Entries |
Document | Title | Date |
20100049773 | DOCUMENT HANDLING IN A WEB APPLICATION - A unique document handling facility on the scale of a Lotus Notes document. Preferably, the documents are stored in a relational database and served-up using Java servlets, with provisions for handling document content and group level security. | 02-25-2010 |
20100070532 | Storage device, content publishing system, and program - In order to prevent the same content from being published in duplicate, the invention provides a storage device which provides a storage area for storing content in accordance with a request from a user and can publish the stored content in which the storage area includes publishing content storage area which publishes the stored content to outside, duplication identification information for determining duplication of content is generated based on accepted content, publishing content is generated by embedding a digital watermark including identification information of the user to the accepted content if duplicate content of the accepted content is not stored in the storage area, the publishing content is stored in the publishing content storage area, and the content is not stored in the publishing content storage area if the duplicate content of the accepted content is stored in the storage area. | 03-18-2010 |
20100077005 | VARIABLE USER INTERFACE BASED ON DOCUMENT ACCESS PRIVILEGES - Users may be presented with different viewing interfaces for a document based on a combination of factors relating to display rights possessed for the document and user specific information. In one implementation, the user's location is used to determine portions of the document that can be displayed to the user. More particularly, access privileges to a document for a user are determined based on geographical location information of the user and based on access rights possessed for the document. Portions of the document may then be formatted for display to the user based on the determined access privileges. | 03-25-2010 |
20100082677 | CONTENT ACCESS AND ANNOTATION SYSTEM AND METHOD - Disclosed herein are systems and methods for controlling access to content, and/or regions thereof, as well as controlling access to annotations to the content, or regions thereof. An audience can be specified for a region of content and one or more associated annotations. In response to a request for a content region, a content region definition, an audience definition for the content region, and at least one annotation for the content region and audience can be obtained, and the content region and the at least one annotation can be transmitted in response to the request if it is determined that the request is from a member of the audience, so that the content region and annotation can be experienced at an audience member's device. | 04-01-2010 |
20100082678 | AGGREGATION SERVER WITH INDUSTRIAL AUTOMATION CONTROL AND INFORMATION VISUALIZATION PLACESHIFTING - A method and system for facilitating viewing visualization data is provided. At least one visualization dataset is aggregated from within a protected network and converted into a web-based file. Each of the at least one dataset and web-based file are securely stored within the protected network and are inaccessible outside the protected network. A request is sent to a host via the internet, the request requesting the host to send a reply corresponding to a desired visualization dataset, and the reply is received from the host. A desired web-based file and the desired visualization dataset are pushed out of the protected network via the internet and directed towards the host as a function of the reply. | 04-01-2010 |
20100082679 | METHOD, APPARATUS AND COMPUTER PROGRAM PRODUCT FOR PROVIDING OBJECT PRIVILEGE MODIFICATION - An apparatus for providing object privilege modification may include a processor. The processor may be configured to receive an indication to modify at least one privilege associated with an object. The processor may be further configured to modify the at least one privilege associated with the object based at least in part on the indication and update a policy file based at least in part on the modified privilege associated with the object. The processor may be additionally configured to provide for an output of the object based at least in part on the modified privilege associated with the object. Associated methods and computer program products may also be provided. | 04-01-2010 |
20100082680 | METHODS AND SYSTEMS FOR PROVIDING EASY ACCESS TO INFORMATION AND FOR SHARING SERVICES - Methods and systems for providing easy access to information and sharing are provided. Embodiments of the present invention enable a host to grant access to published content to one or more users in a manner in which the user(s) can scan small portions of information to decide which information is desired. The embodiments described herein enable, for example, a user to see a library of content that is larger than the storage capacity of the computing unit used by the user. The sharing of information is also secured through the use of auto-lock keys and the creation of abstract identities for the host and each user. | 04-01-2010 |
20100088340 | ACCESS TO ELECTRONIC SOCIAL NETWORKS - A method comprising, defining a social network U={u, u′, . . . }, defining a set of relationships between users O | 04-08-2010 |
20100088341 | COMPUTING DATA SECURITY SETTINGS IN A MULTI-DIMENSIONAL SYSTEM - Disclosed is a method and system for computing data security settings in a multi-dimensional system. The method includes receiving a query from a user to access a dataset, retrieving a membership tree of the user and determining a set of minimal branches of the membership tree. A minimal data security setting for the user is determined by computing a sum of products in the set of minimal branches. A data security setting for the user to access the dataset is determined based on the minimal data security setting and finally, the data security setting is embedded in the query to access the dataset. | 04-08-2010 |
20100106744 | CONFLICT PREVENTION FOR PEER-TO-PEER REPLICATION - Aspects of the subject matter described herein relate to conflict prevention. In aspects, a peer that seeks to modify a data structure first determines whether it is the owner of the data structure. An owner of the data structure has rights to update the data structure. If the peer is not the owner, the peer sends a request to the owner. The owner responds to the request by changing ownership of the data structure to the peer. Once this change is replicated to the peer, the peer is able to update the data structure as desired. | 04-29-2010 |
20100114963 | Web Browsing configuration and Collaboratively Filtered Web Sites For Personal productivity - Multiple users generate separate websites, which are compiled into an approved list of websites for an organization. This list of approved websites is saved in a database location. When a user desires to access the communication network, this method of this invention detects and intercepts the access attempt and determines whether the website identified in the access attempt is accessible by the particular user. The determination of whether the desired website is accessible to the user will depend on certain defined criteria such as time of workday or length of a connection session of the user with the communication network. | 05-06-2010 |
20100114964 | SEARCHABLE ENCRYPTION FOR OUTSOURCING DATA ANALYTICS - A method for performing data analytics on outsourced data may include generating, by a data owner, a binary tree representing data from the data owner, where each node of the binary tree is associated with an identity that represents a data element or an interval of data elements, computing, by the data owner, an identity token and encrypting the identity token for each of the identities in the binary tree, generating a range query token using an identity selected by a data analyst and a secret key input by the data owner and computing a decryption key for the selected identity, and analyzing the data, by the data analyst, by comparing the computed decryption key for the selected identity with each of the encrypted identities. | 05-06-2010 |
20100121881 | Mobile Device Image Logging - Images transferred and received via a mobile device are logged. At a network node, images transferred to or from the mobile device are received and then stored on a network data storage device. Access to the images on the network data storage device is provided only to an authorized user. The images may be saved within a sliding time window. An authorized user may restrict future communication between the mobile device and another mobile device which received or sent an image. | 05-13-2010 |
20100121882 | Method and System for Implementing and Managing an Enterprise Identity Management for Distributed Security in a Computer System - A method and system for facilitating the management of user identities includes an ownership component, a registration component, and a servicing component. When a user first desires to access a system using the present invention, the registration component verifies the user's ownership of the underlying account by asking a variety of questions. Thereafter, when a user desires to service his account, the user may be re-queried to determine if he is attempting to access the correct information. An authentication and access component provides the functionality to access a system of the present invention. An audit component can be configured to periodically monitor the various accounts to ensure a continued linking between users and accounts. | 05-13-2010 |
20100125603 | Method, Apparatus, and Computer Program Product for Determining Media Item Privacy Settings - An apparatus for determining media item privacy settings may include a processor. The processor may be configured to receive media item capture data associated with a media item. The media item capture data may include at least a capture location. The processor may also be configured to identify a privacy context that corresponds to the media item capture data. In this regard, the capture location of the media item capture data may be within a geographic zone of the privacy context. The processor may be further configured to determine a privacy setting for the media item based on the corresponding privacy context, and, in some embodiments, control access to the media item in accordance with the determined privacy setting. Associated methods and computer program products may also be provided. | 05-20-2010 |
20100131558 | SYSTEM AND METHOD FOR MANAGING COPYRIGHT LICENSING - A system and method for storing and managing copyright licensing. There is provided a device for monitoring a business's performance of music or other copyrighted works to determine if the business has a license for performing the works. The device is generally employed by a user to record a sample of the work, as well as identifying information about the business, to assist in determining the licensing status of the business. A business location identification process obtains the information gathered from the device to identify the business where the device is located. A copyrighted work identification process obtains the recording of the copyrighted work from the device and identifies the particular copyrighted work. The business information is transmitted to a copyright license database that determines the licensing status of the business. If the business is not on the list, the business name is transmitted to a database of unlicensed businesses. | 05-27-2010 |
20100131559 | ISOLATING AN EXECUTION CONTAINER IN A SYSTEM WITH MANDATORY ACCESS CONTROL (MAC) - Preventing a process from traversing back a directory tree through its parent directories is described. In a system with a program executing in a path container, an access permission rule applicable to the instance of the program prevents the program from traversing the tree structure back through its parent directories towards an absolute root directory. The access permission rule may be a rule in an instance of a security policy applicable to the particular path container from which the process is executing. | 05-27-2010 |
20100145996 | Accessing Data in a Multi-Generation Database - A method for accessing data in a multi-generation database is provided. The method comprises receiving a request to access first data in the database, wherein the first data is located on a first page of the database; reading an entry corresponding to the first page to locate a first track on the first page to access a newest version of the data; acquiring a first lock to synchronize accesses to the first track; and determining that the first track stores the newest version of the data, in response to reading the entry while holding the first lock. | 06-10-2010 |
20100145997 | User driven ad-hoc permission granting for shared business information - An apparatus and method for sharing information between a person having certain permissions, and another person or group of persons having insufficient permissions for the information. The apparatus and method enable a creator of a report to grant people or groups ad-hoc access permission to object types and object instances for which they have no a-priori permission. The method and apparatus enable the shared information to be up-to-date rather than static, and in addition enables logging and tracking of accesses to the information. The permission can have properties such as expiration date, context limitation, or further granting permission to a third party. | 06-10-2010 |
20100153452 | Discardable files - The present application includes methods and system for managing a storage device. In one implementation, a storage allocator that is present in a host or a storage device receives a request to store a file in a storage area of the storage device. The storage allocator marks the file as discardable in a file system structure associated with the storage device and updates a primary file allocation table (“FAT”) to associate a cluster chain that is allocated to the file with the file. The storage allocator additionally updates a discardable FAT or a database to reflect a physical location of the file, or may generate one or more location files that store the physical location of the file. The storage allocator then manages the storage area device based on the FAT and a discardable FAT, database, or one more location files indicating the physical location of the file. | 06-17-2010 |
20100161665 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM AND COMPUTER READABLE MEDIUM - A computer readable medium storing a program causing a computer to execute a process for managing accesses, the process includes: causing a user information storage unit to store user information; accepting authorized user information indicating an authorized user as a user permitted to execute a predetermined process on target information; issuing an instruction for storing a duplicate of target information in an information management apparatus associated with the authorized user, when the authorized user is not included in users shown by user information associated with the information management apparatus storing therein the target information; and issuing a instruction to the information management apparatus storing therein the duplicate of the target information to perform setting so that the information management apparatus can execute the predetermined process on the duplicate of the target information based on the authorized user's request. | 06-24-2010 |
20100179965 | IMAGE PROCESSING APPARATUS AND IMAGE PROCESSING METHOD - The present invention is directed to an image processing apparatus which can change the access authority for a folder based on the restricted functions for each user, even if the user operates a folder which a restricted function is associated with. When an operation on a hot folder is received from a user, the present invention determines whether that user has an access authority for the hot folder. If it is determined that the user does have an access authority, it is further determined whether there are any functions which the operating user cannot use among the functions associated with the hot folder. If it is determined that there is/are function (s) which the user cannot use, the access authority for that hot folder is changed, and an error message to that effect is sent to the user. | 07-15-2010 |
20100185675 | SECURITY CONTROL OF ANALYSIS RESULTS - A system and a method are provided. The method includes assigning an entity to a ticket group associated with an ID thereof, displaying to the entity reports, which are each organized with an associated security access control, in accordance with the ticket group, determining whether the entity is authorized to access any selected one or more of the reports in accordance with a result of a comparison between an access level associated with the entity ID and the security access control associated with each of the one or more of the stored reports, and granting or denying the access in accordance with the determination. | 07-22-2010 |
20100185676 | SYSTEM AND METHOD FOR THE CENTRALIZED MANAGEMENT OF A DOCUMENT ORDERING AND DELIVERY PROGRAM - A system and method for managing the ordering, maintenance, and delivery of documents (e.g., technical publications, journals, etc.) in a copyright-compliant manner. A company having a plurality of users having a significant need to order a large number of documents, may utilize the system and method to centrally manage the company's document ordering needs. The system and method provides for the end-to-end management of the entire document delivery supply chain from the publisher to the user. Use of the system and method enables a company to efficiently control the automated distribution of content in compliance with copyright restrictions set forth by document publishers. | 07-22-2010 |
20100191770 | SYSTEMS AND METHODS FOR PROVIDING A VIRTUAL FASHION CLOSET - This is directed to systems and methods for providing a virtual fashion closet. Fashion items can be added to the Virtual Closet. Outfits may then be created by combining two or more of the fashion items. In some embodiments, the Virtual Closet system can create recommended outfits based on weather, season, or the user's calendar. The Virtual Closet system can allow a vendor to send recommended fashion items that may complete an outfit to a user for potential purchasing. In some embodiments, a social networking Virtual Closet can be provided. The social networking Virtual Closet can allow friends to see each other's Virtual Closets, recommend outfits to one another, recommend fashion items to buy, recommend fashion items to get rid of, recommend outfits to wear at a particular event, share and borrow each other's fashion items, or can otherwise suitably provide a social networking environment through the Virtual Closet. | 07-29-2010 |
20100198871 | INTUITIVE FILE SHARING WITH TRANSPARENT SECURITY - A file sharing system includes authorization-based security to control access to shared files; and a synchronizer which uses the authorization-based security to monitor the shared files for changes and propagating the changes according to sharing relationships. A method for file sharing includes using authorization-based security to control access to a shared file; and monitoring the shared file for changes using a synchronizer which incorporates the authorization-based security to access the shared file. | 08-05-2010 |
20100205216 | TECHNIQUES FOR CHANGING PERCEIVABLE STIMULI ASSOCIATED WITH A USER INTERFACE FOR AN ON-DEMAND DATABASE SERVICE - In accordance with embodiments, there are provided techniques for providing perceivable stimuli in an interface of a multi-tenant on-demand database system. These techniques for providing perceivable stimuli facilitate collaborative efforts of groups of users of a multi-tenant on-demand database system while maintaining access constraints amongst users associated with a common tenant. | 08-12-2010 |
20100235395 | SYSTEMS AND METHODS FOR PROVIDING SOCIAL ELECTRONIC LEARNING - A social electronic learning system, including a plurality of computing devices for communicating with a plurality of users in an educational community, and at least one server in communication with each of the plurality of computing devices, each server in communication with at least one data storage device configured to host a plurality of electronic portfolios, each electronic portfolio associated with one or more users of the plurality of users in the educational community, wherein each server is configured such that one or more users may associate one or more digital items with each electronic portfolio, and the plurality of users may take actions on the digital items in each electronic portfolio depending on authorization criteria. | 09-16-2010 |
20100250605 | Method and Apparatus for Social Trust Networks on Messaging Platforms - A social trust network is implemented in combination with a communication network capable of monitoring one or more parameters of communications. The social trust network includes a database containing trust data and possibly profiles of respective entities can be searched to return identities of entities such as subject matter experts with whom a user such as a decision-maker may wish to communicate; which communication may be facilitated by communication contact information corresponding to entities returned by the search. A plurality of trust metrics are computed from the trust data and search results are ordered based on a weighted sum of trust metrics, possibly including ratings of entities, where the relative weights may be manipulated at the will of the user. The monitored parameters of such communications are represented in data stored as trust data in a database which is thus adaptively developed through use of the social trust network. | 09-30-2010 |
20100250606 | NETWORK-BASED PROCESSING OF DATA REQUESTS FOR CONTACT INFORMATION - A system, method and computer-readable media for managing contact information via a network-based interface. A network resource transmits a data request to a contact information processing service. The contact information processing service processes the data request in accordance with the parameters included in the data request and information maintained by the contact information processing service. Examples of the processing facilitated by the contact information processing service include contact identification routines, contact verification routines, group-based information routines, and communication information routines. The contact information processing service returns the results to the requesting network resource. | 09-30-2010 |
20100250607 | PERSONAL INFORMATION MANAGEMENT APPARATUS AND PERSONAL INFORMATION MANAGEMENT METHOD - The present invention relates to an apparatus and method that prevents personal information, which is provided from a user to a website when the user joins the website, from being illegally used. The user uses a reliable website where the personal information can be reliably managed and then stores the personal information in the reliable website. When the user provides the personal information to join a website, the user does not provide actual personal information but provides link information that can be used to link with the reliable website where the personal information is stored. The user and the reliable website share secret information to control a link access authority for the personal information. | 09-30-2010 |
20100262624 | DISCOVERY OF INACCESSIBLE COMPUTER RESOURCES - A request for a search of computer resources can be received at a search engine. The search of the resources can be conducted, and search results can be produced. The search results can include an accessible resources set, which includes one or more representations of one or more resources to which an object associated with the request has access. The search results can also include a discoverable resources set, which includes one or more representations of one or more resources to which the object does not have access, but does have permission to request access. Additionally, the search results can include a set of one or more identifiers that distinguish between the accessible resources set and the discoverable resources set. | 10-14-2010 |
20100262625 | METHOD AND SYSTEM FOR FINE-GRANULARITY ACCESS CONTROL FOR DATABASE ENTITIES - Method and system embodiments of the present invention are directed to providing fine-granularity access control to data entities within databases. Certain method and system embodiments of the present invention are directed to providing row-and-column-level access control to relational tables, relational views, and other database entities managed by relational database management systems. Certain embodiments of the present invention employ additional database tables, user-defined functions, and automatically created security views to create and maintain a view-based interface to an underlying database through which users access data stored in the underlying database. The view interface includes automated access control features that provide row-and-column access controls to users of the database management system. | 10-14-2010 |
20100268740 | SYSTEM AND METHOD FOR TRACKING DOCUMENTS IN AN ON-DEMAND SERVICE - In accordance with embodiments, there are provided mechanisms and methods for tracking documents in an on-demand service. These mechanisms and methods for tracking documents in an on-demand service can enable embodiments to provide the sharing of documents and the tracking of whether one of the shared documents was changed. The ability of embodiments to provide the sharing of documents and the tracking can enable a safeguard that a user knows whether the document that they have in their possession is the most recent version. | 10-21-2010 |
20100274811 | DELAYED FILTERING OF ELECTRONIC COMMUNICATION - The invention provides a method, system, and program product for processing an electronic communication by delaying its filtering in order to improve the effectiveness of such filtering. In one embodiment, the invention includes sequestering the electronic communication for a period of time, determining whether the electronic communication should be rejected based on either or both of its source or its content, in the case that the electronic communication should be rejected based on either or both of its source or its content, rejecting the electronic communication, and in the case that the electronic communication should not be rejected based on either or both of its source or its content, delivering the electronic communication to at least one recipient. | 10-28-2010 |
20100274812 | Method and System for Sharing Different Web Components Between Different Web Sites in a Portal Framework - The sharing of objects may be executed by performing various share type administrations. Objects may be shared directly to a site or may be made available indirectly for reuse by a site. The objects shared and made available for reuse may be added to the site to which they are shared and made available for reuse. References to the objects shared and made available for reuse are stored in repositories in response to, and in accordance with, the share type administration performed. The storage of the references to objects is based on privileges associated with at least one of a repository, a site and a user. Objects made available for reuse by, and shared to, a site may be made unavailable for reuse by, and unshared to, the site through the execution of a share type administration. | 10-28-2010 |
20100281058 | Method for automatically configuring an interactive device based on orientation of a user relative to the device - A system for controlling access to global computer network comprises a gateway computing device and one or more remote computer devices that are connected to the gateway computing device. The remote computer devices will gain access to the global computer network system via the gateway computing device. In one application, the remote computer devices can communicate directly with the gateway computing device to control access to the global computer network system. The gateway computing device has the capability to store information about each remote computer device in the system. The gateway computer device can communicate with the remote computer device through local area or wide area networks. | 11-04-2010 |
20100306267 | SYSTEMS AND METHODS FOR DATA UPLOAD AND DOWNLOAD - Systems and methods which provide a hybrid network based solution for digital data file backup are shown. Embodiments utilize a transport mass storage system to provide transmission of digital data files between user equipment and a network based mass storage system. A manifest may be used to manage transporting and/or storage of digital data files. User equipment may then access the digital data files stored to the network mass storage system for various purposes using a network link. Subsequent, incremental backups and other transfers of relatively small amounts of digital data files are preferably accomplished using a network link for the transfer. | 12-02-2010 |
20100306268 | SYSTEM AND METHOD FOR IMPLEMENTING EFFECTIVE DATE CONSTRAINTS IN A ROLE HIERARCHY - A system providing a method for implementing effective date constraints in a role hierarchy is described. In one embodiment, for example, the method comprises the steps of: storing data that represents a first effective date constraint on a role of a role hierarchy, the first effective date constraint having a start date and an end date; storing data in a database that represents a second effective date constraint on a grant of the role to a grantee, the second effective date constraint having a start date and an end date; storing data in a database that represents a third effective date constraint on the grantee, the third effective date constraint having a start date and an end date; and computing a net effective date constraint for the role by computing the intersection of the first effective date constraint, the second effective date constraint, and the third effective date constraint. | 12-02-2010 |
20100318569 | POPULATING A CACHE SYSTEM BASED ON PRIVILEGES - A cache system is updated upon determining that a current privilege has not been checked for the session. Updating the cache system includes receiving all data items that are accessible for the current privilege. The cache system stores each received data item in association with a privilege set. The privilege set is enabled to include at least one privilege that is granted for the corresponding data item. The current privilege is stored in the privilege set of each data item when the cache system is updated based on the current privilege. | 12-16-2010 |
20100318570 | PLUGGABLE SESSION CONTEXT - A method and apparatus are described for sharing a session to access a database. A database server receives, in a session, a session context identifier and a command. The session context identifier identifies a session context to use for the session. The session context is a set of information or commands that plug into a session state and specify how commands in the session are to be performed for a particular user or privilege level. In response to receiving the identifier, the database server associates the session context with the database session for the connection. The database server uses the session context to process the command. The session context may then be detached from the session, allowing another user to attach to the session via another session context. | 12-16-2010 |
20100325159 | MODEL-BASED IMPLIED AUTHORIZATION - An authorization system determines a user's permission to access an object implicitly based on relationships in a data-driven model. The system provides the ability to mark a relationship type in the model between one object class (accessor) and another object class (accessed) as an implicit authorization relationship type. A user can define the permissions granted to the accessor object on the accessed object. When an accessor object tries to access a related accessed object over an authorization relationship type, the authorization system determines the permissions granted by inspecting the implicit authorization relationship type definition. The authorization system can also traverse containment relationship types to grant objects permissions contained by other objects. The authorization system dynamically determines authorization based on a relationship model that more naturally fits the actions that an administrator of a data-driven system is familiar with, and does not involve complex direct authorization or group membership management. | 12-23-2010 |
20100325160 | EXCLUSIVE SCOPE MODEL FOR ROLE-BASED ACCESS CONTROL ADMINISTRATION - Architecture that creates a class of role-based scopes that can be declared “exclusive”, which automatically means that no user can access the scope unless the user is granted that exact scope. The exclusive scope excludes an object from the new scopes and existing scopes. In other words, the exclusive scope is a write restriction from a domain scope. The exclusive scope denies user access unless the user is granted the exclusive scope. The exclusive scope can be applied to a group of user objects. The exclusive scope is explicitly assigned to the object to grant access to an exclusive group. Moreover, the exclusive scope is immediately write-protected upon creation. | 12-23-2010 |
20100325161 | ORGANIZATIONAL REFERENCE DATA AND ENTITLEMENT SYSTEM WITH ENTITLEMENT GENERATOR - A system including a centralized organizational information system in communication with a centralized organizational information database and an entitlement generator in communication with the centralized organizational information system, wherein the entitlement generator is configured to automatically generate at least one executable entitlement rule based on an input rule. The system also includes a federated set of entitlements engines in communication with the entitlement generator and a plurality of entitlement databases, wherein each of the entitlements engines is for determining whether a user is entitled to access secured resources requested by the user based on the executable entitlement rule. | 12-23-2010 |
20110004629 | Method and System for Automating the Migration of User Settings from a First Domain to a Second Domain - A method for automating the migration of a plurality of user settings associated with a user from a first domain to a second domain, includes receiving a plurality of user settings associated with a user of a computer associated with a first domain. The method also includes configuring the computer associated with the first domain for association with a second domain. The method further includes creating a user profile of the user of the computer associated with the second domain, such that the user profile comprises at least one of the plurality of the user settings associated with the user of the computer. | 01-06-2011 |
20110016151 | Method and apparatus for privilege control in docbase management system - The present invention discloses a method and apparatus for privilege control in a docbase management system to provide comprehensive privilege control with fine granularity. Document data stored in the docbase management system includes at least one document data object, and each document object supports at least one privilege. When granting a privilege to a role on a document data object, a set of privilege is selected from the at least one privilege supported by the document data object, and the selected set of privilege is granted to the role as the privilege of the role on the document data object. When the role is to perform an operation on the document data object, the operation of the role on the document data object is controlled according to the set of privilege of the role on the document data object. | 01-20-2011 |
20110022636 | ENFORCING RESTRICTIONS FOR GRAPH DATA MANIPULATION OPERATIONS - Systems, methods, and other embodiments associated with data manipulation operation restriction enforcement on graph data are described. A statement specifying a data manipulation operation to modify graph data that will modify one or more triples in the graph data is received. One or more resources that the one or more triples describe is determined. Data constraints associated with the resources are accessed. The access constraints are evaluated on the graph data. The data manipulation operation is selectively restricted based, at least in part on, the evaluation of the access constraints. | 01-27-2011 |
20110029565 | Generation of a Media Profile - One aspect of the invention includes a computer device. The computer device includes a network interface component configured to download media from an external source through a secure network connection. The computer device also includes a memory configured to store the downloaded content. The computer device further includes a media profiling engine configured to query the memory for the downloaded content based on the connection of the network interface component to the external source through the secure network connection and to generate a media profile log comprising information relevant to the downloaded content. | 02-03-2011 |
20110029566 | PROVIDING AND MANAGING PRIVACY SCORES - Methods for providing a privacy setting for a target user in a social network utilizing an electronic computing device are presented, the method including: causing the electronic computing device to retrieve a current privacy setting for a common profile item, where the common profile item corresponds with the target user and each of a number of users, and where the common profile item is one of a number of common profile items; causing the electronic computing device to calculate a common profile item sensitivity value for the common profile item based on the current privacy setting; causing the electronic computing device to calculate a common profile item visibility value for the common profile item based on the a current privacy setting and the sensitivity value for the common profile item; and causing the electronic computing device to calculate the privacy score of the target user. | 02-03-2011 |
20110035409 | HIERARCHICAL STORAGE SYSTEM AND COPY CONTROL METHOD OF FILE FOR HIERARCHICAL STORAGE SYSTEM - An interface for controlling an inhibition of a recall is prepared for an application, and a judgment of necessity of a recall is informed of to a hierarchical storage before the application executes an access to a file. | 02-10-2011 |
20110040792 | Stored Object Replication - The number of replicas of an object to be stored is determined, at least in part, as a function of an access control policy for that object. | 02-17-2011 |
20110047183 | CHAIN OF CUSTODY MONITORING AND MANAGEMENT - A system for monitoring and managing chain of custody information for an asset or a group of assets through various stages of asset transport or transformation. The system includes a server configured to assign an asset identifier relating to each specific asset, an asset record stored on a computer readable medium and linked to the asset identifier, the record configured to store data linked to a specific asset, a series of modules, each module stored on a computer readable medium, the modules comprising instructions configured to instruct a processor to access and modify the asset record as well as to establish a series of rules for managing the asset, and at least one supplier computing device operably connected to the server, the computing device configured to access at least one of the series of modules, thereby allowing a user to access and modify the asset record. | 02-24-2011 |
20110055275 | UNIFIED USER IDENTIFICATION WITH AUTOMATIC MAPPING AND DATABASE ABSENCE HANDLING - An identification system that may be used in heterogeneous computing environments provides a fail-free path to providing identifiers from a single canonical namespace. Objects or gateways requiring an identifier for access are accessed using an identifier for the canonical namespace. If an entity requests access using an identifier from another namespace, an external database is consulted to determine if a mapping exists for the identifier to another identifier the canonical namespace. If no mapping exists, or the external database is unavailable, then an identifier is automatically generated in the canonical namespace and is used for the access. An internal database is updated with the automatically generated identifier, providing a mechanism to add mappings without administrative intervention. To access resources requiring an identifier from another particular namespace, a canonical namespace identifier may be mapped to another identifier in the particular namespace, or a generic identifier may be used. | 03-03-2011 |
20110060764 | DATA MANAGEMENT AND DISTRIBUTION - Data management and distribution are described, including a memory configured to store data, the data being stored in a file and the file is downloaded in response to a signal, and downloading is performed based on a parameter determined by a provider of the file or the system, and a logic module configured to process the signal and access data stored in the file, and the file is downloaded to a device and configured for interaction with a user, and user activity is recorded and used by the logic module when selecting another file for downloading to the device. | 03-10-2011 |
20110066652 | CONDITIONAL ACCESS TO USER-GENERATED MULTIMEDIA CONTENT - A method and system for distributing multimedia content may enable a user to specify a number of recipients for receiving user-generated content (UGC) provided by a multimedia content distribution network (MCDN). The UGC may be stored in a UGC library. The recipients may be specified by selecting entries in an electronic address book accessible via the MCDN. The specified recipients may retrieve the UGC, or the UGC may be sent to the recipients. Access to the UGC may be provided by at least one of: a web access point, an Internet-protocol access point, and a mobile access point. | 03-17-2011 |
20110066653 | MANAGEMENT APPARATUS, INFORMATION PROCESSING APPARATUS, AND METHOD THEREFOR - A management apparatus to manage log information related to a process in a first information processing apparatus and a second information processing apparatus operating in cooperation with each other. The management apparatus includes a reception unit to receive first log information associated with a first user managed by the first information processing apparatus and to receive second log information associated with a second user managed by the second information processing apparatus from the first and second information processing apparatuses, respectively, which independently perform user management. The management apparatus also includes a log management unit to manage third log information. If the first user corresponds to the second user, then the third log information is generated by merging the first log information associated with the first user and the second log information. | 03-17-2011 |
20110078195 | Customer Data Separation in a Service Provider Scenario - Data separation for various customers is provided in an enterprise environment. Managing data associated with customers can involve assigning a customer attribute to customer records comprising a group of objects or assigning a group of objects to customer records. Each object in the group of objects can reference a customer attribute that can identify one of the customer records for one of the customers. Access to each of the customer records to data for each object that is assigned to the customer record can be authorized by referencing the customer attribute, in which the access is authorized to be performed by referencing the customer attribute. The group of objects for the customer records can be managed and stored in a database. A system manager can view, edit, or create data for customer records, while each customer may only have access to view, edit, or create data for their own objects. | 03-31-2011 |
20110078196 | RATIONED COMPUTER USAGE - A computing system includes an access prevention module that selectively locks use of one or more system resources of that computing system. A vision-based input module is configured to recognize a data-encoded tag while the access prevention module locks use of the one or more system resources. A lookup module is configured to receive a usage profile identified by the data-encoded tag, and a login module is configured to unlock use of some to all of the one or more system resources in accordance with terms of the usage profile. | 03-31-2011 |
20110078197 | FILE RESHARING MANAGEMENT - Managing file distribution in an online file sharing system implemented by at least one server includes inviting a first entity to access a shared file hosted by the online file sharing system, and allowing the first entity to reshare the shared file through the online file sharing system with at least a second entity only to an extent permitted by a resharing policy stored by the online file sharing system. | 03-31-2011 |
20110078198 | AUTOMATIC SERIAL NUMBER AND REQUEST ID ALLOCATION IN A REPLICATED (CLONED) CERTIFICATE AUTHORITY AND DATA RECOVERY MANAGEMENT TOPOLOGY - A Serial Number Management System (SNMS) automatically manages the allocation of unique serial numbers to certificate authority servers in a replicated server environment. The SNMS automatically detects that a Certificate Authority (CA) server has a need for a new set of unused serial numbers. The SNMS obtains a global serial number that is available to be used by any of the CA servers in a replication domain. The SNMS determines the new set of the unused serial numbers using the global serial number and updates the global serial number. | 03-31-2011 |
20110082887 | ENSURING SMALL CELL PRIVACY AT A DATABASE LEVEL - A request is received for a set of entries that make up a small cell in a database, wherein the small cell is initially described at a fine granular level of detail by a set of descriptors. In response to the total number of entries in the small cell being below a predetermined limit, the set of descriptors are modified to reduce the fine granular level of detail to a coarse granular level of detail in order to protect the privacy of individuals described by the set of entries. | 04-07-2011 |
20110099203 | Cross domain discovery - Aspects of the disclosure provide methods and systems for cross domain discovery. According to the disclosure, an object can include multiple entities defined by an originator. The multiple entities have different scopes corresponding to different access restrictions. Further, the originator defines keywords for each of the multiple entities. A system for cross domain discovery stores the multiple entities in an object service component, and stores the keywords and access restrictions in a search service component. The search service component conducts a search based on the keywords and access restrictions in response to a search request from a user. An entity is provided to the user based on the user's credential and the searching. | 04-28-2011 |
20110113065 | MANAGEMENT OF RESOURCES IN A HOST SYSTEM - A computer implemented method for managing access to system resources includes receiving a request from a user for write-access to a resource in a host system, the host system including write-access permissions to the resource for one or more selected users. The method also includes accessing the resource in the host system, presenting the resource to the user to allow the user to make changes to the resource, determining whether the user has write-access permission to the resource, and determining whether the resource is a temporarily writable resource. The method further includes, responsive to the resource being temporarily writable and the user not having write-access permission, discarding changes to the resource made by the user and returning the resource without the changes to the host system. | 05-12-2011 |
20110113066 | ADAPTING A TIMER BOUNDED ARBITRATION PROTOCOL - Example apparatus, methods, and computers prevent a split brain scenario in a pair of high availability servers by maintaining single writer access to a resource. One example method includes monitoring control of an arbitration (ARB) block by an active file system manager (FSM). An active file system portmapper (FSMPM) simultaneously requests permission from a standby FSM to restart a dead-man timer. The active FSM attempts to maintain control of the ARB block before expiration of the dead-man timer. If the active FSM is unable to maintain control of the ARB block before expiration of the dead-man timer, a hardware reset of an apparatus running the active FSM is forced. Therefore, the active FSMPM and standby FSM negotiate for additional time to maintain control of the ARB block to maintain single writer access and avoid unnecessary hardware resets. | 05-12-2011 |
20110113067 | Rechargeable Media Distribution and Play System with Download Kiosk - An electronic media distribution/play system includes a service facility that has a communications network interface and maintains a data file catalog. The catalog is sent over the network to requesting users, and the system processes payments from customers in establishing file access authorizations. Encrypted user-selected files and a player program are transmitted to each customer for metered access to received data files as limited by the authorization, and customers can make additional selections and play the encrypted files freely while the authorization remains established. The system can transmit the data files from local storage, and also provide links to encrypted files that are stored at remote vendor facilities. Authorizations can be for selected portions or class levels of the catalog, and for terms measured as calendar time, play time, and collective number of plays. Also disclosed is a method for facilitating the distribution and accessing of electronic files. | 05-12-2011 |
20110119306 | User-Based DNS Server Access Control - Methods, systems, and computer program products for managing access to a Domain Name Service (DNS) database. Embodiments of the present disclosure enable authorization of DNS request messages, such as queries and update requests according to user and network address information. The authorization functionality may be incorporated into existing DNS systems. The invention includes a method including receiving a DNS request message originated from a client by a user, the DNS request message comprising a request and identification information specific to the user; determining if the client is authorized to access a DNS database in dependence upon client address information and the user specific identification information contained in the DNS request message; and executing the request in response to determining the user is authorized. The method may further include extracting user specific identification information from a portion of the ID field of DNS messages. | 05-19-2011 |
20110119307 | Client management system - This invention relates to permission based collaborative health record system. Specifically, it relates to systems of and methods for creating authorized health records that care givers and patients can use to document their diagnoses, symptoms, outcomes, instructions and participation in the effort toward wellness. | 05-19-2011 |
20110119308 | Rechargeable Media Distribution and Play System - An electronic media distribution/play system includes a service facility that has a communications network interface and maintains a data file catalog. The catalog is sent over the network to requesting users, and the system processes payments from customers in establishing file access authorizations. Encrypted user-selected files and a player program are transmitted to each customer for metered access to received data files as limited by the authorization, and customers can make additional selections and play the encrypted files freely while the authorization remains established. The system can transmit the data files from local storage, and also provide links to encrypted files that are stored at remote vendor facilities. Authorizations can be for selected portions or class levels of the catalog, and for terms measured as calendar time, play time, and collective number of plays. Also disclosed is a method for facilitating the distribution and accessing of electronic files. | 05-19-2011 |
20110137945 | SYSTEM AND METHOD FOR ACCESSING BUILDING INFORMATION - A system and method for accessing building information, and a processor configured to control access to building information. In one broad aspect users and buildings form a network creating a building database comprising building related data for physical real world buildings. The processor is configured to determine the level of access for each user to each piece of building related data. | 06-09-2011 |
20110161369 | DATA BACKUP, STORAGE, TRANSFER AND RETRIEVAL SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT - A file storage and retrieval system, method and computer program product connects an account user's computer to a remote, secure, redundant system computer via the Internet. The system operates to copy selected data between the account user's computer and the system computer including, documents, music files, image files, and email in any file type or format. The system is compatible with all types of computers, including personal data assistants and mobile telephones, and all types of operating systems. The account user can view and download data from any computer, including PDA's and mobile telephones. If the user's computer fails for any reason, the copied data can be restored to a new or repaired computer or storage device. All of the software to operate the system is resident on the system computer with no hardware or software required on the account user computer beyond a conventional web browser. Further, the account user can access the storage and retrieval data from any computer from any location, such as home or office. The system also contains a scheduler, a contacts manager, a reminder generator and file transfer system for third-party users. | 06-30-2011 |
20110161370 | APPARATUS, PROGRAM, AND METHOD FOR FILE MANAGEMENT - In a file management apparatus, upon receipt of an access request from a file access device, a device access rights determination unit determines whether to grant the file access device access to a file. In addition, a user access rights determination unit determines whether to grant the user who made the access request through the file access device, the access to the file. Then, when the device access rights determination unit and the user access rights determination unit both grant the access, a file access unit accesses the file stored in the storage device according to the access request. | 06-30-2011 |
20110179083 | Accessing Specialized Fileserver - A method and apparatus of a host that accesses files from a portable storage device with a shared filesystem is described. In an exemplary method, the host transmits a request to access the shared filesystem, where the shared filesystem includes a security policy that disallows one application accessing a file in the shared filesystem corresponding to another application. The host further receives an indication of the result of the request. | 07-21-2011 |
20110184985 | METHOD AND SYSTEM FOR IMPLEMENTING AND MANAGING AN ENTERPRISE IDENTITY MANAGEMENT FOR DISTRIBUTED SECURITY IN A COMPUTER SYSTEM - A method and system for facilitating the management of user identities includes an ownership component, a registration component, and a servicing component. When a user first desires to access a system using the present invention, the registration component verifies the user's ownership of the underlying account by asking a variety of questions. Thereafter, when a user desires to service his account, the user may be re-queried to determine if he is attempting to access the correct information. An authentication and access component provides the functionality to access a system of the present invention. An audit component can be configured to periodically monitor the various accounts to ensure a continued linking between users and accounts. | 07-28-2011 |
20110184986 | METHOD AND SYSTEM FOR IMPLEMENTING AND MANAGING AN ENTERPRISE IDENTITY MANAGEMENT FOR DISTRIBUTED SECURITY IN A COMPUTER SYSTEM - A method and system for facilitating the management of user identities includes an ownership component, a registration component, and a servicing component. When a user first desires to access a system using the present invention, the registration component verifies the user's ownership of the underlying account by asking a variety of questions. Thereafter, when a user desires to service his account, the user may be re-queried to determine if he is attempting to access the correct information. An authentication and access component provides the functionality to access a system of the present invention. An audit component can be configured to periodically monitor the various accounts to ensure a continued linking between users and accounts. | 07-28-2011 |
20110184987 | METHOD AND SYSTEM FOR IMPLEMENTING AND MANAGING AN ENTERPRISE IDENTITY MANAGEMENT FOR DISTRIBUTED SECURITY IN A COMPUTER SYSTEM - A method and system for facilitating the management of user identities includes an ownership component, a registration component, and a servicing component. When a user first desires to access a system using the present invention, the registration component verifies the user's ownership of the underlying account by asking a variety of questions. Thereafter, when a user desires to service his account, the user may be re-queried to determine if he is attempting to access the correct information. An authentication and access component provides the functionality to access a system of the present invention. An audit component can be configured to periodically monitor the various accounts to ensure a continued linking between users and accounts. | 07-28-2011 |
20110184988 | METHOD AND SYSTEM FOR IMPLEMENTING AND MANAGING AN ENTERPRISE IDENTITY MANAGEMENT FOR DISTRIBUTED SECURITY IN A COMPUTER SYSTEM - A method and system for facilitating the management of user identities includes an ownership component, a registration component, and a servicing component. When a user first desires to access a system using the present invention, the registration component verifies the user's ownership of the underlying account by asking a variety of questions. Thereafter, when a user desires to service his account, the user may be re-queried to determine if he is attempting to access the correct information. An authentication and access component provides the functionality to access a system of the present invention. An audit component can be configured to periodically monitor the various accounts to ensure a continued linking between users and accounts. | 07-28-2011 |
20110191377 | SOFTWARE INSTALLATION AUTHORIZATION SYSTEM - A data authorization system and method of authorizing access to data stored on a data storage medium are provided. The data authorization system utilizes a readable and writeable data storage medium that includes a private area and a public area, a compiled scripted database located in the private area, a file located in the public area that directs a computer operating system to activate the compiled scripted database, and a container field within the compiled scripted database for holding data and only allowing access to the data by the operating system when certain preset parameters stored in said compiled scripted database have been met. | 08-04-2011 |
20110202565 | METHOD AND SYSTEM FOR IMPLEMENTING AND MANAGING AN ENTERPRISE IDENTITY MANAGEMENT FOR DISTRIBUTED SECURITY IN A COMPUTER SYSTEM - A method and system for facilitating the management of user identities includes an ownership component, a registration component, and a servicing component. When a user first desires to access a system using the present invention, the registration component verifies the user's ownership of the underlying account by asking a variety of questions. Thereafter, when a user desires to service his account, the user may be re-queried to determine if he is attempting to access the correct information. An authentication and access component provides the functionality to access a system of the present invention. An audit component can be configured to periodically monitor the various accounts to ensure a continued linking between users and accounts. | 08-18-2011 |
20110202566 | CREATION OF A VIRTUAL COMMUNITY - In order to facilitate creation of a community without member-specific registration, one or more sibling identifiers with corresponding units to be distributed to other persons are allocated to a subscriber and the one or more sibling identifiers is associated with the subscriber's identifier. The subscriber may then give a unit to his/her friend and when the friend uses the unit, or more precisely a sibling identifier the unit relates to, the system will recognize that the subscriber and the friend belong to the same community on the basis of the association formed when sibling identifiers were allocated. | 08-18-2011 |
20110208778 | MANAGING DIGITAL IDENTITY INFORMATION - A basic architecture for managing digital identity information in a network such as the World Wide Web is provided. A user of the architecture can organize his or her information into one or more profiles which reflect the nature of different relationships between the user and other entities, and grant or deny each entity access to a given profile. Various enhancements which may be provided through the architecture are also described, including tools for filtering email, controlling access to user web pages, locating other users and making one's own location known, browsing or mailing anonymously, filling in web forms automatically with information already provided once by hand, logging in automatically, securely logging in to multiple sites with a single password and doing so from any machine on the network, and other enhancements. | 08-25-2011 |
20110208779 | System and Method for Policy Based Control of NAS Storage Devices - A system and method for providing policy-based data management and control on a NAS device deployed on a network. When a user makes a request to store, read, or manipulate data on the NAS device, the NAS device provides an indication of this request to a management tool running on a remote system. The management tool reviews the request in light of its previously established policy-based data storage management configuration and subsequently informs the NAS device to either accept or not accept the user's request to store, read or modify data on the NAS device. | 08-25-2011 |
20110225200 | PRIVACY-PRESERVING METHOD FOR SKIMMING OF DATA FROM A COLLABORATIVE INFRASTRUCTURE - A method and system for harvesting collaboration data in accordance with a privacy policy is provided. In one embodiment, the method comprises defining a privacy policy for collaboration data, said privacy policy including a list of fields associated with the collaboration data to be harvested; harvesting the collaboration data associated with the fields specified as allowable under the privacy policy; transforming the collaboration data associated with the fields specified as allowable if said collaboration data can be transformed in accordance with a set of rules defined in the privacy policy; and storing the harvested collaboration data in a database. | 09-15-2011 |
20110225201 | METHOD AND ASSEMBLY FOR CREATING A DOCUMENT - In a method for data transfer, an identifier for identifying an image generation device is associated with the image generation device. An authorization information is associated with the image generation device. The authorization information associated with the identifier is stored in a data bank. The transfer of data from a data source by at least one of the image generation device and a data processing system connected with the image generation device is requested. Before the transfer of the data, the authorization information associated with the image generation device is determined and read out with aid of the identifier of the image generation device. The data from the data source is only transferred to the image generation device or to the data processing unit when the transfer of the data is permitted via the read-out authorization information. Also, a method is provided in which a device with a printing function and at least one right to procure a further product is distributed in a bundle. The further product comprises at least one of a software product as well as updates of the software product, at least one print product, a loose sheet compilation, serial works in electronic or printed form, and a trial subscription to use a databank or to provide information stored in databank. | 09-15-2011 |
20110258233 | METHODS AND SYSTEMS FOR PROVIDING CUSTOM SETTINGS IN AN ON-DEMAND SERVICE ENVIRONMENT - In accordance with embodiments, there are provided mechanisms and methods for providing custom settings in an on-demand service environment. In an embodiment and by way of example, a method providing custom settings in an on-demand service environment is provided. The method embodiment includes naming the custom object, creating fields for the custom object, assigning a behavior for each field, setting the custom object to a specified type, and if the custom object is of a hierarchical type, then assigning permissions to users with regarding the created fields. | 10-20-2011 |
20110276601 | KNOWLEDGE BASE COMPUTER MANAGEMENT NETWORK - The present invention features a computer implemented method and network for managing a knowledge base stored in a multi-tenant architecture. The method includes storing information corresponding to a plurality of KnowledgeArticles amongst a plurality of tables. Information in a first of the plurality of tables includes data corresponding to an online version of said KnowledgeArticles and data related to changes to the KnowledgeArticles. Information contained in a second table comprises a subset of the data that is independent of the data related to the changes. Changes to the KnowledgeArticles are recorded in the second table in response to changes made to the first table. Access to information in the first table is restricted access to users having write access to said KnowledgeArticles. | 11-10-2011 |
20110282907 | MANAGING ENTITLEMENTS IN A MULTI-TENANT DATABASE ENVIRONMENT - A system and method for managing entitlements in a multi-tenant database system. In one embodiment, a method includes receiving service level definitions for one or more entitlements, and maintaining the one or more entitlements. The method further includes verifying if one or more users are eligible for the one or more entitlements, and enforcing the one or more entitlements based on the service level definitions. | 11-17-2011 |
20110282908 | Security Monitoring - Disclosed are systems, apparatus, methods, and computer readable media for analyzing computing site information. In one embodiment, an analysis tool for analyzing a first site record stored on a storage medium may be selected. The first site record comprising information may relate to a computing site. The computing site may comprise a unit of computing functionality accessible via a network. When it is determined that first confidentiality level for the computing site exceeds a trust level for the analysis tool, the first site record may be modified to create a second site record, the second site record having a second confidentiality level, the second confidentiality level not exceeding the trust level. | 11-17-2011 |
20110307518 | Medical Record Management Using Fingerprint ID - Methods and systems for medical record management using fingerprint identification. Fingerprints of patients, medical professionals, health payer or pharmacy personnel and potential customers are submitted to a central server and are compared with stored fingerprints of registered users. If a match is found, the user is granted an access level of authority based on the stored personal information and a “need-to-know” basis in the medical field. | 12-15-2011 |
20120011159 | MONITORING COMMUNICATIONS - Methods, computer readable media, and apparatuses for monitoring communications are presented. A communication that includes non-public information may be identified. Subsequently, it may be determined whether the communication meets at least one outlier condition. In response to determining that the communication meets the at least one outlier condition, the communication may be submitted for review. | 01-12-2012 |
20120016907 | METHOD AND APPARATUS FOR CONTROLLING REPLICATION PROCESSING OF OBJECT - According to one embodiment, the resource access unit accesses a first resource including a replication target object and policy data assigned to the object. The policy data includes base policy data including a first condition and assertion policy data including a second condition. The first retrieval unit obtains first attribute data for accessing the first resource. The first policy evaluation unit determines whether the first attribute satisfies the first condition. When the first condition is satisfied, the copy processing unit executes the copy processing for copying the object. The second retrieval unit obtains the second attribute data for accessing the second resource. The second policy evaluation unit determines whether the second attribute data satisfies the second condition. When the second condition is satisfied, the paste processing unit executes paste processing for pasting the object to the second resource. | 01-19-2012 |
20120023138 | DELETING OBJECTS WITH GROUP AUTHORITY - In an embodiment, a command is received from a sender that requests deletion of an object. A determination is made whether the object specifies group authority and whether all of a plurality of members of the group authority have requested deletion of the object. If the object specifies group authority and all of the plurality of members of the group authority have requested deletion of the object, then the object is deleted. If the object specifies group authority and not all of the plurality of members of the group authority have requested deletion of the object, then an indication is saved in the group authority that the sender requested deletion of the object. If the object does not specify group authority, then the object is deleted. | 01-26-2012 |
20120036162 | AUTHORIZATION CHECK OF DATABASE QUERY THROUGH MATCHING OF ACCESS RULE TO ACCESS PATH IN APPLICATION SYSTEMS - A method is provided to check user authorization to access a database, the method comprising: receiving a database query; producing an execution plan for the query; receiving an access rule applicable to a user associated with the query; determining whether the access rules permits processing of the query according to the plan; and rejecting the query in response to a determination that the access rule does not allow processing of the query according to the plan. | 02-09-2012 |
20120078963 | SUPPORTING LINKED MULTI-USER DECISION MAKING IN ENVIRONMENTS WITH CONSTRAINED SHARED RESOURCES UTILIZING DURABLE FILES - Embodiments of the present invention manage multiple requests to allocate real world resources in a multi-user environment. A set of resource availability information is stored in a first durable data file for each resource in a plurality of resources provided by a database environment. The database environment is shared between a plurality of users. A decision context is associated with a second durable data file. The decision context is associated with a user interacting with the database environment. The decision context exists for a defined duration of time. A least one resource is determined to have been temporarily allocated to the decision context for the defined duration of time. The second durable data file is updated to indicate that the at least one resource has been temporarily allocated to the decision context. The first durable data file is updated to indicate that the at least one resource is currently unavailable. | 03-29-2012 |
20120102069 | DATA MIGRATION SYSTEM AND DATA MIGRATION METHOD - In a system for migrating data between document management applications, if an inheritance setting of an access right to a folder in a source document management application is a first inheritance setting for inheriting an access right to a parent folder, the inheritance setting of the access right is changed to a second inheritance setting for setting an access right exclusively for the folder while the same access right as the access right to the parent folder is set. Then, the folder is migrated to the destination document management application. If a hierarchy including the folder to be migrated exceeds an upper limit on the number of hierarchies in the destination document management application, the folder is stored in a shallower hierarchy in the destination document management application. | 04-26-2012 |
20120102070 | Non-Privileged Access to Data Independent of Filesystem Implementation - An application programming interface (API) module provides access to data, independent of filesystem implementation in a non-privileged user mode. A discovery volume having a filesystem recognizable by an operating system has cover files which prevent damage to data stored in an unrecognizable primary volume. The discovery volume also includes a data access API available for execution in a non-privileged user mode to render the primary volume accessible by operating systems which would otherwise find the primary volume unrecognizable. | 04-26-2012 |
20120110020 | METHODS AND SYSTEMS FOR CONTROLLING ACCESS TO CUSTOM OBJECTS IN A DATABASE - In embodiments, methods and systems for controlling access to custom objects are provided. These techniques for controlling access to custom objects can enable embodiments to utilize a key for the protection of the security of data that is to remain private while not compromising efficiency of a query. The key for a requested custom object is identified and then used so that only an appropriate portion of a custom entity share table is searched to locate access information. It is then determined whether the user can access at least a portion of the custom object, and the appropriate and allowed data is sent to the user. | 05-03-2012 |
20120124091 | APPLICATION FILE SYSTEM ACCESS - Application file system access techniques are described. In implementations, a request is received by one or more modules via an application programming interface from an application that is executed on the computing device to access a file system of a computing device. A portion is exposed in a user interface by the one or more modules, the portion having an option that is selectable by a user to confirm that access is to be granted, the portion exposed such that the application is not aware of what is contained in the portion. Responsive to selection of the option, access is granted to the application by the one or more modules such that the application is not aware of where in the file system the access is granted. | 05-17-2012 |
20120124092 | FILE STORAGE APPARATUS AND ACCESS CONTROL METHOD - Proposed are a file storage apparatus and an access control method capable of facilitating the setting and change of an access right of a user for accessing a file. | 05-17-2012 |
20120124093 | INTELLIGENT NETWORK INTERFACE CONTROLLER - A network interface device includes a security database and a security services engine. The security database is configured to store patterns corresponding to predetermined malware. The security services engine is configured to compare data to be transmitted through a network to the patterns stored in the security database, and the security database is configured to receive updated patterns from the network. | 05-17-2012 |
20120136899 | ACTIVATION FRAMEWORK FOR TENANT-SPECIFIC FOLLOW-UP - A system may include one or more tenant-specific databases and a tenant-independent database storing metadata defining data stored in each of the at least one tenant-specific databases. In some aspects, an instruction is received to activate first metadata of a tenant-independent database, at least one adoption task to be performed is determined based on the first metadata, at least one adoption request corresponding to the at least one adoption task is added to a queue, the at least one adoption request is dispatched from the queue to a tenant-specific activator corresponding to a tenant-specific database, and the at least one adoption task corresponding to the at least one adoption request us performed to conform data of the tenant-specific database to the first metadata. | 05-31-2012 |
20120143916 | ON-DEMAND DATABASE SERVICE SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR CONDITIONALLY ALLOWING AN APPLICATION OF AN ENTITY ACCESS TO DATA OF ANOTHER ENTITY - In accordance with embodiments, there are provided mechanisms and methods for conditionally allowing an application of an entity access to data of another entity in an on-demand database service. These mechanisms and methods for conditionally allowing an application of an entity access to data of another entity in an on-demand database service can enable embodiments to limit such access to the data, as desired. Furthermore, embodiments of such mechanisms and methods may provide additional security when sharing data among different subscribers to an on-demand database service. | 06-07-2012 |
20120166485 | Information Processor, Privilege Management Method, Program, and Recording Medium - In an information technology (IT) environment, a technique to manage privileges given to personnel to whom a process is assigned. An information processor includes: a configuration management database that stores resources, personnel, processes, and privileges provided on the resources as configuration items, respectively, the configuration management database prescribing relations between the configuration items including a privilege-dependency relationship between a privilege on a resource and a privilege on another resource required to exercise the privilege, a privilege-request relationship between a process and a privilege required for the process, and a privilege-giving relationship between the personnel and the privilege given to the personnel; and a privilege deriving unit for deriving a goal state of a privilege to be given to corresponding personnel by following the relation with the privilege on the resource required for a process to be executed used as a reference point by referring to the configuration management database. | 06-28-2012 |
20120173583 | AUTOMATION FRAMEWORK - An information technology management system for use in enterprise data management including a metadata supply subsystem which receives metadata from a network, an access permissions management subsystem for managing access permissions to data elements in the network and an access permissions management operation implementation subsystem which automatically governs the operation of the access permissions management subsystem, the access permissions management operation implementation subsystem having at least one of first, second, third and fourth modes of operation. The first mode of operation includes operating the access permissions management subsystem, the second mode of operation includes simulating the operation of the access permissions management subsystem, the third mode of operation included providing a report of proposed changes in access permissions and the fourth mode of operation includes providing an actionable report of multiple steps in implementation of proposed changes in access permissions to data elements for approval. | 07-05-2012 |
20120179722 | METHODS AND SYSTEMS FOR PROVIDING STORAGE OF A DATA FILE OVER A COMPUTER NETWORK - A distributed group activity network system and corresponding method over a computer network. It synchronizes and provides access by system users to shared data files of a group activity. The distributed group activity network system comprises one or more server computers and client computers that are connected to the server computer(s) by network connections. Each of the server computers comprises a network server and a memory system. The system modules of the client computers use the memory systems of the client computers and the available basic network services at the server computer(s) to synchronize and provide access to the shared data files by the system users by also using the memory systems of the client computers and the available basic network services at the server computer(s) to synchronize access to and access the synchronization files. | 07-12-2012 |
20120197941 | DATABASE ACCESS UNBLOCKER - Embodiments of the invention provide for a centralized system for database access management. In specific embodiments, the centralized system provides for granting users temporal access to databases for a prescribed period of time, such that upon expiration of the time period the user is automatically blocked (i.e., added back to the blacklist) from accessing the database. Moreover, as a result of centralized management, reporting and auditing of actions related to database access management are greatly improved in that all actions are recorded and a historical database of such actions is available to system users. In addition, the centralized system provides for automatic notification to predetermined stakeholders based on occurrence of predetermined system actions, such as blocking a user from database access, unblocking a user from database access (i.e., granting access) or the like. | 08-02-2012 |
20120203798 | SECURE MEDICAL RECORD INFORMATION SYSTEM - A medical records system allows a patient to have control and responsibility over their medical records. The system includes a patient-centric records server that functions as a central repository for patients' medical records. The patient can access and review their medical records. Further, to control access to some or all of the medical records, the patient also can hide one or more files within their medical records. As such, if a doctor accesses the medical records, the doctor only sees what the patient leaves unhidden. Thus, the system provides a means for the patient to control sensitive information within their medical records. | 08-09-2012 |
20120209884 | DATABASE AND METHOD FOR CONTROLLING ACCESS TO A DATABASE - A method for controlling access to a database is disclosed, as well as a corresponding database system. The method comprises: receiving, from a user, a request for a data post in said database; determining that said user should be allowed access to said requested data post based on a security context associated with said data post and said user; providing said user with access to said data post; and validating, by an external security system, at least one of the user and the data post, said validation being based on a validation field, controlled by the external security system and being associated with said user and/or data post. Hereby, the database can be operated with its native operational procedures, thereby enabling a very fast and efficient performance. At the same time, the validation by the external security system provides a high degree of security. | 08-16-2012 |
20120221603 | DISTRIBUTED MOBILE SERVICES - The present invention provide systems, methods, and apparatus for distributed mobile services. Methods and systems for distributed infrastructure are provided for handling mobile client requests. A distributed environment, serving the mobile community may be provided by replicating a mobile services infrastructure in more than one physical location, e.g., replicating a mobile services infrastructure for every core data infrastructure. A method is provided for handling client requests in a distributed environment, where an optimal mobile services infrastructure is discovered based on the requesting client. | 08-30-2012 |
20120271853 | ACCESS PERMISSIONS MANAGEMENT SYSTEM AND METHOD - An access permissions management system including a hierarchical access permissions repository including access permissions relating to data elements arranged in a data element hierarchy, wherein some of the data elements have only access permissions which are inherited from ancestral data elements, some of the multiplicity of data elements are prevented from having inherited access permissions and thus have only unique access permissions which are not inherited and some of the data elements are not prevented from having inherited access permissions and have not only inherited access permissions but also unique access permissions which are not inherited, some of which unique access permissions possibly being redundant with inherited access permissions, and an access permissions redundancy prevention engine operative to ascertain which of the unique access permissions are redundant with inherited access permissions and not to store the unique access permissions which are redundant with inherited access permissions in the repository. | 10-25-2012 |
20130013641 | INTELLIGENT DECISION SUPPORT FOR CONSENT MANAGEMENT - Embodiments of the invention relate to a method for intelligently providing consent to access a record in a shared pool of resources. Tools are provided to support policies to address and maintain restrictive access of a designated record, both with respect to local and non-local rules and regulations, as well as personal restrictions pertaining to personal and discretionary sharing decisions. | 01-10-2013 |
20130018920 | CONFIGURATION MANAGEMENT DATABASE SECURITYAANM Griffin; Andrew M.AACI Fort CollinsAAST COAACO USAAGP Griffin; Andrew M. Fort Collins CO US - Methods, systems, and computer-readable media with executable instructions stored thereon for Configuration Management Database security are provided. Resource data and user security policy data can be loaded from a number of different sources into the CMDB. The resource data and user security policy data can be tagged with an identity of a source of the resource data and an identity of a source of the user security policy data. A number of data filters can be added to the CMDB and at least one of the data filters can be used to filter a user query of the resource data. | 01-17-2013 |
20130031135 | Cross-entity collaborative information management - A method is provided for implementing collaborative information management. Business operations information of information collaboration entities is maintained within an information data structure. Each information collaboration entity is a different business entity than each other information collaboration entity. The business operations information of each information collaboration entity is generated through a respective business activity thereof. Intra-entity information access is provided to the information data structure by an entity member of a first information collaboration entity for enabling the entity member of the first information collaboration entity to access the business operations information of the first information collaboration entity. Cross-entity information access is provided to the information data structure by the entity member of the first information collaboration entity for enabling the entity member of the first information collaboration entity to access at least a portion of the business operations information of a second information collaboration entity. | 01-31-2013 |
20130031136 | CLOUD DATABASE SHARING - A method, system and computer program product is provided achieving database sharing by providing an interface to contribute a database and a set of resources to a resource pool in a first cloud environment. The interface further allowing a user to input parameters identifying a database, a set of resources, a set of authorization credentials, and a sharing policy. The interface further comprising responsive to the user using the interface and providing the interface parameters which identify the database, the set of resources, the set of authorization credentials, and the sharing policy, adding the database, the set of resources, the set of authorization credentials, and the sharing policy to the database resource pool in the cloud environment, sharing the database, the set of resources, according to the sharing policy, and utilizing the set of authorization credentials. | 01-31-2013 |
20130036141 | SATELLITE ADDRESSING CONCEPT - A method of using latitude and longitude coordinates of a point as a means to specify a unique and unmistakable destination address. These coordinates are not affected by changes in street numbering, changes in street names, and these coordinates are never out-dated nor do they require updating or upgrading. Some examples of where the latitude and longitude coordinates can be displayed are on items such as business cards, letterheads, directories, advertisements, billboards and websites. | 02-07-2013 |
20130060813 | PRODUCT TRACKING SYSTEM - A method, programmed medium and system are disclosed which provide increased secure tracking of materials and products through the use of a unique coding scheme. The coding scheme contains a unique security code identifier issued by a sole certification agency, and includes a non-coded scheme for public information, and a coded scheme for private information regarding the sourcing and development of materials and products. The disclosure provides for full tracking of a product throughout the supply chain by only certified participants. The disclosed system allows for increased secure tracking of materials and products, and allows for access to greater amounts of information at various stages of manufacture and/or assembly regarding a given material or product. | 03-07-2013 |
20130066918 | SYSTEM AND METHOD FOR PROVIDING AN ELECTRONIC LIBRARY - System and methods are provided for an electronic library service. In one embodiment, a method includes receiving a request for content of the electronic library service, the request identifying an account number for the electronic library service and identification number of a device, and authenticating the request based on an account number for the electronic library service and identification number of a device. The method may further include determining that content associated with the request is available for access by the device based on one or more restriction limitations, and providing access to the content based on one or more restriction limitations, wherein content of the electronic library is accessible to a device associated with the account number for a limited period of time. | 03-14-2013 |
20130066919 | COMMON POINT AUTHORING SYSTEM FOR THE COMPLEX SHARING OF HIERARCHICALLY AUTHORED DATA OBJECTS IN A DISTRIBUTION CHAIN - The Common Point Authoring system functions to provide Livestock Informational Objects via the use of a centralized repository of uniquely identified, immutable Livestock Informational Objects. This system automates the authoring, maintenance, and distribution of the Livestock Informational Objects by using an Internet-based paradigm and a centralized repository of uniquely-identified, immutable Data Elements. The Common Point Authoring system provides a set of software modules that the manufacturers can use to author, maintain, and distribute Livestock Informational Objects and their customers, as Members of the system of Livestock Informational Objects, can use to retrieve, maintain, and distribute the Livestock Informational Objects. The system's interconnectivity allows for the use of an Internet-based paradigm for the purchase and sale among Members of the system of Livestock Informational Objects as commodities, and for reducing the burden costs among Members of compliance with government regulations. | 03-14-2013 |
20130086114 | CLOUD STORAGE OF GAME STATE - Methods, systems, and computer programs are presented for managing game state for one or more games accessed by devices of a user. One method includes an operation for providing a database on a server. The database is accessible by the devices of the user and is structured to identify one or more applications of the user, each application being associated with a plurality of slots, and each slot including metadata and a map table. Further, an Application Programming Interface (API) is provided to enable access to the database. The method further includes an operation for receiving a request using the API from an application executed at one of the devices of the user. The request identifies a first slot associated with the application and an action to perform regarding one or both of the metadata and the map table. The request from the application is verified, including comparing a first version associated with the first slot and a second version provided in the request. The action is enabled if the comparing indicates that the second version is not stale, else the request is denied. | 04-04-2013 |
20130091170 | MULTI-MODALITY, MULTI-RESOURCE, INFORMATION INTEGRATION ENVIRONMENT - A multi-modality, multi-resource, information integration environment system is disclosed that comprises: (a) at least one computer readable medium capable of securely storing and archiving system data; (b) at least one computer system, or program thereon, designed to permit and facilitate web-based access of the at least one computer readable medium containing the secured and archived system data; (c) at least one computer system, or program thereon, designed to permit and facilitate resource scheduling or management; (d) at least one computer system, or program thereon, designed to monitor the overall resource usage of a core facility; and (e) at least one computer system, or program thereon, designed to track regulatory and operational qualifications. | 04-11-2013 |
20130097203 | SYSTEM AND METHOD FOR PROVIDING THRESHOLD LEVELS ON PRIVILEGED RESOURCE USAGE IN A MOBILE NETWORK ENVIRONMENT - A system and method in one embodiment includes modules for detecting a request by an application in a mobile device to access a privileged resource, determining a cumulative usage of the privileged resource by the application, and performing an action according to a rule if a predefined threshold level of usage triggers the action based on the cumulative usage. More specific embodiments include blocking the request, and sending a notification to a user and updating a rules database to modify the predefined threshold level of usage associated with the rule. Other embodiments include monitoring permissions of the application to the privileged resource, and removing any permissions that have not been used for a predefined time period, logging the request into a log in a utilization database, reading the log, collating information in the log, and analyzing the log. | 04-18-2013 |
20130110876 | PERMISSION BASED QUERY PROCESSING | 05-02-2013 |
20130117314 | AUTOMATIC RESOURCE OWNERSHIP ASSIGNMENT SYSTEM AND METHOD - A method for automatic folder ownership assignment, including ascertaining which first folders, among a first multiplicity of folders, have at least one of modify and write permissions to non-IT administration entities, adding the first folders to a list of candidates for ownership assignment, defining a second multiplicity of folders which is a subset of the first multiplicity of folders and not including the first folders and descendents and ancestors thereof, ascertaining which second folders among the second multiplicity of folders, have permissions to non-IT administration entities, adding the second folders to the candidates, defining a third multiplicity of folders, which is a subset of the second multiplicity of folders and not including the second folders and descendents and ancestors thereof, ascertaining which third folders among the third multiplicity of folders are topmost folders, adding the third folders to the candidates, and recommending possible assignment of ownership of the candidates. | 05-09-2013 |
20130124567 | AUTOMATIC PRIORITIZATION OF POLICIES - Input is obtained to modify one of a set of self-consistent and prioritized document policies, each policy indicating an allowability of a requested action when a condition of the policy is satisfied. Each policy is representable by a node on a multipartite graph, the node being located in a part of the multipartite graph that corresponds to the allowability indicated by the policy. Two nodes are connectable by an edge that indicates a relative priority between their corresponding policies. A transitive closure of the representation is computed so as to identify paths of contiguous edges that connect pairs of nodes. When two policies with different allowabilities are applicable to a single requested action on a single document, and when the corresponding nodes are connected by one of the identified paths, a relative priority is automatically assigned to the two policies as indicated by the path. | 05-16-2013 |
20130124568 | METHOD AND APPARATUS FOR PRIVILEGE CONTROL - The present invention discloses a method and apparatus for privilege control to provide comprehensive privilege control with fine granularity. Document data stored in the docbase management system includes at least one document data object, and the at least one document object supports at least one privilege. When setting a privilege for a role over a document data object, a privilege is selected from the at least one privilege supported by the document data object, and the selected privilege is set as the privilege of the role over the document data object. When the role is to perform an operation on the document data object, the operation of the role on the document data object is controlled according to the privilege of the role over the document data object. | 05-16-2013 |
20130144911 | DATA MIGRATION APPARATUS FOR MITIGATING DATA BETWEEN DOCUMENT MANAGEMENT SYSTEMS - A data migration apparatus, which migrates data from a first document management system capable of setting an access right in document units to a second document management system incapable of setting an access right in document units and capable of setting an access right in folder units, includes a determination unit configured to determine whether an access right to document data of a document to be migrated inherits an access right to a higher-level folder or is unique to the document, a sub-folder creation unit configured to create a sub-folder to which a same access right as that unique to the document is set at a migration destination, if the determination unit determines that the access right to the document data is unique to the document, and a document storage unit configured to store the document data to be migrated in the sub-folder created by the sub-folder creation unit. | 06-06-2013 |
20130144912 | Facilitating and Supporting Electronic Communication of Ideas - A method and apparatus effectuates bilateral commerce in ideas. An originator and user-driven on-line commercial network system is designed to facilitate idea submission, purchase, and licensing, and is easily adapted to business-to-business transfers of innovation as well as consumer-to-business transfers of innovation. The invention allows originators of ideas to communicate nondisclosing synopses of ideas globally to potential users, for users conveniently to search for relevant ideas and for users potentially to bind an originator to a limited duration license granting user the exclusive right to access and consider confidentially the originator's fully disclosed idea. The invention also allows users to communicate confidentially or nonconfidentially unsolved problems or needs globally to potential originators, for originators conveniently to search for relevant unsolved problems or needs, and for originators to submit and communicate confidentially proposed solutions to the soliciting user. | 06-06-2013 |
20130144913 | METHOD AND SYSTEM AND FILE FORMAT OF GENERATING CONTENT BY REFERENCE - A method of generating content defined by a file of a prescribed format. A portion of a first work of content is automatically identified responsive to a user selection thereof. The first work of content may be audio, video, and still images. A reference to the portion of the first work of content is generated responsive to the identifying. Instructions associated with the portion of the first work of content operable for use by a playback device to render the content are generated. The reference and the instructions are incorporated in a digital file of a prescribed format operable for use by the playback device during rendition of the content. The file may be stored in a memory component. The playback device is operable to use the reference to access the portion of the first work of content from a source other than the file during rendition of the file. | 06-06-2013 |
20130166595 | System and method for controlling access to files - A system and method provides a service, such as complete access to a file or a socket request, in response to a file describing permissions for individual or multiple domains. | 06-27-2013 |
20130166596 | USER INTERFACE MODEL DRIVEN DATA ACCESS CONTROL - According to one general aspect, a method of retrieving data entities from a backend data device may include maintaining a data model of data entities employed by a user interface. The data model may include a hierarchical relationship between a leading data entity and at least one child data entity. The method may also include authorizing, with an authorization device, when retrieving the leading data entity. The method may include instructing the authorization device that data retrievals of subsequent data entities are to be authorized based upon the authorization of the leading data entity. The method may also include retrieving at least one child data entity of the leading data entity without providing additional authorization credentials. | 06-27-2013 |
20130185331 | Medical Imaging Management System - An improved system, method, and computer-readable instructions for medical image management is provided. The system includes one or more server devices adapted to receive and centrally store a plurality of medical images in a cloud environment, wherein metadata is separated from image data via the processor; the server devices adapted to provide access to the medical images via a remote log in upon authentication via the processor, wherein the access comprises access to view data authorized for the particular user and images associated therewith; and enable viewing of accessed data via a remote viewing device for the particular user that deploys a cloud-enabled application in the cloud environment rather than downloading the images to the remote device. | 07-18-2013 |
20130185332 | SECURE SEARCH PERFORMANCE IMPROVEMENT - A flexible and extensible architecture allows for secure searching across an enterprise. Such an architecture can provide a simple Internet-like search experience to users searching secure content inside (and outside) the enterprise. The architecture allows for the crawling and searching of a variety or of sources across an enterprise, regardless of whether any of these sources conform to a conventional user role model. The architecture further allows for security attributes to be submitted at query time, for example, in order to provide real-time secure access to enterprise resources. The user query also can be transformed to provide for dynamic querying that provides for a more current result list than can be obtained for static queries. | 07-18-2013 |
20130191417 | LIMITING ACCESS TO ASSET MANAGEMENT INFORMATION - A system for limiting access to asset management information is disclosed. According to one embodiment, information is received from a first reporting source about an asset. Information from a second reporting source about the asset is also recited. The information from the first reporting source and the information from the second reporting source is stored in a database such that the information from the first reporting source and the information from the second reporting source can be accessed from the database. A first entity is enabled to access a first subset of the information stored in the database while a second entity is not allowed to access the first subset of the information stored in the database. | 07-25-2013 |
20130198235 | METHOD AND APPARATUS FOR PROVIDING DATA ACCESS VIA MULTI-USER VIEWS - An approach is provided for providing data access via multi-user views. An access management platform determines at least one view of data, wherein the at least one view is created based on one or more queries with one or more projections in one or more monadic elements to the data. The access management platform further determines one or more policies for accessing the data, wherein the one or more policies specify at least one or more access capabilities. The access management platform also causes storage of the one or more policies, the one or more access capabilities, or a combination thereof in the one or more monadic elements. The access management platform further causes granting of access to the at least one view by one or more requesting devices, wherein the granting of the access is determined by processing of the one or more monadic elements. | 08-01-2013 |
20130198236 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR ENABLING ACCESS TO A RESOURCE OF A MULTI-TENANT ON-DEMAND DATABASE SERVICE UTILIZING A TOKEN - In accordance with embodiments, there are provided mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token. These mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token can be utilized to prevent identification of a user attempting to access the resource, and thus unwanted use of the user's identity. | 08-01-2013 |
20130238660 | ON-DEMAND DATABASE SERVICE SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR CONDITIONALLY ALLOWING AN APPLICATION OF AN ENTITY ACCESS TO DATA OF ANOTHER ENTITY - In accordance with embodiments, there are provided mechanisms and methods for conditionally allowing an application of an entity access to data of another entity in an on-demand database service. These mechanisms and methods for conditionally allowing an application of an entity access to data of another entity in an on-demand database service can enable embodiments to limit such access to the data, as desired. Furthermore, embodiments of such mechanisms and methods may provide additional security when sharing data among different subscribers to an on-demand database service. | 09-12-2013 |
20130246470 | RULE-BASED ACCESS CONTROL LIST MANAGEMENT - Access control list entries are managed as a function of access control list entry metadata for the object and the requesting user, and of an access control list rule applicable to the requesting user and the requested object. The access control list entry metadata for the object and the user is updated in response to request authorizations and denials. The access control list entry metadata for the object and the user is linked to the object and the user. Updating of the access control list entry metadata for the object and the user does not overwrite metadata for another access control list entry that is associated with the object and with another user that is different from the user. | 09-19-2013 |
20130246471 | QUERY OPTIMIZATION IN A MULTI-TENANT DATABASE SYSTEM - The present invention provides techniques for managing process space on a multi-tenant database system that features a method that provides to multiple users of two or more organizations, over a network, access to information stored in a database repository shared by the two or more organizations. The database repository implements security protocols to restrict a set of first users to a first sub-portion of the information. The set of first users belongs to one of the two or more organizations. The first sub-portion of the information is different from a second sub-portion accessible by users from another organization. Access of the information by the multiple users is monitored. A first processing space for the set of first users is generated in response to the access of the database repository. The first processing space is distinct from a second processing space for the users from the other organization. | 09-19-2013 |
20130246472 | QUERY OPTIMIZATION IN A MULTI-TENANT DATABASE SYSTEM - The present invention provides techniques for managing process space on a multi-tenant database system that features a method that provides to multiple users of two or more organizations, over a network, access to information stored in a database repository shared by the two or more organizations. The database repository implements security protocols to restrict a set of first users to a first sub-portion of the information. The set of first users belongs to one of the two or more organizations. The first sub-portion of the information is different from a second sub-portion accessible by users from another organization. Access of the information by the multiple users is monitored. A first processing space for the set of first users is generated in response to the access of the database repository. The first processing space is distinct from a second processing space for the users from the other organization. | 09-19-2013 |
20130262515 | CONSUMER RIGHTS LOCKER - Storing, building, managing, and controlling consumer personal information, including: building at least one level of personal information according to a standard; storing the personal information on a consumer rights locker; defining a scope of access under terms of a consumer to control access to the consumer rights locker; transmitting a plurality of parameters needed to access the consumer rights locker; receiving a request to access the consumer rights locker and the plurality of parameters; comparing the plurality of parameters to the scope of access; and granting access to the consumer rights locker when it is determined that the request is valid, wherein the request is valid when the plurality of parameters includes an access right that is consistent with information in the scope of access. Keywords include consumer rights locker and personal information. | 10-03-2013 |
20130262516 | Data Distribution Database and Method for Data Distribution and Verification - A distribution database includes at least one central database, in which data of use-value given by data a releaser and the values of use are stored, and several local databases, each of which is based at a data releaser's site, and which are bisynchronous with the central database. A method for data distribution and verification is provided. The data distribution database provides security and timeliness and requires lower levels of hardware resources. The method for data distribution and verification pertaining to this invention may enhance the data transmission range and use efficiency, and at the same time prevent the interest of the original data releaser against any harm as a result of data retransmission, and also assure shared interest and security for data users. | 10-03-2013 |
20130268562 | ENTERPRISE LEVEL DATA ELEMENT REVIEW SYSTEMS AND METHODOLOGIES - An enterprise level data element review system including a data access event collection subsystem operative to collect data access event notifications relating to ones of a multiplicity of data elements, a data element metadata modification subassembly receiving an output from the data access event collection subsystem and providing a script indicating which data elements have had a metadata modification over a given period of time, and a data element dancer operative to collect at least one of metadata and access permissions for a plurality of data elements which is substantially less than the multiplicity of data elements and is selected on the basis of the script. | 10-10-2013 |
20130275471 | FILESYSTEM ACCESS FOR WEB APPLICATIONS AND NATIVE CODE MODULES - One embodiment provides a system that facilitates the execution of a web application. During operation, the system allocates a storage space on one or more storage devices for use by the web application. Next, the system creates, for the web application, a private filesystem comprising a private root directory within the storage space. Finally, the system enables access to the private filesystem for the web application through the private root directory in a manner that does not allow access to a host filesystem associated with the one or more storage devices from the web application. | 10-17-2013 |
20130282762 | METHOD, SECURE DEVICE, SYSTEM AND COMPUTER PROGRAM PRODUCT FOR SECURELY MANAGING USER ACCESS TO A FILE SYSTEM - A method, a secure device, a system and a computer program product for securely managing user access to a file system. The method includes providing a secure device, where the secure device is protected by design against malicious software or malware and adapted to establish a connection to a server through a telecommunication network establishing a connection between the secure device and the server, receiving at the secure device, through the established connection, data pertaining to a file system identifying files which are at least partly stored outside the secure device, exposing at the secure device the file system to a user, based on the data received from the server, the file system navigable by the user. | 10-24-2013 |
20130297653 | METADATA STORAGE MANAGEMENT OFFLOADING FOR ENTERPRISE APPLICATIONS - A method for offloaded handling of metadata storage management in a utility file system includes trapping a request for a file operation from an application process directed to a specified file of metadata stored in a utility file system of a host data processing system. The method further includes determining whether the application process is part of a privileged application or an unprivileged application and restricting access to the specified file if it is determined that the application process is part of an unprivileged application, but otherwise transforming the specified request into at least one predetermined operation if it is determined that the application process is part of a privileged application and directing the performance of the predetermined operation in the utility file system. | 11-07-2013 |
20130297654 | METHOD AND SYSTEM FOR GENERATING DATABASE ACCESS OBJECTS - Systems and methods are provided for generating database access objects. Metadata associated with a database table is retrieved. The metadata includes a table name, column names, foreign key information, and/or primary key information. Objects are generated. Each object is associated with a corresponding row in the database table and includes fields associated with a corresponding column in the database table. A database access object is generated based on the metadata. The database access object includes relational database code to access data associated with the objects. The database access object is modified. Data associated with an object is accessed based on the modified database access object. | 11-07-2013 |
20130304763 | INTERNAL SOCIAL NETWORK FOR AN ENTERPRISE AND APPLICATIONS THEREOF - The disclosed embodiments relate to a social networking system for deployment within an enterprise and a method for sharing data among a plurality of users of the enterprise-deployed social networking system. The disclosed system, in order to increase the efficiency of a worker at an enterprise, may provide a database including a plurality of data records. Each data record of the plurality of data records includes data relating to one user of the plurality of users. A permission matrix defining, for each user of the plurality of users, first permissions and second permission is also provided. Upon receipt of a request for a first data record of the plurality of data records, a source of the request is identified, and a portion of the first data record accessible to the identified source of the request is determined using the permission matrix. The portion of the first data record is transmitted to the identified source based on the determination. | 11-14-2013 |
20130311514 | INFORMATION PROCESSING SYSTEM AND METHOD FOR CONTROLLING THE SAME - An information processing system includes a plurality of edge nodes to provide services relating to files, and a core node communicatively coupled to each of the edge nodes and configured to send or receive data of the files to or from the edge nodes and to manage the data of the files. Any one of the edge nodes is granted a first access right permitting update of the files, whereas any two or more of the edge nodes are granted a second access right to prohibit update of the files. The core node stores the access right granted to each of the edge nodes. When detecting that a failure has occurred in the edge node granted the first access right, the core node sends one of the edge nodes granted the second access right a first instruction to take over the first access right granted to the failed edge node. | 11-21-2013 |
20130332489 | PROVIDING MULTIPLE CONCURRENT ACCESS TO A FILE SYSTEM - Multiple computers are connected to a data storage unit that includes a file system, which further includes multiple data entities, including files, directories and the file system itself. The file system also includes, for each data entity, an owner field for indicating which computer, if any, has exclusive or shared access to the data entity, along with a time field for indicating when a lease of the data entity began. When a computer wants to lease a data entity, the computer uses a disk reservation capability to temporarily lock the data storage unit, and, if the data entity is not currently leased, the computer writes its own identification value into the owner field and a current time into the time field for the data entity, to claim the data entity for a renewable lease period. If a prior lease of a data entity has expired, another computer may break the lease and claim ownership for itself. | 12-12-2013 |
20130346450 | SYSTEM AND METHOD FOR DETECTING AND INTEGRATING WITH NATIVE APPLICATIONS ENABLED FOR WEB-BASED STORAGE - A cloud storage system provides remote access to a file associated with the cloud storage system. In response to a request to access the file, the cloud storage system identifies applications available to the request generator and capable of accessing the file, which may include both online web-based applications and applications installed on a device with which the user is accessing the file. The cloud storage system determines an application type of an identified application, and provides file access to the identified application based on the application type. | 12-26-2013 |
20140006450 | PROGRESSIVE PLAYBACK | 01-02-2014 |
20140040314 | METHOD AND SYSTEM FOR PROVIDING DATA ACCESS VIA A COMMON ACCESS MANAGER CONFIGURED TO SUPPORT SECURITY FOR MULTIPLE DATABASE MANAGEMENT SYSTEM TYPES - An approach for providing data access via a common access manager configured to support security for multiple database management system types is described. A request specifying access for a user to a feature associated with one of a plurality of database management system types is determined by a common access manager configured to support the database management system types. A first-level approval of the access request by a first-level approver is determined. The access request is forwarded to a second-level approver based on the first-level approval. A provisioning of the access to the feature for the user is initiated based on a second-level approval by the second-level approver. | 02-06-2014 |
20140040315 | CONTENT MANAGEMENT - A method, computer program product, and computer system for receiving, at a second computer device, data content sent from a first computer device. The data content includes a first set of user metadata and permission metadata. A second set of user metadata and permission metadata is created. Both the first set and the second set of user metadata and permission metadata are maintained with the data content. The second set of user metadata and permission metadata is used in place of the first set of user metadata and permission metadata. The first set of user metadata and permission metadata is restored prior to transmitting the data content. The data content is transmitted at least with the first set of user metadata and permission metadata. | 02-06-2014 |
20140046979 | COMPUTATIONAL PROCESSING DEVICE, INFORMATION PROCESSING DEVICE, AND METHOD OF CONTROLLING INFORMATION PROCESSING DEVICE - A computational processing device includes: a computational-processor that outputs access requests to a storage device; a plurality of request-holding-units that respectively hold access requests output by the computational processor according to individual access types, the access types being types of access requests; an arbitration-unit that arbitrates access requests held in the plurality of request holding units; a buffer-unit that includes a plurality of entries that hold data; and a buffer-controller that causes one of the plurality of entries to hold data output by the storage device in response to an access request arbitrated by the arbitration unit, on the basis of a result of comparing, for each access type, a count value that counts, for each access type, the number of entries holding data from among the plurality of entries against a maximum value for the number of entries made to hold data for each access type. | 02-13-2014 |
20140067864 | FILE ACCESS FOR APPLICATIONS DEPLOYED IN A CLOUD ENVIRONMENT - A method of operating a virtual computer system including a file access interceptor and multiple virtual machines that are logically arranged in a virtualization environment that is managed by a virtualization environment manager is provided. The method includes reading file settings definitions that include identifications and properties of files that are configured to be accessed by a computer application, replacing operations of a file interface in the computer application using with file access interceptor operations that use the file settings to decouple file attributes from the computer application, managing file access via the file access interceptor operations to provide data file storage and read access to the files, and synchronizing file actions in each of a plurality of instances of the files. Related systems and computer program products are disclosed. | 03-06-2014 |
20140067865 | GLOBAL LINK PROVIDING MODIFICATION RIGHTS TO A SHARED FOLDER - A computer-implemented system and method of sharing files between a link sharer and a link recipient over a network. A folder sharing link is generated in response to a request by a link sharer, where the link provides a link recipient the ability to modify the contents of the folder. In response to receiving an indication that the generated link has been activated by a link recipient, the system either automatically grants modification rights to the folder or requests manual approval from the link sharer to grant modification rights to the link recipient. Once modification rights have been granted, the system adds the shared folder to the link recipient's account within the context of a document management system. | 03-06-2014 |
20140082023 | ASSOCIATING AN IDENTITY TO A CREATOR OF A SET OF VISUAL FILES - Technologies and implementations for associating a personal identity of a creator to a set of visual files are generally disclosed. | 03-20-2014 |
20140089347 | CROSS-PROTOCOL LOCKING WITH A FILE SYSTEM - A file system denies access to a particular file system object from a first file server protocol in response to a data structure referred to by an inode indicating that an access from a second different file server protocol of the particular file system object is present. | 03-27-2014 |
20140095544 | COORDINATED ACCESS TO A CLUSTERED FILE SYSTEM'S SHARED STORAGE USING SHARED-LOCK ARCHITECTURE - Embodiments of the invention relate to coordinated access to a clustered file system's shared storage subsystem using a shared-lock architecture. A particular file server is configured to coordinate the file system's file access layout particular server, in response to a client's file access layout request for byte-ranges of a file stored in the storage subsystem being received by a file server in cluster and sent to said particular server, generates a file access layout of a set of file servers for a parallel file access protocol to use and byte ranges of the file that particular individual file servers to use, to service an I/O request for the file. The file server (that received the request), sends the generated file access layout to said client, and requests coordinated access to said file from the particular server in response to receiving an I/O request to byte-ranges of said file. | 04-03-2014 |
20140095545 | METHODS AND SYSTEMS FOR CONTROLLING ACCESS TO CUSTOM OBJECTS IN A DATABASE - In embodiments, methods and systems for controlling access to custom objects are provided. These techniques for controlling access to custom objects can enable embodiments to utilize a key for the protection of the security of data that is to remain private while not compromising efficiency of a query. The key for a requested custom object is identified and then used so that only an appropriate portion of a custom entity share table is searched to locate access information. It is then determined whether the user can access at least a portion of the custom object, and the appropriate and allowed data is sent to the user. | 04-03-2014 |
20140129592 | BUILD POOLED DATA SOURCE BASED ON HANA SAML LOGIN - A system receives a request from a request processor of a database connection pool to access a database. The system determines whether a database connection from the database connection pool is available for the request. A new security assertion mark-up language (SAML) assertion is generated when the database connection pool does not have an available database connection for the request. A new database connection to the database is built using the new SAML assertion. | 05-08-2014 |
20140156705 | HYBRID FILE SYSTEMS - Systems and computer program products may provide a virtual system with direct access to one or more sectors of a resource of a computer system. The system and computer program products may include providing, by a computer system to a virtual system, first access control data associated with a regular computer file that corresponds to a resource on the computer system. The system and computer program products may additionally include receiving, at the computer system, a direct read from or direct write to one or more sectors of the resource represented by the regular computer file from the virtual system. The system and computer program products may further include hiding, at the computer system, a hidden computer file from the virtual system. The system and computer program products may additionally include routing, at the computer system, the direct read from or direct write to the hidden computer file on the computer system. | 06-05-2014 |
20140156706 | Hybrid File Systems - Methods may provide a virtual system with direct access to one or more sectors of a resource of a computer system. The method may include providing, by a computer system to a virtual system, first access control data associated with a regular computer file that corresponds to a resource on the computer system. The method may additionally include receiving, at the computer system, a direct read from or direct write to one or more sectors of the resource represented by the regular computer file from the virtual system. The method may further include hiding, at the computer system, a hidden computer file from the virtual system. The method may additionally include routing, at the computer system, the direct read from or direct write to the hidden computer file on the computer system. | 06-05-2014 |
20140164435 | System and Method for Policy Based Control of NAS Storage Devices - A system and method for providing policy-based data management and control on a NAS device deployed on a network. When a user makes a request to store, read, or manipulate data on the NAS device, the NAS device provides an indication of this request to a management tool running on a remote system. The management tool reviews the request in light of its previously established policy-based data storage management configuration and subsequently informs the NAS device to either accept or not accept the user's request to store, read or modify data on the NAS device. | 06-12-2014 |
20140164436 | SYSTEM AND METHOD FOR TRANSMITTING IMAGE DATA - Provided are a unit that only outputs notification in the case where users having access have been added, a unit that saves image data in a restricted access save area without outputting notification, and a unit that outputs notification in a case where a specific pattern such as copyright information or confidential information was included in an original document that was read, and the user is notified by a combination of any of these three units. | 06-12-2014 |
20140172917 | PRIVACY AND PERMISSION SYSTEM FOR A SOCIAL NETWORK - Systems and methods for managing and regulating communications over a social network are disclosed. A first member of the social network may have profile information comprising various information types each having an associated privacy level. A particular information type may be accessed by a recipient if they are assigned a direct permission level satisfying the privacy level of the particular information type. According to one method, the system determines whether a communication has been sent from the first member to the recipient, and automatically assigns the direct permission level to the recipient for accessing the first member's profile information. | 06-19-2014 |
20140181148 | Distributed Management Framework for Personal Attributes - A technique for distributed management of attributes includes propagating attributes based upon attribute-granularity permissions. An example of a system according to the technique may include a server, coupled to a first client and a second client, that includes a module that receives attribute data from the first client; a permissions database where first permissions associated with the first client are set at the individual attribute level for the second client; an engine for updating the permissions database and for validating the first permissions for the second client; and an engine for distributing first client updates based on validated permissions to destinations associated with the one or more second destination stores. | 06-26-2014 |
20140188938 | Conditional Role Activation in a Database - Methods, systems and computer-readable storage mediums encoded with computer programs executed by one or more processors for conditional role activation in a database are disclosed. In an embodiment, a request to activate a role for a user of a database system is received, and a predicate for conditional activation of the role is determined. The conditions of the predicate are evaluated, and if the conditions of the predicate are satisfied, the role is activated for the user. If, however, one or more of the conditions of the predicate are not satisfied, the role is not activated for the user. | 07-03-2014 |
20140207822 | DIGITAL MEDIA LENDING SYSTEM AND METHOD - A digital media lending system, method and item representation are disclosed. The system comprises a check-out terminal ( | 07-24-2014 |
20140258336 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR MANAGING TABULATED METADATA - Embodiments disclosed herein provide systems and methods for managing metadata, including scalar, text, drop-down, type ahead, and tabular metadata related to digital assets. Restrictions may be set at the metadata field level to allow users of different user groups to view fields based on restriction classes. A metadata management tool may allow an administrator to restrict one or more metadata fields associated with a digital asset in a network with a restriction class. The restricted fields may be associated with one or more user groups in the network. Only users in the user groups associated with the restriction class can view the restricted fields, in addition to the digital asset and any unrestricted fields associated therewith. When searching tabular metadata, a ‘row oriented’ search function may retrieve only assets where the search criteria are matched by a single row. | 09-11-2014 |
20140280347 | Managing Digital Files with Shared Locks - A method for managing the access and use of digital files stored in a file storage networked with multiple servers, including the steps of: a requesting server among the multiple servers that desires to access and use a file stored in the file storage sending to the other servers of the multiple servers a query containing an identification (ID) of the file; each of the other servers receiving the query checking an internal lock list to ascertain whether the file ID is listed therein, if listed then returning a failure message to the requesting server, but if not listed then returning a success message to the requesting server; and the requesting server determining from all returning messages whether a failure message exists, if exists then not to access and use the file, and sending repeated queries at a predetermined time interval, but if not exist then access and use the file, and sending a notice to all other servers when finishing using the file. | 09-18-2014 |
20140280348 | EDUCATIONAL LIBRARY SYSTEM - Methods, systems and computer readable media for educational library management are described. | 09-18-2014 |
20140289277 | FIXED CONTENT STORAGE WITHIN A PARTITIONED CONTENT PLATFORM USING NAMESPACES - Content platform management is enhanced by logically partitioning a physical cluster that comprises a redundant array of independent nodes. Using an interface, an administrator defines one or more “tenants” within the archive cluster, wherein a tenant has a set of attributes including, for example, namespaces, administrative accounts, data access accounts, and a permission mask. A namespace is a logical partition of the cluster that serves as a collection of objects typically associated with at least one defined application. Each namespace has a private file system such that access to one namespace (and its associated objects) does not enable a user to access objects in another namespace. A namespace has capabilities (e.g., read, write, delete, purge, and the like) that a namespace administrator can choose to enable or disable for a given data account. | 09-25-2014 |
20140297688 | METHODS AND SYSTEMS FOR PRIVILEGED EXECUTION SUPPORT FOR FILE SYSTEM COMMANDS ON A STORAGE DEVICE - The present invention relates to a storage device that is able to execute higher level commands, such as network-level, file-system commands, with privileged access to various resources, such as the storage media, hardware, memory, firmware, etc. In one embodiment, the storage device is configured to receive and execute network-level file-system commands, such as Server-Message-Block protocol commands. In particular, the storage device comprises a drive having a storage media and a communications interface, such as a network interface, and a controller. The controller is configured to interpret and execute network-level, file-system commands received from the communications interface on data stored on the storage media. Accordingly, the storage device can service the network-level, file-system commands more efficiently and without the need for user-space applications. | 10-02-2014 |
20140310315 | Filesystem Access for Web Applications and Native Code Modules - One embodiment provides a system that facilitates the execution of a web application. During operation, the system allocates a storage space on one or more storage devices for use by the web application. Next, the system creates, for the web application, a private filesystem comprising a private root directory within the storage space. Finally, the system enables access to the private filesystem for the web application through the private root directory in a manner that does not allow access to a host filesystem associated with the one or more storage devices from the web application. | 10-16-2014 |
20140317143 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD AND PROGRAM - A medical information server is provided. The medical information server includes a medical information unit configured to determine a diagnose authority to an information terminal thereby allowing a diagnosis by the information terminal to be identified by the diagnose authority. An information terminal and a diagnostic information processing system are also provided. | 10-23-2014 |
20140324912 | METHOD AND DEVICE FOR INFORMATION SECURITY MANAGEMENT AND STORAGE MEDIUM - The invention discloses a method and a device for information security management, and a storage medium, in the field of information security technologies. The method comprises: detecting an information input operation of a terminal; obtaining key information corresponding to a triggering operation of a first key, when the triggering operation of the first key is detected; determining whether the obtained key information matches preset key information, and if so, outputting information related to private information stored in a private information database, which corresponds to the preset key information, wherein, the preset key information includes an access password for the private information database and second key information. In the invention, a user needs not access a private space to check private information; instead, the user only needs to input the preset key information to query the information related to the private information. Therefore, the security of the private information is improved. | 10-30-2014 |
20140330869 | SECURE ISOLATION OF TENANT RESOURCES IN A MULTI-TENANT STORAGE SYSTEM USING A SECURITY GATEWAY - Machines, systems and methods for handling a client request in a hierarchical multi-tenant data storage system, the method comprising processing a request in subtasks, wherein a subtask is executed with a minimal set of privileges associated with a specific subtenant; extracting a claimed n-level hierarchy of a tenant and sub-tenant identities from the request; extracting authentication signatures or credentials that correspond to a level in the hierarchy; for a first level in the hierarchy, sending the request to a dedicated subtenant authenticator with privilege to validate credentials for a subtenant at the first level; and receiving a confirmation from the dedicated subtenant authenticator, whether the request is authentic. | 11-06-2014 |
20140330870 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR ENABLING ACCESS TO A RESOURCE OF A MULTI-TENANT ON-DEMAND DATABASE SERVICE UTILIZING A TOKEN - In accordance with embodiments, there are provided mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token. These mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token can be utilized to prevent identification of a user attempting to access the resource, and thus unwanted use of the user's identity. | 11-06-2014 |
20140337384 | Modeled Authorization Check Implemented with UI Framework - Access by a user to a database layer, is governed by modeled authorization checking implemented with authorization objects present in an overlying application layer. At design time, the authorization checking is modeled as part of an existing user interface (UI) model, which may conform to a Model, View, and Control (MVC) design pattern. Authorization objects created during design time, are stored in a meta data repository. At runtime, an authorization engine references the authorization objects and the operations supported by those authorization objects. The authorization check is thus implemented centrally in the UI framework itself using this modeled information. Embodiments avoid complexity, potential lack of internal consistency, and low visibility of conventional de-centralized authorization checking schemes that rely upon a plurality of enforcement points hard-coded at multiple locations within application logic. | 11-13-2014 |
20140351288 | SYSTEM AND METHOD TO PROVIDE DOCUMENT MANAGEMENT ON A PUBLIC DOCUMENT SYSTEM - A system and method for document management are provided in which documents are managed in a file/document sharing system. | 11-27-2014 |
20150012565 | SELECTIVE DATA TRANSFORMATION AND ACCESS FOR SECURE CLOUD ANALYTICS - Providing analytics information from a cloud service includes maintaining an analytics database that is separate from data and servers accessed by users of the cloud service, selectively pushing information from the cloud service to the analytics database, where data and servers accessed by users of the cloud service are inaccessible for direct access by the analytics database, and allowing users limited access to the analytics database, where users of the analytics information that are accessing the analytics database are restricted from accessing data and servers of the cloud service. The analytics database may include a first database of adapted database records and a second database of dynamic logs of service related events. The adapted database records may be initially formed using the data and servers accessed by users of the cloud service prior to being pushed to the analytics database. | 01-08-2015 |
20150039653 | PRIVILEGED USER ACCESS MONITORING IN A COMPUTING ENVIRONMENT - Methods and systems for monitoring privileged user access of a database using a computer having at least one processor are provided. The system monitors database transactions. If a transaction is made by a privileged user, the system records information relating to the transaction in an audit database and/or in an audit file. If a transaction is made by a terminated or otherwise unauthorized privileged user, the system can be adapted to alert management of a possible security breach. | 02-05-2015 |
20150046494 | MAIN-MEMORY BASED CONCEPTUAL FRAMEWORK FOR FILE STORAGE AND FAST DATA RETRIEVAL - A conceptual framework is built including a conceptual hierarchy, a containment hierarchy, and concept relationships. The concepts created in the conceptual framework are associated with resources located on the local file system. The resources are stored in the conceptual framework that is stored in the main memory of the system. Thus, search capabilities based on complex multivariate queries involving relationships and multiple conditions between concepts are provided. The conceptual framework is based on an in-memory engine that enables superfast resource access, reduced file storage redundancy, reduced updating errors, increased consistency, greater data integrity and independence from application level programs, query based concept and file access. | 02-12-2015 |
20150081736 | ONLINE PORTAL ACCESS AND MANAGEMENT SYSTEM UTILIZING MULTIPLE IP DEVICES ORGANIZED ON A SERVER APPLICATION WITH MULTIPLE LEVEL RESTRICTED LOG-IN AND EVENT LOGGING - An on-line portal access and management system uses multiple ip devices organized on a server application with multiple level restricted log-in and event logging. The program with multiple connected IP devices allows the credentialed user to access and organize the capabilities of the multiple system connected IP devices through a single login portal. The IP devices operate equipment such as doors, gates, cameras, access control systems, VOIP intercoms, HVAC systems and other IP based systems typically found in multi-story buildings or multi building campuses. The IP devices generate data logged and archived to the IP device memory media or local data storage device. The application program sifts the IP device generated data for user important information and moves important IP device generated information to the server based memory and data files. | 03-19-2015 |
20150095375 | Alternately Processing Messages - Among other things, processing an incoming message stream includes storing context data of an application in a global database. Various messages from the incoming message stream are placed in an in-memory message queue. One of at least a first and a second phases at a first process is executed, and another of the at least first and second phases at a second process is also executed, so as to alternately execute a first phase and a second phase by a first process and a second process. The first phase includes processing at least one message from the various messages and storing at least one corresponding result in a local memory area. The first phase also includes storing at least one modification to the context data in the local memory area. The second phase includes performing a transaction of the at least one result and the at least one modification of the context data to the global database and committing the transaction. | 04-02-2015 |
20150100602 | SYSTEM AND METHOD FOR THIRD PARTY REMOTE ACCESS TO PERSONAL MEDICAL RECORDS - A portable healthcare electronic data security key for an individual that is configured for use in combination with a portable computerized data access device that can wirelessly communicate with the key through complementary close proximity or NFC circuitry such that when the access device is positioned in close proximity to the key, the key communicates a security protocol to the access device that instructs the access device to utilize the Internet (or another communications network) to remotely access and retrieve with the proper authorization provided by the key at least a portion of the individual's electronically stored medical records from a remote database and display those retrieved medical records on the access device's user display. The security protocol can also instruct the access device to send an alert to emergency contacts identified by the individual in the key or in the database. | 04-09-2015 |
20150120779 | STACK ISOLATION BY A STORAGE NETWORK SWITCH - Technology is disclosed for stack isolation in a storage system including a storage network switch and multiple storage sub-systems (e.g., storage stacks). The storage network switch includes multiple ports and at least one of the ports is configured to dynamically connect to a device that can be either a storage controller device or a storage sub-system. The technology can receive an identification message indicating that a device is connected to a port of a storage network switch, determine based on the identification message at the storage network switch whether the device is a storage controller device or a storage sub-system, and transfer messages between the ports of the storage network switch such that the storage network switch prevents communications between storage sub-systems connected to the storage network switch, but allows communications between the storage sub-systems and storage controller devices connected to the storage network switch. | 04-30-2015 |
20150120780 | SYSTEM AND METHOD FOR INTEGRATING A DATABASE WITH A SERVICE DEPLOYED ON A CLOUD PLATFORM - Described herein are systems and methods for integrating a database into a cloud computing environment. In accordance with an embodiment, a system includes a service management engine (SME) configured to execute in the cloud environment and to access a provider type including coordinates to a database and authentication information for the database. When a service deployed to the cloud environment requests use of a database, the provider type can trigger creation of the database and a schema for use by the associated provider. In accordance with an embodiment, the provider type can include coordinates to a container database (CDB) and authentication information for the CDB. When a service deployed in the cloud environment requests a database, the provider type can trigger creation, via the CDB, of a pluggable database (PDB), with a schema for use by the service. | 04-30-2015 |
20150134701 | ON-DEMAND DATABASE SERVICE SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR CONDITIONALLY ALLOWING AN APPLICATION OF AN ENTITY ACCESS TO DATA OF ANOTHER ENTITY - In accordance with embodiments, there are provided mechanisms and methods for conditionally allowing an application of an entity access to data of another entity in an on-demand database service. These mechanisms and methods for conditionally allowing an application of an entity access to data of another entity in an on-demand database service can enable embodiments to limit such access to the data, as desired. Furthermore, embodiments of such mechanisms and methods may provide additional security when sharing data among different subscribers to an on-demand database service. | 05-14-2015 |
20150149505 | DIRECTORY LEASING - Described are embodiments for allowing clients that access a distributed file system to locally cache directory metadata. The client may request a read lease which allows the client to cache the directory metadata locally and service requests received from the same application which originally requested the directory metadata using the cache. In addition, the client may also request a handle lease which allows a client to delay the closing of a directory handle and allow the handle to be reused to service subsequent directory metadata requests from the same or a different application. A client may also request a write lease which allows an application on the client to modify the directory metadata, such as by creating or deleting new files in the directory, or changing their attributes, and cache those changes. | 05-28-2015 |
20150302220 | SECURE DATA CONTAINERS - Embodiments for providing secure data containers and allowing selective access to files stored in the containers include systems and methods that receive a request to create a container, wherein the container is a file system comprising access parameters that define one or more permitted actions and one or more permitted users for the container; determine duration parameters for the container, wherein the duration parameter comprise a time duration during which the container may be accessed; determine a fingerprint of the container, the fingerprint being a record of the container for comparison to the container at a later time; generate the container with the access parameters, duration parameters, and fingerprint; monitor the container for compliance with the access parameters, duration parameters, and fingerprint; and apply a consequence when the container is not in compliance with the access parameters, duration parameters, or fingerprint. | 10-22-2015 |
20150339297 | METHOD AND SYSTEM FOR PROVIDING A DOCUMENT IN A DATA COMMUNICATION NETWORK - In a computer-implemented method and system, an electronic target document is provided in a data communication network. At least one computer program in a first domain in the data communication network provides a link to open a digital first form in the first domain. Upon activation of the link, redirection to a second domain takes place, and a second electronic form is provided in the second domain. The second form comprises a retrieval field which is configured to provide, when the retrieval field is activated, a plurality of domain access fields. After receipt of an activation of a selected one of the domain access fields, a third domain linked to the selected domain access field is accessed to retrieve target document data from the third domain. The second domain uploads the target document associated with the target document data to the first form of the first domain. | 11-26-2015 |
20150339484 | Accessing Enterprise Data - A method for accessing enterprise data is described herein. In an implementation, the method comprises receiving, by an application server), a login request from the user equipment, wherein the login request comprises login credentials corresponding to a user. Further, upon successful authentication of the user, user permissions corresponding to the user are ascertained based on one or more predetermined parameters. Further, a default application list is filtered based on the user permissions to obtain a user specific application list corresponding to the user, wherein the application list comprises a plurality of enterprise resource planning (ERP) modules, and wherein the user specific application list comprises one or more ERP modules from amongst the plurality of ERP modules. The method further comprises rendering the user specific application list to the user equipment for providing access to data corresponding to the one or more ERP modules over the web browser. | 11-26-2015 |
20150347772 | FAST ACCESS RIGHTS CHECKING OF CONFIGURED STRUCTURE DATA - Methods for product data management and corresponding systems and computer-readable mediums. A method includes receiving a hierarchical data structure that includes a plurality of structure lines referencing persistent data objects and receiving metadata corresponding to persistent data objects referenced by the hierarchical data structure. The method includes computing an access control expression corresponding to each persistent object according to the metadata, wherein the access control expressions are string-representation Boolean expressions, and storing the access control expressions. | 12-03-2015 |
20150347783 | DATABASE ACCESS CONTROL FOR MULTI-TIER PROCESSING - Embodiments of the disclosure can include a method, a system, and a computer program product for controlling access to a database server in a multi-tiered processing system. The method can include receiving an application request having an identification parameter to an application server at an application layer. The method can also include querying a database objects map that maps the application request to a database object and a database operation in a database layer. The method can also include accessing one or more database access security rules for the identification parameter that specify a security action based on the database object and the database operation. The method can also include comparing the database object and database operation determined from the application request with the database object and database operation from the one or more security rules. | 12-03-2015 |
20150363603 | Dynamic Filtering and Precision Alteration of Query Responses Responsive to Request Load - Embodiments relate to processing a request from a user device for access rights for a resource. An access management system can send a request to query a (e.g., cached or authoritative) data store for available access rights. The query may include an exact-match or fuzzy query. A set of access-right results responsive to the query can be identified. The system may transmit a communication to the user device that identifies the set, or a subset thereof. Upon receiving a selection of a result, the system can facilitate assigning access rights corresponding to the identified result to the user. In some instances, a level of precision at which a characteristic of an access-right result is identified and/or whether or how access rights are held depends on a request load. | 12-17-2015 |
20160012074 | SYSTEM AND METHOD FOR PROVIDING CONTEXTUAL ANALYTICS DATA | 01-14-2016 |
20160012251 | DISTRIBUTION, TRACKING, MANAGEMENT, REPORTING AND DEPLOYMENT OF CLOUD RESOURCES WITHIN AN ENTERPRISE | 01-14-2016 |
20160019241 | SOCIAL FILES - Disclosed are systems, apparatus, methods, and computer readable media for creating and sharing social files in a feed system. In one embodiment, a request is received to perform an action related to a social file. The social file may provide access to a first document file within a social networking system. The first document file may be capable of being displayed on a display device. A determination may be made as to whether the requested action complies with a permission configuration record associated with the social file. The permission configuration record may identify one or more user accounts permitted to access the social file. | 01-21-2016 |
20160019281 | Interfacing with a Relational Database for Multi-Dimensional Analysis via a Spreadsheet Application - Systems, methods, and computer-readable mediums are presented that may provide for an interface to a relational database. A request may be received for data stored in a relationship database, wherein the request is received from a spreadsheet application. In response to the request for data stored in the relational database, a plurality of tables in the relational database may be accessed to retrieve the data indicated in the request. The retrieved data may be translated from the plurality of tables of the relational database into a format for output to the spreadsheet application. The translated data may be output to the spreadsheet application. | 01-21-2016 |
20160034700 | SEARCH PERMISSIONS WITHIN HIERARCHICALLY ASSOCIATED DATA - A server computer system can receive a database query directed towards returning information from one or more locations within a hierarchically organized data structure. A user identification can be associated with a particular entry within the hierarchically organized data structure. The system can then access an ordered flat file database that comprises the information stored within the hierarchically organized data structure. The stored information can include information associating each entry within the hierarchically organized data structure with the entry's relative position within the hierarchically organized data structure. The system can also return a query response that excludes particular information based upon a permission attribute applied to sequential entries within the ordered flat file database. | 02-04-2016 |
20160042009 | RESTRICTING SENSITIVE QUERY RESULTS IN INFORMATION MANAGEMENT PLATFORMS - As information becomes more accessible to the public, the ability to predict and estimate sensitive data from the data already available to the general public becomes easier. The existing privacy-preserving data mining approaches only consider the information the user is querying and do not consider the information the user already has, and how the user can use that information in combination with the query information to create sensitive data that the user should not have access to. Some embodiments of the present invention provide a query analysis (QA) program that solves the aforementioned problem by taking into account data that a user may already have, whether it is private data or data that is available to the public, and then using that data, along with the data that would be returned in the query, to determine if sensitive data could be recreated. | 02-11-2016 |
20160042011 | PERSONALIZED DESTINATIONS IN NAVIGATION SYSTEMS WITH PASSWORD PROTECTION - A method of operating a vehicle navigation system includes enabling a user to enter and store in the system a destination address in association with a name and/or telephone number. The user is enabled to enter the name and/or telephone number in free form and without format restrictions. The user is enabled to later retrieve the destination address based on the name and/or telephone number being used as a search term. | 02-11-2016 |
20160048698 | DATA STORAGE SERVICE FOR PERSONALIZATION SYSTEM - A data storage system or service is provided for the data that is generated by the personalization system. The data storage system can be configured to support storing, retrieving or querying, and updating of data such as user information, personalized content such as personalized business information and collection information, statistics information related to users, collections, businesses, and the like. The data model design of the data storage system may be configured to optimize performance associated with specific features of the personalized system such as following and/or sharing of collections. Additionally, the data storage system may be configured to detect and provide user notifications of trigger events. | 02-18-2016 |
20160065421 | SERVICE LEVEL AGREEMENT (SLA) COGNIZENT SELF-MANAGING DATABASE CONNECTION POOLS IN A MULTI-TENANT ENVIRONMENT - Embodiments of the invention provide a method, system and computer program product for SLA cognizant database connection management for multi-tenant environments. In an embodiment of the invention, a method for SLA cognizant database connection management for multi-tenant environments includes receiving different requests for data in a database from different application instances executing in memory of a host computing system supporting a multi-tenant computing environment and determining a priority for each of the requests. The method also includes selecting for each request a particular portion of a database connection pool of a multiplicity of database connections to the database, in that the particular portion is associated with a corresponding priority of the request, and each portion of the database connection pool includes one or more of the database connections. Finally, the method includes processing each of the requests through a respectively selected one of the portions of the database connection pool. | 03-03-2016 |
20160080387 | Database Access Using A Common Web Interface - Methods and systems for accessing databases using a common web interface are provided. A method for transmitting data retrieved from an endpoint device to a client device using a common web interface includes providing the common web interface to the client device. The common web interface allows access to a plurality of endpoint devices, each endpoint device comprising a unique endpoint address. The method further includes receiving, by a computer, identification data from the client device, retrieving an endpoint address for one of the plurality of endpoint devices based on the identification data, connecting to the endpoint device corresponding to the endpoint address, retrieving data from the endpoint device, and transmitting the retrieved data to the client device. | 03-17-2016 |
20160098422 | FILE ACCESSING SYSTEM AND FILE ACCESSING METHOD THEREOF - A file accessing system and a file accessing method thereof are provided. The file accessing system includes a storing unit and a processing unit. The storing unit stores a file accessing table which has a file record item. The file record item has a block point field and a key field. The processing unit: decides a storing block and a key of a file, where the storing block stores a data record table having a data record item which has a corresponding key field and a data allocation field; records a block identification of the storing block and the key into the block point field and the key field respectively; stores the file into a segment of the storing block; and records the key and the segment into the corresponding key field and the data allocation field respectively. | 04-07-2016 |
20160104005 | FACILITATING TENANT-BASED CUSTOMIZATION OF ACCESS AND SECURITY CONTROLS IN AN ON-DEMAND SERVICES ENVIRONMENT - In accordance with embodiments, there are provided mechanisms and methods for facilitating tenant-based customization of access and security controls in an on-demand services environment in a multi-tenant environment according to one embodiment. In one embodiment and by way of example, a method includes generating, by the database system, a plurality of nodes corresponding to a plurality of tenants in a multi-tenant environment, where a node corresponding to a tenant includes data relating to the tenant. The method may further include accepting, by the database system, a plurality of security models associated with the plurality of tenants, and configuring, based on the plurality of security models, security privileges including user privileges to be assigned to the plurality of users representing the plurality of tenants. | 04-14-2016 |
20160125197 | Database Security - A method includes automatically determining a component of a security label for each first record in a first table of a database having multiple tables, including: identifying a second record related to the first record according to a foreign key relationship; identifying a component of the security label for the second record; and assigning a value for the component of the security label for the first record based on the identified component of the security label for the second record. The method includes storing the determined security label in the record. | 05-05-2016 |
20160171232 | SYSTEM AND METHOD FOR SECURE RECIPROCAL EXCHANGE OF DATA | 06-16-2016 |
20160180111 | Providing Features in a Database System Environment | 06-23-2016 |
20160196288 | INFORMATION PROCESSING APPARATUS, STORAGE MEDIUM, AND INFORMATION PROCESSING METHOD | 07-07-2016 |