Abstract: A system for a video sharing service for inmates in correctional facilities is disclosed. The system includes an inmate device of an inmate, a database storing inmate profiles, and a video sharing server configured to receive a registration request from the inmate device for registration of an inmate for the video sharing service, the registration request including user credentials of the inmate, retrieve an inmate profile of the inmate from the database, authenticate the inmate based on the user credentials and the inmate profile, create an account for the inmate for the video sharing service in response to authentication of the inmate, receive an upload request to upload a video from the inmate device, analyze the video for restricted content, and assign a rating to the video based on the analysis.

Abstract: Computer-readable media, methods, and systems are disclosed for displaying a visual indication that an analytics rendering is authentic, and the integrity of the data is accurate and trusted. An analytics rendering comprising at least one table, chart, or graphic rendered from a plurality of aggregated data inputs from a plurality of microsystems may be selected. In a user interface for the analytics rendering, one or more structural identifiers associated with each data input of the plurality of aggregated data inputs can be displayed. A data input from the plurality of data inputs can then be selected and, responsive to receiving an instruction from a user, a visual indicator can be applied to the data input. If the one or more data inputs having an applied visual indicator is modified, the visual indicator will be visually altered in response the modification to the one or more data inputs.

Abstract: A spreadsheet supports formulas in cells that trigger queries of a data source. The parameters for queries can include or depend on values in other cells in the spreadsheet. Thus, the precise query submitted to the data source is dynamic, being dependent on the data and formulas in the spreadsheet. Furthermore, on receiving the query results, they are added to cells in the spreadsheet, which can be parameters for other queries defined in other cells. Changing the value of a single cell can automatically trigger an update of an arbitrarily deep hierarchy of calculations that can include an arbitrary number of data source queries.

Abstract: System and method for universal file access control in which a processor determines whether or not a user or process requesting access to a file has been granted an access privilege to the file by reading an access control list associated with the user or process or with a group to which the user is a member; if the user or process is determined to have been granted access privilege, retrieve stored directory descriptor information associated with the requested file; obtain a unique file handle associated with the user or process and the requested file; determine if the unique file handle has been used before by comparing the obtained unique file handle with a plurality of stored prior-used file handles; and if the unique file handle has not been used before, retrieve the requested file according to a local access protocol.

Abstract: Methods and systems for request orchestration. One system includes an electronic processor configured to receive a request including request metadata and identify a data attribute associated with the request. The electronic processor is also configured to determine an execution plan for enriching the request metadata based on the data attribute. The electronic processor is also configured to execute an application function according to the execution plan to enrich the request metadata. The electronic processor is also configured to evaluate the enriched request metadata. The electronic processor is also configured to generate and transmit a response to the request based on the evaluation of the enriched request metadata.

Abstract: Techniques are described for in-service configuration data migration for distributed micro service-based applications. In one example, a network device comprises a plurality of legacy data repositories comprising configuration data in key-value pair format that specifies a plurality of parameters and corresponding values for operation of the network device, and a hierarchical configuration data model having a plurality of nodes arranged in a hierarchical organization having a root node and a plurality of leaf nodes. Each of the nodes of the configuration data model is configured to store a set of configuration data parameters for the network device. One or more of the nodes includes a plurality of external references to respective parameters of the plurality of parameters stored within the plurality of legacy data repositories. Process circuitry is configured to perform a migration of the configuration data from the legacy data repositories to the hierarchical data model.

Abstract: Embodiments of a multi-tenant cloud system include a first data center adapted to authenticate a first plurality of registered clients and located in a first geographic area, and a second data center adapted to authenticate a second plurality of registered clients and located in a second geographic area that is different from the first geographic area. The first data center receives a request from a first client of the first plurality of registered clients to access a resource of the second data center and validates the request from the first client and issues a global access token. The second data center receives the request with the global access token. A cloud gate at the second data center, based on the global access token, validates the request and provides the resource to the first client.

Abstract: Methods and systems for revoking electronic messages. One method includes storing, for each of a plurality of forwarded messages, a record in a data store, each record including a link to an original message for the forwarded message, and receiving a request to revoke a forwarded message. In response to receiving the request, the method includes identifying an original message the forwarded message via a record stored in the data store and notifying, with an electronic processor, a user associated with the original message of the request to revoke the forwarded message. In response to receiving an instruction revoking the original source message from the user, the method includes identifying each forward of the original message via records stored in the data store and revoking the original message and each message associated with each record stored in the data store including a link to the original message.

Abstract: An apparatus comprises a processing device configured to monitor, over time intervals each comprising multiple time slices, client requests to access software container instances hosted by container host devices of a geographically-distributed software container platform, and to generate cluster pattern data comprising geographic clusters for the software container instances in each of the time slices. The processing device is also configured to predict, for a given time slice in a given subsequent time interval, formation of a geographic cluster of client requests for a given software container instance based on the cluster pattern data. The processing device is further configured to calculate network distances from the predicted geographic cluster to each of the container host devices, to select one of the container host devices based on the calculated network distances, and to proactively replicate the given software container instance in the selected container host device.

Abstract: Devices, systems, and methods are provided for classifying voice search queries. A system may receive voice data associated with a voice utterance, the system being associated with a network. The system may determine that the voice data is associated with a question, and may determine an absence of an answer to the question. The system may determine a score associated with the question, the score indicative of a risk of disclosure of sensitive information associated with a person. The system may determine that the score fails to satisfy a threshold, and may send the question to a device, wherein the device is remote from the network. The system may receive data associated with the question.

Abstract: In certain instances, a data management application (software application) that manages moving data files, and the like, from a primary high-speed storage system. An end-user can configure the data management application for particular files via management policies. Based on the management policies, after a file is migrated from the primary storage system to a targeted secondary storage system, a breadcrumb pointing to a webpage for the migrated file is left behind in the primary storage system. The webpage can be used to manage the migrated file, such as moving the migrated file back to the primary storage system.

Abstract: Aspects of the disclosure relate to management of databases in different server environments. In particular, various aspects of this disclosure relate to correction, synchronization, and/or migration of databases between different database servers. A feed file that is rejected from loading in a database associated with a source server may prioritized in a destination server. A feed file hierarchy of the rejected feed file may be determined and the destination server may process loading of the rejected feed file to a database based on the determine feed file hierarchy. Any corrections applied at the destination server may also be applied at the source server.

Abstract: To facilitate improved email and device security, embodiments of systems and methods include intercepting, by a processor associated with an entity, an internet request, where the internet request is produced by a link received in an email at a first computing device. The processor determines that the link is externally bound relative to an entity network. The processor determines an existence of a sandbox environment instance in a set of existing sandbox environment instances. The processor routes the link through the sandbox environment instance. The processor updates the sandbox log in the database based on the sandbox environment instance and the link. The processor causes to display on a screen of the first computing device a user interface for interacting with the link in the sandbox environment instance, and the processor logs activities associated with interacting with the link in a security log.

Abstract: The technology disclosed includes a system to efficiently classify sensitivity of document generated by and downloaded from cloud-based provider services. The system monitor's a user's network traffic at an endpoint that initiates generation of the document and receives a web page identifying the document generated. The system parses the user's network traffic that selects the document for download and intercepts a critical metadata in an API parameter string used to download the document. The system interprets the critical metadata to analyze sensitivity of the document to assign a sensitive classification to the document. Data exfiltration prevention measures are triggered upon detection of attempted exfiltration of the document based on the sensitivity classification.

Abstract: Methods and systems for data collection in an industrial refining environment with haptic feedback and data storage control are disclosed. A system may include a data collector communicatively coupled to a plurality of input channels, wherein the data collector collects data based on a selected data collection routine, a data storage structured to store a plurality of collector routes and collected data, wherein the plurality of collector routes each include a different data collection routine, a data acquisition circuit structured to interpret the collected data and determine an occurrence of an anomalous condition, a data analysis circuit to evaluate a data storage constraint of the monitoring system and to adjust a volume of collected data stored in response to the evaluation, and a haptic user device for generating a haptic stimulation in response to an occurrence of a specified anomalous condition in the refining environment.

Abstract: A method and an apparatus for file transmission are provided. The method may include receiving a file sending request initiated by a source user for a preset file; sending an approval message for the file sending request to an approval user corresponding to the source user when the source user does not have a transmission privilege for the preset file; and setting the preset file as an obtainable state for a target user corresponding to the file sending request in response to the approval message being approved by the approval user. The technical solutions of the present disclosure can prevent an approval operation of a file from interrupting a communication process between users, help to simplify user operations, and improve the smoothness of the communication process.

Abstract: A method utilized in a mobile device includes: sending a file management command from the mobile device to a flash memory controller; receiving a file entry table from the flash memory controller; calculating a sum of data amounts of a plurality of entries corresponding to file(s) and/or sub-directory(s) in a specific directory; and comparing the sum of data amounts with a specific maximum data amount to determine a message reported to the specific application of the mobile device.

Abstract: A multi-tenant, elastically scalable cache as a service is disclosed. Embodiments of the cache service eliminate the need for applications to manage their own cache tier. The multi-tenant cache service is implemented by maintaining/creating multiple named caches in a cache cluster and mapping each tenant's cache to a named cache in the cluster. Strict quotas are enforced on cache sizes This allows caches with different replication attributes to co-exist on the same cache server, allows migration of a cache from one cluster to another for load balancing purposes, and allows a cache to inflate/deflate to meet business needs. A network load balancer is used to route cache items to servers.

Abstract: A data querying system is disclosed that provides improved computer functionality that enables efficient permissioning and querying of specific portions of a data table, such that users (e.g., based on user roles or user attributes) are only allowed access to specific portions (e.g., particular data items/rows, and particular data items attributes/columns) of the data. The system advantageously provides efficient and improved querying and permissioning of specific portions of a data table through replication of the data table, or portions of the data table, and does not require permissioning of each individual cell of the data table. Further, the data table replication, querying, and permissioning techniques of the present disclosure, according to various implementations, advantageously integrate with a wide variety of data table query or search services to provide improved functionality, efficiency, and data permissioning.

Abstract: Described are techniques for an access management protocol including a method comprising associating a granted permission set and a constrained permission set to a user profile in an access management system. Respective granted permissions in the granted permission set authorize the user profile to perform the respective granted permissions, and respective constrained permissions in the constrained permission set preclude the user profile from performing the respective constrained permissions. The method further comprises receiving a permission-based request at the access management system and from the user profile and determining that the permission-based request is associated with a permission that is included in both the granted permission set and the constrained permission set. The method further comprises rejecting the permission-based request.

Abstract: Methods and systems for providing a cost effective and robust security solution for shared files stored by file sharing software solutions are described herein. The methods and systems for generating a ledger associated with shared files, which may include scanning data received from applications associated with a number of client devices and from a cloud based scanner. An access manager may control file permissions granted to users based on requests for scan data from each user device requesting access to a shared file. A plurality of different scanning applications may provide data that is collected for each shared file to provide a diverse analysis of a shared file to increase user confidence in a file security status.

Abstract: Systems and methods are described for attributing online actions to previously delivered electronic advertisements on a plurality of devices using a plurality of device identifier (ID) clusters without use of central IDs. Each device ID cluster is associated with a device, and each device has device characteristics. Each device ID cluster includes one or more device identifiers. Device-related ad impression data and online action data is received. This data includes a device identifier associated with the device. The device identifier is used to identify the device ID cluster associated with the device to which the ad impression was delivered or the online action took place on. Copy devices are selected and paired with respective devices, and the same ad impression data or online action data are assigned to respective copy devices, thereby anonymizing the devices for which the device-related ad impression data or online action data was received.

Abstract: Systems and methods are provided for provisioning access rights to physical computing resources using an IAM system implementing an IAM data model. The IAM data model may identify logical and physical computing resources. An access request handler may receive an access request and identify a set of logical permissions based on the access request. The access request handler may derive a set of logical entitlements based on the set of logical permissions. An entitlement translator may translate the set of logical entitlements to a physical entitlement specification based on a set of physical permission specifications associated with the set of logical permissions. A physical permission specification may be obtained by mapping a logical permission to one or more physical permissions. An access control manager may then provision access rights to at least one physical computing resource indicated in the physical entitlement specification.

Abstract: Techniques for improving database searches are described herein.

Abstract: Techniques described herein can allow users to share cached results of an original query with other users while protecting sensitive information. The techniques described herein can check whether the other users have access to the underlying data queried before allowing those users to see the stored query results. That is, the system may perform privilege checks on the shared users before giving them access to the stored query results but without having to re-run the original query.

Abstract: Application layering is a technology that separates applications from an operating system image. In some cases, information inside an application layer needs to be modified when that layer is delivered to a computer to be executed correctly in a specific environment. Described is a technique to allow those operations to be defined and executed outside of the operating system that will be running the application layer, so that a single application layer can be delivered to heterogeneous end points without the need to take up additional computation on the guest machine it is being delivered to, to ensure application compatibility when applications reside in more than one layer, to install applications into a layer without knowledge of a specific platform, and to modify the image to provide the required drivers and services to support any platform.

Abstract: The present disclosure relates generally to threat detection, and more particularly, to techniques for managing user access to resources in an enterprise environment. Some aspects are directed to the concept of managing access to a target resource based on a threat perception of a user that is calculated using a rule or policy based risk for the user and a behavior based risk for the user. Other aspects are directed to preventing insider attacks in a system based on a threat perception for each user logged into the system that is calculated using a rule or policy based risk for each user and a behavior based risk for each user. Yet other aspects are directed to providing a consolidated view of users, applications being accessed by users, and the threat perception, if any, generated for each of the users.

Abstract: A facility for managing filesystem object storage quotas (i.e., size limits) in a storage environment is disclosed. The facility enables users to establish, modify, and remove quotas on directories and files within a filesystem. Each quota acts as a soft limit on the size of the associated filesystem object, including any child objects of the filesystem object. The facility improves the speed at which the system can test for and identify violations of quotas established for individual filesystem objects by using aggregation and reconciliation techniques rather than constantly traversing a filesystem in its entirety to test for violations of quotas.

Abstract: A method of updating and editing realized topologies, comprising presenting a realized topology to a user, receiving input indicating modification of portions of the realized topology, and with a processor, executing logic associated with the modified portions based on a number of lifecycle management actions (LCMAs) of the realized topology. A system to update and edit a realized topology, comprising a processor and a graphical user interface (GUI) communicatively coupled to the processor, in which the GUI presents to a user a graphical representation of the realized topology, and in which the system receives input indicating modification of portions of the realized topology, and with a processor, executes logic associated with the modified portions based on a number of lifecycle management actions (LCMAs) of the realized topology.

Abstract: A content management system for collecting files from one or more authenticated submitters in a collection folder. A collector, who generates the collection folder, can invite one or more submitters to submit one or more files to the collection folder. The one or more submitters have limited rights to the collection folder. The limited rights can include uploading rights and prohibiting a submitter from viewing files that other submitters associated with the collection folder submitted. Thus, the collection folder is able to store files from the one or more submitters, but prevent them from viewing other's submissions.

Abstract: Methods, computer-readable media, software, and apparatuses may assist a consumer in deleting personal information held by a data broker. Entities holding the consumer's personal information may be discovered and automated actions for purging or deleting the consumer's personal information may be determined. The methods, computer-readable media, software, and apparatuses may assist the consumer in updating privacy settings associated with accounts at various entities.

Abstract: Eyes of an operator of a device are tracked with respect to an interface element of an interface presented on a display of the device. An interface operation that is directed to an interface element is determined based on a gaze of the eyes, a predefined movement of the eyes, and/or predefined movements of eyelids for the eye. The interface operation is processed on the interface element within the interface.

Abstract: A method includes generating, by a computing device, a unique identifier (ID) based on copyright information associated with textual content, wherein the copyright information and the textual content are recorded on a blockchain of a blockchain network; identifying, by the computing device, one or more attributes associated with punctuation marks included in the textual content; and embedding, by the computing device, the unique ID in the textual content by changing the one or more attributes associated with the punctuation marks in a manner representative of the unique ID, wherein the embedding produces information-embedded text configured to enable retrieval of the copyright information from the blockchain based on the unique ID, and wherein visual difference between the textual content and the information-embedded text is not apparent to an unaided human eye.

Abstract: Systems and methods described herein relate to generation of media collections in a messaging system. The media collection may be created by the user, other users, or an entity. Example embodiments further allow users to set access criteria through privacy settings assigned to one or more media content items themselves, as well as to a media collection, such that some or all of the media collection may only be viewed by users authorized by the user sharing the media content item or media collection (e.g., only to one or more users designated by the user as a “friend”).

Abstract: A method for capturing and querying pseudonymous video data is provided. The method may include capturing a video using one or more video cameras. The method may include transmitting the captured video, via a video transformation encryption module. The video transformation encryption module may transform the captured video into an encrypted documentation file. The method may include receiving and storing the captured video as an encrypted documentation file in a storage location. The method may include receiving a binary query from a first user. The query may relate to the captured video. The method may include using an executable file to peruse the encrypted documentation file to determine a binary response to the binary query. The method may include transmitting the binary response to the first user.

Abstract: In some examples, a computer system may receiving a request to allow a second user associated with a second user account to access at least one of a folder or a link associated with a first user account of a first user. The computer system may determine a first profile associated with the first user account, and may further determine whether sharing whitelisting is enabled for the first profile. Additionally, the computer system may determine a second profile associated with the second user account, and may determine whether the second profile is included in a sharing whitelist of the first profile. When sharing whitelisting is enabled for the first profile, the computer system may allow a client device associated with the second user account to access the folder and/or the link when the second profile is included in the sharing whitelist of the first profile.

Abstract: A computer-implemented method is provided for detecting characteristics of usages of problem expressions for each of multiple authors. The method includes providing, by a hardware processor, a set of regular expression patterns configured to detect the problem expressions. The method further includes detecting, by the hardware processor based on the set of regular expressions, respective sets of the problem expressions which are (i) used in each of multiple analysis units, (ii) associated with a respective one of each of the multiple authors, and (iii) associated with a respective one of each of multiple artifact types. The method also includes finding, by the hardware processor using automatic feature selection, a set of important expressions in the respective sets of problem expressions. The method additionally includes detecting, by the hardware processor, a typical tendency of the usages of the problem expressions for each of the multiple authors, based on the important expressions.

Abstract: To achieve mutual monitoring of an operating state in consideration of an object storage. A calculator (10) according to the invention, which forms a cluster together with another calculator (20), includes a storage request unit (11) that requests an object storage (30) that manages data on an object-by-object basis to store first state information indicating a normal state of its own calculator, an acquisition request unit (12) that requests the object storage (30) to acquire second state information indicating a normal state of the other calculator (20), and a cluster control unit (13) that performs cluster control based on a result of storing the first state information and a result of acquiring the second state information, and when a result of acquiring the second state information is not the latest result, the acquisition request unit (12) requests acquisition of the second state information a specified number of times.

Abstract: A method for execution by a query processing system includes determining a first set of query rules for first data received from a first data provider and to determine a second set of query rules for second data received from a second data provider. A query received from a requesting entity is determined to involve at least one query function that accesses a subset of the first data. Compliance data is generated by determining whether the query complies with the first set of query rules. When the compliance data indicates the query complies with the first set of query rules, a query result is for the query based on execution of the query, and the query result is transmitted to the requesting entity. The query result is not transmitted to the requesting entity when the compliance data indicates the query does not comply with the first set of query rules.

Abstract: An apparatus is capable of sharing information through a presence service in a communication network and capable of providing presence information of a Mobile Station (MS). The apparatus extracts at least one of application information and contents indication information from an application in execution. Presence information is generated that includes at least one of the application information and the contents indication information, and transmitting the presence information to a presence server.

Abstract: Example distributed storage systems, cross-protocol engines, and methods support cross storage protocol access response for object data stores. Data storage operations targeting the same data object using distinct data storage protocols may be received and detected. A routine based on the data storage protocols being distinct from one another may be executed in response.

Abstract: A server kernel processing system receives an input/output (I/O) request from a user mode computing environment. The I/O request is analyzed to determine whether it is a modification request to modify data in a target volume. If so, target analysis logic determines whether the request is for a target volume that is within a first or second protected volume. If the request is to modify data stored in the first protected volume, the request is blocked. If the request is to modify data in a second protected volume, then a whitelist is examined to determine whether the requesting process and user are on the whitelist. If not, the request is also blocked.

Abstract: A method for managing data in an enterprise by identifying data of interest from among a multiplicity of data elements in an enterprise, the method including characterizing data of interest at least by at least one non-content based data identifier thereof and at least one access metric thereof, the at least one access metric being selected from data access permissions and actual data access history and selecting data of interest by considering only data elements from among the multiplicity of data elements which have the at least one non-content based data identifier thereof and the at least one access metric thereof.

Abstract: Techniques are provided for storing data in a distributed storage system. A server stores an object according to a first storage policy in the distributed storage system that includes a plurality of storage nodes. Storing the object according to the first storage policy results in a first storage overhead for the object. The server receives a triggering event associated with the object, and the triggering event changes an attribute of the object. In response to the triggering event, the server identifies a second storage policy for the object. Storing the object according to the second storage policy results in a second storage overhead for the object different from the first storage overhead.

Abstract: In some aspects, there is provided a method for database query execution planning. In some aspects, a method may include receiving, at a database execution engine, a query; generating, by the database execution engine, a query algebra for the query, the query algebra optimized by a query optimizer at the database execution engine; generating, based on the optimized query algebra, a query plan for execution, the query plan including pre-compiled code and code generated just-in-time; and executing, by the database execution engine, at least part of the query plan including pre-compiled code and code generated just-in-time. Related systems, methods, and articles of manufacture are also described.

Abstract: In an embodiment of the present invention, a command for performing a database operation with respect to a table of a database is received, whereby the table has a visible key column for identification information and one or more invisible token columns for token information. The user's role from the command is obtained. A record is identified in the table based on a combination of the identification information and the token information corresponding to the user's role. The database operation is performed on the identified record.

Abstract: The described implementations relate to an access control framework for a database system. One implementation can receive, from a user, a request for data that identifies a resource, such as a view that obtains data from a database. The implementation can check the identity of the user to identify user roles associated with the user. The implementation can identify an access policy that is associated with the resource, and a rule that is associated with the access policy and applies to the user roles associated with the user. The rule can be applied to the request for data using attributes of the access policy. For example, if the request for data is a query on a view, the query can be rewritten to apply the rule.

Abstract: Synchronization techniques for computing systems that interface with external service providers. A method for accessing status and other attributes of an external service provider commences upon identifying an external service such as a firewall appliance or backup repository that provides computing-related functions to computing entities of the computing system. One or more access mechanisms such as an application programming interface is exposed to the external service. The external service is registered with the computing system to use the access mechanism. When the external service detects a change of its state, the external service can communicate that change to the computing system through a “push” operation. The computing system processes the “pushed” data from the external service by verifying the status of the registration and authorization permissions, and then modifies one or more entity attributes of the computing resource entity.

Abstract: In some embodiments, a method receives a set of objects for creating clusters based on a similarity measure between the objects and generates a data structure for the objects. The method generates link counts for objects by constructing links between objects in the set of objects based on entries between the objects. A link is constructed between the objects when the entry for the respective objects includes a first value. An object is selected that has a largest link count. The link count being a number of objects that are linked to the selected object. A cluster is created including the selected object and any objects that are linked to the selected object via the links. Then, the objects in the cluster are removed from the set of objects and a link count is reduced for objects that are linked to the removed objects. This process is continued for remaining objects.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing, and enforcing policies on data security. A policy appliance includes a policy administration point, a policy decision point, a policy enforcement point and, optionally, an auditing module. The policy appliance can execute in a self-contained environment, e.g., a single virtual machine, a single physical machine, or a cluster of virtual machines or physical machines identically configured. The self-contained policy appliance can receive, manage, enforce and audit multiple policies that specify access privileges of multiple users on multiple databases. The databases can include heterogeneous databases that are configured separately and differently from one another. A single configuration of the policy appliance centralizes and unifies policy management of the heterogeneous database in the self-contained environment.