Abstract: In accordance with embodiments, there are provided mechanisms and methods for conditionally allowing an application of an entity access to data of another entity in an on-demand database service. These mechanisms and methods for conditionally allowing an application of an entity access to data of another entity in an on-demand database service can enable embodiments to limit such access to the data, as desired. Furthermore, embodiments of such mechanisms and methods may provide additional security when sharing data among different subscribers to an on-demand database service.

Abstract: Methods, systems, and computer programs are presented for managing game state for one or more games accessed by devices of a user. One method includes an operation for providing a database on a server. The database is accessible by the devices of the user and is structured to identify one or more applications of the user, each application being associated with a plurality of slots, and each slot including metadata and a map table. Further, an Application Programming Interface (API) is provided to enable access to the database. The method further includes an operation for receiving a request using the API from an application executed at one of the devices of the user. The request identifies a first slot associated with the application and an action to perform regarding one or both of the metadata and the map table. The request from the application is verified, including comparing a first version associated with the first slot and a second version provided in the request.

Abstract: The present disclosure relates generally to the field of proactive data object replication in named data networks. In various examples, proactive data object replication may be implemented in one or more named data networks in the form of systems, methods and/or algorithms.

Abstract: Improved privacy preservation techniques are disclosed for use in accordance with data mining. By way of example, a technique for preserving privacy of data records for use in a data mining application comprises the following steps/operations. Different privacy levels are assigned to the data records. Condensed groups are constructed from the data records based on the privacy levels, wherein summary statistics are maintained for each condensed group. Pseudo-data is generated from the summary statistics, wherein the pseudo-data is available for use in the data mining application.

Abstract: Advertising, entertainment or other content is targeted to a particular node of an addressable network based on user information. Such addressable networks may include the Internet, certain television networks or other networks where content can be addressed to specific nodes. The user information may include financial information, product or service preference information, and user contact information regarding a user of the targeted node. In one implementation, targeted content is presented during waiting time of an Internet session. The corresponding process involves monitoring (416) a user node to identify a website access request, accessing (418) a previously stored message said, selecting (432) a message from the message set and displaying or playing back (434) the selected message.

Abstract: Various technologies and techniques are disclosed for creating and managing persistent document collections. A data store is used for storing one or more persistent document collections. A content management application is used for managing documents for users, for creating one or more persistent document collections of a sub-set of the documents upon user request, and for storing the one or more persistent document collections in the data store. Users can create one or more persistent document collections from a sub-set of the documents. Users can also modify the one or more persistent document collections. A requested portion of one or more persistent document collections can be output upon request from an external application so that the external application can download one or more of the documents that are represented by the persistent document collection for further modification by the user.

Abstract: One or more servers perform functions that include: maintaining a database including information relating to facilities that are subject to a first entity, the facilities being dispersed geographically, the information including geographic locations for at least some of the facilities; receiving a first message from a facility for which information is in the database, the first message identifying a fixture of the facility that requires attention, where information in the database for the facility identifies the fixture by at least one of a designation of the fixture and a characteristic of the fixture; sending a second message to a second entity that has contracted with the first entity to provide service within a geographic location of the facility; and enabling the second entity to access the database to identify the fixture.

Abstract: A portable electronic device is disclosed that includes a housing with a display; a memory in the housing that stores machine instructions and data, which can include an access code to a restricted database of vehicle components of an identified component manufacturer; a user interface enabling a user to select options; a device for importing a VIN or code containing the VIN; and communications circuitry. The communications circuitry includes signal transmitting and signal receiving capability. The signal receiving capability receives a VIN or code containing the VIN from the device for importing a VIN, and the signal transmitting capability sends the VIN and an access code to a restricted access database to lookup vehicle component information. The signal receiving capability receives the vehicle component information from the restricted access database, and an information processor processes the vehicle component information for presentation on the display.

Abstract: Embodiments disclosed herein provide systems and methods for managing metadata, including scalar, text, drop-down, type ahead, and tabular metadata related to digital assets. Restrictions may be set at the metadata field level to allow users of different user groups to view fields based on restriction classes. A metadata management tool may allow an administrator to restrict one or more metadata fields associated with a digital asset in a network with a restriction class. The restricted fields may be associated with one or more user groups in the network. Only users in the user groups associated with the restriction class can view the restricted fields, in addition to the digital asset and any unrestricted fields associated therewith. When searching tabular metadata, a ‘row oriented’ search function may retrieve only assets where the search criteria are matched by a single row.

Abstract: A conceptual framework is built including a conceptual hierarchy, a containment hierarchy, and concept relationships. The concepts created in the conceptual framework are associated with resources located on the local file system. The resources are stored in the conceptual framework that is stored in the main memory of the system. Thus, search capabilities based on complex multivariate queries involving relationships and multiple conditions between concepts are provided. The conceptual framework is based on an in-memory engine that enables superfast resource access, reduced file storage redundancy, reduced updating errors, increased consistency, greater data integrity and independence from application level programs, query based concept and file access.

Abstract: The present invention relates to access control objects directly associated with collaboration process nodes, which are themselves associated with a collaborative software object. The direct association of the access control objects allows for a fine granularity of per-party access control at every step of a collaborative process. Systems and methods for constructing access lists from the access control objects are described, as well as restricted GUI rendering according to access indicators associated with an access control object.

Abstract: Methods and systems for monitoring privileged user access of a database using a computer having at least one processor are provided. The system monitors database transactions. If a transaction is made by a privileged user, the system records information relating to the transaction in an audit database and/or in an audit file. If a transaction is made by a terminated or otherwise unauthorized privileged user, the system can be adapted to alert management of a possible security breach.

Abstract: An online customer support system (20) automates access for a user to a variety of types of information (24-31) maintained within a database (22). In a disclosed example, a dynamic user profile management module (50) automatically establishes a user profile including entitlements to sets of information within the database (22) each time a user accesses the system. A disclosed entitlement inference module (54) recognizes explicit entitlements based on accessibility indicators or infers entitlements based on various disclosed factors or relationships. A disclosed linking module (52) automatically determines a probability that a user can be granted another entitlement that was not granted by the entitlement inference module (54). An example process of registering a user includes requiring only a single piece of information from the user to automatically establish access for that user to an associated portion of the database (22) and any other portions of the database (22) that user should be able to access.

Abstract: A data migration apparatus, which migrates data from a first document management system capable of setting an access right in document units to a second document management system incapable of setting an access right in document units and capable of setting an access right in folder units, includes a determination unit configured to determine whether an access right to document data of a document to be migrated inherits an access right to a higher-level folder or is unique to the document, a sub-folder creation unit configured to create a sub-folder to which a same access right as that unique to the document is set at a migration destination, if the determination unit determines that the access right to the document data is unique to the document, and a document storage unit configured to store the document data to be migrated in the sub-folder created by the sub-folder creation unit.

Abstract: A system and method is provided for avoiding duplication of effort in drafting documents and, in particular, to a system and method for avoiding duplication of effort in preparing patent related submissions. The method is implemented on a computer infrastructure comprises storing disclosure information related to non-public proprietary innovation and receiving terms associated with an innovation. The method further comprises matching the terms with the stored disclosure information and providing an alert to a user that certain of the terms overlap with the stored disclosure information.

Abstract: A system for securing application information in a shared, system-wide search service. Each application can register a security filtering module that is to be used at search time to filter data associated with that application. When a user performs a search, initial, unfiltered search results are obtained based the contents of the shared search index. The unfiltered search results are organized by application, and previously registered filter modules are called to perform user specific, per-application filtering on the initial results. The filter modules cause data to which the user issuing the search request does not have access to be removed from the search results, on a per application basis. Those of the initial search results that are determined in this way to not be accessible to the user issuing the search request are removed, resulting in a set of filtered search results that are presented to the user. The filtered search results thus contain indications only of data that is accessible to the user.

Abstract: A method including receiving a request to change first information relating to a first identity of a subscriber in a database; obtaining information from said database relating to said first identity and at least one other identity of said subscriber; determining from the obtained information if said requested change can be made, in dependence on if said first identity is at least partially shared.

Abstract: The present disclosure presents user content and service systems that are controllable by one or more remote system managers, which may include one or more primary system managers, and utilized by one or more users, and methods and apparatuses related thereto. For example, the present disclosure presents an example method for multimedia presentation to a user, which may include receiving, at a user terminal, content from a network entity, wherein at least a portion of the content is controllable by a remote manager. Furthermore, such an example method may include displaying the content to the user via a user interface and receiving one or more interactive inputs from the user at the user terminal. Moreover, the example method may include performing one or more functions associated with the content based on the one or more interactive inputs.

Abstract: User specific logs in multi-user applications. Level data associating a user of a multi-user application with a respective log level is received. The multi-user application then records an amount of information determined by the log level corresponding to the user presently using the multi-user application.

Abstract: Providing analytics information from a cloud service includes maintaining an analytics database that is separate from data and servers accessed by users of the cloud service, selectively pushing information from the cloud service to the analytics database, where data and servers accessed by users of the cloud service are inaccessible for direct access by the analytics database, and allowing users limited access to the analytics database, where users of the analytics information that are accessing the analytics database are restricted from accessing data and servers of the cloud service. The analytics database may include a first database of adapted database records and a second database of dynamic logs of service related events. The adapted database records may be initially formed using the data and servers accessed by users of the cloud service prior to being pushed to the analytics database.

Abstract: Methods, systems and computer program products are provided that may relate to controlling access to or accessing computer files over a computer network. A file server may execute on a first computer system and a client may execute on a second computer system. The client may be configured to send a first communication to the file server relating to a first computer file stored on the first computer system. The first communication may include first access control data associated with the first computer file. The file server may be configured to receive the first communication and extract the first access control data from the first communication. The file server may then store the extracted first access control data in extended attributes of the first computer file on the first computer system.

Abstract: A method and system for controlling access to data. Each dataset of L datasets is stored, via storage access controller (SAC) software external to an operating system, on at least one physical storage device. Each dataset is independently accessible in accordance with an access permission type assigned to each dataset independently selected for each dataset from N unique access permission types. N?2 and L?N. Control of access to each dataset stored on the at least one physical storage device is configured to enforce, via the SAC, access to each dataset in accordance with the access permission type assigned to each dataset. The operating system is unable to provide the control of access to each dataset to which access is enforced by the SAC in accordance with the access permission type assigned to each dataset and which is stored on the at least one physical storage device.

Abstract: A method for a storage device accessing a file and apparatus. A method for a storage device accessing a file, wherein the storage device comprises a memory, wherein the memory stores at least two tables, the method comprises receiving a control instruction of a target user for a target file; acquiring an identifier of metadata stored in the memory by searching a map; acquiring an index number by searching an index table; acquiring one or more permission entries by searching a permission table; identifying a target permission entry which includes the identifier of the target user and a permission of the target user for the target file; determining whether the control instruction is compliant with the permission of the target user for the target file; and executing the control command to the target file.

Abstract: A method and a system access data of a database in a MES system by a client application where the database access is required to satisfy a set of custom data protection rules depending on a set of user credentials. The method includes providing, at developing time a secure access layer for enabling the client application to access data to/from the database in a protected manner taking into account the set of custom data protection rules; and at runtime or engineering time by the client application, requesting, through a given authenticated user, data access to/from the database by sending to the secure access layer a given data access descriptor and the given user credentials of the given authenticated user. By the secure access layer, the received data access descriptor is processed to generate a given SQL statement for data access.

Abstract: The disclosed subject matter provides for event driven permissive sharing of information. In an aspect, user equipment can include information sharing profiles that can facilitate sharing information with other devices or users, such as sharing location information. The information sharing profiles can include trigger values, such that when a target value transitions the trigger value, a permission value is updated to restrict access to sharable information. As such, event driven permissive sharing of information allows for designation of temporary friend information sharing with user-defined triggers.

Abstract: A remote storage digital video recorder (RS-DVR) system is disclosed. The RS-DVR system includes a network interface to communicate data between the RS-DVR system and a subscriber system via a network, a file system module coupled to the network interface, an ingest agent coupled to the file system module to receive encoded media segments that represent media content files encoded at a plurality of different bitrates, and a storage architecture coupled to the file system to store the encoded media segments, resulting in stored media segments. The RS-DVR carries out a number of functions and operations to service multiple subscribers and associated subscriber systems, such as various storage device management operations, file structure techniques, assignment of recorded media to subscribers, file system indexing, and supporting shared and per-subscriber content rights.

Abstract: One or more file sharing computers receives a client request including an IP address and port number used by the client (computer). The one or more computers respond by creating an enhanced file handle from a hash on a combination of the IP address, port number, restricted key, and a standard file handle, and concatenating the hash with the standard file handle. The enhanced file handle is sent to the client and used by the client in a second request. The one or more computers uncouple the standard file handle and hash combination. Using the client IP address, port number, restricted key and standard file handle from the client second request, the one or more computers create a second combination. The second combination hash is compared to the first combination hash and in response to determining a match, the second request is accepted, and otherwise denied.

Abstract: A system and method for logically masking data by implementing masking algorithms is provided. The method includes receiving one or more inputs from user regarding type of data masking to be implemented depending on type of data entry. Data entries include alphabetical data, data comprising unique codes, data comprising dates and numerical data. Based on inputs received, the data entries are classified and appropriate masking algorithms are executed. For masking numerical data entries, the data entries are first grouped using clustering algorithms and are then shuffled using shuffling algorithms. For low level of data masking selected by a user, numerical data entries are shuffled within groups and for high level of data masking selected by a user, numerical data entries are shuffled across groups.

Abstract: A system and method are provided for determining object access to a resource by comparing reference inputs from an object profile, an object selection profile, an environmental status, and/or a complex outcome to one or more resource profile reference conditions contained in one or more resource profiles. The object profile reference input comparison to the resource profile reference conditions is based on a plurality of object profile categories each including a plurality of hierarchically linked object profile values. The object profile represents no more than one object profile value for each object profile category. The object selection profile reference input comparison to the resource profile reference conditions is based on a plurality of object selection profile categories each including a plurality of hierarchically linked object selection profile values. The object selection profile includes one or more object selection profile values for a particular object selection profile category.

Abstract: For managing homeowner association messages, a communication module receives a message. A storage module stores the message. The communication module communicates the message to accounts through at least one of a plurality of communication channels in accordance with structured message restrictions. The structured message restrictions comprise full access, partial access, and no access restrictions. Each message comprises a message category of a plurality of message categories comprising a homeowner message, a confidential board member message, and a board member message. Each account is classified with an account class of a plurality of account classes. The account classes comprise a homeowner class, a board member class, and a property manager class. The structured message restrictions permit full access, partial access, or no access to the message for each account.

Abstract: A method, system and computer program product for controlling data access through a question and answer mechanism, including assigning a unique user identification for a user; associating information of the user with the user identification; receiving a request for the information based on the user identification; generating a question, based on a relationship between the user and a requestor of the information, that the requestor of the information must answer in order to access the information; and providing access to one of a portion of the information and all of the information, based on the relationship between the user and the requestor of the information, if the requestor correctly answers the question.

Abstract: File management systems and methods are presented. In one embodiment, implementation of a method for determining the accurate ownership of a file within a data system includes: identifying a first plurality of access events for a file, wherein the file is associated with a directory of related files; identifying a second plurality of access events for the related files within the directory, wherein access events in the first and second plurality of access events occur within a period; determining a pool of users accessing files within the directory within the period; and selecting a user from the pool of users as an inferred owner of the file based on access metrics related to the plurality of access events.

Abstract: The present subject matter relates to techniques and equipment for creating and managing a directory of individuals and businesses/enterprises by their mobile phone number, and using the directory to effectively store, manage and direct mail communication information to the individuals and businesses using preferred delivery methods of the individuals and businesses/enterprises. An electronic communication system is configured to use a mobile phone number to reference data and to manage communications to a corresponding recipient.

Abstract: In one example embodiment, a method includes, in one of an interpreted computer environment and a compiled computer environment, generating a software application. Generating the software application includes associating at least one first overlaid object with a first overlay group, the at least one overlaid object having a corresponding base object of the software application, assigning a first permission to the first overlay group, determining if a user is authorized to use the first overlay group based on the first permission, and configuring the software application to execute in the computer system using the at least one first overlaid object and the corresponding base object upon determining the user is authorized to use the first overlay group.

Abstract: A method includes, in a server residing in a network of interconnected computers, populating a repository with content, each one of the content categorized by at least one community designation, one topic designation, one tag and/or one company designation, receiving registration information for users, the registration information including a username and at least one community designation, one topic designation, one tag and/or one company designation, receiving content from a first user, the content including at least one community designation, one topic designation, one tag and/or one company designation, storing the received content in the repository, and notifying a subset of users of the received content, the community designation, topic designation, tag and/or company designation of each of the subset of users matching the community designation, topic designation, tag and/or company designation of received content.

Abstract: Embodiments are directed to determining in an email data store which of a plurality of email mailboxes is searchable, to searching multiple mailboxes in an email data store and to preserving data items that are placed on hold. In an embodiment, a web service receives a request to determine which among many different email mailboxes is available for searching. The web service allows multiple different programs to search the email data store. The web service sends a query to the email data store to determine which email mailboxes are available for searching. The web service also returns a list of those email mailboxes which are searchable in the data store. The searchable mailboxes have an appropriate, specified version and permissions indicating that the mailbox is searchable.

Abstract: A system and method for document management are provided in which documents are managed in a file/document sharing system.

Abstract: A method of monitoring health parameters of subjects within a defined space and over a period of time includes collecting first data corresponding to a physiological parameter of an ambulatory subject, collecting second data corresponding to a behavioral and cognitive parameter of the ambulatory subject, collecting third data corresponding to an identity and a location of the one of the subjects, collecting fourth data corresponding to the one of the ambulatory subjects from third party sources, generating a data record for the one of the ambulatory subjects based upon the first, second, third, and fourth data, and outputting a modified data record, the modified data record containing portions of the data record, the portions selected based upon an access level of a person requesting the data record and a format of the modified data record selected based upon the access level and community needs.

Abstract: According to one embodiment, the resource access unit accesses a first resource including a replication target object and policy data assigned to the object. The policy data includes base policy data including a first condition and assertion policy data including a second condition. The first retrieval unit obtains first attribute data for accessing the first resource. The first policy evaluation unit determines whether the first attribute satisfies the first condition. When the first condition is satisfied, the copy processing unit executes the copy processing for copying the object. The second retrieval unit obtains the second attribute data for accessing the second resource. The second policy evaluation unit determines whether the second attribute data satisfies the second condition. When the second condition is satisfied, the paste processing unit executes paste processing for pasting the object to the second resource.

Abstract: Users may be presented with different viewing interfaces for a document based on a combination of factors relating to display rights possessed for the document and user specific information. In one implementation, the user's location is used to determine portions of the document that can be displayed to the user. More particularly, access privileges to a document for a user are determined based on geographical location information of the user and based on access rights possessed for the document. Portions of the document may then be formatted for display to the user based on the determined access privileges.

Abstract: A method and a device are provided for accessing data files of a secure file server, wherein a user or a process is authenticated; wherein access to the data files of the secure file server takes place by way of an encryption module of the secure file server; wherein the encryption module comprises an encryption agreement of a centralized security application; and wherein the access of the authenticated user or process to the secure file server takes place by way of an encrypted protocol taking into consideration the encryption agreement. Such a device may be included in a corresponding computer network.

Abstract: Described are techniques for performing quota management in a distributed file system. An allocation quota specifies an upper limit of storage for allocation for a quota set of the distributed file system. The distributed file system includes metadata file system(s) and data file system(s). For files in the distributed file system, metadata is stored in one of the metadata file systems and file content data is stored in the data file systems. A quota coordinator partitions the allocation quota among the data file systems. The data file systems are allocators of storage and each receives a portion of the allocation quota specifying an upper limit of storage that the data file system has available for allocation for the quota set. Storage is allocated for client requests. The storage allocation is performed by each of the data file systems in accordance with the portion of the allocation quota assigned.

Abstract: Dedicated firewall security for a network attached device (NAD) is provided by a firewall management system integrated directly into the NAD or into a NAD server. A local area network arrangement includes a network client and the NAD and the firewall management system includes computer readable medium having computer-executable instructions that perform the steps of receiving a request for network access to the NAD from the network client, determining whether the request for network access to the NAD is authorized, and only if the request for network access is authorized, providing the network client with network access to the NAD.

Abstract: A content management system for creating a digital catalogue raisonné includes at least one computer, a public user interface, a private catalogue raisonné manager, and a private user interface. The private catalogue raisonné manager is configured to instruct at least one object-oriented database to store first digital data for at least one artist, the first digital data including at least one of an image of an artwork of the at least one artist and a description of the artwork. The private user interface is configured to receive the first digital data, transmit information permitting a user to provide a command to the content management system to make available, at the public user interface, a public catalogue raisonné including the first digital data, and receive the command to make available the public catalogue raisonné.

Abstract: Access by a user to a database layer, is governed by modeled authorization checking implemented with authorization objects present in an overlying application layer. At design time, the authorization checking is modeled as part of an existing user interface (UI) model, which may conform to a Model, View, and Control (MVC) design pattern. Authorization objects created during design time, are stored in a meta data repository. At runtime, an authorization engine references the authorization objects and the operations supported by those authorization objects. The authorization check is thus implemented centrally in the UI framework itself using this modeled information. Embodiments avoid complexity, potential lack of internal consistency, and low visibility of conventional de-centralized authorization checking schemes that rely upon a plurality of enforcement points hard-coded at multiple locations within application logic.

Abstract: Systems and methods are provided for the detection and prevention of intrusions in data at rest systems such as file systems and web servers. The systems and methods regulate access to sensitive data with minimal dependency on a communications network. Data access is quantitatively limited to minimize the data breaches resulting from, e.g., a stolen laptop or hard drive.

Abstract: A system and method for providing access in a distributed filesystem. The disclosure describes systems and methods for providing access to filesystem objects in a distributed filesystem (DFS). In one implementation, access to filesystem objects in the DFS can be restricted to only authenticated users and client devices. To this end, the client devices of the DFS can be divided into trusted and non-trusted clients, and further access can be denied to non-trusted clients. Concepts of trusted computing can be utilized to obtain trusted clients. New clients added to the system can be added as non-trusted clients. Further, access can be restricted by extending the file access permissions to include additional bits that can control access to non-trusted clients. In certain situations, the owner of the object can be allowed access to the object from a non-trusted client.

Abstract: A method for securely accessing a number of computing systems within a remote facility includes, with a mobile computing system, checking out access data from a centralized database, the access data providing access to the computing systems within the remote facility. The mobile computing device then interfaces with a first computing system, the first computing system being unable to have access criteria changed from a remote location. The mobile computing system then provides a user with access to the first computing system using the checked out access data without revealing that checked out access data to the user.

Abstract: A secure caching system and caching method include receiving a user request for data, the request containing a security context, and searching a cache for the requested data based on the user request and the received security context. If the requested data is found in cache, returning the cached data in response to the user request. If the requested data is not found in cache, obtaining the requested data from a data source, storing the obtained data in the cache and associating the obtained data with the security context, and returning the requested data in response to the user request. The search for the requested data can include searching for a security list that has the security context as a key, the security list including an address in the cache of the requested data.

Abstract: Machines, systems and methods for handling a client request in a hierarchical multi-tenant data storage system, the method comprising processing a request in subtasks, wherein a subtask is executed with a minimal set of privileges associated with a specific subtenant; extracting a claimed n-level hierarchy of a tenant and sub-tenant identities from the request; extracting authentication signatures or credentials that correspond to a level in the hierarchy; for a first level in the hierarchy, sending the request to a dedicated subtenant authenticator with privilege to validate credentials for a subtenant at the first level; and receiving a confirmation from the dedicated subtenant authenticator, whether the request is authentic.