Access Control Lists Patents (Class 707/785)
  • Patent number: 10380381
    Abstract: System and method to predict risk of re-identification of a cohort if the cohort is anonymized using a de-identification strategy. An input anonymity histogram and de-identification strategy is used to predict the anonymity histogram that would result from applying the de-identification strategy to the dataset. System embodiments compute a risk of re-identification from the predicted anonymity histogram.
    Type: Grant
    Filed: January 9, 2017
    Date of Patent: August 13, 2019
    Assignee: PRIVACY ANALYTICS INC.
    Inventors: Martin Scaiano, Andrew Baker, Stephen Korte
  • Patent number: 10382440
    Abstract: Embodiments are directed to a question and answer (QA) pipeline system that adjusts answers to input questions based on a user criteria, thus implementing a content-based determination of access permissions. The QA system allows for information to be retrieved based on permission granted to a user. Documents are ingested and assigned an access level based on a defined information access policy. The QA system is implemented with the defined information access policy, the ingested documents, and the inferred access levels. For the QA system implementation, a user enters a question; primary search and answer extraction stages are performed; candidate answer extraction is performed using only content the user is allowed to access; the candidate answers are scored, ranked, and merged; ranked answers based on user permissions are filtered; and answers are provided to the user.
    Type: Grant
    Filed: September 22, 2016
    Date of Patent: August 13, 2019
    Assignee: International Business Machines Corporation
    Inventors: Donna K. Byron, Elie Feirouz, Daniel M. Jamrog, Kristin A. Witherspoon
  • Patent number: 10263957
    Abstract: A method and apparatus of a device that installs a new access control list for a port of a network element is described. In an exemplary embodiment, a network element receives an indication that the first access control list for the port is to be updated with a second access control list and the port processes data communicated with port with the first access control list. In addition, the network element configures the port to use a fallback access control list, where the fallback access control list includes a plurality of rules and the port uses the fallback access control list to process data communicated with the port. Furthermore, the network element loads the second access control list for the port. The network element additionally configures the port to use the second access control list, wherein the port uses the second access control list to process data communicated with the port.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: April 16, 2019
    Assignee: Arista Networks, Inc.
    Inventor: Kenneth James Duda
  • Patent number: 10216944
    Abstract: A method for executing access control over an electronic device includes: detecting a position information of the electronic device with a positioning module; determining whether the electronic device has moved outside an authorized region according to the position information; and disabling a plurality of accessible functions of the electronic device according to a user information when the electronic device has moved outside the authorized region.
    Type: Grant
    Filed: March 25, 2016
    Date of Patent: February 26, 2019
    Assignee: GETAC TECHNOLOGY CORPORATION
    Inventor: Chih-Yu Yang
  • Patent number: 10210274
    Abstract: A computer implemented method for filtering audience viewing of uniform resource locator (URL) data utilizing hashtags including: identifying a hashtag input by a first user; identifying at least one user preference of the first user, the at least one user preference related to data sharing preferences of the first user on an electronic platform; generating a uniform resource locator (URL) based on the identified hashtag and the identified at least one user preference of the first user; and using the URL, filtering data communication on the electronic platform, thereby displaying a privatized stream of data when the first user accesses the identified hashtag, the privatized stream of data accessible by a second user, the second user being authorized to view the privatized stream of data based on the data sharing preferences of the first user.
    Type: Grant
    Filed: January 4, 2016
    Date of Patent: February 19, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Shadi E. Albouyeh, James E. Fox, Trudy L. Hewitt, Prasad L. Imandi
  • Patent number: 10182032
    Abstract: A system, method, and computer-readable medium enable a domain name or host name registry to effectively manage status codes associated with the domain or host. Status codes are organized into status sets that can be added, removed, activated, or deactivated in accordance with a suitable change request. The status codes corresponding to a removed status set that are also enabled according to other active status sets are not removed when the removal of the status set is processed.
    Type: Grant
    Filed: December 30, 2010
    Date of Patent: January 15, 2019
    Assignee: VERISIGN, INC.
    Inventors: James Gould, Srikanth Veeramachaneni, Suzanna Strier, William Shorter
  • Patent number: 10168883
    Abstract: A method for configuring user profiles associated with multiple hierarchical levels, including identifying multiple hierarchical levels in an organization to be configured, concurrently displaying multiple interface components corresponding respectively to the hierarchical levels, each interface component configured to receive user input for the respective hierarchical level, configuring data of a first user profile associated with a first hierarchical level based on a first value specified by user input, and configuring data of a second user profile associated with a second hierarchical level based on a second value specified by user input.
    Type: Grant
    Filed: July 16, 2015
    Date of Patent: January 1, 2019
    Assignee: Oracle International Corporation
    Inventor: Anadi Upadhyaya
  • Patent number: 10152384
    Abstract: A method, a computer program product, and a system for replicating different projections of data, comprising: examining metadata associated with data on a storage system to determine whether to replicate the data to at least one other storage system; and based on a positive determination, replicating the data to the at least one other storage system.
    Type: Grant
    Filed: March 30, 2015
    Date of Patent: December 11, 2018
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Amir Amit, Assaf Natanzon, Amy Fredj
  • Patent number: 10140792
    Abstract: An access control device configured to store a list of user identifiers and user attribute data, receive a set of access criteria specifying one or more attributes, receive and identify a user identifier via a data input component, determine an access status of the user identifier based on the access criteria, and present the access status in such a way as is perceivable by a user of the access control device.
    Type: Grant
    Filed: September 13, 2017
    Date of Patent: November 27, 2018
    Assignee: Palantir Technologies Inc.
    Inventors: Jeffrey Worrall, Joel Hosino
  • Patent number: 10122722
    Abstract: In one implementation, a resource classification system identifies a plurality of resource requests and generates a plurality of resource access measures based on the plurality of resource requests. Each resource request from the plurality of resource requests is associated with a resource from a plurality of resources by a resource identifier of that resource. Each resource access measure from the plurality of resource access measures is associated with a resource from the plurality of resources. The resource classification system applies a classifier to each resource access measure from the plurality of resource access measures to generate a classification result for the resource from the plurality of resources associated with that resource access measure, and assign a security classification to each resource from the plurality of resources based on the classification result for that resource.
    Type: Grant
    Filed: June 20, 2013
    Date of Patent: November 6, 2018
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: Pratyusa Kumar Manadhata, Prasad V Rao, William G Home
  • Patent number: 10110698
    Abstract: A method, computer readable medium and apparatus for providing control of social networking sites are disclosed. For example, the method establishes an owner profile, receives a request from a third party user to post information on a social networking site associated with an owner, determines if the request should be granted in accordance with the owner profile and posts the information on the social networking site associated with the owner if the request is granted.
    Type: Grant
    Filed: December 19, 2014
    Date of Patent: October 23, 2018
    Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.
    Inventors: Joseph Anderson Alfred, Joseph M. Sommer
  • Patent number: 10097666
    Abstract: An information processing method includes receiving a request for user data that is related to an external service, and retrieving the user data segments based on the request. The user data segments are then combined to generate the user data, which is then provided to the client device that requested the user data. After receiving the user data, the client device uses the user data to access the external service to which the data relates.
    Type: Grant
    Filed: April 11, 2013
    Date of Patent: October 9, 2018
    Assignee: SONY CORPORATION
    Inventors: Takeru Kaneko, Hiroshi Nakayama, Toshiaki Enami, Kohei Umemoto
  • Patent number: 10079858
    Abstract: Embodiments pertaining to managing access in one or more computing systems can include an operations controller in communication with the one or more computing systems for managing commercial transactions of the one or more computing systems and an access management controller in communication with the operations controller. The access management controller can receive an input that identifies relationships between user roles and actions associated with the one or more computing systems. The access management controller can provide the input to the operations controller for implementation of access rules in accordance with the relationships. The access management controller can attempt to access in the one or more computing systems at least a portion of the user roles and the actions after the operations controller has implemented the access rules. The access management controller can compare the attempted access with the relationships to determine access discrepancies.
    Type: Grant
    Filed: June 23, 2016
    Date of Patent: September 18, 2018
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Chenfei Song, Kyle Robeson, Yuan Wang, Alex Luc
  • Patent number: 10019479
    Abstract: Techniques for providing polymorphic query requests. A request is received that has at least a database query. The database query comprises at least an expression using a polymorphic relationship. The request is processed utilizing the polymorphic relationship. A user-readable result is provided for the query where the result is defined by at least the polymorphic relationship.
    Type: Grant
    Filed: August 1, 2016
    Date of Patent: July 10, 2018
    Assignee: salesforce.com, inc.
    Inventor: Seth John White
  • Patent number: 9990515
    Abstract: In longitudinal datasets, it is usually unrealistic that an adversary would know the value of every quasi-identifier. De-identifying a dataset under this assumption results in high levels of generalization and suppression as every patient is unique. Adversary power gives an upper bound on the number of values an adversary knows about a patient. Considering all subsets of quasi-identifiers with the size of the adversary power is computationally infeasible. A method is provided to assess re-identification risk by determining a representative risk which can be used as a proxy for the overall risk measurement and enable suppression of identifiable quasi-identifiers.
    Type: Grant
    Filed: November 30, 2015
    Date of Patent: June 5, 2018
    Assignee: PRIVACY ANALYTICS INC.
    Inventors: Andrew Baker, Luk Arbuckle, Khaled El Emam, Ben Eze, Stephen Korte, Sean Rose, Cristina Ilie
  • Patent number: 9985962
    Abstract: An authorization token verification request including a second authorization token is received from an application server having received a processing request along with the second authorization token from a client device, and, in a case where the authorization token is verified successfully on basis of the received second authorization token and the authorization token information, the local user information included in the authorization token information is responded to the application server.
    Type: Grant
    Filed: November 30, 2016
    Date of Patent: May 29, 2018
    Assignee: Canon Kabushiki Kaisha
    Inventor: Takahiko Nishida
  • Patent number: 9940394
    Abstract: The Messaging Search and Management Apparatuses, Methods and Systems (“MSM”) transforms message, ranking request inputs via MSM components into work graphs, ML structure input data, ML structure, ranking response outputs. A work graph generation request that includes group level access control data may be obtained. A set of metadata access control carrying messages, a set of users, a set of channels, and a set of topics with access control data corresponding to the group level access control data may be determined. A user priority score for each of the other users, a channel priority score for each of the channels, and a topic priority score for each of the topics, from the perspective of each user, may be calculated. A work graph data structure may be generated that includes, for each user, data regarding the calculated user priority scores, channel priority scores, and topic priority scores.
    Type: Grant
    Filed: July 17, 2017
    Date of Patent: April 10, 2018
    Assignee: Slack Technologies, Inc.
    Inventors: Myles Grant, Serguei Mourachov, Renaud Bourassa-Denis, Jason Liszka, John Gallagher, Isabella Tromba, Noah Weiss, Daniel Stewart Butterfield, Callum Henderson-Begg
  • Patent number: 9864752
    Abstract: A policy language for an information management system has a three-layer structure that allows specifying one or more policies using policy abstractions. The policies and policy abstractions are in two different layers and decoupled from one another, so policies and policy abstractions may be specified and altered separately from each other. A third layer includes entity objects. A policy may refer to any number of policy abstractions. Multiple policies may reference a single policy abstraction, and a change to that policy abstraction will result in multiple policies being changed. Further, policy abstractions may be nested, so one policy abstraction may reference another policy abstraction, and so forth.
    Type: Grant
    Filed: December 22, 2006
    Date of Patent: January 9, 2018
    Assignee: NextLabs, Inc.
    Inventor: Keng Lim
  • Patent number: 9800644
    Abstract: A method, system and/or non-transitory computer readable medium is used with a service repository that stores service definitions for services. A query facility inspects service definitions in the service repository. The query facility determines, from the inspection, first attributes associated with a first service and different second attributes associated with a second service, the first and second attributes being related to syntactic and semantic aspects of the first and second services. Responsive to a service oriented request which indicates the first service, the query facility determines a composability of the first and second services in accordance with a service oriented query (SOQ) framework, based on the first and second attributes and rules regarding composability of attributes, the rules being in accordance with the SOQ framework, the composability of the first and second services being determined with respect to both the syntactic and semantic aspects of the first and second services.
    Type: Grant
    Filed: August 8, 2014
    Date of Patent: October 24, 2017
    Assignee: Software AG
    Inventor: Jameleddine Ben Jemâa
  • Patent number: 9799153
    Abstract: Aspects of the present disclosure relate to a portable access control device. In some embodiments, the portable access control device is configured to store a list of user identifiers and user attribute data, receive a set of access criteria specifying one or more attributes, receive and identify a user identifier via a data input component, determine an access status of the user identifier based on the access criteria, and present the access status in such a way as is perceivable by a user of the access control device.
    Type: Grant
    Filed: February 22, 2016
    Date of Patent: October 24, 2017
    Assignee: Palantir Technologies Inc.
    Inventors: Jeffrey Worrall, Joel Hosino
  • Patent number: 9785782
    Abstract: In accordance with embodiments, there are provided mechanisms and methods for performing one or more actions based on determined access permissions for a plurality of users. These mechanisms and methods for performing one or more actions based on determined access permissions for a plurality of users can enable improved data collection and analysis, enhanced client knowledge of system access, etc.
    Type: Grant
    Filed: December 29, 2014
    Date of Patent: October 10, 2017
    Assignee: salesforce.com, inc.
    Inventors: Irandi Bulumulla, Bulent Cinarkaya, Yurika Sebata-Dempster, Tripti Sheth, Alex Warshavsky, Brian Zotter
  • Patent number: 9754121
    Abstract: Implementations described and claimed herein provide systems and methods for dynamically masking an access control list corresponding to a file system object in response to a change mode command. In one implementation, a change mode command for a file system object to change a first mode to a second mode is received. The first mode defines a first set of access rights and the second mode defines a second set of access rights. In response to the change mode command, a mask is dynamically applied to an access control list corresponding to the file system object. The access control list has zero or more access control entries defining access permissions for the file system object. The mask modifies any of the zero or more access control entries that have access permissions that exceed the second set of access rights defined by the second mode. The access control list is preserved.
    Type: Grant
    Filed: October 18, 2012
    Date of Patent: September 5, 2017
    Assignee: ORACLE INTERNATIONAL CORPORATION
    Inventors: Lisa Week, Mark Shellenbaum
  • Patent number: 9607088
    Abstract: A method and apparatus for detecting a multimedia content change, and a resource propagation system. The method comprises: when importing a resource address of multimedia content, acquiring original feature information of the multimedia content; receiving first feature information of the multimedia content from a client; determining, according to the first feature information and corresponding original feature information of the multimedia content, whether the resource address of the multimedia content is abnormal; and detecting whether multimedia content at an abnormal resource address is changed. It is firstly determined whether a resource address corresponding to multimedia content is abnormal, and if the resource address is abnormal, then it is determined whether the multimedia content corresponding to the resource address is changed, thereby preventing repeated checking of a large number of normal resource addresses, improving the detection efficiency, and reducing the detection cost.
    Type: Grant
    Filed: August 5, 2014
    Date of Patent: March 28, 2017
    Assignee: SHENZHEN DEVELOPMENT PROMOTION CENTRE FOR ENTERPRISES
    Inventor: Jimmy Chun
  • Patent number: 9588909
    Abstract: An information processing apparatus includes a storage managing unit configured to manage a storage device by dividing the storage device into a plurality of physical storage regions corresponding to respective modes used by the information processing apparatus, and a storage processing unit configured to cause data generated by the information processing apparatus during operation in a mode to be stored in a physical storage region corresponding to the mode. For example, the storage managing unit stores a policy in the storage device. The policy defines whether to permit the use of data between a plurality of security attributes corresponding to the respective physical storage regions.
    Type: Grant
    Filed: November 11, 2014
    Date of Patent: March 7, 2017
    Assignee: International Business Machines Corporation
    Inventors: Yasutaka Nishimura, Masami Tada, Takahito Tashiro
  • Patent number: 9578258
    Abstract: The system provides a method and apparatus for constructing, and for dynamically rearranging the order of content in a composite video. The re-ordering of clips in the composite video can be based on one or more weighting factors associated with each clip. These factors can include freshness or newness of the clip, popularity based on the number of “likes” of a clip by others, the content of the clip (e.g. celebrity creator or presence), paid boosting (e.g. for commercial concerns); and other factors. Each clip has associated metadata that can be used to assign a weight value to the clip for purposes of reordering the composite video.
    Type: Grant
    Filed: June 5, 2014
    Date of Patent: February 21, 2017
    Assignee: V-POLL, INC.
    Inventors: Stephen John Emery, Andrew Jay Sachs, Joseph Sumner, David King Lassman
  • Patent number: 9558369
    Abstract: The present invention provides an information processing device that enables a reduction in the processing cost of verifying anonymity during anonymization when multi-dimensional data is the subject of anonymization. The information processing device is provided with: a unit which generates information indicating the correspondence between a record contained in a data set and a class specifying a unique combination of quasi-identifier attribute values; a unit which verifies the anonymity of each record on the basis of the class thereof indicated in the information; and a unit which, on the basis of the results of verifying the anonymity, updates the information in a manner such that whether or not the record satisfies the anonymity can be identified and outputs the record-class correspondence information.
    Type: Grant
    Filed: May 8, 2014
    Date of Patent: January 31, 2017
    Assignee: NEC CORPORATION
    Inventor: Tsubasa Takahashi
  • Patent number: 9536072
    Abstract: The disclosure relates to machine-learning behavioral analysis to detect device theft and unauthorized device usage. In particular, during a training phase, an electronic device may generate a local user profile that represents observed user-specific behaviors according to a centroid sequence, wherein the local user profile may be classified into a baseline profile model that represents aggregate behaviors associated with various users over time. Accordingly, during an authentication phase, the electronic device may generate a current user profile model comprising a centroid sequence re-expressing user-specific behaviors observed over an authentication interval, wherein the current user profile model may be compared to plural baseline profile models to identify the baseline profile model closest to the current user profile model.
    Type: Grant
    Filed: April 9, 2015
    Date of Patent: January 3, 2017
    Assignee: QUALCOMM Incorporated
    Inventors: Isaac David Guedalia, Adam Schwartz
  • Patent number: 9450963
    Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.
    Type: Grant
    Filed: October 8, 2015
    Date of Patent: September 20, 2016
    Assignee: Oraclle International Corporation
    Inventors: Uppili Srinivasan, Ajay Sondhi, Ching-Wen Chu, Venkata S. Evani, Beomsuk Kim
  • Patent number: 9430660
    Abstract: Embodiments pertaining to managing access in one or more computing systems can include an operations controller in communication with the one or more computing systems for managing commercial transactions of the one or more computing systems and an access management controller in communication with the operations controller. The access management controller can receive an input including user roles and actions associated with the one or more computing systems. The access management controller can provide the input to the operations controller for implementation of access rules in accordance with relationships between the user roles and the actions. The access management controller can attempt to access in the one or more computing systems at least a portion of the user roles and the actions after the operations controller has implemented the access rules. The access management controller can compare the attempted access with the relationships to determine access discrepancies.
    Type: Grant
    Filed: January 31, 2008
    Date of Patent: August 30, 2016
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Chenfei Song, Kyle Robeson, Yuan Wang, Alex Luc
  • Patent number: 9418236
    Abstract: Employment role data, trust data, and special permissions data, associated with a party is automatically obtained and/or monitored. The employment role data associated with the party, the trust data associated with the party, and the special permissions data associated with the party, is then analyzed to determine a set of allowed access permissions data to be associated with the party, the set of allowed access permissions data providing the party access to one or more resources. It is then either recommended that the set of allowed access permissions data be provided to the party, or the set of allowed access permissions data is automatically provided to the party.
    Type: Grant
    Filed: November 13, 2013
    Date of Patent: August 16, 2016
    Assignee: Intuit Inc.
    Inventors: Luis Felipe Cabrera, M. Shannon Lietz, Brad A. Rambur, Christian Price, William Q. Bonney
  • Patent number: 9407628
    Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.
    Type: Grant
    Filed: November 24, 2015
    Date of Patent: August 2, 2016
    Assignee: Oracle International Corporation
    Inventors: Ajay Sondhi, Ravi Hingarajiya, Shivaram Bhat, Wai Leung William Wong
  • Patent number: 9390285
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for identifying inconsistent security policies. One of the methods includes identifying running software components on a cluster of computers, a first subset of the components managing datasets, a second subset of the components managing other components; identifying entity pairs, each being either: (1) (i) a component paired with (ii) a dataset, or (2) two components paired with each other; determining, for each entity pair, a directed relationship from a first to a second entity, where the first entity is a component, and where the directed relationship represents the first entity executing a type of interaction with the second entity; identifying security policies affecting each entity that each limit user access to a type of interaction; and analyzing, for each entity, entity pairs including the entity and one or more security policies affecting the entity to identify inconsistent security policies.
    Type: Grant
    Filed: January 21, 2016
    Date of Patent: July 12, 2016
    Assignee: Hortonworks, Inc.
    Inventors: Sheetal Dinkar Dolas, Paul Daniel Codding
  • Patent number: 9280566
    Abstract: The system and method of visual role engineering uses a visual assessment tool to identify clusters of users and to define roles. A “cluster image” is generated that visually depicts the cluster tendencies of users and permissions. An operator of the visual assessment tool can visually identify clusters of users with the same permissions. The operator may select a cluster representing a subset of users, define a role for the subset of users, and assign permissions to the role. The process may be repeated in an iterative fashion until it is determined that no more roles are needed.
    Type: Grant
    Filed: November 2, 2012
    Date of Patent: March 8, 2016
    Assignee: CA, Inc.
    Inventors: Steven C. Versteeg, Avraham Rosenzweig, Ron Marom
  • Patent number: 9268833
    Abstract: A synchronization window for synchronizing data for a calendar in a client calendar data store on a calendar data client computer system with data for the calendar in a server calendar data store on a calendar data server computer system can be calculated using a current time. A request for synchronization data for calendar items for the calendar with calendar times that are within the synchronization window can be sent to the calendar data server. One or more responses to the request can be received from the calendar data server. The response(s) can include received records for calendar items that are at least partially within the synchronization window. The received records can include a master record of a recurring calendar item and an instance record of an occurrence of the recurring calendar item. The received records for the calendar items can be incorporated in the client calendar data store.
    Type: Grant
    Filed: December 5, 2012
    Date of Patent: February 23, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Sina Hakami, Juan V. Esteve Balducci, Patrick Tousignant
  • Patent number: 9229627
    Abstract: Systems and methods are provided for a non-transitory computer readable medium storing instructions configured to retrieve a first list of operations for a device including a sensor, an actuator, or a combination thereof, included in an industrial control system. The instructions are also configured to display a first color for each operation in the first list of operations indicative of a modification privilege related to the respective operation.
    Type: Grant
    Filed: June 5, 2013
    Date of Patent: January 5, 2016
    Inventor: Mikhail Brusilovsky
  • Patent number: 9160757
    Abstract: A computer-implemented method for detecting suspicious attempts to access data based on organizational relationships may include (1) detecting an attempt by a computing device within an organization to access an additional computing device within the organization, (2) identifying, based on a directory service associated with the organization that classifies the computing device and the additional computing device, an organizational relationship between the computing device and the additional computing device, (3) determining, based on the organizational relationship between the computing device and the additional computing device, that the attempt by the computing device to access the additional computing device is suspicious, and (4) performing a security action in response to determining that the attempt by the computing device to access the additional computing device is suspicious. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: March 12, 2014
    Date of Patent: October 13, 2015
    Assignee: Symantec Corporation
    Inventors: Fanglu Guo, Tao Cheng
  • Patent number: 9129088
    Abstract: An “audience” object describes a collection of users who are known to or expected to view a display. Access control and processing of access dependent contents for an audience are implemented so that information before being displayed is limited to what is authorized for every member in the audience to access. An operator can preview what an expected audience would see. The operator is aided in determining what the effects would be of a newcomer joining an audience. The operator is aided in determining who in an audience causes a difference in authorization. Hardware can be tied in with the access control software.
    Type: Grant
    Filed: June 4, 2006
    Date of Patent: September 8, 2015
    Inventor: Leo Martin Baschy
  • Patent number: 9122863
    Abstract: A method and apparatus for configuring identity federation configuration. The method includes: acquiring a set of identity federation configuration properties of a first computing system and a set of identity federation configuration properties of a second computing system; identifying one or more pairs of associated properties in the first and the second sets, where the pairs of associated properties include one property from each set of identity federation configuration; displaying, properties that need to be configured manually from the each sets of identity federation configuration properties, where the properties that need to be configured manually do not include the property in any pair of associated properties for which the value can be derived from the value of another property in the pair; automatically assigning a property that can be derived from the value of another property; and providing each computing systems with each set of identity federation properties.
    Type: Grant
    Filed: December 19, 2012
    Date of Patent: September 1, 2015
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: He Yuan Huang, Liu Jian, Min Li, Xiao Xi Liu
  • Patent number: 9081973
    Abstract: A method for restricting, based on predefined user profile information, access to software executing on a computing device of a user. The method comprises the following steps. Input data is intercepted from a user input device. The input data is compared with a list of restrictions in the user profile information to determining if an action associated with the input data is prohibited. The input data is passed to the software for execution only if the action associated with the input data is not prohibited. A method for restricting, based on predefined user profile information, access to notifications generated for a user is also provided.
    Type: Grant
    Filed: April 23, 2010
    Date of Patent: July 14, 2015
    Assignee: PSION INC.
    Inventors: Nader Newman, James Shoong-Leac Chen, Timothy Fraser Pearce
  • Publication number: 20150142852
    Abstract: The present disclosure describes methods, systems, and computer program products for providing declarative authorizations for SQL data manipulation. One computer-implemented method includes defining a data access model by: defining at least one aspect to be used as an authorization-relevant attribute for a resource entity, defining a path definition from the resource entity to the at least one aspect to relate the at least one aspect to the resource entity the authorization is restricted on, defining at least one restriction for the at least one aspect as part of the path definition, wherein defining the at least one restriction includes determining which constraint condition are to be used and how the constraint conditions are to be combined, and defining/assigning a role to a user, the role defining authorization to the resource entity using, at least in part, the at least one aspect, and deploying a data control language document.
    Type: Application
    Filed: November 15, 2013
    Publication date: May 21, 2015
    Inventors: Anett Lippert, Wolfgang Orlich, Ralf Miko, Matthias Buehl
  • Patent number: 9037610
    Abstract: A method of providing access control to a relational database accessible from a user interface is implemented at a policy enforcement point, which is located between the database and the user interface and includes the steps of: (i) intercepting a database query from a user; (ii) assigning attribute values on the basis of a target table or target column in the query, a construct type in the query, or the user or environment; (iii) partially evaluating an access-control policy defined in terms of said attributes, by constructing a partial policy decision request containing the attribute values assigned in step ii) and evaluating the AC policy for this, whereby a simplified policy is obtained; (iv) deriving an access condition, for which the simplified policy permit access; and (v) amending the database query by imposing said access condition and transmitting the amended query to the database.
    Type: Grant
    Filed: May 4, 2012
    Date of Patent: May 19, 2015
    Assignee: AXIOMATICS AB
    Inventor: Erik Rissanen
  • Patent number: 9020967
    Abstract: A data construct called a semcard is a semantic (meaning-based) software object including semantic meta-tags and meta-data that describes a target object or thing. A target object can be any type of digital or physical entity or identifier, or it can be tacit knowledge, such as ideas, concepts, processes or other data existing in a user's mind, provided that the user represents this knowledge in the semcard. A semcard embodies information about its own structure—rules, history, state, policies and goals regarding automation, display, access permissions, sharing and other operations of the semcard and any optional target object. It can also represent a semantic link between two semcards, or a semantically typed link or a standard Web hyperlink between a semcard and its referent target. A collection of semcards represents a knowledge network; single semcards, and knowledge networks, can be browsed, shared, searched, disseminated, manipulated, displayed, organized, and stored.
    Type: Grant
    Filed: November 10, 2009
    Date of Patent: April 28, 2015
    Assignee: VCVC III LLC
    Inventors: Nova T. Spivack, Kristinn R. Thorisson
  • Patent number: 9009090
    Abstract: Techniques to estimate the probability of a future event occurring are described. The techniques include decomposing a data input stream to build a database of precursor data and building predictive models using the precursor data. Also disclosed are techniques in which by using a search engine to search a database of models to find a model and a user can query a found model to develop an inference of the likelihood of the future event.
    Type: Grant
    Filed: April 13, 2012
    Date of Patent: April 14, 2015
    Inventor: Christian D. Poulin
  • Publication number: 20150100604
    Abstract: A system for controlling access within an enterprise to information associated with recipients of an electronic message campaign of the enterprise sent to a plurality of recipient devices wherein the enterprise includes hierarchically structured Business Units having an enterprise level Business Unit at the highest level and a plurality of second level Business Units and an enterprise system communicatively coupled to a network and including an enterprise level device communicatively coupled to a plurality of second level devices includes a server and an electronic message engine The server is configured to assign an enterprise account to the enterprise system and to allow the enterprise level device to communicate selected portions of the recipient list. The electronic message engine is configured to generate electronic messages within a message campaign for sending to recipients identified by each of the second level devices from the selected portions of the recipient list.
    Type: Application
    Filed: December 16, 2014
    Publication date: April 9, 2015
    Inventors: James Michael CIANCIO-BUNCH, Matt BEARD, Tom WALTZ, Richard W. JAMISON, Jack FISHER, Jeff MIDDLESWORTH
  • Publication number: 20150100603
    Abstract: The invention provides a method of automatically verifying certain items in a database relating to a set of people, and including for each person a plurality of data items such as age, first name, gender, a portrait, fingerprint images, or other biometric data items, the method incorporating determining for each person a plurality of correlations associating certain data items of that person with one another, for each data item being verified, calculating a confidence score depending at least on a first correlation of the data item being verified with a first other data item for the same person and on a second correlation of the data item being verified with a second other data item for the same person, and a step of comparing the score with a threshold value in order to determine whether the data item being verified is or is not valid.
    Type: Application
    Filed: April 25, 2013
    Publication date: April 9, 2015
    Inventor: Olivier Cipiere
  • Patent number: 8996575
    Abstract: The invention relates to a method for a computer system storing electronic objects being defined by metadata items. The method comprises deriving access rights from one or more security components originating from respective metadata items of at least one object, and determining the effective access rights for the object by means of the security components. The invention also relates to a method for a computer system storing electronic objects being defined by metadata items, wherein access rights for an object are determined by means of one or more pseudo-users. The invention also relates to an apparatus, a computer system and a computer readable medium comprising a computer program stored therein for carrying out the methods.
    Type: Grant
    Filed: September 29, 2010
    Date of Patent: March 31, 2015
    Assignee: M-Files Oy
    Inventors: Markku Laitkorpi, Antti Nivala, Juha Lepola, Ari Metsäpelto, Timo Partanen
  • Patent number: 8996573
    Abstract: A journaling system provides access to subsets of user information in a segregated fashion. This permits its users to define access settings for their user information thereby limiting which other users may access the user information. In one or more embodiments, the journaling system may include a server or other computing device and one or more storage devices used to store the user information, associated access settings, or both. The access settings may define particular criteria which must be met before a subset of user information may be accessed, and may identify particular users that may access the subset of user information.
    Type: Grant
    Filed: October 10, 2011
    Date of Patent: March 31, 2015
    Inventor: George Peter Kelesis
  • Patent number: 8990253
    Abstract: A media player may be adapted to manage presence information distribution and access to facilitate media communication between compatible devices. Devices connecting in an ad-hoc or other network topology include a plurality of presence settings that determine how or if the device appears to be available for communication to other devices over the network. Additionally, the presence settings identify other, specific devices or groups of devices that may communicate with a device. By comparing the presence settings of a sending device with the settings of a receiving device, the receiving device may determine a presence state for all devices within communication range.
    Type: Grant
    Filed: May 18, 2012
    Date of Patent: March 24, 2015
    Assignee: Microsoft Corporation
    Inventors: Megan Lesley Tedesco, Yasser Asmi, Ivan J. Leichtling
  • Patent number: 8990251
    Abstract: In accordance with embodiments, there are provided techniques for providing perceivable stimuli in an interface of a multi-tenant on-demand database system. These techniques for providing perceivable stimuli facilitate collaborative efforts of groups of users of a multi-tenant on-demand database system while maintaining access constraints amongst users associated with a common tenant.
    Type: Grant
    Filed: October 2, 2012
    Date of Patent: March 24, 2015
    Assignee: Salesforce.com, inc.
    Inventors: Paul Durdik, Daryl Josephson
  • Publication number: 20150081737
    Abstract: A device may correspond to a physical access controller in a distributed physical access control system. The device in a distributed system may include logic configured to detect a request from an application to access an application dataset, wherein the application dataset corresponds to a distributed dataset and determine whether the application dataset exists in the distributed system. The logic may be further configured to generate the application dataset in the distributed system, in response to determining that the application dataset does not exist in the distributed system, and send, to other devices in the distributed system, a request to join a dataset group that includes devices associated with the application dataset, in response to determining that the application dataset exists in the distributed system.
    Type: Application
    Filed: September 16, 2013
    Publication date: March 19, 2015
    Inventors: Mathias Bruce, Robert Rosengren