Abstract: User device information, identifying a first plurality of devices associated with a first user, is stored. A first device of the first plurality of devices is identified as being active. Data pertaining to an interaction session, within which the first user is participating, is provided to the first device based on the determination that the first device is active.

Abstract: Files of computer documents are classified into confidential levels without extracting and analyzing contents of the files. Files created by particular users may be clustered into groups of files based on file characteristics, such as file type (e.g., file extension) and file naming convention. A prediction confidential score may be generated for each group of files. A log of a file retention resource may be consulted to identify files created by users. A file created by a user may be assigned a prediction confidential score of a group of files having the same file characteristic as the file and created by the same user. The prediction confidential score may be used to determine a confidential level of the file when the file is found to be inaccessible.

Abstract: Ordering content in social networking applications is described. A method includes receiving a plurality of shared content pieces that are viewable and accessible by at least one viewer, wherein the shared content pieces are received from a personal web page owner. The method includes displaying the shared content pieces in an initial order, wherein the displayed shared content pieces are accessed in a viewer order determined by an individual viewer. The method includes receiving and storing the viewer order and an identity of the individual viewer in a data store. The method includes receiving approval from the personal web page owner to change the initial order. The method includes, in response to receiving the approval from the personal web page owner, changing the initial order based at least in part upon at least one of the viewer order and the identity of the individual viewer, thereby providing an adjusted order.

Abstract: A method of providing updates from a social network to a desktop application is provided. An update is created in an application and if the application has permission, it creates an entry in a recent activity queue. The queue is then subject to analysis to reduce the number of entries in the queue. Subscribers that have permission to receive updates from the publisher and the publishing application then receive updates from the publisher.

Abstract: A basic architecture for managing digital identity information in a network such as the World Wide Web is provided. A user of the architecture can organize his or her information into one or more profiles which reflect the nature of different relationships between the user and other entities, and grant or deny each entity access to a given profile. Various enhancements which may be provided through the architecture are also described, including tools for filtering email, controlling access to user web pages, locating other users and making one's own location known, browsing or mailing anonymously, filling in web forms automatically with information already provided once by hand, logging in automatically, securely logging in to multiple sites with a single password and doing so from any machine on the network, and other enhancements.

Abstract: A method (and system) for data acquisition includes downloading a user's sent materials from a communication data repository, analyzing the sent materials and extracting data portions that are authored by the user, generating statistical values from the extracted data, transmitting the generated statistical values to one or multiple repositories, receiving the generated statistical values on one or multiple server machines, and aggregating statistical values of multiple users.

Abstract: A mobile device, system, and method are directed towards managing social networking information by employing a reverse matching search to identify those members of the social network that may have another person's identifier in their contact lists. The person may initially visit the social network site and provide an identifier either automatically or through a directed action by the person. A reverse search may be performed on members' contact lists to determine which contact lists include the identifier. If a match is found in a member's contact list, selected information about that member may be provided to the person. The reverse matching search may also be performed at various subsequent times to provide members information about new members to the social network.

Abstract: Apparatus, systems, and methods may operate to construct a file system tree that includes files to be accessed according to a plurality of custom access control list (ACL) access mechanisms registered by a corresponding plurality of applications, or a default ACL access mechanism. To access the files, metadata can be read/written using a multiple protocol file system cache engine and one of the ACL access mechanisms. In some embodiments, operations may include registering, in response to a request by an application, a selected one of the plurality of custom ACL access mechanisms with a library coupled to a multiple protocol file system cache engine. Further operations may include accessing a file system through the multiple protocol file system cache engine using the selected one of the plurality of custom ACL access mechanisms, or a default ACL access mechanism. Additional apparatus, systems, and methods are disclosed.

Abstract: A method (and system) for data acquisition includes extracting information from user communications and allowing a user to control the information to be extracted. The method of data acquisition may include downloading a user's sent materials from a communication data repository, analyzing the downloaded materials and extracting data portions that are authored by the user, generating statistical values from the extracted data, transmitting the generated statistical values to one or multiple repositories, receiving generated statistical values one or multiple server machines, and aggregating statistical values of multiple users.

Abstract: Method and system for discovering and identifying a video object. The method includes crawling at least one predetermined website, discovering at least one video link at the predetermined website, processing information associated with a first database for storing one or more video links, and determining whether the discovered video link was already discovered before based on at least information associated with the first database. Additionally, the method includes, if the discovered video link is determined not to have been discovered before, updating the first database based on at least information associated with the discovered video link, downloading at least one video object based on at least information associated with the discovered video link, and processing information associated with the downloaded video object.

Abstract: An information processing apparatus includes a database management unit that generates an index including access authority for a document and manages the index together with the document, a user information acquisition unit that acquires, as user information, the access authority for a user identification value, a document search unit that acquires the user information and a search request including a search expression, generates a combined search expression by combining an inclusion relationship expression with the search expression, the inclusion relationship expression including an operator that designates an inclusion relationship for access authority of an originator, and acquires a search result at a shared level enabling sharing under a plurality of user identification values in a domain including the plurality of user identification values, and a cache management unit 218 that registers the search result at the shared level as a cache item identified as the one at the shared level.

Abstract: Contents can be opened to a suitable group by a simple operation. A data management method allows a plurality of users to browse stored data. The method includes setting association of first data which is previously set to be opened and at least one second data. Third groups to which these second data is opened are determined based on first groups of the first data set to be opened and second groups to which a user setting the association belongs. Then, the second data are opened to a user who belongs to the third groups.

Abstract: To eliminate restrictions on the order of writing in an access control list. A permission rule and a prohibition rule are stored in advance. A rule is read out from an access control list accepted, and a determination is made as to whether the readout rule is contained in the permission and prohibition rules stored in advance. When the readout rule is not contained and when the readout rule is a permission rule, the readout rule is stored in the temporary storage unit. When the readout rule is not contained and when the readout rule is a prohibition rule, a determination is made as to whether the prohibition rule conflicts with the permission rule stored in the temporary storage unit. When the prohibition rule does not conflict, the prohibition rule is stored in the temporary storage unit.

Abstract: A system (101) for implementing redaction rules in compliance with an organization's privacy policy, where the system intercepts messages between an information source (103) and an information destination (102), modifies the message contents based on redaction rules (106) and forwards the redacted contents over to the client. The system also maintains a record of the redacted information and updates the contents of any message submitted by the client (102) in order to maintain database integrity.

Abstract: Methods and systems are provided for decentralizing user data access rights control activities in networked organizations having diverse access control models and file server protocols. A folder management application enables end users of the file system to make requests for access to storage elements, either individually, or by becoming members of a user group having group access privileges. Responsibility for dealing with such requests is distributed to respective group owners and data owners, who may delegate responsibility to authorizers. The application may also consider automatically generated proposals for changes to access privileges. An automatic system continually monitors and analyzes access behavior by users who have been pre-classified into groups having common data access privileges. As the organizational structure changes, these groups are adaptively changed both in composition and in data access rights.

Abstract: Apparatus, methods and computer program products are described herein for automatically decrypting electronic communication that is harvested from custodians in an enterprise-wide electronic discovery system. Automatic decryption provides for electronic communication that is encrypted to be decrypted, even in instances in which the system is not provided the password and/or decryption key(s) from the encrypting custodian. The automatic decryption process, which ensues prior to delivering data to the third party data analysis provider or the requesting party, allows for data that may otherwise be unavailable or incomprehensible to the third party or requester to be readily accessible. Thus, decryption of such data in a relatively efficient and automated manner is highly beneficial.

Abstract: A security application manages security and reliability of networked applications executing collection of interacting computing elements within a distributed computing architecture. The security application monitors various classes of resources utilized by the collection of nodes within the distributed computing architecture and determine whether utilization of a class of resources is approaching a pre-determined maximum limit. The security application performs a vulnerability scan of a networked application to determine whether the networked application is prone to a risk of intentional or inadvertent breach by an external application. The security application scans a distributed computing architecture for the existence of access control lists (ACLs), and stores ACL configurations and configuration changes in a database.

Abstract: The present application describes systems and methods for Relationship Capital Management (“RCM”). An RCM system mines relationship capital, which it correlates to eliminate redundancies, that is made available for searching. An initial result set of the search may be narrowed to a single individual, e.g., the target. Weighted paths are identified that connect the user to the target, which may comprise one or more intermediaries between the two. Weighted paths are presented as maps, which may be embedded in other applications to improve business processes such as selling, marketing, hiring, etc. Selection of a path to the target initiates processing of requests for access to relationship capital and responses between the user and the one or more intermediaries. The processing of requests ultimately leads to the approval, conditional approval or denial of access to the relationship capital to which the user wishes to obtain access.

Abstract: A method and system for controlling access to stored data is provided. The storage access control system leverages a preexisting security infrastructure of a system to inform the proper access control that should be applied to data stored outside of its original location, such as a data backup. The storage access control system may place similar access control restrictions on the backup files that existed on the original files. In this way, the backed up data is given similar protection as that of the original data.

Abstract: Rights clearances management for assets, such as media assets. A rights brokerage service enables potential licensees to clears rights to use assets within designated projects, such as advertising campaign projects. The potential licensee uses an interface to select or identify an asset without necessarily accessing the asset itself. The rights holders and the rights held by each rights holder are identified based on the asset identity. A request is automatically issued to the rights holders to approve use of the asset for the project. The potential licensee may use an interface to track progress of approvals from the rights holders. Unenforceable rights are detected and approval is automatically obtained. If all enforceable rights are cleared, the asset may be committed for approval by a project manager or other authority. When approved, a license to use the asset is automatically created between the potential licensee and each of the rights holders.

Abstract: A system and method for drafting documents using an outline table is provided. A database of outlines is maintained. Each outline includes an organizational framework into which document clauses are inserted to form a document. A request for one or more of the outlines is received from a user. The outlines are filtered by removing those outlines that the user is not authorized to access. The outlines are further filtered by removing those outlines that are not preferred by the user. The remaining outlines, not removed, are presented to the user. Input from the user regarding the presented outlines is received. At least one of the presented outlines associated with the user input is selected. The selected outline is populated with predefined values.

Abstract: A method and system for providing an automated security access policy in a document management system are described. The security policies are applied based on metadata rules. Once a document is added to the document managements system, the metadata rules are evaluated using the metadata of the document. Based on the results of the evaluation security access policies are applied to the document.

Abstract: Provided are a computer program product, system, and method for providing different access to documents in an online document sharing community depending on whether the document is public or private. A request is received for a page and a determination is made of a document to include in the page and whether document information for the determined document indicates the document as public or private. An access element is included in the page to provide access to the content of the determined document in response to determining that the determined document is public. Access to a public description of the document not including all the content of the document is included in the page in response to determining that the determined document is private and that the requesting participant is not a member of the group of participants allowed to access the document.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for sharing tenant information utilizing a multi-tenant on-demand database service. These mechanisms and methods for sharing tenant information utilizing a multi-tenant on-demand database service can allow automatic sharing of information owned by a first tenant with other tenants of the multi-tenant on-demand database service. In this way, collaboration among tenants of the multi-tenant on-demand database service may be enabled via the sharing of the tenant information.

Abstract: A method of a computer, the method including the computer authorizing, not only a first user, but also a second user to access data that is created by the first user and is stored in association with a community. Wherein the first user is registered as a member who belongs to a group, wherein a member belonging to the group is authorized to access data that is accessibly stored for the member of the group, and the second user is defined as a superior of the first user in organization information that indicates hierarchical-relation of users and does not belong to the group. The computer rejects access to the data for an additional user, wherein the additional user has been determined not to be within a publication range of the data, even though the user is within a publication range of the community to which the data belongs.

Abstract: A server receives a consumer request pertaining to product asset management from a client. The consumer request comprises one or more product-related certificates that associates the client with one or more products. The product-related certificate comprises at least one extended attribute object identifier that has a corresponding product attribute. For each extended attribute object identifier, the server searches a data store to identify a product that corresponds to the extended attribute object identifier and generates a response to the consumer request based on the product that is identified in the data store.

Abstract: Certain example embodiments relate to techniques for automatically deriving web service permissions based on XML structure permissions. A call for a web service operation is received from a client at a web service runtime engine. XML data objects from a database of XML data objects located on an XML server implicated by the called web service operation are identified. The XML data objects have corresponding XML data structures. Access permissions for the user for the identified XML data objects are retrieved from the XML server, the access permissions for the web service having been generated automatically from access permissions based on the XML data structures for corresponding XML data objects. The called web service operation is either permitted or prohibited based on a determination, at the web service runtime engine and based on the retrieved access permissions. Thus, data access requests are handled in the “higher” web service layer.

Abstract: Embodiments relate to systems and methods for implementation on a mobile device to force the mobile device into a secure state upon detection or determination of a triggering event. Once it is determined that a triggering event has occurred, each application operating on the mobile device is caused to immediately unreference sensitive objects and a secure garbage collection operation is performed upon the unreferenced sensitive objects to render data associated therewith unreadable. The mobile device is then caused to enter a secure state, in which the mobile device cannot be accessed without authorization. A microprocessor within the mobile device is configured to determine the existence of the triggering event according to a configuration data structure and to perform the secure garbage collection.

Abstract: A document repository management system for an institution having a defined organization is provided. The document repository management system has (a) a first database containing an organization chart and organizational chart information including information identifying individuals in the defined organization, (b) a second database containing accessible documents, (c) programs for controlling requested access to each document of the accessible documents in the second database, and (d) programs for mapping, to the organization chart and the organizational chart information of the first database, each requested access to each document of the accessible documents, thereby enabling efficient management of the document repository based on historical tracking of actual usage of each document by individuals and groups on the organization chart.

Abstract: An information retrieval system having: a client adapted for accessing a plurality of file sets stored on one of a plurality of file servers; a plurality of file servers configured to operate with a federated file system namespace; and a memory for storing re-direction information accessible by the client for identifying a request issued by the client for a file set at a first location in the namespace where the file set is located at a second, different location on one of the file servers and wherein the client in examining the re-direction information in the memory, re-directs the request to the second location in accordance with the re-direction information.

Abstract: A method of identifying a user as an authorized user from free test text typed by that user into an input device. From the received test text, features associated with the typed text are extracted, such as timing data associated with alphanumeric letter pairs. These extracted features are compared to previously stored series of authorized user profiles, where the authorized user profiles were generated from a trial typing sample of alphanumeric data from each associated authorized user. The comparison identifies one of the authorized users with the user, and a score is derived to measure the strength of the comparison. If the score exceeds a threshold level, the user is identified as that authorized user.

Abstract: Methods, systems, and computer program products for managing access to a Domain Name Service (DNS) database. Embodiments of the present disclosure enable authorization of DNS request messages, such as queries and update requests according to user and network address information. The authorization functionality may be incorporated into existing DNS systems. The invention includes a method including receiving a DNS request message originated from a client by a user, the DNS request message comprising a request and identification information specific to the user; determining if the client is authorized to access a DNS database in dependence upon client address information and the user specific identification information contained in the DNS request message; and executing the request in response to determining the user is authorized. The method may further include extracting user specific identification information from a portion of the ID field of DNS messages.

Abstract: Ordering content in social networking applications is described. A plurality of shared content pieces are received, that are viewable and accessible by at least one viewer, wherein the shared content pieces are configured for display in an initial order, wherein the shared content pieces are accessed in a viewer order determined by an individual viewer. The viewer order and the identity of the individual viewer are received and stored in a data store, and the initial order is changed based at least in part upon at least one of the viewer order and the identity of the individual viewer, thereby providing an adjusted order. The changing of the initial order is performed after a predetermined period of time and is based at least in part upon at least one of viewer orders and identities of individual viewers for a plurality of viewers in the data store.

Abstract: A centralized enterprise security and provisioning policy framework is described. Enterprise wide security and provisioning is stored in a hierarchical fashion in a centralized LDAP based Directory server. Each policy and user maps directly to a unique entry in the directory. Policy entries can be created at specific administrative points in the Directory Information Tree instead of having to duplicate these policies as attributes of every user entry in the directory. The policies can be classified into provisioning, authentication, and authorization policies.

Abstract: A profile management apparatus for controlling available media content includes an individual identifier module, a profile creation module, a profile selection module, and a media control module. The individual identifier module automatically identifies one or more individuals as currently within a perceiving range of an output device receiving input from a media player without user input. The profile creation module automatically creates a new profile without user input in response to determining that a profile associated with the one or more individuals does not exist. The profile selection module selects at least one profile associated with the one or more individuals. The media control module controls media that is available for selection on the media player based one or more of media usage information and content restriction rules of the at least one profile.

Abstract: The present invention generally is directed to a system, method and article of manufacture for accessing data independent of the particular manner in which the data is physically represented. In one embodiment, a data repository abstraction layer provides a logical view of the underlying data repository that is independent of the particular manner of data representation. A query abstraction layer is also provided and is based on the data repository abstraction layer. A runtime component performs translation of an abstract query into a form that can be used against a particular physical data representation.

Abstract: A computer-implemented system and method for managing categories of waymarks is provided. Waymark records are each associated with a category and maintained on a database. Each waymark record includes metadata associated with at least one variable and one or more attributes specifying a type of the metadata for each variable. Access to the database is provided. A user having access to the database is identified based on a list of authorized users. A request from the user to present one such category and the associated waymark records is received. At least one waymark record from the requested category is processed. Input metadata is received from the user consistent with the variables and the attributes for that waymark record. At least a portion of the metadata is replaced with the input metadata.

Abstract: A method and system for controlling access to stored data is provided. The storage access control system leverages a preexisting security infrastructure of a system to inform the proper access control that should be applied to data stored outside of its original location, such as a data backup. The storage access control system may place similar access control restrictions on the backup files that existed on the original files. In this way, the backed up data is given similar protection as that of the original data.

Abstract: In accordance with embodiments, there are provided mechanisms and methods for conditionally allowing an application of an entity access to data of another entity in an on-demand database service. These mechanisms and methods for conditionally allowing an application of an entity access to data of another entity in an on-demand database service can enable embodiments to limit such access to the data, as desired. Furthermore, embodiments of such mechanisms and methods may provide additional security when sharing data among different subscribers to an on-demand database service.

Abstract: An approach is provided for managing access rights of users to information spaces using signatures stored in a memory tag. A signature manager caused reading of a memory tag to initiate a request, from a device, for an initial access to an information space. The request includes an authorization signature associated with the device. The signature manager determines a level of access to the information space by comparing the authorization signature against a lattice of signature primitives associated with the information space. The signature manager then modifies the authorization signature based on the determination and stores the modified authorization signature for validation of subsequent access to the information space by the device.

Abstract: A method for enforcing computer-based file system security, the method comprising generating a content-based file system from files in a physical file system, and enforcing a user access right to any aspect of the content-based file system, where the user access right derives from a user access right to a file in the physical file system.

Abstract: Briefly, embodiments of a method, apparatus or article for group access control of a distributed system are described.

Abstract: A method and apparatus for providing an integrated communication services (ICS) network that permits data subscribers to share information on a hospital campus using wireless or wireline local area networks, or to seamlessly tap into the facility's central database while in transit away from the hospital. The central database, referred to as the integrated communications clearinghouse (ICC) is adapted to store a communication profile for every network server on the ICS network. The ICC also maintains a Global Patient Profile (GPP), consisting of a patient profile for every patient on the network. The GPP provides the ICC with the capability of providing aggregated data and demographic information, creating “live” public health statistics through a single query to a central server. The actual selection of a particular channel to access the ICS will be service-dependent and a function of user whereabouts, desired quality of the connection, and costs of the connection.

Abstract: A non-transitory computer-readable storage medium, storing one or more programs configured for execution, the one or more programs for monitoring, transmitting, and recording usage of a computer or mobile device connected to a network, the one or more programs including instructions for establishing a first account, the settings of the first account being stored in a database; establishing a second account, the settings of the second account being stored in the database, wherein the second account includes a wish-list; linking the first and second accounts such that control settings of the second account are determined through the first account; and making a purchase from the wish-list of the second account consistent with the control settings of the second account.

Abstract: For managing homeowner association messages, a communication module receives a message. A storage module stores the message. The communication module communicates the message to accounts through at least one of a plurality of communication channels in accordance with structured message restrictions. The structured message restrictions comprise full access, partial access, and no access restrictions. Each message comprises a message category of a plurality of message categories comprising a homeowner message, a confidential board member message, and a board member message. Each account is classified with an account class of a plurality of account classes. The account classes comprise a homeowner class, a board member class, and a property manager class. The structured message restrictions permit full access, partial access, or no access to the message for each account.

Abstract: A method for storing event memorabilia is provided by an online service that receives over a wide-area network notification that a first user has registered to attend an event a sporting event, a concert). The service also receives over the wide-area network metadata associated with the event. The service locates a user profile associated with the first user and stores the metadata and an association between the metadata and the first user profile in a database. The service also grants the first user access to the user profile and the metadata associated therewith.

Abstract: A system and a method are provided. The method includes assigning an entity to a ticket group associated with an ID thereof, displaying to the entity reports, which are each organized with an associated security access control, in accordance with the ticket group, determining whether the entity is authorized to access any selected one or more of the reports in accordance with a result of a comparison between an access level associated with the entity ID and the security access control associated with each of the one or more of the stored reports, and granting or denying the access in accordance with the determination.

Abstract: System, method and computer program product for supporting a plurality of Access Control List types for a file system in an operating system in a data processing system. An Access Control List supporting system for managing access to a file system in a data processing system has at least one file system in an operating system of the data processing system, and an Access Control List management framework in the operating system and external to the at least one file system for managing access to the at least one file system. The Access Control List supporting system of the invention removes ACL management and access check-related functions from the at least one file system to an external Access Control List management framework, thus enabling an operating system to support a plurality of Access Control List types using the same Access Control List management framework and enabling new Access Control List types to be added to the operating system dynamically while the operating system is running.

Abstract: A journaling system provides access to subsets of user information in a segregated fashion. This permits its users to define access settings for their user information thereby limiting which other users may access the user information. In one or more embodiments, the journaling system may include a server or other computing device and one or more storage devices used to store the user information, associated access settings, or both. The access settings may define particular criteria which must be met before a subset of user information may be accessed, and may identify particular users that may access the subset of user information.

Abstract: Methods for providing a generic database security application using virtual private database (VPD) functionality are provided. The methods may include inserting rows into a user security table in a database providing VPD functionality, each row comprising a user ID for which database access is to be controlled, the name of a database object to be secured, and a predicate; and defining a security policy function common to all secured database objects, said security policy function generating a second predicate to be appended by the database's VPD functionality to queries made on a queried secured database object by a querying user, said second predicate based on at least one predicate in at least one row in the user security table, the at least one row referencing the name of the queried secured database object and the user ID of the querying user. Related systems and computer program products are also provided.