Abstract: In a method of preserving characteristics of desensitized database information for use in database management system benchmarking, at least one column of sensitive data from a database is accessed. The at least one column of sensitive data is sorted into a sorted data representation. Desensitized data is generated by sequentially mapping ascending different values of the sorted data representation to ascending desensitized values generated according to a strictly monotone increasing randomly generated function. The mapping results in a plurality of mapped desensitized values which are associated with the sorted data representation. The mapped desensitized values are unsorted into a desensitized database according to sorting information related to the sorted data representation. As a result of the unsorting, cardinalities of the at least one column of sensitive data are maintained within the desensitized database.

Abstract: Embodiments of the invention provide methods, apparatus, and articles of manufacture for providing security architecture for content management systems. An audit log table separates security concerns in framework code from application concerns in application code. Application developers place database access code in stored procedures. Each stored procedure records a unique identifier for each object involved in the database access code into an audit log, for later security checking by framework code. After executing the stored procedure, the framework code determines whether the stored procedure was authorized by checking the audit log and access control lists stored in the database. If not, an access violation error may be returned and the database may be rolled back.

Abstract: A method of sourcing a piece of equipment or a replacement part includes preparing a part request record, providing a part source database, an access portal, searching part source records in the database according to one or more search parameters associated with the part, part requestor or part source, creating a prospective part source list, and prioritizing the part source list by one or more indexing fields, to identify sources predicted to have the part at the best combination of quality, price, and other similar factors.

Abstract: An item inheritance system and method are provided. The item inheritance system can be employed to propagate access control information (e.g., an access control list) to one or more item(s), thus facilitating security of item(s). At least one of the item(s) is a compound item. The item inheritance system includes an input component that receives information associated with one or more items. The items can include container(s), object(s) and/or compound item(s). The system can be triggered by a change in security policy to the item(s), for example, adding and/or deleting a user's access to the item(s). Additionally, moving and/or copying a collection of items can further trigger the system. The system further includes a propagation component that propagates access control information to the item(s). For example, the propagation component can enforce the ACL propagation policies when a change to the security descriptor takes place at the root of a hierarchy.

Abstract: Methods and systems allow access to information in an enterprise environment that stores information in data silos. Entity type metadata, relations between entity types and access control information is extracted from the data silos and represented in a data virtualization system. Metadata information representing security information extracted from multiple data silos is combined to construct global security information for the enterprise. Security roles are combined to generate global security roles and access control lists are combined to generate globalized access control lists. The global security information can be modified by system administrators. Security information is refreshed from the data silos for each session created by the user and is applied to all data access requests created using the session.

Abstract: A dispersed data storage system includes a plurality of slice servers. In the system, a first set of the slice servers supports a first virtual digital data storage vault and a second set of the slice servers supports a second virtual digital data storage vault. A slice server is in the first and second sets and functions to: receive a request to access a virtual digital data storage vault; determine whether the virtual digital data storage vault is the first or the second virtual digital data storage vault; when the virtual digital data storage vault is the first or the second virtual digital data storage vault, determine whether the request is valid; and when the request is valid, execute the request to generate a response.

Abstract: An apparatus for communicating health care data from a sender to a receiver is provided. The apparatus has a first computer system, a second computer system, and a rules engine. The first computer system has health care data stored therein. The second computer system is in operable communication with, and is configured to extract the health care data from, the first computer system. The rules engine normalizes the extracted health care data to a predefined format. The rules engine defines a plurality of health care data fields in the predefined format, as well as a plurality of relationships between fields of normalized data.

Abstract: An Internet delivery method delivers electronic information products to a plurality of users via the Internet. A plurality of display formats are stored in a database. The display formats including at least a default display format and a custom display format. Information is also stored for each user indicating whether the user is a specific type of user. When a user logs in, the user is identified as being that specific type of user. If the user is identified as the specific type of user, then an electronic information product is delivered to the user in the custom display format. The electronic information products are accessed via computers connected to the Internet, including wireless devices.

Abstract: A permission information system and method are provided. The system facilitates management of permissions across a wide variety of systems and applications in a network environment. The system includes a data store which is a central repository that maintains permissions (e.g., in a user readable format). The permissions can, optionally, be translated into a format that is useable by endpoint system(s). The system further includes a metadirectory component which notices change(s) that are created in the data store and sends the security information to the endpoint system(s). The new security policy can then installed and enforced on the endpoint systems. The system can thus employ the capabilities of a metadirectory to distribute security policy(ies) to these end-point systems. The system can, optionally, include one or more translator(s) which transform the user readable format into a format that is consumable by the endpoint system(s).

Abstract: Embodiments are provided to use metadata to provide readable and/or writeable regions of a multi-dimensional space. In an embodiment, metadata can be used to define readable and/or writeable regions of a multi-dimensional data store. The various embodiments also use relational and/or multi-dimensional representations to resolve and validate readable and/or writeable regions of a multi-dimensional space. Metadata can also be used to designate a number of writeable and/or readable regions of a relational and/or multi-dimensional representation.

Abstract: Provided are a method, system, and program for deriving and using data access control information to determine whether to permit requested derivations of data elements. Data access control information is initialized for each of a plurality of data elements, wherein the data access control information for each associated data element includes a user access list indicating authorized users and a data access list indicating at least one data element that may be subject to a derivation operation with the associated data element. A request is received from one user to subject a first data element and a second data element to a derivation operation. The data access control information for one of the first and second data elements is processed to determine whether the user access list and data access list in the processed data access control information permits the user to perform the requested derivations of the first and second data elements.

Abstract: The present invention extends to methods, systems, and computer program products for controlling transactions in accordance with role based security. A first transaction related component receives a transaction related message from a second transaction related component. The transaction related message indicates a request by the second transaction related component to perform a transaction related operation that is to involve the first transaction related component. The first transaction related component authenticates the second transaction related component. The first transaction related component refers to transaction control information indicating roles the second transaction component is permitted to assume relative to the first transaction related component. The transaction related operation indicated in the request is compared to the permitted roles for the second transaction related component. The transaction related operation is implemented in accordance with the results of the comparison.

Abstract: Methods, systems, and data structures for communicating object metadata are provided. A generic metadata container is presented that allows object metadata to be described in an extensible manner using protocol-neutral and platform-independent methodologies. A metadata scope refers to a dynamic universe of targets to which the included metadata statements correspond. Metadata properties provide a mechanism to describe the metadata itself, and metadata security can be used to ensure authentic metadata is sent and received. Mechanisms are also provided to allow refinement and replacement of metadata statements. The generic metadata container can be adapted to dynamically define access control rights to a range of objects by a range of users, including granted and denied access rights.

Abstract: A system and a method for managing user and data profiles utilizing a web-enabled interactive database to organize, store and retrieve the information to create a consistent security model through centralized administration, are disclosed. The system captures various rules and pre-determined methodologies to provide on-line, up-to-date decisions to the users when users request access to a set of specific data or an application. The system further provides the capability to the user to request access to information that the user currently does not have access to, tracks the status of the request, obtains approval/disapproval decision from the data owner, implements the decision, and notifies requester within a reasonable time.

Abstract: Embodiments of the present disclosure provide systems and methods for sharing media files. Briefly described, in architecture, one embodiment of the system, among others, can be implemented as follows. The system includes a file sharing application configured to initiate a communication session with a file server, where the file server manages download requests for media files listed on a dynamic list. Use of the media files is subject to a trial period that corresponds to a period that the media files remain on the dynamic list. The system further includes trial period checking logic configured to retrieve a new dynamic list and check whether a trial period for a media file has expired by determining whether the media file is listed on the new dynamic list and offer presentation logic configured to offer a user a license for continued use of a media file that has an expired trial period. Other systems and methods are also provided.

Abstract: A node for providing a file service to a mobile terminal, the node comprises mobile terminal interface, and a file system for a plurality of users, each user having a user folder. The node is configured, in response to receiving a request for file access from a mobile terminal, to identify a user folder, to determine whether the file managing system manages the user folder and, in dependence upon whether the file managing system manages the user folder, to retrieve an entry point for the user folder and to transmit the entry point to the mobile terminal.

Abstract: Critical resource management is disclosed. In one embodiment of the invention, a method is provided. First, the method detects whether maximum utilization of a critical resource has been reached. For example, the critical resource can be a number of modems within a modem pool of an Internet Server Provider (ISP). Second, the method determines the priority of access to this critical resource for each of a plurality of clients. For example, such clients can be end-user computers attempting to dial into the modem pool of the ISP. Third, the method denies access to at least one of the clients that have the lowest priority of access to the critical resource. For example, this can mean that a client currently connected to the ISP via a modem of the model pool is disconnected, or can mean that a client attempting to dial into the ISP is refused access.

Abstract: A method, system and computer accessible medium for expiring access tokens in preparation for freezing file images. A metadata server may maintain a next scheduled quiesce time and may issue access tokens configured to expire before the next scheduled quiesce time. A metadata server may set an access token's expiration time to a maximum expiration time indicated by the next scheduled quiesce time or may set an access token's expiration time to a default expiration time if the default expiration time is earlier than the maximum expiration time. A storage device may recognize and enforce the access token's expiration time.

Abstract: A document management apparatus for managing an object includes an input unit that inputs setting of an operation related to an object, an execution unit that executes a predetermined operation related to the object, based on the setting, a setting selection unit that selects setting of an operation related to a past-executed object, and an object selection unit that designates an object to which the setting selected by the setting selection unit is applied, wherein the setting of the operation related to the object is performed by utilizing the content of past setting of an operation related to another object of the same or a different type.

Abstract: A multi-organizational information management system provides for full lifecycle tracking of business activities of a complex mix of governmental entities and business organizations by maintaining a secure database of data entities or records to track such activities. The system provides for secure sharing of information among the governments and organizations by controlling access to data entities based on organizational membership and assigned role of system users. The system provides flexible structural relationships among the various data entities. A graphic, web-based user interface of the system enables efficient access to the data entities for entry and update of specific data.

Abstract: Strategies are described for validating content transferred over a communication channel using a more effective approach than heretofore provided in the art. A content registration authority is provided which registers the content disseminated by one or more content providers to one or more client devices. A client device which receives content that has been registered can securely consume the content, based on an assumption that a content provider which furnishes the content is entrusted by the content registration authority to provide the content, and without prompting a user of the client device to expressly approve the content provider. In a first solution, the content registration authority registers the content by issuing a certification stamp; in a second solution, the content registration authority registers the content by storing registration information in a central repository. The content may contain instructions which perform operations in the context of an instant messenger application.

Abstract: A database system is disclosed. The database system includes a matching module configured to query a database for users which have data matching an interest of another user and to selectively grant to one or more of the users access to data of the other user based at least in part on a result of the query and on an access control list.

Abstract: Systems, methods, and other embodiments associated with a security audit performed on a displayed page generated from an executing application are described. One example method includes determining one or more current objects on the displayed page and determining access rights to the one or more current objects. The method may further include comparing access rights of the one or more current objects to access rights assigned to a user to determine accessible objects and non-accessible objects. The accessible objects and the non-accessible objects are visually distinguished on the displayed page.

Abstract: The present invention relates to a method for preventing the simultaneous modification of the same database object in a shared database by more than one user during the database development stage comprising the steps of: (a) creating security roles for said users, wherein each of the security roles has a modification permission set for denying or granting at least one modification permission to at least one said database object; (b) assigning each of said security roles to each of said users; (c) providing means for said users to request said modification permission to said database object; (d) receiving said request from a first user for said modification permission to said at least one database object; (e) determining that said security roles of said users, excluding the security role of first user, are set to deny said modification permissions to said object; (f) updating said security role of said first user to grant said modification permission to said object; (g) allowing said first user to modify said

Abstract: An information processing apparatus configured to perform cryptographic processing in response to a request from a server transmitting encrypted information to control an integrated circuit chip includes a managing unit managing types of the cryptographic processing granted in accordance with requests; and an output unit performing predetermined cryptographic processing requested from a predetermined server succeeding in authentication, when the requested predetermined cryptographic processing has a granted type managed by the managing unit, to supply information concerning the processing result to the predetermined server as information to be transmitted to the integrated circuit chip to be controlled.

Abstract: A method and system for role-based access control enforced by an Operating System filesystem are provided. A file representing a resource is created and stored in the Operating System filesystem. A user requests access to the resource and provides user-identifying information and a resource identifier. An access identifier is created based on the user-identifying information and the resource identifier, and is formatted as the file attribute used by the Operating System to manage file access. A system call to the Operating System is made to perform an operation on the file representing the resource, where the system call uses the access identifier to gain access to the file. The user is granted access to the resource only if the operating system successfully performs the operation on the file representing the resource.

Abstract: A network operating system may be provided. Also, system and method may include a complex data medium that enables the continuous reconciliation of the collaborative information process and product. The system generally may increase productivity by enabling a network dynamic among knowledge workers. The system may unify e-mail and shared file management, synchronous and asynchronous collaboration, serial and parallel work flow, top-down and bottom-up collaboration, and information lifecycle management.

Abstract: A system and method caches and distributes meta-data for one or more data containers stored on a plurality of volumes configured as a striped volume set (SVS) and served by a plurality of nodes interconnected as a cluster. The SVS comprises one meta-data volume (MDV) configured to store a canonical copy of certain meta-data, including access control lists and directories, associated with all data containers stored on the SVS, and one or more data volumes (DV) configured to store, at least, data content of those containers. In addition, for each data container stored on the SVS, one volume is designated a container attribute volume (CAV) and, as such, is configured to store (“cache”) a canonical copy of certain, rapidly-changing attribute meta-data, including time stamps and container length, associated with that container.

Abstract: A computer-implemented method for delivering targeted advertising in an asynchronous messaging-based social networking platform, the system comprising: providing a messaging server configured to managed asynchronous message delivery to a plurality of users, wherein a message comprises: a content title; a timestamp; a profile id, wherein the profile id is a unique identifier associated with a publisher of the message; and a message; providing a user authentication database configured to store and manage user authentication information for the plurality of users; maintaining a plurality of bindings configured to associate at least one user of the system with at least one other user of the system; storing an articles database configured to store messages within the system; identifying a plurality of publishers wherein each publisher posts a plurality of messages within the system; determining a plurality of channels; for each channel, associating a plurality of the publishers with the channel; and providing adve

Abstract: A system and method operable to cache and retrieve flight availability data. System components are a cache database for storing flight availability data, an airline cache control for configuring the cache database for a plurality of airlines, a subscriber cache control for configuring the cache database for a plurality of subscribers, and a cache query utility for interacting with the cache database. Additional system components are a data display utility for displaying flight availability data stored in the cache database, a success rate utility for tracking statistics associated with use of the cache database, and a dual mode processing utility that allows access to flight availability data from either the cache database or a real-time response. The system is provided as an intermediary between the subscribers and a plurality of airline servers.

Abstract: A method for storing data includes the steps of receiving a metadata parameter from a first user, the parameter being associated with a property in a database containing a plurality of data records, and storing the parameter. The method also includes the step of providing a second user with access to the stored parameter, the second user having an access level to the database which is different from that of the first user.

Abstract: A system and method for evaluating instances of authorization authority or segregation of duties in an organization against criteria for such authorizations, storing results of such evaluations and presenting such results to a user through queries of the stored results.

Abstract: A system and method of performing risk assessment of a dataset de-identified from a source database containing information identifiable to individuals is provided. The de-identified dataset is retrieved comprising a plurality of records from a storage device. A selection of variables from a user is received, the selection made from a plurality of variables present in the dataset, wherein the variables are potential identifiers of personal information. A selection of a risk threshold acceptable for the dataset from a user is received. A selection of a sampling fraction wherein the sampling fraction define a relative size of their dataset to an entire population is received. A number of records from the plurality of records for each equivalence class in the identification dataset for each of the selected variables. A re-identification risk using the selected sampling fraction is calculated. The re-identification risk meets the selected risk threshold is determined.

Abstract: Providing access to a resource via authorization data that conditionally defines the access by an expression that identifies the resource by name and by at least one property of the resource. An authorization service issues the authorization data (e.g., as a token) and evaluating authorization data received from a client. The authorization service evaluates the expression in the authorization data to identify the resource and determine the rights associated with the user for the resource. The authorization service implements role-based access control to control access to resources in a distributed, multi-site network.