Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Privileged access

Subclass of:

707 - Data processing: database and file management or data structures

707001000 - DATABASE OR FILE ACCESSING

Patent class list (only not empty are listed)

Deeper subclasses:

Entries
DocumentTitleDate
20090222449CONTROLLING ACCESS TO A DATABASE USING DATABASE INTERNAL AND EXTERNAL AUTHORIZATION INFORMATION - Techniques for using both database internal and database external authorization information to control access to a database are disclosed. Corporate accounts which are generally used in many corporate environments (e.g., operating system accounts) can be defined as “external” database accounts with database external authorization information that define database external access privileges for a database. The database external access-privileges are used in conjunction with a set of complementary database “internal” access privileges defined for database internal accounts. An integrated access-privilege set is generated and used as a single source to authorize access to a database regardless of whether database internal or external accounts are used to access the database. As a result, databases can be integrated with various non-database entities (e.g., corporate computing systems).09-03-2009
20090193026INTEGRATED DATABASE REPLAY PROTECTION - An apparatus and method for providing replay protection integrity protection of a database accessible by an electronic device is provided, wherein the database is capable of protecting a plurality of records. When at least one protected record in the database is modified in an authorized manner, a record tag corresponding to the at least one protected record is stored in the database, and the at least one protected record and the corresponding record tag are copied into a cache. Upon retrieval of the at least one protected record from the database, the copied record tag stored in the cache is compared with the corresponding record tag stored in the database. Use of the retrieved protected record is inhibited if the copied record tag stored in the cache does not correspond to the record tag stored in the database, and otherwise use of the retrieved protected record is enabled.07-30-2009
20100011000MANAGING THE CREATION, DETECTION, AND MAINTENANCE OF SENSITIVE INFORMATION - A method, information processing system, and computer program storage product for managing information within an electronic file are provided. A plurality of information sets within an electronic file is analyzed. At least one of the information sets is compared to at least one statistical classification model. The statistical classification model includes one or more probabilities associated with a plurality of analyzed information sets that indicate a likelihood that a respective analyzed information set is classified sensitive information. The at least one information set is determined to substantially match at least one analyzed information set in the statistical classification model. The probability associated with the at least one analyzed information set is determined whether to be above a threshold. The at least one information set is classified as sensitive information in response to determining that the probability is above the threshold.01-14-2010
20100049716MEDIA VALIDATION SYSTEM - A media validation system including a plurality of media storage devices which contain a quantity of content thereon, a user computer processor assembly structured to operatively access a select media storage device, a verification module, and a communicative link between the verification module and the user computer processor assembly. Each of the media storage devices includes a unique unit identifier, the verification module identifying the unique unit identifier of the select media storage device and receiving user information associated therewith. The verification module is also structured to apply a reward credit in association with only a first user whose user information is associated with the unique unit identifier for the select media storage device.02-25-2010
20090030907ROW-LEVEL SECURITY IN A RELATIONAL DATABASE MANAGEMENT SYSTEM - An access control system provides multilevel and mandatory access control for a database management system. The access control systems provide access control at the row level in a relational database table. The database table contains a security label column within which is recorded a security label that is defined within a hierarchical security scheme. A user's security label is encoded with security information concerning the user. When a user requests access to a row, a security mechanism compares the user's security information with the security information in the row. If the user's security dominates the row's security, the user is given access to the row.01-29-2009
20100042628SHARING ACCESS TO CONTENT ITEMS USING GROUP INFORMATION AND ITEM INFORMATION - A user can share media content with others by defining one or more groups, where each group includes members who may access a set of user's content item on the online service or on user's local device. Item information is generated for content items to be shared and indicates where the content item can be accessed. The item information is provided to the members of the group that was selected to share the content item. The user can conveniently configure or update the group to share the user's content items. The content items to be shared can be located on an online service or on the user's local device.02-18-2010
20100042627Flexible Integrated Access to Published Material - Methods, systems, and apparatus, including medium-encoded computer program products, can provide flexible integrated access to media content. A method includes receiving a request for access by a user to media content via a first delivery mechanism of multiple delivery mechanisms. The delivery mechanisms include one or more delivery mechanisms operable to deliver an audio rendering of the media content and one or more delivery mechanisms operable to deliver a visual rendering of the media content. The user is provided with access to the media content via the first delivery mechanism. A request is received from the user for access to the media content via a second delivery mechanism and the user is provided with access to the media content via the second delivery mechanism.02-18-2010
20090157686METHOD AND APPARATUS FOR EFFICIENTLY CACHING A SYSTEM-WIDE ACCESS CONTROL LIST - One embodiment of the present invention provides a system for efficiently caching a system-wide Access Control Entry (ACE) for a subject requesting an action on an object associated with an application. During operation, the system retrieves a security class that is associated with an application. The system then checks if a constrained system-wide ACE associated with the subject, the object, the requested action, and the security class exists in a cache. If so, then the system retrieves the entry. Otherwise, the system retrieves a system-wide ACE associated with the subject and the requested action. The system also retrieves a local ACE associated with the subject, the object, the requested action, and the security class. Next, the system constrains the system-wide ACE with the local ACE and caches the result so that the constrained system-wide ACE is associated with the subject, the object, the requested action, and the security class.06-18-2009
20090157685Pervasive Media Information Retrieval System - A pervasive information retrieval system is disclosed in consumer electronics and home entertainment for retrieval of audio and visual information but also information containing text, pictures etc. in a multi user and multi domain environment comprising a plurality of physically distributed sub-domains having different rendering units, such as loudspeakers, television screens etc. The user is enabled to “grab” an ongoing information rendering experience, such as listening to a piece of music or to a broadcasted radio channel, watching a film or a broadcasted television programme, move to another sub-domain and “throw” the experience onto that sub-domain, where the experience will continue without the need to further operate the rendering units in the selected sub-domain.06-18-2009
20090138475Method for creating a web-based contact book which includes multi-sourced contact-generated content (from social networks) in a custom and private stand-alone contact book with information selectively pulled from multiple outside sources, including multiple social networks, via a unique combination of a user decision node and a main and subordinated data tables structure, yielding no explicit or implicit source level value judgments or biases - The growth of the World Wide Web has yielded many new and diverse sources of contact information. These sources need to be properly synchronized in order to be effectively integrated and ultimately useful. It is also important to maintain the integrity, customization and privacy required of a proper contact book. Current contact book models and mechanisms for synchronization all rely on explicit, inherent or implicit value judgments on the validity of the sources (examples include: choosing one source exclusively over others, choosing the latest information input as the best, or creating a hierarchy of sources, or implicitly creating biases when a source synching sequence is required) which are then blindly applied across the synchronization process. Information is then placed directly into the contact book, often without consulting the user for a decision, and with the potential to overwrite correct information. These source level value judgments and biases yield problems which lead to loss of information and ultimately distrust of the content of the contact management system, among other problems. Our novel model consists of a stand-alone, custom and private contact book for each user; the content in this contact book is either entered directly by the user, or selectively pulled from exogenous sources (either outside offline contact management systems, outside online contact management systems or outside online social networks). This is achieved using multiple subordinated information tables (each for a different information source) and a main information table, and creating a user decision node located between the main table and the subordinated tables controlling the flow of information. Thus, our system harnesses all of the information sources and incorporates user discretion in dictating the flow of information. Our invention is not vulnerable to loss of information, and the user control over the process will lead to greater trust in the content. This innovation and system of combining the data table structure and the user decision node yields valuable improvements over the current technologies.05-28-2009
20090125522File sharing system and file sharing method - Privacy information of a user is protected without hampering convenience when such user is to process a file in an online file storage. Provided is a file sharing system including at least one or more information processing units and a storage apparatus connected to the at least one or more information processing units via the Internet, and for storing files from the at least one or more information processing units in the storage apparatus and sharing the stored files with the at least one or more information processing units. The information processing unit includes a file creation unit for separating, when creating a file in the storage apparatus, privacy information that identifies a user creating the file from information required for creating the file in the storage apparatus, and creating the file in the storage apparatus by using information obtained by converting the separated privacy information.05-14-2009
20090125521SYSTEM AND METHOD FOR REPRESENTATION OF MULTIPLE-IDENTITIES OF A USER IN A SOCIAL NETWORKING ENVIRONMENT - Systems and methods for representation of a user in a social networking environment are disclosed. In one aspect of the present disclosure, a method of a social networking environment includes managing anonymity levels of a set of user content provided by a user to the social networking environment. The set of user content includes a first content subset having a first anonymity level corresponding to a privacy setting of a public status, a second content subset having a second anonymity level corresponding to a privacy setting of a peer status, and/or a third content subset having a third anonymity level corresponding to a privacy setting of a private status.05-14-2009
20090043775ROW-LEVEL SECURITY IN A RELATIONAL DATABASE MANAGEMENT SYSTEM - Access control methods provide multilevel and mandatory access control for a database management system. The access control techniques provide access control at the row level in a relational database table. The database table contains a security label column within which is recorded a security label that is defined within a hierarchical security scheme. A user's security label is encoded with security information concerning the user. When a user requests access to a row, a security mechanism compares the user's security information with the security information in the row. If the user's security dominates the row's security, the user is given access to the row.02-12-2009
20090043773Providing Security in a Database System - A method and apparatus to provide security for data in a database system includes providing a secure user-defined data type (UDT) that has security features. The secure UDT defines security information, which in one arrangement is in the form of a list of identifiers of authorized users or other entities. Each data instance according to the secure UDT stored in tables of the database system is associated with such an access list. Thus, in response to a query, the security information is accessed to determine whether the user or other entity that issued the query has rights to access the data. Access is then allowed or denied based on the security information.02-12-2009
20090319529Information Rights Management - In certain embodiments, a method for providing information rights management (IRM) includes receiving, from a user having an associated security access profile, a request to access an object. The object has a corresponding IRM wrapper stored with the object both when the object is stored in a document management system (DMS) database and external to the DMS database, the IRM wrapper including an IRM profile and one or more IRM permission sets. The object also has encrypted data. The method further includes determining whether the user is authorized to access the object based on a comparison of the security access profile of the user and the IRM profile of the IRM wrapper corresponding to the object and communicating to the user, in response to a determination that the user is authorized to access the object, a decryption key associated with object.12-24-2009
20090307224APPARATUS AND METHOD FOR COMMUNICATING, ACCESSING, ORGANIZING, AND/OR MANAGING, INFORMATION IN A NETWORK ENVIRONMENT - A computer-implemented method, including creating a communication record for a task, a project, or a project task, storing the communication record in a database or a memory device, processing a request transmitted from a first user computer or first communication device or processing a request transmitted from a second user computer or second communication device, wherein the request contains a request by a user to access the communication record or information contained in the communication record, or a request by the user to perform an operation or function on or regarding information contained in the communication record, and if the user is an authorized user, providing the user with access to the communication record or to information contained in the communication record, or allowing the user to perform the operation or function on or regarding the information contained in the communication record.12-10-2009
20090307223PERSONALIZED WEBSITE AND DATABASE FOR A MEDICAL ORGANIZATION - A system and method for managing the access of individuals to an information infrastructure is described. The metaphor for the user interface may be “myIntranet”, suggesting that the functions are similar to that of a browser of a client connected to the world-wide-web (WWW) through the Internet. The home page of “myIntranet” may be customized at a plurality of organizational levels within a medical facility, so as to provide rapid access to information that a person needs to perform a particular job responsibility. Each person may have a unique home page, or the home page may be customized, in part, by the user. Other portions of the home page may be customized by the department, the information technology organization, or other user with the appropriate permission. The configuration of the home page is associated with the individual user through a log-on procedure.12-10-2009
20090094245METHODS FOR IMPLEMENTATION OF INFORMATION AUDIT TRAIL TRACKING AND REPORTING IN A STORAGE SYSTEM - Embodiments of archival storage system are disclosed. The archival storage system includes one or more removable disk drives that provide random access and are readily expandable. One or more application servers can store archival data to the one or more removable disk drives. Further, the archival storage system provides an audit trail that stores information about actions taken on the archival data. The audit trail data providing a list of the actions and information about the actions that can be used to determine changes to the archival data.04-09-2009
20090094244METHOD FOR CREATING AND MODIFYING LISTS FOR ELECTRONIC DISTRIBUTION - An initial distribution list is dynamically modified using criteria determined from the current entries in the list. After an originator generates a distribution list and prior to submission of the message to entries on the generated list, the method of the present invention examines the entries in the created distribution list. From this list, the invention identifies features of the entries. From these features, the method generates criteria that can be used to generate additional entries that may be included in the list. In one approach, the generated criteria are presented to the user for review and approval. If the originator approves the criteria, the generated list is modified to add additional entries to the distribution based on the generated criteria. If the originator rejects the criteria, the initially generated list is submitted and the message is sent to the entries on the initial list.04-09-2009
20090271409Method and system for distributed data management of personal data in a socialnetworking context - A receiving user receives an electronic message from an originating user such that the electronic message contains a data directive that requests a data transfer to/from the receiving user and the originating user. In response to receiving the electronic message, access privileges for the originating user are determined at the receiving computer with respect to access privilege parameters that have been specified by the receiving user. One or more remote and/or local datastores are accessed in order to read and/or write data in accordance with the determined access privileges and the requested data transfer. A response message may be returned to the originating user. One or more new request messages may be sent by the receiving user to other users, wherein each new request message includes the data directive.10-29-2009
20090070332INFORMATION RETRIEVAL - A method of dynamic information retrieval from a plurality of data sources, each data source being a potential repository of necessary data, determining a stored access profile defined by a combination of specific data sources and/or data types on a particular data source, allocating a stored data access profile to a user, the user retrieving a data collection to form the necessary data in accordance with the stored access profile with the data collection taken from the specific data sources and/or data types, the user and/or a controller monitoring proportional usage of the necessary data to dynamically adapt the stored access profile in terms of the combination define by the specific data sources and/or data types on a particular data source for subsequent retrieval of the necessary data by the user, the adaption dependent upon dynamically maintaining at least a predefined quotient for the usage of the necessary data and/or parts of the necessary data.03-12-2009
20090234857Controllable Content Distributing System - A system for controlled distribution of access to and broadcasting of a content acquired by a user from a content provider and accessible through an access provider, said system comprising a content control provider able to receive from said content provider and to store in a centralized database data relating to the user's rights over the acquired content. The access provider comprises a local database able to receive from said content control provider said data relating to the user's rights and a decisionmaking device able to analyze streams sent out by said user and to decide if said streams sent out conform to the user's rights registered in said local database. Application to controlling access to multimedia contents and broadcasting thereof to users when on the move or away from home via a number of types of networks or to users simultaneously connected to a number of types of networks.09-17-2009
20080294641METHODS AND APPARATUS FOR STORING, ORGANIZING, AND SHARING MULTIMEDIA OBJECTS AND DOCUMENTS - Briefly, the present invention provides electronic methods and apparatus for storing and organizing access restricted multimedia objects. This is accomplished using semantic networks by interactively defining a semantic network, identifying a relationship between nodes by associating a label with each semantic link, attaching multimedia objects to nodes and restricting user access to multimedia objects and/or the semantic network. The method allows users to access and edit the semantic network in a Java-based platform-independent software environment. The present invention further provides a method for multiple users to collaboratively store and organize multimedia objects by providing a shared view via a network while defining the semantic network, identifying the relationship between nodes, and attaching multimedia objects to nodes. The method permits a first user to interactively edit the semantic network, transfer control to a second user, and allow the second user to edit the semantic network while maintaining the shared view. The present invention further provides a method for collaborative platform-independent authoring of multimedia documents, allowing a first user to edit a multimedia document, providing the first and a second user with a shared view of the document via a network, permitting the first user to transfer control of the document to the second user, and allowing the second user to edit the document while maintain the shared view. These tasks are performed in a platform-independent Java-based software environment. The method further comprises restricting access to multimedia documents and/or multimedia objects based on a set of access privileges.11-27-2008
20080294640Pop-Up Software Application - An information delivery software application that employs “pop-up” software application technology installed on a user's computer to deliver changing content selected by the computer user. In the present application, the pop-up technology that is used to deliver to the consumer in a controlled and constructive manner to deliver content the user specifically requests, and on a regular schedule that the user has set and can change at will. The content may be data files, including text, audio files, video files, image files, RSS feeds, instant messages, Web pages, Internet hyperlinks and can itself contain links to other data files. Each delivery of content to an end-user is captured and logged as a data exchange event that can be tracked by the deliverer of the content.11-27-2008
20080294639System and Method For Delegating Program Management Authority - A system and method for managing authority granted to third parties to act on the behalf of an organization is disclosed. The system enables program administrators to request authority to manage one or more programs and/or products. A request for authority is submitted to an authorized officer for the organization that the program administrator wishes to act on behalf of. The authorizing office may approve or decline the request as well as assign specific permissions relating to one of more programs and/or product. The system further includes a contact management system providing reporting and hierarchical analysis features relating to program administrators, authorizing officers, account development managers.11-27-2008
20090327294Structured Coauthoring - A system is presented for structured coauthoring of a document, the system comprising a server. The server includes one or more documents organized into sections, a document permissions module that stores user access permissions for each section of a document, a document update processing module that processes requests from a user to share document updates with other users and that processes requests from a user to receive document updates from other users and a document rendering module that renders a document for display on a client so that sections of the document are updated with shared document updates made by users. The user access permissions determine the extent to which a user can modify each section of the document.12-31-2009
20090019051UBIQUITOUS DOCUMENT ROUTING ENFORCEMENT - Users can create document(s) in any format, and then submit these to a pre-processor. The pre-processor cooperates with the “save” function. The pre-processor associates, such as through embedding or adding a custom stream or modifying an existing custom stream within a compound document or association via file descriptors or file identifiers managed externally for any file type, record or object, a tag with the document preserving the original file format so that it can be rendered normally. A programmatically readable “label(es)” identifying a specific recipient identifier will be used for routing control identification. Document routing enforcement utilizes a form of the functionality of managing custom streams within compound documents or any file type, record or object. A compound document is a document consisting of intermingled multiple streams, e.g., metadata, spreadsheets, pictures, digital videos, digital audio, and other multimedia features and can also be used to collect several documents into one.01-15-2009
20090182747METHOD AND SYSTEM FOR USING FINE-GRAINED ACCESS CONTROL (FGAC) TO CONTROL ACCESS TO DATA IN A DATABASE - A method and system for controlling access to data stored in a table of a database are provided. The method includes marking the table of the database as being protected with fine-grained access control (FGAC), creating a system authorization class for the table of the database, the system authorization class having a default row authorization that prevents access to all rows in the table, the system authorization class being unmodifiable, creating a user authorization class for the table of the database, the user authorization class having a default row authorization that prevents access to all rows in the table, the user authorization class being modifiable, and associating the system authorization class and the user authorization class with the table of the database.07-16-2009
20090282045APPARATUS AND METHOD FOR ACCESSING DATA IN A MULTI-TENANT DATABASE ACCORDING TO A TRUST HIERARCHY - A computer readable storage medium comprises executable instructions to establish a trust hierarchy between tenants of a multi-tenant database. Data access rights for the trust hierarchy are specified, the data access rights defined by the tenants of the multi-tenant database. Queries on the multi-tenant database are processed subject to the data access rights for the trust hierarchy.11-12-2009
20090070333Method for Document Management Across Multiple Software Applications - A method for accessing data stored electronically in a computer system by a database software application has been developed. The method includes attaching a retrieving user interface to a primary software application that is currently being used by a user of the computer system. Next a data field is selected in the primary software application that contains specific subject data based on the user's activity m the primary software application. The subject data is determined in the data field with a pattern matching algorithm. Finally, a connected field is established between the primary software application and a secondary document management application, where the connected field is based on a pattern match in the primary software application and references related files of documents for access by the user in the secondary document management application.03-12-2009
20100030781METHOD AND APPARATUS FOR AUTOMATICALLY CLASSIFYING DATA - One embodiment of the present invention provides a system for automatically classifying data in a database. During operation, the system receives and executes a database operation. Next, the system automatically determines if any data was modified as a result of executing the database operation. If so, for each data item that was modified, the system automatically determines if the data item is associated with a classification-rule. If so, the system automatically reclassifies the data item according to the classification-rule. If not, the system leaves a classification of the data item unchanged.02-04-2010
20090177659System and Method for Cyber-Expo Operating Multi-Exhibition and Managing Cumulative Data - The present invention relates to a system and a method for cyber-expo operating multi-exhibition and managing cumulate data. The system for cyber-expo operating multi-exhibition and managing cumulate data comprises an exhibition material database which stores materials necessary for exhibition; a virtual space; at least one web server; a managing server; a main system. Further, in the system for cyber-expo according to the present invention, the main system selects one from a plurality of web servers, matches the exhibition material of the participant, and automatically generates the virtual exhibition space.07-09-2009
20090150397METHOD OF TAGGING INSTANT MESSAGING (IM) CONVERSATIONS FOR EASY INFORMATION SHARING - A method, system and computer program product for selecting and tagging content within an instant messaging (IM) session. The content is selected utilizing a contextual pointer, tagged with a subject and/or key words, then assigned a uniform resource locator (URL), and stored as an IM transcript. A search system allows the IM transcript and/or selected content to be indexed according to the tag, title, and word(s)/phrase(s) selected within the content. The IM transcript is retrieved from a location within the network via the assigned URL. IM users may assign accessibility privileges to the URL of the IM transcript, allowing selected content to be shared via a community and/or corporate network. Private access privileges may be assigned to offer full IM transcript protection.06-11-2009
20090144282ACCESS CONTROL WITH DECOMPOSABLE VALUES AND IT'S APPLICATION FOR VIRTUAL WORLDS - An access control method performed by a network server to which a plurality of users are connected is disclosed. In the access control method, upon access from each user to data stored in a network resource, the access control method searches a plurality of access control rules prepared in advance for controlling accesses from the users and each including an access control value which is one of a finite integer number of values, by using at least one of information on the user and information on the data. Then, on the basis of the retrieved access control rule, the access control value is determined. Thereafter, response information from the data or access request information to the data is changed by using the determined access control value.06-04-2009
20100023522Dynamically controlling permissions - A high level of computer security can be achieved by controlling read/write/execute access to files, controlling incoming or outgoing network connections, controlling incoming or outgoing network traffic and controlling privileged operations based on states of Application Security Environments and/or based on states of users or groups of users and/or based on states of privilege objects. These states can be controlled dynamically by software or by one or more hardware devices.01-28-2010
20090164470System for Providing Session-Based Network Privacy, Private, Persistent Storage, and Discretionary Access Control for Sharing Private Data - The invention provides secure and private communication over a network, as well as persistent private storage and private access control to the stored information, which is accomplished by imposing mechanisms that separate a user's actions from their identity. The system provides (i) anonymous network browsing, in which event the anonymity system is unaware of both the user's identity and browsing activities, (ii) private network storage and retrieval of data such as passwords, profiles and files in a manner such that the data can be stored into the system and later retrieved without the system knowing the contents or owners of the data, and (iii) the ability of the user to control and manage access to the remotely stored data without the system knowing the contents, owners, or accessors of the data.06-25-2009
20090204616ACCESS CONTROLLER USING TREE-STRUCTURED DATA - A method for controlling access to a data source includes steps of: storing a plurality of access control policies in a database; generating a plurality of tree-structured data from the policies; merging the plurality of tree-structured data; determining that a user is attempting to access part of the data source; determining whether or not to permit access; verify consistency of the determination; store the merged tree-structured data; and designate the part of the data source by a path expression.08-13-2009
20090204615PERSISTENT CROSS PLATFORM COLLECTION OF AUDIENCE DATA - Previous attempts to measure content and/or advertising consumption treat each category as a unique silo of information. A method, system, and method of doing business generate a profile by obtaining at least a first and second data measurement from a user impression of a linear source of content and a user impression of a time-shifted source of content and/or a user impression of an interactive source of content, and associating the measurements with a user ID to generate a profile.08-13-2009
20090089292Method and System for Controlled Distribution of One or More Distinct Profiles for a User - An information management and distribution system is disclosed. The information management and distribution system includes a client-side application and a server application that interact to facilitate the controlled exchange of contact information over a network. The client-side application can provide creation and design, rolodex, exchange, and update features. The information management and distribution system can also include a corporate administrator application. Still another aspect of the invention is that contact information can be distributed to registered users in a common format.04-02-2009
20090089289Methods and Apparatus for Providing Customer Treatment Information Over a Network - Methods and apparatus are disclosed for providing customer treatment information over a network. A transaction communication is established between a first enterprise and a second enterprise by receiving a request from a user associated with the first enterprise to establish the transaction communication; determining if the second enterprise is authorized to access enterprise information of the first enterprise; obtaining enterprise information from an enterprise database of the first enterprise; and providing the obtained information to the second enterprise as part of the establishment of the transaction communication if the second enterprise is authorized to access the enterprise information of the first enterprise. The enterprise information is typically related to the transaction and may comprise one or more of customer priority information and a transaction history. The second enterprise can determine if a third enterprise is authorized to access enterprise information of the first enterprise and/or the second enterprise.04-02-2009
20090089288SYSTEM AND METHOD FOR FILTERING CONTENT ON A MOBILE DEVICE BASED ON CONTEXTUAL TAGGING - A system and method of contextually filtering content presented to a user on a mobile device based on contextual tagging. The user controls how content will be filtered by the mobile device by creating contextual tags and associating or tagging content with the contextual tags. The contextual tag includes a contextual behavior that is either satisfied or not based on the current context of the mobile device. During operation, content accessible to the mobile device is searched to determine which contextual tags are met based on the current context of the mobile device. Content tagged with contextual tags whose behavior is currently met based on the current context of the mobile device are filtered and presented to the user. This allows the automatic presentation of a more manageable subgroup of content to the user on the mobile device based on the current context of the mobile device.04-02-2009
20090276433Electronic submission of application programs for network-based distribution - An improved system and method for submitting, distributing and/or managing digital products with respect to a product distribution site are disclosed. The submission of digital products to the product distribution site is able to be performed by numerous submitters in a uniform and computer-assisted manner. The submitted digital products can then be managed in a largely automated manner and made available for online purchase and distribution at the product distribution site. Once a digital product is submitted, the user can access the status of the digital product submission to obtain information of whether the digital product has been approved or rejected. In one embodiment, the digital products are computer program products (e.g., computer software programs).11-05-2009
20090287708Trans-community online memorial website for decedent memorials organized by community within a larger geographic service area - A trans-community online memorial website available over the World Wide Web for memorializing decedents with online memorials organized, listed, and displayed according to said website user's hometown and or otherwise specified local community and or other community or communities within said website's intended larger geographic service area.11-19-2009
20080208866IDENTIFICATION, NOTIFICATION, AND CONTROL OF DATA ACCESS QUANTITY AND PATTERNS - A device for limiting access to data in a database includes an input for receiving a request to access data in a database and a processor that is communicatively coupled to the input and allows access to the data in the database. A data counter for counting an instantaneous rate of data flow and/or a volume of data accessed and a comparator for determining if the data flow and/or the volume of data accessed in the database exceeds a previously specified value is also included, wherein the processor disallows access to the data in the database in response to the instantaneous rate and/or the volume of data exceeding the previously specified value.08-28-2008
20090276432DATA FILE STORING MULTIPLE DATA TYPES WITH CONTROLLED DATA ACCESS - A method and apparatus for efficiently storing multiple data types in a computer's register or data file. A single data file can store data with a variety of sizes and number formats, including integers, fractions, and mixed numbers. The register file is partitioned into fields, such that only the relevant portions of the register file are read or written.11-05-2009
20090276435Variably Controlling Access to Content - A software module is presented that enables a person to determine the relevance of a document while preventing the person from making a copy of the entire document. In one embodiment, this is accomplished by programmatically controlling which portions of a document will be presented to a user and which portions will not be presented to the user. In one embodiment, the software module is used in conjunction with a search engine to present a document search result.11-05-2009
20090287707Method to Manage Inventory Using Degree of Separation Metrics - A method for shared management of a virtual avatar's inventory using degrees of separation metrics. The user wishing to share his inventory associates other users with indicia representing the degrees of separation between the user creating the associations and the other users. The user associates the degree of separation indicia with a policy that defines the other users' allowed actions in shared management of the inventory.11-19-2009
20090287706PRIVACY AND CONFIDENTIALITY PRESERVING REPORTING OF URLS - A method of preserving privacy and confidentiality in a system where information is associated with an existing web page having an address. The method includes receiving a store command from a first user system, the store command including at least a database key and information to be associated with the web page, wherein the database key was created by performing a cryptographic hash function on the address of the web page; storing the information at a location in a storage database; associating the location with the database key; receiving a retrieve command from a second user system, the retrieve command including the database key calculated by the second user system; retrieving stored information from one or more locations in the database associated with the database key; and transmitting the stored information to the second user system.11-19-2009
20090287704CELL-BASED SECURITY REPRESENTATION FOR DATA ACCESS - Architecture for cell-based security on a per-user basis. A security model for this capability includes not only dimension level tables, but is extended to include cell level tables. The security model can include existing dimension tables, plus cell security tables that include a cell permissions table, a cell qualifiers table and a table that includes both the cell permissions table, a cell qualifiers. Metadata associated with the security applied to the cells for a given user can be stored locally in a local metadata store for retrieval and application against a data cube that an authenticated and authorized user is querying. In a specific implementation, the cell level security is employed in a performance management server application, where authentication is performed remotely by an authentication service, but the authorization function is performed local to the performance management server application.11-19-2009
20090210422Secure Database Access - Secure database access may be provided. First, a first schema associated with a database having a second schema may be defined. Next, a user type may be defined. The user type may comprise a user type that does not require a log-in. The defined user type may then be associated with the defined first schema. Next, at least one permission may be granted to the user type to the database on a database level. The at least one permission may comprise a create procedure permission, a create table permission, or a create function permission. Then permission to the second schema may be denied to the user type. Next, a procedure may be received comprising a procedure that poses a high security risk to the database. The received procedure may then be executed as the defined user type. The received procedure may be executed using a wrapper procedure.08-20-2009
20080275880ACCESS CONTROL FOR ELEMENTS IN A DATABASE OBJECT - A system for controlling access to elements in a database object are provided. The system provides for receiving a request from a user to access the database object, determining whether an access restriction is imposed on the database object, and controlling access to the elements in the database object by the user based on the access restriction. The access restriction specifies one or more users to which the access restriction is applicable, defines a dynamic condition the one or more users must satisfy in order to access the database object, and identifies one or more of the elements in the database object accessible to the one or more users when the dynamic condition is satisfied.11-06-2008
20080275879METHOD AND DEVICE FOR CONTROLLING THE ACCESS TO KNOWLEDGE NETWORKS - The invention relates to an efficient system for user rights in a semantic digital network, whereby users are arranged in the same semantic network as the information objects. The rights are thus derived from the semantic relations between users and information objects in a common semantic network.11-06-2008
20090037419Website exchange of personal information keyed to easily remembered non-alphanumeric symbols - A website and method of use are disclosed for providing access to personal data upon entry of an access key that includes at least one easily remembered non-alphanumeric symbol. In some embodiments an incorrect or partial access key can be entered, or one of several access key variants can be entered. In some embodiments a subset of the personal data is provided and the presentation format is selected according to the variant of the access key that is entered. Methods for entering non-alphanumeric symbols include selection of characteristics from hierarchical menus, entering unique alphanumeric strings corresponding to symbols, selecting squares from a matrix, combining symbols to form compound symbols, combining text with symbols, and uploading symbols. In preferred embodiments, access information is entered and/or personal information is supplied audibly, hyperlinks to other personal data sites can be included, and automated web searches can identify candidates for links to other sites.02-05-2009
20090119298VISUALIZATION OF ACCESS PERMISSION STATUS - Queries regarding access permissions of users and rights to directories in a complex enterprise are executed in near realtime, using lookups to tables that form a condensed database maintained for each file server. User information is condensed by arranging users in user groups having common data access rights. Directory permissions storage is condensed by showing only distinctive permissions to a directory in a table entry, and referencing inherited permissions of parent directories. The tables indicate recursive and ancestral relationships among the user groups and directories. They are developed and updated in advance of any queries. A consolidated view of the query results is presented on a single display screen. Using the tables results can be obtained without exhaustive searches of large file system tables.05-07-2009
20080228771METHOD AND SYSTEM FOR SEARCHING STORED DATA - A complete document management system is disclosed. Accordingly, systems and methods for managing data associated with a data storage component coupled to multiple computers over a network are disclosed. Systems and methods for managing data associated with a data storage component coupled to multiple computers over a network are further disclosed. Additionally, systems and methods for accessing documents available through a network, wherein the documents are stored on one or more data storage devices coupled to the network, are disclosed.09-18-2008
20080281826MANAGING POTENTIAL CLINICAL TRIAL PARTICIPANTS - A method for managing information on potential participants in clinical research trials is disclosed. The method and system include populating a centralized secure database with information on a contact from the contact's response content or referral content, assigning investigative responsibility for the contact to an investigator, and providing the investigator access to the information of the contact through a secure web portal.11-13-2008
20090265354METHOD FOR ELECTRONIC DATABASE MANIPULATION - A method and system for remotely modifying a database uses an electronic form stored on a remote computer. The electronic form is filled out by a user and submitted to the database. Once the database determines that the user is authorized, the database is updated to match the information contained in the form.10-22-2009
20090265353METHOD AND SYSTEM FOR EXTENDING ROLE BASED ACCESS CONTROL ACROSS NETWORK FILE SYSTEMS - A method and system are disclosed for managing access to files in a data processing network including a server computer, a client computer, and a network file system. The network file system is used to mount the files on the server computers, and a defined group of privileges are available to those files. In the operation of the network, a process runs on the client computer, and the process generates a request for a file operation. The method comprises the steps of determining whether the process has a specified privilege for the file operation; and when the process has this privilege, modifying the request to include a signal to the server to honor the request of the process. In the preferred embodiment of the invention, the client determines whether the process has the specified privilege and makes an appropriate modification to the request.10-22-2009
20080288499System, method, and program for sharing photos via the internet - A system for sharing files over a computer network via a hosting site is presented. The system includes a data storage space associated with the hosting. The space includes albums created by the one or more users for storage of related files. The albums include at least one level of sharing associated with each of the users, the level of sharing being in part assigned by users creating the albums. One or more accounts are associated with each user. The accounts allow the each of the users to access albums they created and albums that they are allowed access. An album creator creates the album. An album viewer views contents of the album. A file viewer views contents of the files. An album manager allows the one or more users to associate levels of sharing of the album and to modify the contents of the album.11-20-2008
20080313187STORAGE SYSTEM CAPABLE OF AUTHENTICATING HOSTS ON A NETWORK - A network-based storage system comprises one or more block-level storage servers that connect to, and provide storage for, one or more host computers over logical network connections, such as TCP/IP connections. In one embodiment, the block-level storage servers implement a protocol through which a storage server authenticates a host before permitting the host to access storage resources. Upon successful authentication, the storage server may also provide access information to the host.12-18-2008
20080313186Method and computer-readable media for creating verified business transaction documents - A method, and computer-readable media for performing the method, for creating verified business transaction documents. Electronic transaction documents are received from authenticated users, version identifiers are assigned to these documents, and the documents and version identifiers are stored in a database. Authenticated users may select a single version for “finalization” and a non-alterable document with a verification code is created and stored in the database for retrieval by users.12-18-2008
20080243854INFORMATION PROCESSING SYSTEM - An operated terminal monitors a connection request from an operating terminal, and when a connection request is transmitted from an operating terminal, an access right for a resource being accessed by the operated terminal is re-determined. As a result, the access right for a resource is appropriately maintained. The need for changing access environments for a resource is determined based on information that is acquired from an operating terminal that intends to access the resource, indicating location and type of the operating terminal. Software is automatically installed in an operating terminal for remote connection, and the operating terminal is automatically connected to the operated terminal.10-02-2008
20080250020ONTOLOGICAL REPRESENTATION OF KNOWLEDGE - A technique provides for an ontological representation of knowledge included in one or more contexts. A system and method based on the technique allows the creation, editing, and evolution of the ontology in the normal course of business as entities interact and communicate. Agents acting on behalf of contexts control the storage and linking of objects included in the ontology. Tree data structures and databases can be used to represent and store contexts, objects, roles, and taxonomies. Objects can be linked to other objects through context. Further, the contexts can be accessed through an authorization and accountability model.10-09-2008
20080270408Data Processing System And Method - A method of configuring role based access control, comprising associating roles with authorizations using (i) a first list that indicates the authorizations, (ii) a second list that indicates roles and their descriptions, and (iii) a key database that maps the descriptions to the roles; and creating a role/authorizations configuration data structure that indicates the roles and their associated authorizations.10-30-2008
20080215588Electronic object sharing system - According to one embodiment, a system and method is described for assigning access rights to documents and controlling these access rights within a database environment thereby preventing unauthorized persons from viewing certain documents. According to one embodiment of the invention, a method of operation comprises determining if a user has access rights to an electronic object stored in a database. If not, information associated with the electronic object is precluded from being displayed.09-04-2008
20080235234ACCESS CONTROL LIST (ACL) BINDING IN A DATA PROCESSING SYSTEM - Systems for updating an access control list (ACL) associated with one or more resources in a data processing system are provided. The system provides a table including a list of one or more first ACLs that map to a corresponding one or more previously computed second ACLs. The system also updates a current ACL associated with a first resource of the one or more resources in the data processing system including determining whether one of the one or more first ACLs in the table matches the current ACL associated with the first resource. If one of the one or more first ACLs in the table matches the current ACL associated with the first resource then updating the current ACL associated with the first resource by associating the corresponding second ACL with the first resource.09-25-2008
20080235233GENETC PROFILING AND BANKING SYSTEM AND METHOD - A genetic banking system allows the ability to securely store genetic profile data while allowing access to individuals authorized to access the profile for authorized purposes.09-25-2008
20080235232System and/or Method for Sharing and Evaluating Dietary Information - The present invention provides a system (09-25-2008
20080235231Computer-Implemented Systems And Methods For Database Access - Computer-implemented systems and methods for providing row-level security. A system can be configured to receive a request for data that is contained in tables and to use one or more row-level security policies to augment the received request with one or more row-level security query-related clauses.09-25-2008
20080235229ORGANIZING SCENARIO-RELATED INFORMATION AND CONTROLLING ACCESS THERETO - Mechanisms for organizing scenario solution-related information based upon a user's locality are provided. Locality refers to a collection of metadata created based upon scenario solutions executed by a user and/or enablers acquired by a user during scenario solution execution. Such metadata may be stored in association with a scenario solution execution workspace and/or in association with a user-specific information store. Once such information is acquired, a user may desire to share the information, or a portion thereof, with one or more other users, for instance, the members of a user group. However, often times, the user would prefer that the information not be made available to the general public. Thus, mechanisms for controlling access to user-specific information are also provided.09-25-2008
20080235230USING LOCATION AS A PRESENCE ATTRIBUTE - Embodiments of the invention provide systems and methods for determining location of a principal. According to one embodiment, a method of providing location information for a principal can comprise receiving a presence event related to the principal. A location of the principal can be indicated by or determined based on the presence event. The location of the principal can be stored as a location attribute of a presence profile of the principal. The method can further comprise providing access to the location attribute of the presence profile of the principal to one or more subscribers or users of a presence service. In some cases, providing access to the location attribute of the presence profile of the principal to the one or more subscribers can be based on one or more policies of the presence service.09-25-2008
20080306953System and method for sharing resources - A method and computer program product for defining an activity. One or more resources are associated with the activity. A user is associated with the activity. In response to associating the user with the activity, the user is granted access to the one or more resources associated with the activity.12-11-2008
20090089290METHODS AND SYSTEMS FOR CREATING AND UPDATING APPROVED-FILE AND TRUSTED-DOMAIN DATABASES - Computer-implemented methods and systems for creating or updating approved-file and trusted-domain databases and verifying the legitimacy of files are disclosed. A method for creating or updating an approved-file database may comprise intercepting a first file, identifying a source domain associated with the first file, identifying a trusted-domain database, determining whether a database record for the source domain associated with the first file exists within the trusted-domain database, creating a hash value for the first file if a database record for the source domain associated with the first file exists within the trusted-domain database, and storing the hash value for the first file in an approved-file database. Methods and systems for verifying the legitimacy of a file and for creating or updating a trusted-domain database are also disclosed.04-02-2009
20090119299Online Identity Management and Identity Verification - A user identity verification apparatus and method comprising, via one or more processors, collecting in a computer database consolidated user data comprising information about a method user from a plurality of sources comprising credit bureau information, information from data vendors, and public information, generating a profile of the method user comprising a plurality of subsets of the consolidated user data corresponding to a plurality of access levels, receiving a validation request from a third party source at an unknown user's request; assigning an access level to the validation request; requesting information from the unknown user, matching returned information from the unknown user to that in the subset of the consolidated user data corresponding to the assigned access level, and verifying to the third party source that the unknown user is the method user.05-07-2009
20090030906METHOD AND SYSTEM FOR SHARING DATA BETWEEN SUBSCRIBERS OF A MULTI-TENANT DATABASE SERVICE - In accordance with embodiments, there are provided mechanisms and methods for sharing data among subscribers of a multi-tenant database service. These mechanisms and methods for sharing data among subscribers of a multi-tenant database service can enable embodiments to providing controlled, limited sharing between the subscribers regardless of the physical location of the subscriber data. The ability of embodiments to provide such additional sharing capabilities may lead to more secure sharing of data within a multi-tenant on-demand database service.01-29-2009
20090125523DISTRIBUTED MANAGEMENT FRAMEWORK FOR PERSONAL ATTRIBUTES - A technique for distributed management of attributes includes propagating attributes based upon attribute-granularity permissions. An example of a system according to the technique may include a server, coupled to a first client and a second client, that includes a module that receives attribute data from the first client; a permissions database where first permissions associated with the first client are set at the individual attribute level for the second client; an engine for updating the permissions database and for validating the first permissions for the second client; and an engine for distributing first client updates based on validated permissions to destinations associated with the one or more second destination stores.05-14-2009
20090177660DOCUMENT MANAGING SYSTEM, INFORMATION PROCESSING DEVICE, DOCUMENT MANAGING METHOD, AND PROGRAM - An optical document managing server determines whether or not an access authority for accessing a document under its management is within a valid period preset on a per entry unit when receiving an access request for accessing the document from a client terminal, and permits access to the document when the access authority is within the valid period. This enables automatic access control for only limited users in access authority functions.07-09-2009
20090164469ABDUCING ASSERTION TO SUPPORT ACCESS QUERY - Logical abduction is used to derive the premises that support an access query. In a logic-based access-control system, a query, as to one or more principals' right to access one or more resources, is a statement that can be either true or false. The statement evaluates to true if the principal is allowed to access the resource under the existing set of assertions. Assertions that, if made, would cause the statement to be true can be abduced from the query and from the policy against which the truth of the query is to be judged. The abduced assertions can be used to assist in making the appropriate assertions to cause the query to evaluate to true so that access to the resource can be granted.06-25-2009
20090287709INFORMATION PROCESSING APPARATUS FOR EDITING DOCUMENT HAVING ACCESS RIGHT SETTINGS, METHOD OF INFORMATION PROCESSING, AND PROGRAM - An information processing apparatus according to the invention manages a plurality of documents, each including a plurality of pages and being provided with an access right. The information processing apparatus includes a storing unit configured to store the plurality of documents as one file on the basis of the access rights and information of a user who performs processing on the documents; a creating unit configured to create a page list that describes page information, which is information regarding each page stored by the storing unit; and an outputting unit configured to output a page included in the file on the basis of the page list created by the creating unit.11-19-2009
20090287705MANAGING WEBSITE BLACKLISTS - A method and system for managing website blacklists to control website access of a user. In one embodiment, a client queries a database regarding a location of a website before the client fetches a resource from the website. The database includes a list of websites based on which access by the client is controlled. If the location of the website in the query exists in the database, the client displays a warning dialog and receives a user input. The client determines whether to continue fetching the resource based on the user input to the warning dialog.11-19-2009
20090049049Method and System for Controlled Distribution of Profile Information and Related Data Objects - An information management and distribution system is disclosed. The information management and distribution system includes a client-side application and a server application that interact to facilitate the controlled exchange of contact information over a network. The client-side application can provide creation and design, rolodex, exchange, and update features. The information management and distribution system can also include a corporate administrator application. Still another aspect of the invention is that contact information can be distributed to registered users in a common format.02-19-2009
20090006412METHOD FOR RESOLVING PERMISSION FOR ROLE ACTIVATION OPERATORS - A method for resolving permissions using role activation operators to evaluate permissions assigned to a user in a role context inheritance hierarchy. The method comprises several steps. A step of retrieving a plurality of activated roles within a role context that match roles assigned to a user, wherein one or more permissions in the role context inherit from one or more permissions in a parent role context in a role context permission inheritance hierarchy. A step of determining an aggregate permission for each of the plurality of activated roles, wherein a role activation operator determines how an activated role is evaluated. A step of processing the aggregate permissions for the plurality of activated roles. A step of resolving a final permission for the user.01-01-2009
20090006410SYSTEM AND METHOD FOR ON-LINE INTERACTIVE LECTURES - A system and method for implementing on-line interactive lectures are provided. The video and audio lectures are delivered to geographically dispersed students through the internet. The delivery may be performed in two different modes, which are live-broadcast (live lectures) and on-demand (archived lectures). Live-broadcast lectures are delivered to students in real-time while the lectures are recorded. The students may interact with the teacher and also other students using real-time communication methods. The real-time communication methods include text-based on-line chat, and video/audio conferencing systems. On-demand lectures are delivered to students on per-request basis. The students may interact with the teacher or other students using non-real-time communication methods. The non-real-time communication methods include message boards and emails. The system may collaborate with a learning management system (LMS) to control the level of access over the video/audio streams and communications.01-01-2009
20090177661EMULATED STORAGE SYSTEM - Systems and methods for efficient storage of data are provided. For instance, a method that includes acts of receiving a data stream to be stored on a first storage system, the data stream comprising a data object and metadata that describes attributes of the data object, extracting the metadata from the data stream, storing the data object on the first storage system and storing the extracted metadata, separately from the data object, on a computer-readable medium is disclosed. Additionally, a storage system is disclosed that includes a first storage medium, an interface configured to receive a data stream including a data object to be stored on the first storage medium and a controller. The controller may be configured to extract metadata from the data stream, the metadata being descriptive of attributes of the data object, and to direct the extracted metadata to be stored on a computer-readable medium.07-09-2009
20090327298Multimedia journal with selective sharing, sealed entries, and legacy protection - A multimedia journal system comprising one or more journal servers and one or more client devices allows users to create an electronic journal. Journals may be redundantly stored in multiple locations so as to protect the journals from damage or destruction. The system also allows control of access to a journal or the parts thereof, and will allow a journal's owner to designate family members, friends, or others access to the journal in the event the owner passes away. Entries may be sealed to prevent or identify subsequent modifications or tampering. A sealed questionnaire is also provided, which users may answer periodically to track changes in their thoughts, feelings, or ideology. The system may be accessible via the World Wide Web.12-31-2009
20090327297ESTABLISHING PATIENT CONSENT ON BEHALF OF A THIRD PARTY - A database system, which stores electronic medical records, may assign a child-application-identification-code to a healthcare provider via a clinical system intermediary acting on behalf of the healthcare provider. The database system may associate the child-application-identification-code assigned to the healthcare provider with a privacy statement and terms of use associated with the clinical system. The privacy statement and terms of use may be presented to the patient when the patient is prompted by the database system to approve or deny a request by the healthcare provider to access the electronic medical record of the patient stored at the database system.12-31-2009
20090327296PRESERVING INDIVIDUAL INFORMATION PRIVACY BY PROVIDING ANONYMIZED CUSTOMER DATA - A method of preserving individual information privacy for each of a plurality of customers while providing aggregated information about the plurality of customers includes storing static customer data and dynamic customer data of the plurality of customers in a protected database. The method includes restricting shared access to the static customer data and the dynamic customer data to a set of approved privacy-preserving queries. The privacy preserving queries include a privacy-preserving aggregation query that uses one or more parameters to indicate a characteristic of interest for which aggregation of the static customer data and the dynamic customer data is requested. The privacy-preserving aggregation query may be configured to retrieve aggregated customer data related to the characteristic of interest. The aggregated customer data may be returned in response to the privacy-preserving aggregation query not including any personally identifiable information of any particular one of the plurality of customers.12-31-2009
20090012961SYSTEM AND METHOD FOR DEEPENING GROUP BONDS BY GRANTING ACCESS TO A DATA STRUCTURE - A method having the steps of granting, to a first client, access to a data structure; granting, to a second client, access to the data structure; transmitting, if the first client has caused a write operation on the data structure, a communication to the second client; and transmitting, if the second client has caused a write operation on the data structure, a communication to the first client. There is also provided a system, having a processor, that carries out the method. A method for strengthening group bonds, having the steps of: instantiating a data store that is dedicated to a predetermined group of users; receiving, into the data store, data generated by a first member of the group; providing an access to the data to a second member of the group; presenting the data to the second member of the group; receiving, from said second member, a communication into said data store; and wherein the communication is transmitted from the data store to the first member.01-08-2009
20090024628HOME MANAGEMENT, MAINTENANCE, REPAIR, REMODELING AND REDECORATION SYSTEM AND METHOD - Embodiments of the invention provide a home management system and method with a 360-degree virtual surface rendering application. Embodiments of the invention generate a listing of home improvement projects from the inspection report to be viewed through a user interface. Homeowners may manage, prioritize, rank, and educate themselves on each listed home improvement project. Embodiments of the invention may contain a 360-degree virtual surface rendering application allowing a homeowner to select different surface types for a room, and then view them on a re-rendered image of the room before purchasing the new surfaces.01-22-2009
20090024630Privacy Information Reporting Systems with Broad Search Scope and Integration - A system for providing background check information to consumers diversifies a search vector by iteratively searching databases to obtain comprehensive identifying information while eliminating redundancies. Fuzzy expansion operators based on phonetics, misspellings, and other factors may be employed. The self-background check is intended to be used by consumers to safeguard against identify theft.01-22-2009
20090210423METHODS AND SYSTEMS FOR MAINTAINING PERSONAL DATA TRUSTS - Methods and systems are provided that may be used to maintain personal data trusts in a computing environment. An exemplary system may include a repository adapted to store personal data, an identification agent adapted to identify at least one computing resource that may have personal data, a collection agent adapted to selectively retrieve the personal data and provide it to the repository for storage therein, and a disposition agent adapted to selectively control access to the collected and stored personal data.08-20-2009
20090210421ACCESS CONTROL DECISION METHOD AND SYSTEM - An access control method and system. The method includes enabling, by a computing system for a requester, access to the computing system. The computing system comprises group based access control data and computing resource data organized based on an XML schema that comprises a recursive format used to support a plurality of branch levels in a resource tree. The computing system associates first group data of the group based access control data with the requester. The computing system receives a request from the requester to access the computing resource data. The computing system determines an access control decision associated with the request to access the computing resource data. The computing system presents the access control decision to the requester.08-20-2009
20090083273PORTABLE ELECTRONIC APPARATUS AND CONTROL METHOD FOR PORTABLE ELECTRONIC APPARATUS - An IC card has a function for executing a process in a plurality of logical channels. When receiving a command in a certain logical channel, a control section of the IC card determines whether a priority right of an access to a file to be processed by the command is set in another logical channel. When the access priority right is not set in another logical channel, the control section of the IC card gives the access priority of the file to the logical channel which receives the command. The control section of the IC card limits executable command processes for accessing files with set access priority right. The control section of the IC card disables execution of a process which might change data (process for a command) on a file whose access priority right is set in another logical channel.03-26-2009
20090083271Automatically Adding Bytecode to a Software Application to Determine Database Access Information - A system and method for automatically analyzing virtual machine bytecode of a software application and adding additional bytecode operable to determine information regarding database access performed by the software application are described. According to one embodiment of the method, program code of a software application may be received, wherein the program code includes bytecode for a virtual machine. The bytecode may be automatically analyzed to detect access to a database. The method may operate to automatically add additional bytecode to the bytecode of the software application, where the added bytecode is operable to determine information regarding the access to the database.03-26-2009
20090049046Annotation and Publication Framework - A hybrid annotation and publication system is disclosed that can access content in a scalable manner from databases, allow for its editing and publication via wiki-style programs, while at the same time allowing for peer-review of such content via peer-review programs. This system balances the wiki-style programs, the peer-review programs, and any database store accesses in a manner appropriate to the need at hand according to various heuristics. For instance, the system can be accessed via a web browser, and data provided from various databases can be edited. Such data can be stored in the system in a hierarchical manner. Once the content is annotated, it can be reviewed (at various levels, ranging from expert to novice). Upon review, such content can be published using the wiki programs, so that the content is ready for public and/or private consumption.02-19-2009
20090198696Emergency medical record - A system and retrieval of an emergency medical record of a patient comprising the step of receiving the emergency medical record of the patient and an online database. The system further comprises the step of storing the emergency medical record in the online database and providing access to the online database by using a communications network. Access to the network is provided by entering a member number and a unique user defined validation code to maximize privacy and security. The system further comprises the step of retrieving the emergency medical record at the online database. The system comprises the final step of providing the emergency medical record to a requestor by one of the following methods: viewing the online display, printing the online display, faxing the emergency medical record to a requester, and e-mailing the emergency medical record to a requestor. The method may further comprise the step of entering the record delivery information including the fax number and at least one of the following: the facility name, the requestor name, and the facility phone number.08-06-2009
20090049047STORING CUSTOM METADATA USING CUSTOM ACCESS CONTROL ENTRIES - A computer-implemented system and method for storing custom metadata in a custom access control entry of a securable object. An exemplary method includes determining the custom metadata to be stored (e.g., information relating to the securable object that is inexpressible using a native file system application programming interface, information relating to remote domain permission data, information to support a custom feature of an application, etc.). The system may identify a custom access control entry (ACE) type corresponding to the custom metadata. In one embodiment, the custom ACE type is not a member of a set of ACE types directly interpretable by a native security subsystem to manage permissions for the securable object. The system may additionally store the custom ACE type and the custom metadata in a custom ACE, which may be added to the access control list of the securable object. The securable object may then be saved to the file system (e.g., to an NTFS file system).02-19-2009
20090049048MODULE AND ASSOCIATED METHOD FOR TR-069 OBJECT MANAGEMENT - The present invention relates to a view selector module (02-19-2009
20090300019HIERARCHICAL ITEM LEVEL ENTITLEMENT - A method for retrieving data from a database. The method includes receiving a query for the data in the database, determining a user associated with the query, and obtaining an entitlement entry associated with the user, the entitlement entry created by applying an entitlement rule associated with the user to a chasing rule. The method further includes determining, using a processor, an entitlement predicate for a data view query using the entitlement entry, the data view query including the entitlement predicate and associated with the query. The method further includes executing, on the processor, the data view query to obtain the data in the database, the user being entitled to view the data presenting the data to the user.12-03-2009
20090063491Provision of targeted content - Methods of providing services using a web marketing platform are described. The web marketing platform acts as a proxy associated with a host company and can intercept traffic passing to and from the host company. In an embodiment, an interface is provided which enables clients to easily request services. One example service is the provision of targeted content to users within web pages from sites hosted by the host company and in such an example, the actual content can be analyzed in real time to provide improved targeting based on the content, user behavior or any other criteria.03-05-2009
20090193027INFORMATION SERVICE SYSTEM USING USN NODES AND NETWORK, AND SERVICE SERVER CONNECTABLE TO USN NODES THROUGH NETWORK - An information service system using USN nodes, a network and a service server connectable to ubiquitous sensor network (USN) nodes through the network are disclosed. The information sensed by the USN nodes is transmitted to the service server connected to an external network, so that an administrator can check the context of surrounding environment where the USN nodes are installed, through the service server. The operation command for a specific object associated with a specific USN node, input by an administrator accessed the service server, is transmitted to the USN node via the network, so that the USN node can operate the specific object. The USN can be established at relatively small size, reducing installation costs, maintenance fees, and resource waste. Thus, the USN can be widely used in the applications.07-30-2009
20090063493Information Processing Apparatus - An information processing apparatus includes a processor and a memory unit connected to the processor. The memory unit stores a setting value and an web application. The web application causes the processor to change the setting value according to a request message from a client. The web application causes the processor to update the setting value stored in the memory unit with a setting value contained in a query string if the request message indicates a request for changing the setting value and the request message is transmitted from the client by a user with administrator privilege, and the web application causes the processor to insert a cookie having the setting value contained in the query string to a response header if the request message is transmitted from the client by a user without administrator privilege.03-05-2009
20090083272Role-based user tracking in service usage - Devising a centralized usage database for tracking and recording the usage of various services by various users may be difficult for several reasons, including the volume of data generated by each user in interacting with each service. Techniques are disclosed for streamlining usage data transmitted between the services, the users, and the usage database, such as by redistributing a portion of the computational burden to the users, and by characterizing the usage data based on the role of each user in interacting with each service. Additional techniques are disclosed for caching and authenticating the usage data, and for improving the response rate in the interaction of the usage database with users in order to provide a better user experience.03-26-2009
20090198698System and Method for Adding Multi-Leval Security to Federated Asset Repositories - A system and method for adding multi-level security to federated asset repositories is provided. A multi-level security (MLS) manager receives normalized taxonomies from repository managers, which manage repositories that include assets assigned various security levels. In turn, the MLS manager integrates the taxonomies into a composite taxonomy. When a portal receives a request from a user, the portal sends a taxonomy request to the MLS manager that includes the user's user identifier. The MLS manager retrieves the composite taxonomy, identifies the user's security level, filters the composite taxonomy based upon the user's security level, and provides the filtered composite taxonomy to the portal. In turn, the portal generates a user interface view based upon the filtered composite taxonomy and provides the user interface view to the user, which utilizes the user interface view to request and receive access to assets from one or more federated repositories.08-06-2009
20080263047METHOD AND APPARATUS FOR IMPLEMENTING USER PERSONALIZED OPERATION OF CHEMISTRY ANALYZER - The present invention discloses a user personalized operating method and operating apparatus for use in a Chemistry analyzer, said method comprises following steps: initiating the operating software of the Chemistry analyzer; loading a profile, said profile comprising at least a database containing combinations of controls for respective users; retrieving configuration information of the function components from the database; and setting display interface and function components by the Chemistry analyzer according to the configuration information. The present invention realizes different combinations of controls and display interface by use of the profile and thus operating software of different versions can be provided.10-23-2008
20080263046MEDIA PORTION SELECTION SYSTEM AND METHOD - A device may store a media file. A portion of the media file may be identified and played back in response to an event associated with the device. In one implementation, a portion of an existing audio file may be used as a ring tone in response to a received incoming telephone call.10-23-2008
20090100057Organization System for Distributed Items - An item grouping mechanism may be applied to files or other computer objects to allow the files or objects to be accessed according to the group definition. The group definition may be defined in a table with other group definitions and distributed across an organization so that each device using the group definition may have files or other items presented in a consistent manner. The group definition may be distributed through a different mechanism than for the files or other items. If a device determines that a file defined in the group definition is missing from a local store, the device may retrieve the file from a distribution server.04-16-2009
20080263045MULTI-TIERED SECURED INFORMATION HUB - A multi-tiered, secured information hub includes a plurality of information folders each containing information provided by an account owner. An Manage Account section permits the account owner to designate authorized users who have permission to access the information hub and to designate which portions of the information can be viewed by each of the authorized users. A timed window access limitation may be applied to some of the information so that authorized users can only view the information for a limited time period. A tracking section date and time stamps all information as it is added to the information hub and monitors and records the authorized users' access and use of the hub.10-23-2008
20090006411Strategic Business Management System - A subject focused information management system is provided based upon an object oriented hub and spoke topology. The information management system provides a structured and secure logically central means for retrieving and storing data oriented by topics and subject matter interests.01-01-2009
20090006409METADATA-BASED APPLICATION DEPLOYMENT - Computer-implemented methods, computer-readable media, and an application system are disclosed for creating and deploying metadata-generated applications. Access is provided to one or more type libraries that each include one or more defined object types configurable for use in generating the application. The defined object types include data structure types, rule types, and data types. Input is elicited from a user regarding desired content and function of the application. Based on the user input, metadata is generated to adapt the defined object types to generate the application. Metadata is generated to adapt the defined data structure types to create one or more application databases, to adapt the defined rule types to create one or more application behaviors, and to adapt the defined data types to create one or more application data types.01-01-2009
20090248692SAVING DEVICE FOR IMAGE SHARING, IMAGE SHARING SYSTEM, AND IMAGE SHARING METHOD - The saving device for image sharing includes an image acquiring unit configured to acquire the images offered by a sharer of the images, a sharee information storing unit configured to store sharee information with respect to at least one sharee, a subject assessing unit configured to assess whether or not a person subject is included in the acquired images, an image associating unit configured to associate the images assessed as not including a person subject with the images assessed as including a person subject, based on the sharee information, and a shared image determining unit configured to determine the images to be shared with the sharee or sharees from among the associated images and the images assessed as including a person subject, based on the sharee information. The image sharing system and an image sharing method use such a device.10-01-2009
20090210424AUTHENTICATION APPARATUS AND AUTHENTICATION METHOD - According to one embodiment, an authentication apparatus comprises a storage module configured to store permission information unique to a type of an apparatus which is permitted to access a database, a reception module configured to receive a data-acquisition request from a terminal apparatus, a check module configured to check unique information to a type of the terminal apparatus contained in the data-acquisition request with the permission information stored in the storage module, an access permitting module configured to permit the terminal apparatus to access the database when the unique information coincides with the permission information as a result of check performed by the check module.08-20-2009
20090216770SYSTEM AND METHOD FOR CONTROLLED ACCESS TO UP-TO-DATE CONTACT INFORMATION - A method and system for controlling a recipient's access to a user's information. The method includes receiving a plurality of contact information, registration information and access information from the user. Only person's knowing the user's registration information can update the contact and access information of the user. The contact information entered by a user is about that user. The access information defines accessible sets of contact information to be made accessible to recipients. A telephone exchange is associated with each recipient; and a local server is associated with each telephone exchange. The accessible set of information is stored in the local server for access by the recipient. The system handles updates to information on the local servers when a user updates their contact information. The system can automatically place calls for a recipient to a user that has granted the recipient access to a number for communicating with the user.08-27-2009
20090222448ELEMENTS OF AN ENTERPRISE EVENT FEED - An enterprise-based social networking application. The events pool for the social networking application may be automatically populated without requiring direct individual participation in the social networking application. Furthermore, networks may be established automatically, without an expressed invitation. The default network may be based on a participant's communication history and/or organization context within the enterprise. The participant may then edit or expand the network without necessarily requesting permission for the individuals being added, and without necessarily being part of that individual's network.09-03-2009
20090254561Method for Accessing User Data and Profile Management Server - A method for accessing user data and a profile management server (PMS) to resolve the inability of prior arts are disclosed to support both the associated access between user profiles and the distributed data access mechanism. The method for accessing user data includes: a PMS receives an associated data access request message from a requestor, determines a target associated user set after determining that the requestor is allowed to perform associated access to a source user, and converts the associated data access request into a data access request directed to each target associated user; and the PMS authenticates the data access request directed to each target associated user respectively and provides related data according to the authentication result. The PMS includes an authorization rule storage module, a control module, an association processing module and an association storage module.10-08-2009
20090254559FILE SYSTEM AND METHOD FOR CONTROLLING FILE SYSTEM - A file system includes an entity file region allocated to a client; and a conditional symbolic link file configured to store a conversion rule. A path analyzing section refers to the conversion rule stored in the conditional symbolic link file to convert a virtual path specified when the client accesses the entity file region through a network into an entity path based on an attribute data of the client and to specify the entity file region in the file system based on the entity path.10-08-2009
20090254557SYSTEM AND METHOD FOR VISUALIZATION OF DATA - Embodiments of computer implemented methods and systems for visualization of data are described. One example embodiment includes receiving authentication data related to a user, establishing an identity of the user based on the user authentication data, and receiving profile data associated with the user in response to the establishing of the identity of the user. The example embodiment may further include receiving transaction data associated with the user, selectively aggregating the profile data with the transaction data as aggregated user data, visualizing the aggregated user data as a data visualization, the data visualization being a composition of visual media corresponding to the aggregated data, and providing an address to the data visualization such that the data visualization may be referred to in other applications.10-08-2009
20090254560Database system and method with improved locks - A method for handling database locks includes detecting a new query from an administrator for a set of database records. Next, it is determined whether the administrator has any chance of being authorized to acquire a new lock. If so, an attempt is made to acquire the new lock and, on the failure to acquire, the administrator is informed that the lock has already been acquired by a prior administrator. Optionally, the new administrator is also provided with identifying information of the prior administrator and contact information for the prior administrator. The new administrator is therefore pre-screened to determine whether there is any chance to acquire a new lock to reduce the chance that an unauthorized new administrator could lock the set of database records. Also, should the new administrator be authorized but not able to access the set of database records due to a prior lock, the new administrator can be informed of the identity and contact information concerning the holder of the prior lock.10-08-2009
20090254558System and method of managing safety information - A safety management system for use in industry, such as the oil and gas industry, is disclosed. The system comprises a database component for storing safety information including project information comprising at least one project entry. Each project entry has a unique project identifier and project data. The database component further includes safety card information comprising at least one safety card entry, and a unique safety card identifier, a project identifier selected from the unique project identifiers of the at least one project entries and safety card data. The database component further comprising notification information comprising at least one notification entry. Each notification entry comprising a unique notification identifier, a project identifier selected from the unique project identifier of the at least one project entries and notification card data. The safety management system further comprises a control component for generating notifications and providing notification information to the database component.10-08-2009
20090259663Information Access Device And Network - An information access device is disclosed comprising an interface for connecting the information access device to a network; a further interface for providing the information access device with a string of information request indicators; an interpretation layer for extracting an information source from the string and for generating an instruction for triggering a different application of the device to retrieve the information from the information source; and a processor for executing the generated instruction.10-15-2009
20090259662Controlling Reuse of Components in a Content Management System - A content management system (CMS) includes a content reuse mechanism that checks a reuse contract corresponding to a component in the repository, and determines if all relevant criteria in the reuse contract corresponding to the component are satisfied before allowing reuse of a component in the repository. In this manner the reuse of components is controlled in a way that allows reuse when stated criteria in the reuse contract are satisfied yet restricts reuse when the criteria in the reuse contract are not satisfied.10-15-2009
20090259661Controlling Modification of Components in a Content Management System - A content management system (CMS) includes a content modification mechanism that checks a modification contract corresponding to a component in the repository, and determines if all relevant criteria in the modification contract corresponding to the component are satisfied before making changes to or allowing reuse of a component in the repository. The modification contract may specify a profile of authors that are allowed to modify the corresponding component. The content management system includes an author profile update mechanism that monitors modifications by authors to components in the repository, and automatically adjusts a profile of each author according to modifications made by the author. In this manner the rank of authors is automatically adjusted and the modification of components is controlled in a way that allows modification by those who are authorized yet restricts modification by those who are not authorized.10-15-2009
20080306954Methods and systems for managing permissions data - Methods, systems and computer readable media which use permissions checking when deciding whether to allow access to a file are described. In one exemplary embodiment, a method includes receiving a notification of a change of permissions of a directory in a hierarchical file system and determining, in response to the notification, whether to update partially a permissions cache which is used in screening access based on permissions, such as access to search results. The determining may include a comparison of an identifier of the directory to a data structure of cached directories which have files represented in the permissions cache.12-11-2008
20080306951Method and System of Retrieving Avatar Data Unique to a User - A method of retrieving avatar data unique to a user is provided. The method includes invoking an application and retrieving said avatar data from an avatar server. The avatar data is accessible from different types of devices, wherein the different types of data can be a game console or a personal computer.12-11-2008
20080306957Method and Computer-Readable Medium For Providing An Official File Repository - A method and computer-readable medium are provided for storing files in an official file repository. According to the method, a generic interface is exposed that includes a first method for requesting that a file be stored in a file vault. A record series is maintained that identifies one or more document types that may be stored in the file vault along with a location for each file type within the file vault where files of the type should be stored. A call may be made to the first method including the file to be stored in the file vault. In response to the call, a location for storing the file in the file vault may be identified based on the contents of the record series. Once the location has been identified, the file is stored in the identified location if the file type is in the record series. If the file type is not in the record series or the necessary property values are not received with the call, the file is placed in a holding zone portion of the file vault. The generic interface may further expose a second method for retrieving the file types identified in the record series and a third method for retrieving one or more properties associated with a file type identified in the record series.12-11-2008
20080306958SYSTEM AND METHOD FOR ROLE BASED ANALYSIS AND ACCESS CONTROL - A system and method for program access control includes, for a typestate, providing typestate properties and assigning a role to the typestate in a program in accordance with the typestate properties. Access to operations is limited for the typestate in the program based on the role assigned to the typestate and an access permission level.12-11-2008
20080306955Content management system and method - A method and system for facilitating the editing by a user of content hosted on a network. A page comprising one or more items of content is presented to the user. A tag is embedded in the page. The tag includes rules associated with an identity of users who are entitled to edit one or more of the content items. If the user is entitled to edit one or more of the content items, an indication is presented to the user on the page. When activated by the user, the indicator allows the user to edit one or more of the content items.12-11-2008
20080306956METHOD AND SYSTEM FOR DEVELOPING USER PROFILE ON A NETWORK - In an on-line networking community, a method and corresponding system develops detailed user profiles using basic information provided by the user. In one example embodiment, a web server accepts user submitted information from a user and correlates the user submitted information with available databases to retrieve supplemental information about the individual user. Using the supplemental information, the system creates and outputs for community viewing a compound user profile.12-11-2008
20080306952SYSTEM AND METHOD FOR GROUPING CLAIM RECORDS ASSOCIATED WITH A PROCEDURE - A system and computer-implemented method for grouping medical records implements a multi-level analysis of the records. The level of analysis for each record is determined based upon the time proximity of each record to the defining medical procedure or service (anchor procedure) to be analyzed. Once an anchor procedure is identified, claim records are processed to determine whether any of the records should be grouped with the anchor procedure into a procedure episode group (PEG). First, the date of service for each claim record is identified to determine whether the claim record falls within time window. The claim records falling within the window then are assessed to determine whether each claim record is sufficiently related to the anchor procedure (for example, by determining whether the diagnostic, procedure, or episode treatment group coding of each claim record is associated with the anchor procedure). The requisite level of relationship between the claim records and the anchor procedure depends upon the position of the records within the time window. Only those claim records having the requisite relationship level associated with the portion of the time window in which they fall are included in the PEG.12-11-2008
20080243852System and Methods for Enabling Collaboration in Online Enterprise Applications - A method for enabling collaboration in online enterprise applications includes, during development of the online enterprise application, selecting at least one webpage to be in wiki format; creating an access control list for the at least one webpage; and selecting at least one control for the at least one webpage. The at least one webpage may be edited directly within the online enterprise application. A system for enabling collaboration in online enterprise applications includes an agent for allowing selection and setup of at least one webpage in wiki format during development of an online enterprise application and a database for storing editable content of the at least one webpage in wiki format.10-02-2008
20080243851Multi-User Conditional Access to a Content Item - This invention relates to a system and method of providing conditional access to a data content item for a number of users, where the data content item is associated with a digital right that provides a user the right to access the data content item a predetermined number of times. The data content item is arranged in a number of subparts and the digital right is arranged in a number of sub-rights (10-02-2008
20090313253BUSINESS METHOD FOR COMMUNICATION ENGINE - A method for coordinating the way two subscribing members communicate with the objective of enhancing their relationship, or detect incompatibilities at an early stage that will permit any one of them to opt out. The five phases of the method are: the seed request phase, the seedling phase, the budding phase, the juvenile phase, and the maturation or fruition phase.12-17-2009
20090198697METHOD AND SYSTEM FOR CONTROLLING ACCESS TO DATA VIA A DATA-CENTRIC SECURITY MODEL - A method and system for controlling access to data via a data-centric security model. A business data classification scheme is defined as a hierarchy that includes data types aligned with business operations. A data element is labeled with a data label. The data label includes multiple attributes associated with a data-centric security model. A first attribute is a data type of the data element. A second attribute includes security requirements. Data control rules are automatically generated for an enforcement of the security requirements. The enforcement grants or denies to a user an access to the data element via a predefined action. The enforcement is based on a predefined association among the predefined action, a predefined role that includes the user, the data type and, optionally, a purpose for performing the predefined action.08-06-2009
20090100061Information processing apparatus and information processing method - An information processing apparatus and an information processing method capable of effectively performing access control with respect to items of information are disclosed. The information processing apparatus determining whether an operation with respect to information including plural items is permitted includes a classified information managing unit managing classified information in which categorization of the plural items is defined, an operation authority information managing unit managing operation authority information in which an operating authority given to an operation subject is set with respect to each of the categories, a category determining unit determining a category that is to include an item to be operated based on the classified information, and a permit determining unit determining whether an operation is permitted based on the category determined by the category determining unit and the operation authority information.04-16-2009
20090077088SYSTEM FOR ESTIMATING A FIRST ACCESS TIME OF TRANSACTIONS ACCESSING A DATABASE OBJECT - A system and a computer readable medium for estimating the first access time of a plurality of currently active transactions accessing at least one database object is disclosed. According to varying embodiments of the system and computer readable medium disclosed herein, the present invention may provide an efficient mechanism for tracking the earliest first access time of the set of all currently active transactions accessing an object in a database system.03-19-2009
20090077086POLICY-BASED METHOD FOR CONFIGURING AN ACCESS CONTROL SERVICE - A system and method for processing a request by a first control service using a first control specification language, and a second control service using a second control specification language includes steps of: receiving the request from a requestor; providing the request to the first and second control services; receiving a decision on the request from each of the first and second control services; and comparing the decisions. The first control specification language is an access control policy.03-19-2009
20090077085SUBSTITUTE DATABASE REPLICATION TABLES - Illustrative embodiments provide for the creation and maintenance of substitute database replication tables in the form of materialized query tables and associated staging tables for each selected table of a target database. One aspect of an illustrative embodiment provides a method for the creation of substitute database replication tables. The method comprising, obtaining a plurality of input specifications, to create an identified set of target databases of a database management system. The method also establishes a connection with the database management system of the identified set of target databases. Further generating a materialized query table and corresponding staging table combination for each specified table from a plurality of tables belonging to a respective database of the identified set of target databases.03-19-2009
20080208867METHOD AND SYSTEM FOR INVITATIONAL RECRUITMENT TO A WEB SITE - A current registered member of a web site is enabled to send a message to a person not currently a member, containing a link to a newly created membership page for that person, to which access may be confirmed by only the entry of a password, rather than a multi-step registration process, or may be extended by the use of a cookies or the mailing of repeated single-use keys. The new membership includes the ordinary privileges of a non-paying member of the site, together with access to site aspects specific to the inviter and the creation of the invitation, such as but not limited to folders created by the inviter, documents or other files uploaded by the inviter, blogs or postings by the inviter, alerts as to future events initiated by the inviter, information about purchasable items recommended by the inviter, free access to documents or other viewable entities for which the inviter has purchased access, or a family tree presented from the viewpoint of the invitee.08-28-2008
20090043774TECHNIQUES FOR RETAINING SECURITY RESTRICTIONS WITH FILE VERSIONING - Techniques are presented for retaining security restrictions with file versioning. Files are versioned in such a manner that metadata including full directory paths and access restrictions are retained for each version of the file and enforced when each version is accessed. The files are versioned to hashed subdirectories for space and management efficiencies. In an embodiment, prior versions of a particular file are maintained as delta data structures while a most-recent version of that file is maintained in its full or complete data state.02-12-2009
20090282044Energy Efficient Data Provisioning - A method and system for provisioning data that has been collected and stored in a source database. The source database is a database that consumes a large amount of power and drains the company's database resources. The method and system determine which data should be provisioned and sent to a target server, the target server being more energy efficient than the source database and less exhausting of company resources. Various factors, such as the amount of data being requested and the frequency of change of the requested data, determine whether a transfer of data from the source database to the more energy efficient target database should be performed.11-12-2009
20090319527METHOD AND APPARATUS FOR LOGGING PRIVILEGE USE IN A DISTRIBUTED COMPUTING ENVIRONMENT - One embodiment of the present invention provides a system that logs the use of privileges in a distributed computing environment. The distributed computing environment includes a database system, one or more client applications, and a unified security management layer between the database system and the one or more client applications. During operation, the system receives a request from a client application to execute a business function in the distributed computing environment. The system determines a privilege associated with the requested business function, and logs that the request is associated with the privilege. The system then checks, in the unified security management layer, whether a user associated with the request is associated with a role that has the privilege. If the user is associated with a role that has the privilege, the system performs the requested business function. By checking and logging privilege access in the unified security management layer, the system facilitates tracking privilege use for the database system and the client applications in a single entity, thereby enabling security managers to more easily audit privileged operations in the distributed computing environment.12-24-2009
20090319528Method and equipment for improving communication confidentiality - The present invention relates to a method for improving communication confidentiality including the following steps: 12-24-2009
20090319526Method and Apparatus for Variable Privacy Preservation in Data Mining - Improved privacy preservation techniques are disclosed for use in accordance with data mining. By way of example, a technique for preserving privacy of data records for use in a data mining application comprises the following steps/operations. Different privacy levels are assigned to the data records. Condensed groups are constructed from the data records based on the privacy levels, wherein summary statistics are maintained for each condensed group. Pseudo-data is generated from the summary statistics, wherein the pseudo-data is available for use in the data mining application. Principles of the invention are capable of handling both static and dynamic data sets12-24-2009
20090112869SOLUTION THAT UTILIZES ACCESS QUEUES FOR AUTOMATICALLY MANAGING ACCESS TO AN ELECTRONIC DOCUMENT - The present invention discloses a system for automatically controlling access to electronic documents. Such a system can include a set of electronic documents, a set of access queues, and a document access manager. Each access queue in the set of access queues can be configured to store a waiting list of reviewers for a specific electronic document. The document access manager can be configured to automatically add access requests for an electronic document to the corresponding access queue when the electronic document is currently being accessed. Additionally, the document access manager can automatically transfer access of the electronic document to the next reviewer in the access queue when the electronic document becomes available.04-30-2009
20090112872Information sharing system and information sharing method - An information sharing apparatus comprises extracting unit extracting personal information item from acquired information item which includes personal information item, generating unit generating anonymous information item by deleting personal information item from acquired information item, storing unit storing personal information item and anonymous information item, storing unit storing first access level assigned to group of users who can access only anonymous information item, and to store second access level assigned to group of users who can access both of anonymous information item and personal information item, receiving unit receiving request message for accessing acquired information item, transmitting unit transmitting only anonymous information item when access level predetermined to user is equal to first access level, synthesizing unit synthesizing personal information item with anonymous information item, transmitting unit transmitting regenerated second information item, when access level of user is equal to second access level.04-30-2009
20090112871Genome sharing - Sharing data is disclosed. In some cases, sharing data includes receiving a request to share data from a first account to a second account, receiving an indication of a plurality of first account profiles associated with the first account to share with the second account, and establishing sharing from the plurality of first account profiles to the second account, wherein sharing comprises the second account having read access to a subset of nonpublic data associated with the plurality of first account profiles.04-30-2009
20090112870MANAGEMENT OF DISTRIBUTED STORAGE - Systems and methods of distributed storage are disclosed herein. A request to store data in a client computer is received. A request is sent from the client computer to a storage service to create a core object such that the core object can be created with a member entry to a member feed in the core object. The member feed can be indicative of one or more entities that are permitted to access to the core object. A message is received at the client computer with the core object. A replica of the core object on the client computer is created. The client computer can add the data as a data entry to a data feed in the core object. An updating message is sent to the storage service. The message can include a copy of the replica of the core object including the data entry.04-30-2009
20090112868Real-Time Interactive Authorization for Enterprise Search - Techniques for providing at least one user access to one or more documents in a collaborative computing environment in accordance with a search engine are provided. The user is presented with search results, wherein the search results comprise at least one document comprising at least one portion to which the user has no access. A request from the user for access to the at least one document is received. A supervising entity is then notified of the user request to access the at least one document. An instruction from the supervising entity is then received. In accordance with the received instruction, the user is granted access to the at least one document.04-30-2009
20090106249DOCUMENT MANAGEMENT SYSTEM, DOCUMENT MANAGEMENT DEVICE, DOCUMENT MANAGEMENT METHOD AND RECORDING MEDIUM STORING A DOCUMENT MANAGEMENT PROGRAM - A document management system includes a management device that manages operation limiting information for limiting an operation of a document, and a document operation device that operates the document, in which the document operation device is provided with an invalidation request portion that requests invalidation of the document, and the management device is provided with an operation historical management portion that manages an operation history of a document for managing the operation limiting information, a related document retrieval portion that retrieves a related document related to the document according to the operation history managed by the operation historical management portion in response to the document invalidation request by the invalidation request portion, and an invalidation portion that sets invalidation information in operation limiting information on a document related to the invalidation request and a related document retrieved by the related document retrieval portion and invalidates the document related to the invalidation request and the related document.04-23-2009
20090070334DYNAMICALLY UPDATING PRIVACY SETTINGS IN A SOCIAL NETWORK - A social network allows its members to regulate what data is accessible to other members using one or more privacy settings. A particular member of the social network can modify the one or privacy settings to grant or deny different users access to different data. When a member modifies a privacy setting, the social network determines which information pathways communicating data between members are affected. The affected information pathways are then modified responsive to the privacy setting to communicate data identified by the modified privacy setting and enforce the new privacy restrictions.03-12-2009
20090077087ACCESS CONTROLLER THAT CONTROLS ACCESS TO FILES BY USING ACCESS CONTROL LIST - Each time the file access request is received, it is discriminated whether there is an ACL which corresponds with the file system of the type following the switching in the file designated by the file access request. In cases where the judgment result is that there is no such ACL, an ACL which corresponds with the file system of the type following the switching is generated on the basis of an ACL which corresponds with the file system of the type prior to the switching which is associated with the designated file, and the ACL thus generated is used to control access in accordance with the received file access request.03-19-2009
20090077084System and method for archiving a media collection - A system and method for archiving a user's media collection are provided. In general, a central archiving system stores high-quality versions of a number of known media files and a number of known encoding algorithms. First, each media file in the user's media collection and an encoding algorithm used to encode each media file are classified as either known or unknown to the archiving server. For each known media file encoded with a known encoding algorithm, the archive includes information identifying the media file, information identifying the encoding algorithm for the media file, and optionally the one or more quality parameters such as bit rate, sampling frequency, and the like for the media file. For each unknown media file and/or media file encoded with an unknown CODEC or encoding algorithm, the archive includes the media file, which is uploaded and stored at the archiving system.03-19-2009
20090024629ACCESS CONTROL DEVICE AND METHOD THEREOF - Access control appropriate to each processing node is achieved by evaluating information published by the processing node. An access control device (01-22-2009
20100030784SYSTEM AND METHOD FOR ELECTRONIC SUBMISSION, PROCUREMENT, AND ACCESS TO HIGHLY VARIED TEST DATA - A method and data repository for the delivery, storage, maintenance and controlled access to test data, stored in a centrally administered data repository. The system allows entities to store individual collections of data which may be public or private in keeping with their business needs, while permitting them to have or obtain access to other data within the repository in which they might have an interest. Reflecting the natural flow of information, the system uses a data storage schema that permits the storage of a virtually unlimited variety of test results in a series of compact structures. To do so, the schema utilizes a series of metadata structures that describe collections of instance specific information.02-04-2010
20090100060DEVICE, SYSTEM, AND METHOD OF FILE-UTILIZATION MANAGEMENT - Device, system, and method of file-utilization management. In some embodiments, a method may include receiving the content of a file to be protected and permission information representing one or more allowed users and including one or more content-utilization restrictions corresponding to the allowed users; generating a web-application file including the content in a format presentable by a secure web application capable of managing the utilization of the content according to the content-utilization restrictions; and upon receiving a request from a user of a computing device, presenting the content of the protected file to the user via the secure web application, only if the user is an allowed user of the allowed users, while restricting the utilizing of the presented content according to a content-utilization restriction corresponding to allowed user. Other embodiments are described and claimed.04-16-2009
20100036845System and Method for Negotiating the Access Control List of Data Items in an Ad-Hoc Network with Designated Owner Override Ability - A method is disclosed for managing an access control list for a data item. The method includes designating an owner for the access control list, wherein the owner is a member of the access control list, and wherein only the owner of the access control list is allowed to manage the access control list.02-11-2010
20090313254USER PHOTO HANDLING AND CONTROL - Architecture for centralized photo storage for user profiles with consent and cardkey system integration. A picture picker can connect to a cardkey/security badge photo system to allow users to choose from badge photos. Consent is also captured by the picker to allow user photos to be used in other applications. Other applications can interact with the photo storage using standard web services and APIs for the user profile and user profile change log services. Centralized storage and insured accessibility enable applications to consume from the photo storage. The photo storage can also function as a virtual directory with distributed storage as utilized for geographical deployments. Extensions of the photo storage can include an add-in for a personal information manager application and a management agent for web-based collaboration and document management to copy photos from/to other directory structures.12-17-2009
20100036847EXTENDABLE AND PLUGGABLE METHOD FOR VALIDATING XML DATA - A method of validating XML data comprises (a) registering a plurality of validators that are each responsible for validating a certain XML set of rules, (b) creating common XML data structures to be shared between the validators, (c) invoking registered validators and granting access to common XML data structures, and (d) reporting validation results for each of the validators. Two or more validators having similar pattern validation structures may share the common XML data structure of a data builder. Furthermore, the validators may be invoked in the order in which they are registered in step (a) and granted access to the common XML data structures that are built in step (b). In addition, the step of reporting the validation results may include formatting the validation results as error messages generated by each validator and outputting the error messages via an outputter.02-11-2010
20100036846METHOD AND SYSTEM FOR OPTIMIZING ROW LEVEL SECURITY IN DATABASE SYSTEMS - One embodiment of the present invention provides a system that implements a security policy in a database. During operation, the system receives a request associated with a set of objects in the database. Next, the system obtains a set of access control lists (ACLs) associated with the database, wherein a respective ACL specifies one or more access privileges associated with a user or user group, and wherein a respective ACLs is not specific to a particular object in the database. The system then evaluates the ACLs to obtain a set of ACL results associated with the request and processes the request by applying the set of ACL results to the objects without evaluating the ACLs repeatedly for each of the objects.02-11-2010
20090216768DATABASE SANDBOX - Systems and methods that qualify and/or restrict access of codes associated with a database to objects located outside thereof and in other databases—even though a person executing such code does in fact have permission to interact with the object that the code is attempting to access. A sandbox component can regulate access from one database to another database, by managing authenticator permission and/or trust permission levels. Hence, the set of privileges assigned to security execution context of an executable module (procedure, trigger, computed column) in an un-trusted database is restricted not to exceed a privilege set assigned to database owner.08-27-2009
20090216769Digital Rights Management of Captured Content Based on Criteria Regulating a Combination of Elements - When captured content is detected, the captured content is analyzed to determine whether any portion of the content is subject to digital rights management protection specified for content captured. Responsive to determining that the captured content is subject to a first digital rights management protection, a database is queried to select at least one digital rights management rule associated with a first restricted element specifying at least one first criteria for combining the first restricted element with at least one other element. A determination is made whether the first restricted element is combined with the at least one other element in the captured content. Responsive to detecting the first restricted element is combined with the at least one other element, the captured content rights controller determines a combined digital rights management protection rule reconciling the at least one first criteria for combining the first restricted element with the presence of the at least one other element. The combined digital rights management rule is applied to restrict use of the captured content.08-27-2009
20100057742MRW INTERFACE AND METHOD FOR SUPPORT OF MERCHANT DATA PROCESSING - A method begins by receiving, from a requesting device, a request to access a record within an entity profile database. The method continues by authenticating the requesting device. When the requesting device is authenticated, the method continues by determining status of the requesting device. The method continues by retrieving the record from the entity profile database to produce a retrieved record. The method continues by presenting the retrieved record to the requesting device in accordance with the status of the requesting device. The method continues by receiving a data change from the requesting device. The method continues by recording the data change. The method continues by providing an updated record to the entity profile database when the data change to the record has been verified.03-04-2010
20080256075EXTERNAL INTERFACE ACCESS CONTROL - A method and apparatus of controlling access to a system containing vital corporation software and storing confidential data assets situated in an open accessible environment is provided. The method includes calculating a signature value for at least one file usable with the system, transferring the calculated signature value to a signature file, and providing at least one signature value in the signature file and at least one associated file to a file system configured to be received by the system. At least one signature value and at least one associated file are inspected by the system to verify the associated file is a known system software application asset. The system comprises an input/output data port configured to receive the external memory storage device, and an operating system capable of reading system data from and writing system data to the memory storage device.10-16-2008
20100005098COMBINED DIRECTORY OF PERSONAL AND ENTERPRISE APPLICATION SYSTEM DATA - Systems and methods are provided that combine private contact information and Enterprise Application System (“EAS”) data in a directory. An embodiment includes receiving private contact information regarding a first employee from a second employee, storing the private contact information regarding the first employee on an EAS server, and displaying the private contact information to the second employee upon request, wherein the private contact information is viewable only to the second employee.01-07-2010
20090276434Media/data card - The media/data card is a computer readable medium for storing data files, and in particular, media files. The device may be a flash media memory card or other conveniently sized, portable storage device. The media/data card stores a data structure for controlling access to data files stored on the computer readable medium. The data structure includes a media storage substructure for storing the data files, a file system directory substructure containing the locations of the data files stored in the media storage substructure; and a security substructure for describing allowed access to the data files stored in the media storage substructure. The data files may be multimedia files, such as compressed audio or video files. The data files may be encrypted to provide enhanced security.11-05-2009
20090138476Methods, Systems, and Products for Managing Access to Applications - Different communications devices, different communications networks, and/or different users are used to generate, enable, and/or manage an API tool set for providing services through a residential communications gateway. The actual physical location of the service and the manner in which it operates are transparent to the user.05-28-2009
20080320001Collaboration System and Method for Use of Same - A system for managing data and communications over a network for an institution having a defined organizational structure is disclosed. A collaboration space includes interconnected collaboration points having an accessible object, a history log, and digital rights management controls. Mappings extend from access profiles associated with individuals within the defined organizational structure to appropriate collaboration points that include the digital rights management controls permitting access to the corresponding accessible objects by the access profiles. The mappings enable different individuals to have different perspectives of the collaboration space as well as view the collaboration space from a third-party perspective providing details of the access of third-party to an individual's mapping or omniscient perspective providing details of the access of a particular collaboration point.12-25-2008
20080320000System and Method for Managing Data and Communications Over a Network - A system for managing data and communications over a network for an institution having a defined organizational structure is disclosed. A collaboration space includes interconnected collaboration points having an accessible object, a history log, and digital rights management controls. Mappings extend from access profiles associated with individuals within the defined organizational structure to appropriate collaboration points that include the digital rights management controls permitting access to the corresponding accessible objects by the access profiles. The mappings enable different individuals to have different perspectives of the collaboration space as well as view the collaboration space from a third-party perspective providing details of the access of third-party to an individual's mapping or omniscient perspective providing details of the access of a particular collaboration point.12-25-2008
20080319999TECHNIQUES FOR PROJECT LIFECYCLE STAGED-BASED ACCESS CONTROL - Techniques for project lifecycle staged-based access control are provided. Access control rights are defined for a stage of a project's lifecycle. As requestors transition to the stage, the access control rights are enforced on top of any existing security restrictions. In an embodiment, selective resources are not visible to requesters within the stage in response to the access control rights.12-25-2008
20080319998SYSTEM AND METHOD FOR DYNAMIC AUTHORIZATION TO DATABASE OBJECTS - The present invention provides a system and method allows a user to add a parameter at the end of the GRANT statement that would not require multiple changes by the DBA. The parameter may indicate that the user only needs to have access for 2 days, or to have access when a flag is set in the database. This reduces the frequency that a DBA needs to be engaged and decreases the cycle time that is necessary to turn the request around. An additional benefit is that the authority is removed when it should be. This then also improves the business controls around the data.12-25-2008
20080288500Physiological data processing architecture for situation awareness - Systems, methods and computer program products for the processing, analysis and mining of physiological data within a wireless body area network are disclosed. The remote collection and monitoring of a person's (e.g., patient's) physiological data and activity levels for the purposes of determining the well-being of the person, as well as making additional health status determinations based on the historical information and trends of the collected data are provided. The systems, methods, and computer program products disclosed herein, in varying aspects, readily lend themselves to incremental component and functionality modifications, which allow for increased data sources, accuracy, reliability and utility of the collected information, further solidifying the uniqueness and desirability of the systems, methods and computer program products.11-20-2008
20090063490AUTHORIZATION CONTROLLED SEARCHING - Methods and apparatus, including computer program products, for authorization controlled searching. In general, a search request is received, a database data structure is searched where the data structure is populated with records that include data and criteria for authorization to access the data, and a set of results is presented to a user, where the set of results includes data from the data structure for which a user is authorized the criteria is used to determine which results to include in the set of results. The criteria for authorization to access the data may be simple or complex, and may be based on a formation of associations from multiple layers of associations.03-05-2009
20080256076EXTERNAL INTERFACE ACCESS CONTROL FOR MEDICAL SYSTEMS - A method and system of controlling access to a system in a medical environment is provided. The method includes calculating a signature value for at least one file usable with the medical system, transferring the calculated signature value to a signature file, and providing at least one signature value in the signature file and at least one associated file to a file system configured to be received by the medical system. At least one signature value and at least one associated file are inspected by the medical system to verify the associated file is a known medical software application asset. The medical system comprises an input/output data port configured to receive the external memory storage device, and an operating system capable of reading medical system data from and writing medical system data to the memory storage device.10-16-2008
20090300020WIRELESS VIRTUAL STORAGE APPARATUS AND REMOTE FILE ACCESSING METHOD - A wireless virtual storage apparatus and a remote file accessing method are utilized for a multimedia electronic device accessing remote files in a remote database. The apparatus includes a wireless network interface, microprocessor, and bus interface. The microprocessor runs a file system program, so as to create a virtual partition. Then the processor connects to a removable storage media reader of the multimedia electronic device via the bus interface, and the virtual partition is mounted by the multimedia electronic device. The microprocessor logs in the remote database via the wireless network interface, and creates virtual files in the virtual partition corresponding to the remote files. When the multimedia electronic device accessing the virtual files, the microprocessor loads the remote files from the remote database and changes the accessing path of the multimedia electronic device to the loaded remote files.12-03-2009
20090292707ELECTRONIC APPARATUS AND CONTENT DATA PROVIDING METHOD - According to one embodiment, an electronic apparatus includes a wireless communication device, an information acquisition module, a file management information generation module, and an access control module. The information acquisition module acquires, by wireless communication with an external device, metadata corresponding to content data which the external device can provide. The file management information generation module generates, based on the acquired metadata, file management information based on which a host apparatus recognizes the content data as a file stored in a storage medium in the electronic apparatus. The access control module is configured to, upon receiving a read request for a file corresponding to the content data, which is transmitted from the host apparatus, execute external device access processing of acquiring the content data from the external device using the wireless communication device, and output the acquired content data to the host apparatus.11-26-2009
20100030782COMPUTER FILE SYSTEM DRIVER CONTROL METHOD, PROGRAM THEREOF, AND PROGRAM RECORDING MEDIUM - In the method of controlling a file system driver of an electronic computer and the program for the method and further the storage medium containing the program according to the present invention, access to a file stored in a storage device of the electronic computer is controlled in a kernel mode.02-04-2010
20100023523METHOD AND APPARATUS FOR MANAGING DATA HAVING ACCESS RESTRICTION INFORMATION - A method and an apparatus for managing data for providing a predetermined piece of information according to access restriction information established with regard to each piece of data are provided. The method includes: establishing the access restriction information with regard to the data when the data is stored; and determining whether an access to the data is permitted by detecting access valid time of the data from the access restriction information. The present invention establishes access valid time with regard to importance data accessed by a user and establishes a user's access denial to the importance data having access valid time exceeding the established access valid time so as to reinforce security, thereby preventing the important information from being externally leaked. Also, the present invention establishes a time limit and a cycle of each piece of important information, thereby facilitating the management of important information.01-28-2010
20100017411APPARATUS FOR PROCESSING INFORMATION AND A METHOD FOR SETTING ENVIRONMENT THEREOF - The invention provides an information processing apparatus and a system environment setting method thereof capable of changing over profiles flexibly and preventing failure to return to the original profile if the time zone desired to change over the profiles of the information processing apparatus is irregular or if the schedule is suddenly changed. The information processing apparatus of the invention includes a DB 01-21-2010
20100017410TECHNIQUES FOR EXTENDING AND CONTROLLING ACCESS TO A COMMON INFORMATION MODEL (CIM) - Systems and methods for extending and controlling access to a Common Information Model (CIM) are presented. According to an embodiment, access requests for a CIM object manager (CIMOM) pass through a CIM file system (CIMFS) where each access requested is authenticated. The CIMFS maintains and manages a hidden file system representing CIM classes and a CIM class hierarchy on a volume of storage. The structure, metadata, and values for the CIM classes, CIM object, and CIM providers are maintained in a hidden directory on the volume. This information is accessible via the CIMFS to use existing file system management operations.01-21-2010
20090100058VISUALIZATION OF ACCESS PERMISSION STATUS - Queries regarding access permissions of users and rights to directories in a complex enterprise are executed in near real-time, using lookups to tables that form a condensed database maintained for each file server. User information is condensed by arranging users in user groups having common data access rights. Directory permissions storage is condensed by showing only distinctive permissions to a directory in a table entry, and referencing inherited permissions of parent directories. The tables indicate recursive and ancestral relationships among the user groups and directories. They are developed and updated in advance of any queries. A consolidated view of the query results is presented on a single display screen. Using the tables results can be obtained without exhaustive searches of large file system tables.04-16-2009
20090089291System and Method for Defining and Manipulating Roles and the Relationship of Roles to Other System Entities - The capability to design and implement roles in a role-based system is disclosed. The system and data architecture enable organizations to model and assign relationships between Roles and other entities in a computing environment. The complex interrelation of Groups and Roles is established in an environment where: users need not be a member of a Group to use the capabilities of a Role; Role ownership is distinct from Role usage; and Roles themselves have attributes. A collection of methods enable creation, configuration, maintenance, ownership and usage of roles and for implementing relationships between the Role and other system entities, attributes and permissions.04-02-2009
20090157687TEAM BASED ROW LEVEL SECURITY SYSTEM AND METHOD - A team based row level security system and method are provided that permits items of data to be shared across a team.06-18-2009
20090063492ORGANIZATION OF USER GENERATED CONTENT CAPTURED BY A SMART PEN COMPUTING SYSTEM - In a pen-based computing system, use of paradigms similar to those used with physical paper to organize user generated content captured by a smart pen is disclosed. Data, such as handwriting gestures, is captured by the smart pen and transferred to a digital domain, such as by being transferred to a computing system. Once in the digital domain, the captured content is organized as virtual pages or virtual notebooks. Hence, content captured from various sources, such as different notebooks or different physical pieces of paper, is assembled into a virtual page or virtual notebook. User input or automatic application of rules can be used to assemble the captured content into a virtual page or virtual notebook.03-05-2009
20090171966CONTENT DISTRIBUTION SYSTEM AND METHOD - A method and system for the secure distribution of content to authorized persons. A content provider uploads encrypted content to the system and specifies the institutions or individuals to which the content is to be provided and release conditions under which it is to be made available. Encrypted content is made available to a recipient together with a decryption code, if the identity of the recipient can be confirmed through a validation procedure and if the release conditions are met. The release conditions may include a time and date at which the release is to occur. The encrypted content has an associated sample which may be streamed to the recipient so as to permit the recipient to assess whether to download the fill encrypted content or not. In one embodiment, the validation procedure includes biometric validation of the identity of the recipient.07-02-2009
20090171965System and Method For Policy Based Control of NAS Storage Devices - A system and method for providing policy-based data management and control on a NAS device deployed on a network. When a user makes a request to store, read, or manipulate data on the NAS device, the NAS device provides an indication of this request to a management tool running on a remote system. The management tool reviews the request in light of its previously established policy-based data storage management configuration and subsequently informs the NAS device to either accept or not accept the user's request to store, read or modify data on the NAS device.07-02-2009
20090171964Acquiring And Using Social Network Information - Among other things, a user of a site is provided access to information associated with a person who has entered, on a shared social network (SN) system controlled independently of the site, a consent to permit information of the person to be accessed by the user at the site. The information is displayed to the user of the site only in accordance with the consent. The consent is effective without requiring any action by the user of the site.07-02-2009
20090112867Anonymizing Selected Content in a Document - A method and system for anonymizing selected content in a document, by receiving as input a document comprising content; assigning user access privileges to identified users based on an access control policy, the access control policy for the user based on a context and a set of pre-defined named entities stored in a repository; identifying named entities in the document; comparing the pre-defined set of named entities based on a context with named entities in the document; concealing the named entities identified in the document matching with the pre-defined set of named entities; and providing as output a document, wherein the set of pre-defined named entities have been concealed based on the identified user access.04-30-2009
20100030783Metadata Driven Mobile Business Objects - A system, method, and computer program product are provided for abstracting data in a remote data source. A method operates by defining the data source, defining a data synchronization methodology for communication with the data source, and providing an abstraction layer for accessing data in the data source. The abstraction layer implements the data synchronization methodology when data is accessed through the abstraction layer is presented.02-04-2010
20100005099System and Method for Socially Derived, Graduated Access Control in Collaboration Environments - A method for socially derived, graduated access control to a collaboration environment includes calculating a variable reputation score for a user based on a user's actions within a collaboration environment; and dynamically enabling graduated access control to the collaboration environment based on the reputation score.01-07-2010
20090094246FILE SYSTEM ACCESS CONTROL APPARATUS, FILE SYSTEM ACCESS CONTROL METHOD AND RECORDING MEDIUM INCLUDING FILE SYSTEM ACCESS CONTROL PROGRAM - A file system access control which carries WORM commitment for files in a single transaction is provided. The file system access control apparatus includes command files that support WORM commitment, interprets WORM commitment command which is registered in command files by means of a daemon process module and executes WORM commitment in a file. A plurality of files and those under management of directories are changed of the file access modes to meet WORM. In addition, a system that allows WRITE command for the command files by means of a standard interface of the file system. The results of WORM commitment is registered in the repository files under the system regarding the present invention.04-09-2009
20090024627Automated security manager - Systems, methods, media, and other embodiments associated with automated security management are described. One example system embodiment includes logic to collect, organize, and maintain data concerning electronic information resources, data concerning security criteria to which the electronic information resources may be subjected, and data concerning security risks to which the electronic information resources may be susceptible. The system may include logic to make an automated security management decision based on analyzing the data concerning the electronic information resources, the data concerning the security criteria, and the data concerning the security risks.01-22-2009
20080263048File Access Management System - The present invention provides systems and methods for a medical record and image and data managing system for storing electronic records and data from multiple sources including but not limited to medical databases and file capture or data storage and file management systems and then making the data and the files accessible securely over a network or wide area network from multiple similar systems that share the same user access and authorization level data, and patient records and data or over a wide area network like the Internet, and provide the records and the data to patients and physicians. The records and data are stored in electronic folders in a data base and file storage system which uses meta information entered by the patient or medical provider when the folder is made or edited which provides control over access to the electronic patient folder, identifying criteria for locating each folder and file with a search engine and an anonymous user identification number and data fields for the input of meta data showing the patient's medications used, diagnosis or existing conditions for data mining by a system which uses a blind data pool to extrapolate outcomes or other medical data from the data fields on the patient folder and on the identifying information attached to each patient file that is stored in the digital patient folders.10-23-2008
20090132538INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, AND INFORMATION PROCESSING METHOD - To keep data security in an information processing system, an information processing apparatus communicably coupled with a user terminal communicably coupled with a secret data management device managing secret data that a user intends to keep secret, includes a publicly-available data storage unit that stores publicly-available data that the user does not intend to keep secret; a publicly-available data acquiring unit that reads the publicly-available data from the publicly-available data storage unit; a program storage unit that stores a program to be executed by the user terminal; and a program sending unit that sends the program to the user terminal with the read publicly-available data attached thereto. The above-mentioned program contains instructions to cause the user terminal to execute the steps of: acquiring the secret data by accessing the secret data management device; and outputting the acquired secret data and publicly-available data attached to the program.05-21-2009
20090132537System and Method for Managing Storage and Access of Data Files - Disclosed is a system and method for managing storage and access of computer data files by a primary application program. In an exemplary embodiment, the system and method are implemented as an access management program running on a computer that allows access to data files according to permissions granted by the program. The access management program applies the permissions to the existing data file structure on the computer.05-21-2009
20090132536Dynamic control and regulation of critical database resources using a virtual memory table interface - A computer-implemented apparatus, method, and article of manufacture provide the ability to manage a plurality of database systems. A domain contains the database systems, and a database in one of the systems has segmented global memory partitions. A virtual monitor partition provides logon access to the segmented global memory partitions in a form of a virtual database. Open application programming interfaces (API) enable logon access to the virtual monitor partition to access data in the virtual database. A multi-system regulator manages the domain and utilizes the open APIs to access data in the virtual data base.05-21-2009
20090106250ACCESS CONTROL SYSTEM, ACCESS CONTROL DEVICE, PROGRAM AND RECORDING MEDIUM - Effective utilization of a database while protecting a data provider's privacy is accomplished by an access control system which controls access to a database in which open information and secret information about a data provider are stored while being related to each other has an output request acquisition section which obtains an output request for output of information generated by accessing the database, a plural-term output authorization section which prohibits output of information generated by combining the open information and the secret information in output information requested to be output according to the output request, and which permits output of information generated by using the secret information without using the open information, and an output section which outputs the information in the output information permitted by the plural-term output authorization section to be output.04-23-2009
20090100059HIGH RUN-TIME PERFORMANCE SYSTEM - A system and article of manufacture providing a high performance access control list. The preferred embodiments operate in a computer network having a plurality of users of the network and comprising a database management system and a content management system controlling access to a plurality of entities shareable by the users of the network, the content management system using an access control list table having group privilege rules and user privilege rules for controlling access to the entities. A high performance ACL system and article of manufacture is provided, the system and article including a run-time compiled ACL table, wherein the compiled ACL table provides resolved privilege rules for each of the users at run-time, and using the compiled ACL table, the content management system accesses user-selected ones of the entities based on the resolved privilege rules.04-16-2009
20100011001DATA APPROVAL SYSTEM AND METHOD - A data approval system is provided. The system comprises a transaction model comprising program code for implementing one or more computer-implemented methods for use in an approval process, the approval process comprising an approval operation; a plurality of differentiated data-handling modules adapted to provide different methods for managing data during the approval process, wherein each module comprises program code for implementing one or more computer-implemented methods; and a storage device for storing configuration parameters that are configurable for a particular approval process; wherein the data approval system is adapted to select one or more data-handling modules from the plurality of modules to manage data during the approval process based on the configuration parameters.01-14-2010
20100010999Data Access in Distributed Systems - Methods, systems, and apparatus, including computer program products for receiving a request for access to a first item of content stored on resources of a storage environment, the request for access being initiated by a first user, identifying an existing resource allocation arrangement associating elements of the first item of content with respective elements of the resources of the storage environment, performing an inquiry to determine whether an admission condition is satisfied, and upon satisfaction of the admission condition, generating a specification of an access operation, the access operation configured to enable a selected set of elements among the respective elements of the resources of the storage environment to be accessed.01-14-2010
20100010998DOCUMENT STORAGE ACCESS ON A TIME-BASED APPROVAL BASIS - Systems and methods of the present invention allow a file owner to upload and store a file to a File Storage Area. The file owner may set a time-based approval period during which the file owner may grant or deny requests by a file requestor for permissions to access the file. After expiration of the time-based approval period, grant of file permissions may be automatically approved.01-14-2010
20090327295MAINTENANCE OF EXO-FILE SYSTEM METADATA ON REMOVABLE STORAGE DEVICE - An interface between a host computing device and a transient storage device (TSD) eliminates the need for a full directory crawl of the storage volume on the TSD to maintain a metadata database. The metadata database is incrementally updated instead of being completely regenerated on every connection between the TSD and a highly capable host. This function helps the host device more efficiently track and maintain exo-file system metadata. Host devices discover and use this new TSD function to efficiently update the metadata database. Host devices provide parameters governing the operation of the TSD to the TSD. Cooperatively, the TSD logs addresses corresponding to storage locations of changes made to the data on the storage volume and, upon discovering a capability of the host device to update the metadata database, the TSD provides discovery to the host device regarding an availability of the metadata database and the log of addresses.12-31-2009
20090327293INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, STORAGE MEDIUM, INFORMATION PROCESSING METHOD, AND DATA SIGNAL - An information processing apparatus includes a document information storage unit that stores a derivation relationship designating a first document as a parent and a second document generated after an operation as a child, and an operator that performed the operation; an organization information storage unit that stores a structure of an organization hierarchy and members belonging to each of organizations; and a document output permission/prohibition determination unit that, upon receiving a document output request, determines whether or not to permit output of the requested document, by checking an operator of the requested document or an operator of a document corresponding to an ancestor of the requested document in a tree structure of the derivation relationships against members belonging to an organization including a requesting person as a member or an organization being located at a higher level than the organization including the requesting person in the organization hierarchy.12-31-2009
20090024626INFORMATION PROCESSING TERMINAL, CONTENT PROVIDING SYSTEM, CONTENT PROVIDING METHOD, AND CONTENT PROVIDING PROGRAM - The invention provides a content providing system for making it possible to use URL information retained in a PC terminal from a mobile terminal and store content acquired as the mobile terminal accesses any URL in the PC terminal. The content providing system of the invention is a content providing system including a PC terminal 01-22-2009
20090019050Method and Apparatus for Dynamically Granting or Denying Access to an Electronic Calendar - A calendar system includes a calendar requester client and a calendar owner client that couple to a calendar server via one or more networks therebetween. In one embodiment, when the calendar server denies a particular calendar requester access to the calendar owner's calendar, the calendar server transmits a denial notice to the calendar owner and allows the calendar owner to dynamically add the particular calendar requester to a list of approved requesters on the calendar server.01-15-2009
20090055397Multi-Dimensional Access Control List - Methods and apparatus, including computer program products, implementing and using techniques for providing an access control list for an object in a computer system. A list of one or more subjects is defined. Each of the subjects is associated with a set of operations that the subject can perform on the object. A set of rules is defined that specify conditions at which a different set of operations is to be associated with one or more of the subjects in the list of subjects. An access control list is also described.02-26-2009
20080301141COMPUTER READABLE MEDIUM AND INFORMATION PROCESSING SYSTEM - A computer readable medium storing a program causing a computer to execute a process for managing groups of users, the process includes: storing a group as a set of users and a term of existence of the group, correlating with each other; storing electronic information and an access right of the group to the electronic information, correlating with each other; determining whether or not the term of existence expires; and controlling the access right of the group not to be applied to the users belonging to the group if the term of existence expires.12-04-2008
20080301142METHOD AND SYSTEM FOR ORGANIZING AND PRESENTING CONSTRUCTION KNOWLEDGE-SHARING TOOLS - The invention is directed to a method and system for organizing a knowledge management platform to gather and share knowledge learned by construction project teams. The method involves authorizing access to the platform, wherein the platform comprises an integrated organizational scheme for organizing a project into one or more project elements, facilitating input of project data into the platform and storing project data based on the integrated organizational scheme, wherein project data comprises the knowledge learned by construction project teams, linking project data to one or more project elements in the integrated organizational scheme to obtain content, and presenting the content to user computers responsive to a request submitted to the platform. The integrated organizational scheme may include a top and a secondary level, wherein the top level includes a project management topic and a technical topic, and the secondary level includes a knowledge-sharing tool, content, and a topic-specific question.12-04-2008
20080250022COMMUNITY ROLE DELEGATION POLICY - A method and system for establishing and maintaining a permission delegation policy for roles within a collaborative computing environment. The method and system provide a list of potential delegatee end user persons to a delegator end user person. A list of delegatable permissions is provided to the delegator end user person in which the list of delegatable permissions correspond to permissions held by the delegator end user person. A delegation policy is received from the delegator end user person. The delegation policy includes one or more delegated permissions from the list of delgatable permissions and identification of a delegatee end user person from the list of potential delegatee end users persons designated to receive the delegated permissions.10-09-2008
20080250021Method for Searching Private Data Via a Public Data Search Interface - A system for searching data over a network includes a server connected to the network adapted as an interface to users accessing the sever over the network using a computerized appliance, a data repository associated with the server adapted for storing and managing data, and a software interface for accepting a search request from a user. Privately held data managed by third-party content providers is accessed by the system and categorized, summarized, and indexed for search along with publically accessible data normally indexed for data searching and wherein the content providers provide user data to the system including authentication data of users authorized to access the privately held data, the users enabled by the software interface to request search results relative to privately held data the private search results served to the requesting users according to match of authentication data submitted with the request.10-09-2008
20080243856Methods and Apparatus for Scoped Role-Based Access Control - Methods and apparatus for providing role-based access control of a resource by a subject in an access control system are provided. The system comprises one or more roles capable of association with one or more subjects, and a plurality of permission sets. One or more of the plurality of permission sets are associated with each of the one or more roles. The system further comprises a plurality of resources. One or more of the plurality of resources are associated with each of the one or more permission sets, and each of the plurality of resources is associated with a set of one or more subjects. A given subject in a set of one or more subjects for a given resource and having a role-permission association with the given resource is provided access control of the given resource.10-02-2008
20080243855SYSTEM AND METHOD FOR STORAGE OPERATION ACCESS SECURITY - A method and system for controlling access to stored data is provided. The storage access control system leverages a preexisting security infrastructure of a system to inform the proper access control that should be applied to data stored outside of its original location, such as a data backup. The storage access control system may place similar access control restrictions on the backup files that existed on the original files. In this way, the backed up data is given similar protection as that of the original data.10-02-2008
20080243853METHOD AND SYSTEM FOR NOTIFYING AN INVITEE USER WHEN AN INVITING USER ACCESSES A SOCIAL NETWORKING APPLICATION - A system and method may include receiving an access from an inviting terminal requesting access to a social networking application, the access request may be associated with a user identifier, searching a contact database, based on the user identifier and on an application identifier of the social networking application, to identify contact information associated with an invitee terminal, and generating a notification message based on the contact information, the notification message may be useable to indicate to the invitee terminal that the inviting terminal has accessed the social networking application.10-02-2008
20080222153Administrator Level Access To Backend Stores - An API called AdminRPC written in managed code allows background applications written in managed code to access backend data stores. Functions within this API provide administrator level access to a mailbox or a public folder on a backend server.09-11-2008
20080306959SEMANTIC WEB PORTAL AND PLATFORM - The patent describes a single location and application on a network where a user can organize public, group, and private/personal information and have this single, location accessible to the public. A new, ontology-driven portal that organizes all three categories of data according to various “facets” using underlying ontologies to define each “facet” and wherein any type of information can be classified and linked to other types of information is disclosed. An application that enables a user to effectively utilize and manage knowledge and data the user posses and allows other users to effectively and seamlessly benefit from the user's knowledge and data over a computer network is also disclosed. A method of processing content created by a user utilizing a semantic, ontology-driven portal on a computer network is described. The semantic portal application provides the user with a content base, such as a semantic form or meta-form, for creating a semantic posting. The semantic portal utilizes a knowledge data structure, such as a taxonomy or ontology, in preparing a semantic posting based on the information provided by the user via the content base. The semantic portal application prepares a preview of a semantic posting for evaluation by the user. The semantic posting is then either modified by the user or accepted and posted by the user for external parties to view.12-11-2008

Patent applications in class Privileged access