includes servers and a printing device. A public policy server uses a domain list and a protocol connection with a private authentication server to validate a user and identify which private domain to access. The public policy server receives requests from the printing device to process a print job of a document in the private domain. A list is generated from the private server storing the documents based on the policy or other criteria. The list is provided to the user so that an approved listed document can be selected for printing.

Abstract: The example embodiments are directed to a system and method for tag mapping. In one example, the method includes receiving a request to perform tag mapping for a target tag of a master data set, the target tag representing a target component of an asset, querying a customer data for a plurality of candidate tag records based on the target tag, tokenizing the plurality of candidate tag records included in the customer data set, reducing an amount of the tokenized tag records in the customer data set based on the target tag and each tokenized candidate tag record, performing tag mapping with the reduced amount of tokenized tag records to identify at least one candidate tag that is a possible match to the target tag, and outputting information concerning the identified at least one matching candidate tag.

Abstract: Methods of secure resource authorization for external identities using remote principal objects are performed by systems and devices. An external entity creates a user group and defines entitlements to an owning entity's secure resource as a set of permissions for the group. An immutable access template with the permissions and an access policy for the secure resource are provided to the owning entity for approval. On approval, a remote principal object is created in the owner directory according to the permissions and access policy. A remote principal that is a group member requests access via an interface to the owner domain using external domain credentials. The identity of the remote principal is verified against the remote principal object by a token service. Verification causes generation and issuance of a token, with the enumerated entitlements, to the remote principal interface affecting a redirect for access to the secure resource.

Abstract: The present disclosure involves systems, software, and computer implemented methods for enabling data source extensions for individual customers of a cloud platform. One example method includes receiving an extension request, from a particular customer, to extend a data source used to populate an application output. A selection is received of at least one field to be included in a data source extension that extends the data source. Extensibility metadata is stored, in association with the particular customer, that defines the data source extension. The extensibility metadata identifies the data source, the particular customer, and the selected at least one field. A data request is received, from a client device of a user of the customer, for a field included in the data source extension. The data source extension is used to retrieve a field value for the field and the field value is provided in response to the data request.

Abstract: In an approach for providing a self-learning framework for performance analysis using content-oriented analysis, a processor initiates a performance analysis of a dump on a thread. A processor presents time information and an associated location of the time information. A processor analyzes the time information by registering the time information into a knowledge base to debug errors in a computer program. Subsequent to a query for dump information, a processor displays the analyzed time information, based on the performance analysis.

Abstract: Disclosed is a method and system (102) for establishing communication between users. The method comprises receiving, from a first user operating on a social networking platform, a unique identifier associated with a second user to whom the first user wishes to send an anonymous notification, for communicating over a social networking platform. A tag is stored over a server for establishing communication between the first user and the second user, on said social networking platform. The tag expires after a predefined time period. The anonymous notification is delivered to the second user, indicating a known person's interest to communicate with the second user. Communication is established between the first user and the second user, over said social networking platform, after the second user correctly predicts the first user to be the sender associated with the anonymous notification, before expiry of the predefined time period associated with the tag.

Abstract: A method, system and computer program for implementing fine-grained access control (FGAC) of data stored in a dataset. In response to receiving a data query statement from a user, any representational index exclusions that are relevant to the data query statement are identified, wherein each index exclusion specifies an access restriction to the data. It is then determined whether any of the identified representational index exclusions are to be applied to the data query statement, and if ‘yes’ then the data query statement is modified before being processed, so that processing of the query takes place by searching the dataset under restriction of the representational index exclusions. The proposed approach allows for easy creation and modification of FGAC privacy rules without introducing performance gaps in processing the data query statements.

Abstract: Systems and methods are described for providing escalation-resistant network-accessible services by providing the service through a set of service instances, each executing in an environment with privileges scoped based on a user requesting to access the service. Each service instance can be implemented by code on a serverless code system, executed in response to a user request to access the service. Because the code is executed in an environment with privileges scoped to those of a requesting user, the code itself need not attempt to limit the privileges or a requesting user. For that reason, potential for privilege escalations of the service are reduced, even if vulnerabilities in the code might otherwise allow for such escalations.

Abstract: A method for securely sharing a common software package includes storing, within a database, a set of software packages associated with a first namespace, then storing, within the database, a common software package associated with the set of software packages. The common software package is obfuscated and includes an access modifier. A request to install a first software package selected from the set of software packages associated with the namespace is received by a subscriber. In response to the request from the subscriber, the system installs the first software package and the common software package in accordance with the access modifier.

Abstract: At least one processor device is configured to receive a first authentication request for authenticating a first user, the first user having been authenticated on a first application with a first user identification (ID) using a first ID federation between the first application and a federation server, determine that the first user is authorized to access information of a second user on a second application based on the first user ID, the second user being associated with a second user ID, and send a second authentication request for authenticating the first user to the second application with the second user ID using a second ID federation between the federation server and the second application.

Abstract: A computer-implemented method for completing queries propagated across a plurality of datasources that may include receiving a search query comprising a search string via an application user interface. Identity information regarding an end user associated with the search query may also be received. At least one role of the end user may be automatically determined and authorization metadata corresponding to the at least one role may be automatically appended to the search query. A plurality of adapters corresponding to the datasources may be invoked and the appended search query may be passed to the adapters. The appended search query may be translated by the adapters into a plurality of translated search queries according to the syntax and format configurations of the datasources. The translated search queries may be automatically submitted to the corresponding datasources. Responsive results may be automatically received and presented at an end user computing device.

Abstract: A method for tracking actions performed in association with a data set includes identifying multiple sources of historical information describing actions performed on the data set. The method periodically gathers this historical information from the multiple sources and compiles the historical information in a centralized repository. In certain embodiments, the method stores the historical information in the form of individual records associated with the data set. In the event any actions performed on the data set are the result of policies established for the data set, the method determines the policies associated with the actions where possible. The method includes these policies with the historical information in the centralized repository. A corresponding system and computer program product are also disclosed.

Abstract: The present disclosure provides user-interface methods and systems for submitting search requests to search engines and presenting search results therefrom customized using content preferences learned about a user, comprising sending query information to at least two search engines, including a query identifying desired content, and user information, including context information describing the environment in which the query information is being sent, and a user signature representing content preferences learned about the user; receiving at least one set of a search result and auxiliary information from the at least one search engine in response to sending the query information, including information describing attributes of the search result that led to the search result being chosen by the at least one search engine; ordering the at least one search result based at least in part on the auxiliary information; and presenting the ordered search results to the user.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for distributing content items. In one aspect, a method includes presenting an immersive content item at a client device. The immersive content item includes a first presentation interface that includes a scrollable image portion that presents an image having a first interaction point and a preview graphic indicating the availability of other images for presentation. The immersive content item also includes a second presentation interface that is initiated upon interaction with the first interaction point. The second presentation interface includes a scrollable image portion that presents an image from a plurality of images and an image sequencing indicator.

Abstract: A computer system, in response to intercepting a database server response with a result set issued by a database server in response to a database query received by the database server, extracts a selection of data from the result set, the selection of data identifying dynamic query elements of the dynamic database query as constructed by the database server at runtime. The database activity monitoring service determines whether the dynamic query elements comply with any security policies. The database activity monitoring service, in response to determining that the dynamic query elements fail to comply with any security policies, issues a security alert.

Abstract: Provided are a computer program product, system, and method for providing access to data storage services in a network environment. Multi-tenancy information for each of a plurality of clients has at least one tenant assigned to the client, at least one data source assigned to the tenant assigned to the client, and for each of the at least one data source, information on at least one user assigned to the data source and permitted access to the data source. A user is provided an isolate tag comprising a client tag identifying one client, a tenant tag identifying one tenant, and a data source tag identifying one data source to which the user is permitted to access data. A user access request with an isolate tag is processed in response to determining that the multi-tenancy information indicates that the client, tenant, and data source identified by the isolate tag are related.

Abstract: A user is provided with insights into their upcoming day. One or more calendars for the user are identified. The identified calendars are then heuristically analyzed to calculate one or more insights into an upcoming day for the user, and these calculated insights are provided to the user. One or more electronic messages each of which was received by or sent by the user are also identified. The identified electronic messages are then heuristically analyzed to calculate one or more insights into an upcoming day for the user, and these calculated insights are provided to the user. The identified calendars and the identified electronic messages are also heuristically analyzed together to calculate one or more insights into an upcoming day for the user, and these calculated insights are provided to the user.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for advertisement distribution using a multi-tenant on-demand database system. These mechanisms and methods for distributing advertisements using a multi-tenant on-demand database system can integrate an advertisement distribution service with the services provided by the multi-tenant on-demand database system. The ability to provide an advertisement distribution service with the services provided by the multi-tenant on-demand database system can enable the distribution of advertisements to take advantage of other data stored by and/or services provided by the multi-tenant on-demand database system.

Abstract: Systems and methods are provided for delaying publicizing, at a second source, upload of a content item to a first source, until confirmation of availability of the content item at the first source. In one or more aspects, a system includes an upload component configured to upload content to a content server, a share component configured to receive selection of a sharing source to post a notification that informs users regarding availability of the content at the content server, a confirmation component configured to receive confirmation from the content server in response to the content becoming available at the content server following the upload of the content, and a notification component configured to post the notification at the sharing source in response to receipt of the confirmation.

Abstract: Examples described herein include systems and methods for creating a per-app virtual private network (“VPN”) using hooking, even though an isolated process is used for networking functions. The isolated process can include networking functions of the WebView class for ANDROID. The application can start an HTTP proxy server to receive local HTTP requests. Then, the application can trigger a broadcast to the isolated process, causing the isolated process to route its HTTP requests to the HTTP proxy of the application. The application can then hook HTTP requests and send them to a virtual private network (“VPN”) tunnel server. This can allow an application to securely connect to enterprise files or data even though the networking functions occur in the isolated process.

Abstract: Methods and systems are disclosed for endpoint protection and authentication schemes for a host computer system having an internet isolation system. A first host computer system may include a first memory space and a second memory space. The first memory space may be configured to enable storage and operation of a workspace configured to execute a first set of one or more applications and processes running on an operating system of the first host computer system. The second memory space may be configured to enable storage and operation of a second set of one or more applications and processes associated with an isolated computing environment (e.g., a sandboxed computing environment) configured to run on the operating system. When the first host computer system is connected to a network that is known or associated with a predetermined security policy, the first host computer system may instantiate a predetermined security policy configuration.

Abstract: A system includes servers that are connected in series, and a top of rack (TOR) switch having a first TOR switch port and a second TOR switch port that are connected to a first end and a second end, respectively, of the series connected servers. A multi chassis link aggregation group may be established on the first TOR switch port and the second TOR switch port to transform the series connected servers into a single logical channel. A highest media access control address is determined from the servers to represent the single logical channel.

Abstract: Methods and systems for securely sharing files with user devices based on location are described herein. A computing device may receive, from a user device, a request to share a file. The computing device may determine other user devices at the location of the user device desiring to share a file. Unique tokens and/or unique session identifiers may be generated to facilitate secure sharing of the file, and each token and/or session identifier may correspond to a different user device. The computing device may send, to each different user device, the device's corresponding token and/or session identifier. The computing device may also send, to the user device desiring to share the file, the tokens and/or session identifiers for the other user devices. The user device may securely send the file to one or more of the other user devices using the tokens and/or session identifiers.

Abstract: Systems, methods, and machine-readable medium are described for customizing an application. A method includes receiving, by a network-based transaction facility, a selection of a first geographically targeted website. The method also includes receiving, by the network-based transaction facility, geographically targeted site preferences for the selected first geographically targeted website. Finally, the method includes receiving a request to create a first transaction listing, the first transaction listing to be created at the first geographically targeted website based on the first geographically targeted website preferences.

Abstract: In one embodiment, a method is illustrated as including receiving a search query, the search query relating to a patent, retrieving data relating to a term contained in a claim limitation in the patent, the data including at least one of intrinsic or extrinsic evidence associated with the term by a hyperlink, and displaying the claim limitation and the hyperlink. Further, a computer system is illustrated as including a receiver to receive a search query, the search query relating to a patent, a retriever to retrieve data relating to a term contained in a claim limitation in the patent, the data including at least one of intrinsic or extrinsic evidence associated with the term by a hyperlink, and a display to display the claim limitation and the hyperlink.

Abstract: A system and method can be provided to facilitate the comparison of different data sets associated with different organizations. A first data set belonging to a first organization and a second data set belonging to a second organization can be provided. Permissions can be set such that users associated with the first organization cannot view the data contained in the second data set and vice versa. The data sets can be compared based on selected data categories to generate a third data set of match results. The comparison can comprise the use of fuzzy logic. Unmatched data can be excluded from the third data set to protect sensitive data of each organization. The third data set can then be shared between the first and second organization.

Abstract: A notification apparatus according to an example aspect of the invention includes a memory that stores instructions; and at least one processor coupled to the memory, the at least one processor being configured to executing the instructions to: determine a second terminal from a plurality of terminals based on a distance between each of the plurality of terminals and a first terminal in a particular state; and perform a notification to a manager of the second terminal, the notification relating to a situation where the first terminal is in the particular state.

Abstract: A network configuration apparatus includes a user interface module configured to receive a traffic request from a user. The traffic request includes a source and a destination for desired traffic. A barrier identification module obtains network data indicating a set of networking devices present in a route between the source and the destination. For each of the devices, the barrier identification module determines whether the device may block traffic from reaching the destination and, if so, adds the device to a set of potential barriers. A route analysis module, for each device of the potential barriers, flags the device if it will block the desired traffic. The user interface module, in response to there being at least one flagged device, transmits an alert that the traffic request is a failure; and, in response to there being zero flagged devices, transmits an alert that the traffic request is a success.

Abstract: The present disclosure provides a method and a device for generating a review article of hot news, and a terminal device. By way of example, the method may include: determining hot news based on reading feedback information and publishing time of respective news in a current webpage library; obtaining review data corresponding to the hot news; selecting a target review set from the review data based on a preset high-quality review model; and generating the review article based on the hot news and the target review set corresponding to the hot news.

Abstract: Some aspects of the disclosure provide a method comprising receiving, on a digital device, a selection of a first application state of a set of application states of an application, identifying and retrieving path instructions indicating a series of steps to navigate the application to the selected first application state of the set of application states, providing the path instructions to an accessibility module configured to provide accessibility services to a user of the digital device, and navigating, by the accessibility module, the application using the path instructions to configure the application to the selected first application state.

Abstract: In one embodiment, a method includes, for each of a plurality of channels at a well site, converting channel data from a source data format to a common data format in real-time as the channel data is generated. The common data format includes a plurality of elements organized into a plurality of sets. Each element includes a minimum collection of fields. The method further includes, for each of the plurality of channels, storing the converted channel data in a data store as part of the at least one element.