| Entries |
| Document | Title | Date |
|---|
| 20100077006 | Re-identification risk in de-identified databases containing personal information - A system and method of performing risk assessment of a dataset de-identified from a source database containing information identifiable to individuals is provided. The de-identified dataset is retrieved comprising a plurality of records from a storage device. A selection of variables from a user is received, the selection made from a plurality of variables present in the dataset, wherein the variables are potential identifiers of personal information. A selection of a risk threshold acceptable for the dataset from a user is received. A selection of a sampling fraction wherein the sampling fraction define a relative size of their dataset to an entire population is received. A number of records from the plurality of records for each equivalence class in the identification dataset for each of the selected variables. A re-identification risk using the selected sampling fraction is calculated. The re-identification risk meets the selected risk threshold is determined. | 03-25-2010 |
| 20100082685 | SYSTEM AND METHOD FOR EVALUATION AND PRESENTING AUTHORIZATION RIGHTS IN AN ORGANIZATION - A system and method for evaluating instances of authorization authority or segregation of duties in an organization against criteria for such authorizations, storing results of such evaluations and presenting such results to a user through queries of the stored results. | 04-01-2010 |
| 20100082686 | Methods for storing data - A method for storing data includes the steps of receiving a metadata parameter from a first user, the parameter being associated with a property in a database containing a plurality of data records, and storing the parameter. The method also includes the step of providing a second user with access to the stored parameter, the second user having an access level to the database which is different from that of the first user. | 04-01-2010 |
| 20100114966 | Security audit in user interface mode - Systems, methods, and other embodiments associated with a security audit performed on a displayed page generated from an executing application are described. One example method includes determining one or more current objects on the displayed page and determining access rights to the one or more current objects. The method may further include comparing access rights of the one or more current objects to access rights assigned to a user to determine accessible objects and non-accessible objects. The accessible objects and the non-accessible objects are visually distinguished on the displayed page. | 05-06-2010 |
| 20100114967 | Method for Managing Simultaneous Modification of Database Objects During Development - The present invention relates to a method for preventing the simultaneous modification of the same database object in a shared database by more than one user during the database development stage comprising the steps of: (a) creating security roles for said users, wherein each of the security roles has a modification permission set for denying or granting at least one modification permission to at least one said database object; (b) assigning each of said security roles to each of said users; (c) providing means for said users to request said modification permission to said database object; (d) receiving said request from a first user for said modification permission to said at least one database object; (e) determining that said security roles of said users, excluding the security role of first user, are set to deny said modification permissions to said object; (f) updating said security role of said first user to grant said modification permission to said object; (g) allowing said first user to modify said object; (h) receiving a termination notification from said first user for concluding said modification permission to said object; and (i) updating said security role of said first user to cease said modification permission to said object. | 05-06-2010 |
| 20100131560 | Trial Access For Media Files From Media List - Embodiments of the present disclosure provide systems and methods for sharing media files. Briefly described, in architecture, one embodiment of the system, among others, can be implemented as follows. The system includes a file sharing application configured to initiate a communication session with a file server, where the file server manages download requests for media files listed on a dynamic list. Use of the media files is subject to a trial period that corresponds to a period that the media files remain on the dynamic list. The system further includes trial period checking logic configured to retrieve a new dynamic list and check whether a trial period for a media file has expired by determining whether the media file is listed on the new dynamic list and offer presentation logic configured to offer a user a license for continued use of a media file that has an expired trial period. Other systems and methods are also provided. | 05-27-2010 |
| 20100179966 | VIRTUALIZED DATA STORAGE VAULTS ON A DISPERSED DATA STORAGE NETWORK - A dispersed data storage system includes a plurality of slice servers. In the system, a first set of the slice servers supports a first virtual digital data storage vault and a second set of the slice servers supports a second virtual digital data storage vault. A slice server is in the first and second sets and functions to: receive a request to access a virtual digital data storage vault; determine whether the virtual digital data storage vault is the first or the second virtual digital data storage vault; when the virtual digital data storage vault is the first or the second virtual digital data storage vault, determine whether the request is valid; and when the request is valid, execute the request to generate a response. | 07-15-2010 |
| 20100281060 | TYPE SYSTEM FOR ACCESS CONTROL LISTS - A method and storage media for performing access resolution using ACL types is provided. Under an AND semantic, an intersection set formed from the types of multiple ACLs protecting a resource may be utilized to efficiently determine whether a request for a privilege to access the resource is granted or denied. If the privilege is not a member of the intersection set, the privilege cannot be granted. A union set may be used for an OR semantic. A global ACL type may represent all privileges system-wide or application-wide. A global ACL may represent a system-wide or application-wide access policy. A conjunction of a global ACL and a regular ACL may be stored in a cache. The union set, intersection set, or access resolution may also be cached for subsequent request processing. | 11-04-2010 |
| 20110055277 | UPDATING DISPERSED STORAGE NETWORK ACCESS CONTROL INFORMATION - In a dispersed storage network where slices of secure user data are stored on geographically separated storage units ( | 03-03-2011 |
| 20110055278 | Setting Information Database Management - Computer programs, methods and systems for managing a setting information database of a computer system are described. The computer system includes an original setting information database and an administrative database which store setting information of the system. Each time a write request to write data to the setting information database is received from a requester, a write processing portion writes the requested data to the administrative database. When a read processing portion receives a read request to read data from the setting information database, if the data is included in the administrative database, the read processing portion passes the data from the administrative database to the program that issued the read request. An editing portion cleans up the administrative database using a white list to ensure that only a trusted program can write data. | 03-03-2011 |
| 20110125798 | TEAM SUPPORT IN CHANGE RECORDING AND VERSIONING SYSTEMS - Implementations of the present disclosure provide computer-implemented methods including generating a changelist corresponding to at least one computer code object that is digitally stored in a repository database, assigning a team to the changelist, the team comprising a plurality of members, initiating access to the computer code object using a computer that is in communication with the repository database, enabling access to the computer code object when a user of the computer is a member of the team, and prohibiting access to the computer code object when the user of the computer is not a member of the team. | 05-26-2011 |
| 20110125799 | Extensible Access Control List Framework - Methods, systems, and products for governing access to objects on a filesystem. In one general embodiment, the method includes providing a framework in an operating system environment for support of a plurality of access control list (ACL) types, thereby enabling governing of access to objects on a filesystem according to an associated definition of an ACL type; and accepting definitions of ACL types. The associated definition may comprise a kernel extension. | 05-26-2011 |
| 20110137947 | DYNAMIC ACCESS CONTROL FOR DOCUMENTS IN ELECTRONIC COMMUNICATIONS WITHIN A CLOUD COMPUTING ENVIRONMENT - The present invention provides a solution to manage and control document transmission and electronic communication. Specifically, the present invention solves the problem of having control over data (documents, image files, and attachments hereafter referenced as “documents”) that are associated with multiple types of data communication. Along these lines, the present invention provides a hub and spoke communication model in order to achieve multiple benefits in terms of effectiveness, efficiency, flexibility, and control. This type of granular control is critical for information sharing within a Cloud computing environment. This approach is also useful for collaboration tools and can be augmented by the creation and management of access control lists (ACL) for the hub-spoke system. To this extent, this present invention solves the problem of being able to automatically update ACL's as documents are being forwarded or otherwise communicated between multiple people. These ACL's are kept up to date through the analysis of to whom (and where) a document has been sent. | 06-09-2011 |
| 20110153670 | METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR DYNAMIC FIELD-LEVEL ACCESS CONTROL IN A WIKI - A method, system, and computer program product for dynamic field-level access control in a Wiki. The method comprises: inserting a virtual field in a Wiki using delimiters; and assigning sole ownership of the virtual field to a user who first inserts the virtual field, where the owner of the virtual field controls access to the virtual field using at least one access control list. | 06-23-2011 |
| 20110202568 | VIRTUALIZED DATA STORAGE VAULTS ON A DISPERSED DATA STORAGE NETWORK - A slice server includes a network port, a central processing unit, and memory. The central processing unit (CPU) is operable to receive, via the network port, a request to access a virtual digital data storage vault. The CPU then determines whether the slice server supports the virtual digital data storage vault. When the slice server supports the virtual digital data storage vault, the CPU determines whether the request is valid. When the request is valid, the CPU executes the request to generate a response. | 08-18-2011 |
| 20110219036 | SOCIAL NETWORK SITE INCLUDING CONTACT-BASED RECOMMENDATION FUNCTIONALITY - Particular embodiments of the present invention are related to a social network site with enhanced user interaction functionality. In particular implementations, a method includes accessing a list of contacts that are connected to an owner of a personal page of a social network; identifying one or more contact pairs from the list, wherein the contacts in each contact pair are not connected to each other; computing an affinity score for each identified contact pair; randomly selecting one or more of the contact pairs based on corresponding affinity scores; providing a friend connector user interface module to the owner of the personal page, wherein the friend connector user interface prompts the owner to invite the contacts of the selected contact pair to establish a connection association relative to the social network; and conditionally transmitting an invitation to the contacts of the contact pair based on one or more actions of the owner relative to the friend connector interface. | 09-08-2011 |
| 20110225202 | MULTI-DIMENSIONAL ACCESS CONTROL LIST - Methods and apparatus, including computer program products, implementing and using techniques for providing a dynamic access control list for an object in a computer- implemented content management system. A list of one or more subjects is received. Each of the subjects is associated with a set of operations that the subject has permission to perform on the object in accordance with a first rule-set. A set of dynamic evolution conditions is defined. The dynamic evolution conditions specify under what circumstances to evolve the access control list to a new state in which a second rule-set describes a different set of operations to be associated with one or more of the subjects. The dynamic evolution conditions, the subjects, and the operations are stored in a dynamic access control list on a server in the content management system. A content management system is also described. | 09-15-2011 |
| 20110258234 | DYNAMIC ACCESS CONTROL FOR DOCUMENTS IN ELECTRONIC COMMUNICATIONS WITHIN A NETWORKED COMPUTING ENVIRONMENT - The present invention provides an approach to manage and control document transmission and electronic communication. Specifically, the present invention provides control over data associated with multiple types of data communication. Along these lines, embodiments of the present invention provide a hub and spoke communication model in order to achieve multiple benefits in terms of effectiveness, efficiency, flexibility, and control. This type of granular control is critical for information sharing within a networked computing environment. This approach is also useful for collaboration tools and can be augmented by the creation and management of access control lists (ACL's) for the hub-spoke system. To this extent, embodiments of the present invention provide functionality to automatically update ACL's as documents are being forwarded or otherwise communicated between multiple parties. These ACL's are kept up to date through the analysis of to whom (and where) a document has been sent. | 10-20-2011 |
| 20110270885 | SECURITY CONFIGURATION SYSTEMS AND METHODS FOR PORTAL USERS IN A MULTI-TENANT DATABASE ENVIRONMENT - A computer-implemented system and method includes method includes receiving a data request for data in a database from a user; determining if the user is an internal user or a portal user; consulting, if the user is the internal user, a first security setting associated with the data to determine if the requested data is public or private, and if the user is the portal user, consulting a second security setting separate from the first security setting to determine if the requested data is public or private; providing, if the requested data is public, access information to the user; performing, if the requested data is private, additional processing to determine if the user has access to the requested data. | 11-03-2011 |
| 20110270886 | MECHANISM AND APPARATUS FOR TRANSPARENTLY ENABLES MULTI-TENANT FILE ACCESS OPERATION - The present invention relates to a multi-tenant technology. The disclosure provides a method for processing a file access request to a multi-tenant application by using a file proxy and a corresponding file proxy apparatus, the method comprising: intercepting a file access request; converting the file access request based on a predetermined file isolation model; and transmitting the converted file access request to an operating system. By using this invention, the necessity of modifying a source code of an application so as to enabling a single-tenant application to support an operation in the multi-tenant model may be reduced. The present invention further provides a multi-tenant file system adapted for a multi-tenant application. In cooperation with the multi-tenant system, the method and file proxy apparatus according to the present invention may provide transparent support to fulfill security isolation and access control of tenant files with different SLAs. | 11-03-2011 |
| 20110302211 | MANDATORY ACCESS CONTROL LIST FOR MANAGED CONTENT - Restricting access to managed content to users that are both (1) members of one or more required groups identified in an ACL associated a content item to which access is requested and (2) otherwise granted access under the ACL, e.g., by virtue of their individual identity, role, or group membership is disclosed. In some embodiments, an ACL is configured to identify one or more groups as being a “required” group, membership in which is required for a user to be granted access to a content item with which the ACL is associated. If a user is not a member of a required group, the user is denied access (or denied access above a certain level), even if the user is otherwise delegated access rights in the ACL. | 12-08-2011 |
| 20120011161 | PERMISSION TRACKING SYSTEMS AND METHODS - Systems and methods for permission maintenance are presented. In one embodiment, a permission maintenance method includes: gathering permission indication information including permission indications associated with various stored information; analyzing the permission indication information including analyzing potential permission indication origination; and creating interface presentation information based upon results of the analyzing the permission indications, wherein the interface presentation information includes information related to potential origination of a permission indication. The gathering can include scanning a file system and collecting active directory information. The analyzing can include determining the type of access a principal is given to a file. The analyzing can also include determining if a principal is associated with a group and the type of permissions given to the group. In one exemplary implementation, the permission indication information is organized in accordance with potential permission indication origination. In one embodiment, the interface presentation information is presented in a Graphical User Interface, including a permission indicator and the information related to potential origination of the permission indicator. | 01-12-2012 |
| 20120011162 | COMPUTERIZED PORTFOLIO AND ASSESSMENT SYSTEM - A method that is operative with a computer executable code to create a selectively accessible and user controlled portfolio folder. The method, which is a computer implemented method for sharing personal information through an electronic communication network between a user and one or more reviewers, includes the steps of providing an electronic storage medium having a computer executable code for creating and viewing a selectively accessible electronic portfolio folder, establishing accounts for the users and the reviewers, allowing the user access to the computer executable code through the electronic communication network, allowing the user to create and/or edit one or more portfolio folders and place content in the portfolio folders, allowing the user to determine which reviewer may access the portfolio folders, allowing the one or more reviewers access to the computer executable code through the electronic communication network, and allowing the one or more reviewers to view the portfolio folders selected by the user. | 01-12-2012 |
| 20120023140 | SYSTEM AND METHOD FOR STORAGE OPERATION ACCESS SECURITY - A method and system for controlling access to stored data is provided. The storage access control system leverages a preexisting security infrastructure of a system to inform the proper access control that should be applied to data stored outside of its original location, such as a data backup. The storage access control system may place similar access control restrictions on the backup files that existed on the original files. In this way, the backed up data is given similar protection as that of the original data. | 01-26-2012 |
| 20120030243 | POLICY GENERATION AND CONVERSION SYSTEM, POLICY DISTRIBUTION SYSTEM, AND METHOD AND PROGRAM THEREFOR - To eliminate restrictions on the order of writing in an access control list. A permission rule and a prohibition rule are stored in advance. A rule is read out from an access control list accepted, and a determination is made as to whether the readout rule is contained in the permission and prohibition rules stored in advance. When the readout rule is not contained and when the readout rule is a permission rule, the readout rule is stored in the temporary storage unit. When the readout rule is not contained and when the readout rule is a prohibition rule, a determination is made as to whether the prohibition rule conflicts with the permission rule stored in the temporary storage unit. When the prohibition rule does not conflict, the prohibition rule is stored in the temporary storage unit. When the prohibition rule conflicts, the prohibition rule is converted to a prohibition rule by removing access target resources written in the permission rule from access target resources written in the prohibition rule on the basis of resource information, and the prohibition rule is stored. | 02-02-2012 |
| 20120041984 | Group Management Using Unix NIS Groups - In one implementation, a system for managing Groups in a Unix environment includes a group management engine and an NIS converter. A group information database stores information about Groups and their Members. The group management engine receives commands from Administrators of a Group to change attributes of Members in the Group. It accesses the database and makes the requested changes. The information in the database is not in an NIS-compatible format. The NIS converter accesses the database and generates an NIS group file that describes a Group and its Members in a format that is NIS-compatible. For example, the NIS group file can be incorporated into the master NIS group map using the | 02-16-2012 |
| 20120047177 | LICENSED RIGHTS CLEARANCE AND TRACKING FOR DIGITAL ASSETS - Rights clearances management for assets, such as media assets. A rights brokerage service enables potential licensees to clears rights to use assets within designated projects, such as advertising campaign projects. The potential licensee uses an interface to select or identify an asset without necessarily accessing the asset itself. The rights holders and the rights held by each rights holder are identified based on the asset identity. A request is automatically issued to the rights holders to approve use of the asset for the project. The potential licensee may use an interface to track progress of approvals from the rights holders. Unenforceable rights are detected and approval is automatically obtained. If all enforceable rights are cleared, the asset may be committed for approval by a project manager or other authority. When approved, a license to use the asset is automatically created between the potential licensee and each of the rights holders. | 02-23-2012 |
| 20120072461 | ACCESS CONTROL FOR BUSINESS PROCESS DATA - Controlling access to business process data is disclosed. An instance of a first business process object configured to contain business process data of a business process is created. An instance of a second business process object configured to contain business process data of the business process is created. A first access control list is associated with the instance of the first business process object and a second access control list is associated with the instance of the second business process object. | 03-22-2012 |
| 20120078965 | Method, an apparatus, a computer system, a security component and a computer readable medium for defining access rights in metadata-based file arrangement - The invention relates to a method for a computer system storing electronic objects being defined by metadata items. The method comprises deriving access rights from one or more security components originating from respective metadata items of at least one object, and determining the effective access rights for the object by means of the security components. The invention also relates to a method for a computer system storing electronic objects being defined by metadata items, wherein access rights for an object are determined by means of one or more pseudo-users. The invention also relates to an apparatus, a computer system and a computer readable medium comprising a computer program stored therein for carrying out the methods. | 03-29-2012 |
| 20120185510 | DOMAIN BASED ISOLATION OF OBJECTS - Functionality can be implemented in an operating system to increase the granularity of isolation for objects. A domain can be defined to represent each of different entities (e.g., different departments or work groups). User identifiers and/or user credentials can be associated with the appropriate domain or domains. An administrator can then define a set of rules that govern operation(s) that can be performed on the objects based on the domains. Processes running on a system will inherit the domains of a user account logged into the system. When a process running on the system attempts to perform an operation on an object, an operating system process evaluates the domain isolation rules with an identifier of the object and a domain identifier to determine whether the operation is permitted to proceed. | 07-19-2012 |
| 20120197942 | Controlling Access to Documents by Parties - Illustrative embodiments disclose a computer process controlling access to one or more documents by one or more parties, the parties organized over one or more organizations. In response to a party associated with a first organization attempting to access documents, determining an access level associated with the party as a first access level, a second access level, a third access level, or a fourth access level. The first, second, third and fourth access levels are ordered from the first access level to the fourth access level such that the first access level provides a greatest degree of access to the documents and the fourth access level provides a least degree of access to the documents. In response to determining the access level associated with the party, permitting the party to access the documents, or preventing the party from accessing the documents, according to the access level associated with the party. | 08-02-2012 |
| 20120259892 | SECURELY EXTENDING ANALYTICS WITHIN A DATA WAREHOUSE ENVIRONMENT - A vendor is authenticated for use of a retailer's data warehouse and limited access rights are assigned to the vendor for access. The vendor accesses a graphical user interface (GUI) to select an available analysis module for execution against the data warehouse. Schemas are presented in the GUI based on the access rights, and specific schema selections are made by the vendor. The analysis module is then configured and executed against the data warehouse and filtered results are presented to the vendor; the results filtered based on the access rights assigned to the vendor. | 10-11-2012 |
| 20120271854 | Optimizing A Compiled Access Control Table In A Content Management System - A method, computer program product, and system for improving the operation and management of a content management system, by managing data security and incremental refreshes of a compiled access control table. A user may be authorized to access an entity such as a data item by reference to a single table that compiles ACL information from a plurality of tables, without repetitive access to several system tables. | 10-25-2012 |
| 20120271855 | ACCESS PERMISSIONS MANAGEMENT SYSTEM AND METHOD - In a hierarchical access permissions environment, a method for enabling efficient management of project-wise permissions including maintaining project-wise lists of network objects, access permissions to which cannot be managed together via a hierarchical folder structure and employing the project-wise lists of network objects to make project-wise changes in access permissions to the network objects without the need to individually modify access permissions to individual ones of the network objects. | 10-25-2012 |
| 20120271856 | SHARING REFERENCED CONTENT THROUGH COLLABORATIVE BUSINESS APPLICATIONS - Referenced content is shared through collaborative business applications by detecting referenced content in an electronic communication. The referenced content references content stored in an external repository. The referenced content identifies a registered external repository connector. A determination is made whether an Access Control List (“ACL”) for the referenced content lacks an entry for a recipient of the electronic communication. Also an ACL entry is generated for the recipient in response to the recipient lacking an entry in the ACL for the referenced content. The ACL entry controls access to the referenced content for the recipient. | 10-25-2012 |
| 20120310983 | EXECUTABLE IDENTITY BASED FILE ACCESS - In examples of the present invention, an executable seeks to access a data file. An executable identity based access control list is accessed to determine whether the executable should be allowed to access the data tile. | 12-06-2012 |
| 20130054648 | Determining Accessibility of Database Objects With Multiple Parents - The technology performs database access control in a manner that decreases computational cost of the database access control with an object type definition of a database object that permit multiple parent objects. The system determines whether to grant a user access to a database object via a first set of access control paths that do not rely on whether the user has permission to access a minimum number of parent objects of the database object. Responsive to a determination not to grant the user access via the first set of access control paths, the system determines whether to grant the user access to the database object via a second set of access control paths that determine whether the user has permission to access the minimum number of parent objects of the database object. | 02-28-2013 |
| 20130080471 | INTERACTIVE ELECTRONIC READER WITH PARENTAL CONTROL - An e-reader with a password protected supervisory account that controls various features and functions of the e-reader, and e-reader user profile accounts for reading users of the e-reader. The supervisory account permits the supervisor user to set up one or more e-reader user profiles that are each assigned its own customizable bookshelf for displaying the available electronic published content, such as, e-books. The electronic published content is assigned to each e-reader user profile through the supervisory account. The e-reader provides interactive content that reinforces development of reading skills and reading comprehension. The e-reader provides reading-level specific definitions and an audible pronunciation of the words. The e-reader has zooming and scrolling capabilities. The e-reader may also present suggestions and recommendations for further reading based on the aggregation of reading statistics for all readers by user profile. The e-reader tracks e-reader user information and presents the information to the password protected supervisory account. Multiple instances of the e-reader may exist and be associated with the supervisory account and e-reader user profiles. | 03-28-2013 |
| 20130091172 | JOURNALING SYSTEM WITH SEGREGATED DATA ACCESS - A journaling system provides access to subsets of user information in a segregated fashion. This permits its users to define access settings for their user information thereby limiting which other users may access the user information. In one or more embodiments, the journaling system may include a server or other computing device and one or more storage devices used to store the user information, associated access settings, or both. The access settings may define particular criteria which must be met before a subset of user information may be accessed, and may identify particular users that may access the subset of user information. | 04-11-2013 |
| 20130091173 | Methods, Systems, and Computer Program Products for Providing a Generic Database Security Application Using Virtual Private Database Functionality with a Common Security Policy Function - Methods for providing a generic database security application using virtual private database (VPD) functionality are provided. The methods may include inserting rows into a user security table in a database providing VPD functionality, each row comprising a user ID for which database access is to be controlled, the name of a database object to be secured, and a predicate; and defining a security policy function common to all secured database objects, said security policy function generating a second predicate to be appended by the database's VPD functionality to queries made on a queried secured database object by a querying user, said second predicate based on at least one predicate in at least one row in the user security table, the at least one row referencing the name of the queried secured database object and the user ID of the querying user. Related systems and computer program products are also provided. | 04-11-2013 |
| 20130110877 | MANAGING HOMEOWNER ASSOCIATION MESSAGES | 05-02-2013 |
| 20130138694 | COMPUTER-IMPLEMENTED SYSTEM AND METHOD FOR MANAGING CATEGORIES OF WAYMARKS - A computer-implemented system and method for managing categories of waymarks is provided. Waymark records are each associated with a category and maintained on a database. Each waymark record includes metadata associated with at least one variable and one or more attributes specifying a type of the metadata for each variable. Access to the database is provided. A user having access to the database is identified based on a list of authorized users. A request from the user to present one such category and the associated waymark records is received. At least one waymark record from the requested category is processed. Input metadata is received from the user consistent with the variables and the attributes for that waymark record. At least a portion of the metadata is replaced with the input metadata. | 05-30-2013 |
| 20130144915 | AUTOMATIC MULTI-USER PROFILE MANAGEMENT FOR MEDIA CONTENT SELECTION - A profile management apparatus for controlling available media content includes an individual identifier module, a profile creation module, a profile selection module, and a media control module. The individual identifier module automatically identifies one or more individuals as currently within a perceiving range of an output device receiving input from a media player without user input. The profile creation module automatically creates a new profile without user input in response to determining that a profile associated with the one or more individuals does not exist. The profile selection module selects at least one profile associated with the one or more individuals. The media control module controls media that is available for selection on the media player based one or more of media usage information and content restriction rules of the at least one profile. | 06-06-2013 |
| 20130226970 | SYSTEMS AND/OR METHODS FOR AUTOMATICALLY DERIVING WEB SERVICE PERMISSIONS BASED ON XML STRUCTURE PERMISSIONS - Certain example embodiments relate to techniques for automatically deriving web service permissions based on XML structure permissions. A call for a web service operation is received from a client at a web service runtime engine. XML data objects from a database of XML data objects located on an XML server implicated by the called web service operation are identified. The XML data objects have corresponding XML data structures. Access permissions for the user for the identified XML data objects are retrieved from the XML server, the access permissions for the web service having been generated automatically from access permissions based on the XML data structures for corresponding XML data objects. The called web service operation is either permitted or prohibited based on a determination, at the web service runtime engine and based on the retrieved access permissions. Thus, data access requests are handled in the “higher” web service layer. | 08-29-2013 |
| 20130246474 | PROVIDING DIFFERENT ACCESS TO DOCUMENTS IN AN ONLINE DOCUMENT SHARING COMMUNITY DEPENDING ON WHETHER THE DOCUMENT IS PUBLIC OR PRIVATE - Provided are a computer program product, system, and method for providing different access to documents in an online document sharing community depending on whether the document is public or private. A request is received for a page and a determination is made of a document to include in the page and whether document information for the determined document indicates the document as public or private. An access element is included in the page to provide access to the content of the determined document in response to determining that the determined document is public. Access to a public description of the document not including all the content of the document is included in the page in response to determining that the determined document is private and that the requesting participant is not a member of the group of participants allowed to access the document. | 09-19-2013 |
| 20130246475 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR SHARING TENANT INFORMATION UTILIZING A MULTI-TENANT ON-DEMAND DATABASE SERVICE - In accordance with embodiments, there are provided mechanisms and methods for sharing tenant information utilizing a multi-tenant on-demand database service. These mechanisms and methods for sharing tenant information utilizing a multi-tenant on-demand database service can allow automatic sharing of information owned by a first tenant with other tenants of the multi-tenant on-demand database service. In this way, collaboration among tenants of the multi-tenant on-demand database service may be enabled via the sharing of the tenant information. | 09-19-2013 |
| 20130254236 | SYSTEM AND METHOD FOR STORAGE OPERATION ACCESS SECURITY - A method and system for controlling access to stored data is provided. The storage access control system leverages a preexisting security infrastructure of a system to inform the proper access control that should be applied to data stored outside of its original location, such as a data backup. The storage access control system may place similar access control restrictions on the backup files that existed on the original files. In this way, the backed up data is given similar protection as that of the original data. | 09-26-2013 |
| 20130304765 | AUTOMATIC FOLDER ACCESS MANAGEMENT - Methods and systems are provided for decentralizing user data access rights control activities in networked organizations having diverse access control models and file server protocols. A folder management application enables end users of the file system to make requests for access to storage elements, either individually, or by becoming members of a user group having group access privileges. Responsibility for dealing with such requests is distributed to respective group owners and data owners, who may delegate responsibility to authorizers. The application may also consider automatically generated proposals for changes to access privileges. An automatic system continually monitors and analyzes access behavior by users who have been pre-classified into groups having common data access privileges. As the organizational structure changes, these groups are adaptively changed both in composition and in data access rights. | 11-14-2013 |
| 20140089348 | CONTEXT SWITCHING IN A BUSINESS APPLICATION - In a business application, contexts can be switched based on a selected customer. A first authorization profile can be associated with the business application. The authorization profile can restrict a user's ability to access, enter new or update existing information. In response to selection of a first element, such as a customer, the authorization profile can be switched to a second, different authorization profile with different read and/or write privileges. Context switching can also be used which includes additional features beyond the authorization profile. For example, personalization parameters that affect look and feel can be swapped. Additionally, available actions or pages accessible in the application can be swapped. | 03-27-2014 |
| 20140115005 | SYSTEM AND METHODS FOR LIVE MASKING FILE SYSTEM ACCESS CONTROL ENTRIES - Implementations described and claimed herein provide systems and methods for dynamically masking an access control list corresponding to a file system object in response to a change mode command. In one implementation, a change mode command for a file system object to change a first mode to a second mode is received. The first mode defines a first set of access rights and the second mode defines a second set of access rights. In response to the change mode command, a mask is dynamically applied to an access control list corresponding to the file system object. The access control list has zero or more access control entries defining access permissions for the file system object. The mask modifies any of the zero or more access control entries that have access permissions that exceed the second set of access rights defined by the second mode. The access control list is preserved. | 04-24-2014 |
| 20140149461 | FLEXIBLE PERMISSION MANAGEMENT FRAMEWORK FOR CLOUD ATTACHED FILE SYSTEMS - A method of managing file permissions in a remote file storage system includes defining permissions for the remote file storage system and controlling access to objects on the remote file storage system according to the permissions of the remote file storage system. The permissions are transferred to a client file storage system remote from the remote file storage system, and access to objects on the client file storage system is controlled according to the permissions of the remote file storage system. A remote file storage system includes a permissions file generator operative to generate a permissions file, which is transmitted to a client file storage system for enforcement at the client file storage system. | 05-29-2014 |
| 20140172918 | Role Based Access Management for Business Object Data Structures - A service request from a user is received to execute an operation on an instance of a business object. Thereafter, an access control check is performed to confirm whether the user is allowed to execute the requested operation on a type of business object corresponding to the business object specified and based on an access group associated with the user. Subsequently, the user is either provided with access to the instance of the business object to execute the operation if the access control check confirms that the user is allowed to execute the operation on the instance of the business object, or prevented from accessing the instance of the business object to execute the operation on the instance of the business object. Related apparatus, systems, techniques and articles are also described. Related apparatus, systems, techniques and articles are also described. | 06-19-2014 |
| 20140201242 | ROLE BASED AUTHORIZATION BASED ON PRODUCT CONTENT SPACE - A computer-implemented method for generating role-based authorizations includes collecting, by a processor, a plurality of permissions from an access control list, creating, by the processor, a plurality of content space specification files that includes the plurality of permissions from an access control list, processing, by the processor, the plurality of content space specification files to generate a plurality of access control list roles and outputting, by the processor, the plurality of access control list roles. | 07-17-2014 |
| 20140207823 | AUTOMATICALLY GRANTING ACCESS TO CONTENT IN A MICROBLOG - A method, system and computer program product for automatically granting access to content referenced in a microblog. A microblog post having content referenced therein is received by a microblog server. The microblog post includes a special character (e.g., “@”) designating a user, group or community. Furthermore, the microblog post includes a special character (e.g., “!”) designating the content. In response to recognizing the special character designating the content, the microblog server grants access to the designated content to the user, group or community referenced in the microblog post. By including a special character in the microblog post to designate content to be made available to the user, group or community referenced in the microblog post, the user can now designate the content to be made available to the users, groups and/or communities that do not previously have rights to access the content in an easy and efficient manner. | 07-24-2014 |
| 20140207824 | ACCESS CONTROLS ON THE USE OF FREEFORM METADATA - Approaches are described for security and access control for computing resources. Various embodiments utilize metadata, e.g., tags that can be applied to one or more computing resources (e.g., virtual machines, host computing devices, applications, databases, etc.) to control access to these and/or other computing resources. In various embodiments, the tags and access control policies described herein can be utilized in a multitenant shared resource environment. | 07-24-2014 |
| 20140222866 | ACCESSING OBJECTS IN HOSTED STORAGE - A hosted storage system receives a storage request that includes a single object and conforms to an API implemented by the hosted storage system. The API is designed to only support a single object in a storage request. The hosted storage system, in response to determining that the single object is an archive file, extracts each of the bundled files from the archive file and stores each of the extracted files in the hosted storage system such that each of the extracted files is separately accessible by the client system over the network. | 08-07-2014 |
| 20140236999 | SYSTEMS AND METHODOLOGIES FOR CONTROLLING ACCESS TO A FILE SYSTEM - A method for controlling access to a file system having data elements, including the steps of maintaining a record of respective actual accesses by users of the file system to the data elements, defining a proposed removal of a set of the users from a superset of the users, wherein members of the superset have common access privileges to a portion of the data elements, and wherein following an implementation of the proposed removal, members of the set retain respective proposed residual access permissions, ascertaining, prior to the implementation of the proposed removal, that at least one of the respective actual accesses are disallowed to the members of the set, or to non-members of the set having actual access profiles which are similar to the actual access profiles of the members of the set, by the respective proposed residual access permissions, and generating an error indication, responsively to the ascertaining. | 08-21-2014 |
| 20140317145 | MULTI-IDENTITY FOR SECURE FILE SHARING - Techniques for controlling access to shared data files such as stored in a collaborative file sharing service. Organizations want to have access to data originated by their employees and want that access to continue even when the employees leave the company. Also, organizations do not want former employees to have access to the company's files. A file storage service uses an Organization's recovery key while creating a recovery record for a file (which may be stored in a folder), and protected using a Work identity. The individual person who originally creates a file and/or shares a folder securely with others is considered the folder's owner as long as he is part of the same Organization. User's identities are validated upon access. The keys are also purged from a local key store as soon as identity changes are detected. In this way, the folder owner will not be able to decrypt files stored in a folder shared using a Work identity if the identity is canceled by the Organization. | 10-23-2014 |
| 20140337385 | MANAGING FILE USAGE - Embodiments of a system and method are disclosed concerning the management of file usage. The method of controlling file access may manage a file with a target ID that has a sender and a recipient. The method may also establish a priority level key associated with the file. The priority level key may control file access. The method may provide the file access to the recipient if the recipient has access rights corresponding to the priority level key. | 11-13-2014 |
| 20150081737 | MANAGING APPLICATION DATA IN DISTRIBUTED CONTROL SYSTEMS - A device may correspond to a physical access controller in a distributed physical access control system. The device in a distributed system may include logic configured to detect a request from an application to access an application dataset, wherein the application dataset corresponds to a distributed dataset and determine whether the application dataset exists in the distributed system. The logic may be further configured to generate the application dataset in the distributed system, in response to determining that the application dataset does not exist in the distributed system, and send, to other devices in the distributed system, a request to join a dataset group that includes devices associated with the application dataset, in response to determining that the application dataset exists in the distributed system. | 03-19-2015 |
| 20150100603 | METHOD FOR CHECKING THE DATA OF A DATABASE RELATING TO PERSONS - The invention provides a method of automatically verifying certain items in a database relating to a set of people, and including for each person a plurality of data items such as age, first name, gender, a portrait, fingerprint images, or other biometric data items, the method incorporating determining for each person a plurality of correlations associating certain data items of that person with one another, for each data item being verified, calculating a confidence score depending at least on a first correlation of the data item being verified with a first other data item for the same person and on a second correlation of the data item being verified with a second other data item for the same person, and a step of comparing the score with a threshold value in order to determine whether the data item being verified is or is not valid. | 04-09-2015 |
| 20150100604 | SYSTEM AND METHOD FOR CONTROLLING ACCESS TO ASPECTS OF AN ELECTRONIC MESSAGE CAMPAIGN - A system for controlling access within an enterprise to information associated with recipients of an electronic message campaign of the enterprise sent to a plurality of recipient devices wherein the enterprise includes hierarchically structured Business Units having an enterprise level Business Unit at the highest level and a plurality of second level Business Units and an enterprise system communicatively coupled to a network and including an enterprise level device communicatively coupled to a plurality of second level devices includes a server and an electronic message engine The server is configured to assign an enterprise account to the enterprise system and to allow the enterprise level device to communicate selected portions of the recipient list. The electronic message engine is configured to generate electronic messages within a message campaign for sending to recipients identified by each of the second level devices from the selected portions of the recipient list. | 04-09-2015 |
| 20150142852 | DECLARATIVE AUTHORIZATIONS FOR SQL DATA MANIPULATION - The present disclosure describes methods, systems, and computer program products for providing declarative authorizations for SQL data manipulation. One computer-implemented method includes defining a data access model by: defining at least one aspect to be used as an authorization-relevant attribute for a resource entity, defining a path definition from the resource entity to the at least one aspect to relate the at least one aspect to the resource entity the authorization is restricted on, defining at least one restriction for the at least one aspect as part of the path definition, wherein defining the at least one restriction includes determining which constraint condition are to be used and how the constraint conditions are to be combined, and defining/assigning a role to a user, the role defining authorization to the resource entity using, at least in part, the at least one aspect, and deploying a data control language document. | 05-21-2015 |
| 20150295933 | System and Method for Providing an Early Stage Invention Database - Disclosed is a method of providing an early stage invention database by soliciting a plurality of submitters to provide information data on new inventions prior to or after filing corresponding patent applications, adding the information data to an early stage invention database; and offering the early stage invention database for access by the interested subscribers. | 10-15-2015 |
| 20150363427 | AUTOMATIC RESOURCE OWNERSHIP ASSIGNMENT SYSTEM AND METHOD - A method for automatic folder ownership assignment, including ascertaining which first folders, among a first multiplicity of folders, have at least one of modify and write permissions to non-IT administration entities, adding the first folders to a list of candidates for ownership assignment, defining a second multiplicity of folders which is a subset of the first multiplicity of folders and not including the first folders and descendents and ancestors thereof, ascertaining which second folders among the second multiplicity of folders, have permissions to non-IT administration entities, adding the second folders to the candidates, defining a third multiplicity of folders, which is a subset of the second multiplicity of folders and not including the second folders and descendents and ancestors thereof, ascertaining which third folders among the third multiplicity of folders are topmost folders, adding the third folders to the candidates, and recommending possible assignment of ownership of the candidates. | 12-17-2015 |
| 20150379031 | IDENTIFYING CONTENT UNDER ACCESS CONTROL - A search query is received from a first user through one or more input devices. A set of results is determined from content stored on a computer system based on the search query. The set of results includes a first subset of results not accessible to the first user due to access control. A list of results is provided to the first user. The list excludes the first subset of results. A target result is identified from the first subset of results. An owner is identified with control over access to the target result. The owner is notified that the target result is not accessible to at least one user. | 12-31-2015 |
| 20150379296 | Large Scale Network System Upgrade - In one embodiment, a network file management system | 12-31-2015 |
| 20160026815 | Collection Folders in a Content Management System - A content management system allows a user to create a collection folder to which a submitting user can add content items without being able to access content items added to the folder by other submitting users. A collection folder is created in a namespace of a collecting user and folder is made available to multiple submitting users to allow the submitting users to add items to the folder. When a submitting user first request to store a content item in the collection folder, the content management system creates a sub-folder associated with the submitting user in the collection folder and stores the content item in the sub-folder. The submitting user is given rights to the sub-folder, but is not given rights to sub-folders created for other submitting users. | 01-28-2016 |
| 20160048700 | SECURING PERSONAL INFORMATION - A database containing personal information of a user can be selectively read from and written to by multiple entities. Access level rules determine who gets access to which entries of a user record in the database. Access to some entries and actions taken on some entries may be possible only by producing, in real time, a smartcard-based authorization for such access or actions. | 02-18-2016 |
| 20160063273 | SYSTEMS, METHODS, AND APPARATUSES FOR IMPLEMENTING CROSS ORGANIZATIONAL DATA SHARING - In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing cross organizational data sharing including, for example, means for storing customer organization data in a database of the host organization; allocating at least a sub-set of the customer organization data to be shared as shared data; configuring a hub to expose the shared data to a proxy user and configuring the proxy user at the hub with access rights to the shared data; configuring one or more spokes with access rights to the shared data of the hub via the proxy user; receiving a request from one of the hubs for access to the shared data of the customer organization via the proxy user at the hub; and returning a response to the hub having made the request. Other related embodiments are disclosed. | 03-03-2016 |
| 20160078248 | RULE-BASED ACCESS CONTROL LIST MANAGEMENT - Access control list entries are managed as a function of access control list entry metadata for the object and the requesting user, and of an access control list rule applicable to the requesting user and the requested object. The access control list entry metadata for the object and the user is updated in response to request authorizations and denials. The access control list entry metadata for the object and the user is linked to the object and the user. Updating of the access control list entry metadata for the object and the user does not overwrite metadata for another access control list entry that is associated with the object and with another user that is different from the user. | 03-17-2016 |
| 20160140354 | DBFS PERMISSIONS USING USER, ROLE, AND PERMISSIONS FLAGS - A method for authenticating file operations on files and folders stored in a database file system where the database file system can authenticate a client-user request based upon the client-user's database credentials. The database file system has the capability of storing file permissions based on database credentials. Once a client requests a certain file operation, the client's operating system first determines whether the client has sufficient privileges to perform the requested file operation. If the client has privileges, the client operating system forwards the file operation request to the database file system. The database file system then authenticates the client, based on his database credentials, to determine whether or not to perform the requested file operation. | 05-19-2016 |
| 20160140355 | USER TRUST SCORES BASED ON REGISTRATION FEATURES - User trust scores based on registration features is described. A system identifies registration features associated with a user registered to interact with a database. The system calculates a registration trust score for the user based on a comparison of multiple registration features associated with the user to corresponding registration features associated with previous users who are restricted from interacting with the database and/or corresponding registration features associated with previous users who are enabled to interact with the database. The system restricts the user from interacting with the database if the registration trust score is above a registration threshold. | 05-19-2016 |
| 20160149925 | SYSTEMS AND METHODOLOGIES FOR CONTROLLING ACCESS TO A FILE SYSTEM - A method for controlling access to a file system having data elements, including the steps of maintaining a record of respective actual accesses by users of the file system to the data elements, defining a proposed removal of a set of the users from a superset of the users, wherein members of the superset have common access privileges to a portion of the data elements, and wherein following an implementation of the proposed removal, members of the set retain respective proposed residual access permissions, ascertaining, prior to the implementation of the proposed removal, that at least one of the respective actual accesses are disallowed to the members of the set, or to non-members of the set having actual access profiles which are similar to the actual access profiles of the members of the set, by the respective proposed residual access permissions, and generating an error indication, responsively to the ascertaining. | 05-26-2016 |
| 20160188617 | System for Providing User Privilege Information Associated with Secured Data - In one embodiment, a system receives a request for user privilege information associated with an object of a first database. The system determines a class of a second database that corresponds to the object and accesses user privilege records that the second database associates with the class. The system determines a subset of the user privilege records that correspond to a selected user. Each of the subset of user privilege records comprise a privilege and a user privilege value indicating whether the selected user is authorized for that privilege. The subset of user privilege records are consolidated into a privilege matrix comprising a first axis listing the selected user, a second axis listing the privileges, and for each intersection of selected user and privilege, a corresponding user privilege value determined from the subset of user privilege records. The system communicates the privilege matrix in response to the request. | 06-30-2016 |
| 20160203327 | EDGE ACCESS CONTROL IN QUERYING FACTS STORED IN GRAPH DATABASES | 07-14-2016 |
