Patent application number | Description | Published |
20090083827 | SYSTEM AND METHOD FOR CIRCUMVENTING INSTANT MESSAGING DO-NOT-DISTURB - A system and method for circumventing a do-not-disturb status of an instant messaging user including defining a policy of circumvention rights for circumventing do-not-disturb status in instant messaging. A do-not-disturb status of an instant messaging user is identified, and the do-not-disturb status of the instant messaging user is circumvented based upon the policy of circumvention rights. | 03-26-2009 |
20090164267 | Employing Organizational Context within a Collaborative Tagging System - A computer-implemented method of employing organizational context within a collaborative tagging system can include receiving at least one tag for an artifact from a user, determining at least one attribute of the user, and storing a tag record including the tag, the attribute of the user, and an association of the tag with the artifact. | 06-25-2009 |
20090249432 | SYSTEM AND METHOD FOR CIRCUMVENTING INSTANT MESSAGING DO-NOT-DISTURB - A method and computer program product for defining one or more authorized users capable of granting do-not-disturb circumvention privileges, and receiving an indicator of a grant of do-not-disturb circumvention privileges to a circumventing user by the one or more authorized users. A do-not-disturb status of an instant messaging user is circumvented based upon, at least in part, the grant of do-not-disturb circumvention privileges. | 10-01-2009 |
20090293127 | System for Protecting a Computing System from Harmful Active Content in Documents - A system protects a computing device from potentially harmful code in a document by receiving a data structure representation of the document and adding dynamically one or more definitions of potentially harmful active content to an editable configuration file. Each definition identifies potentially harmful active content and specifies an action to be performed on that potentially harmful active content if that potentially harmful active content is found in the document. The editable configuration file is parsed to generate a data structure representation of the one or more definitions in the editable configuration file. The data structure representation of the document is compared with the data structure representation of the one or more definitions of potentially harmful active content to identify potentially harmful active content within the document. The document is modified to render harmless any identified potentially harmful active content before presenting the document to the computing device. | 11-26-2009 |
20100050246 | TRUSTING SECURITY ATTRIBUTE AUTHORITIES THAT ARE BOTH COOPERATIVE AND COMPETITIVE - A method and system for authorizing a user. The method comprises the steps of assigning a first role to a user in a first domain, assigning a second role in a second domain to the first role, and assigning access to a resource in the second domain to the second role. The method comprises the further steps of receiving a request from the user for the resource; and providing access to the resource, to the user. The invention may be employed by users and services to manage their interaction with those services, including configuring which they trust for what types of information, in what applications, and which subsets of information they can be trusted to provide. | 02-25-2010 |
20100070587 | EMBEDDING RESURFACING TRIGGERS IN CLIENT SIDE RECIPIENT ELECTRONIC MAIL - A method for utilizing embedded resurfacing logic in electronic mail (email), the method includes: receiving an email with embedded resurfacing logic at a recipient's email client; determining whether the recipient has opened the email; wherein in the event the email has not been opened: determining whether a triggering event has occurred; wherein in the event a triggering event has occurred and has not exceeded a maximum number of triggering events: generating a resurfaced email entry at the top of the recipients email inbox, and wherein the triggering event is a predefined time interval in which the recipient has not opened the email. | 03-18-2010 |
20100115580 | RETROSPECTIVE POLICY SAFETY NET - These and other objectives are attained with a method and system for evaluating an access policy change. The method comprises the step of providing an access control mechanism having a first policy, and an audit log having entries of accesses made under that first policy. The method comprises the further steps of submitting a second policy to the access control mechanism, comparing the log entries to the second policy, and based on the results of the comparing step, taking one of a predetermined number of actions. | 05-06-2010 |
20100169136 | INFORMATION AGGREGATION FOR SOCIAL NETWORKS - A dynamically developed social networking group is defined within a collaborative platform. Information regarding one or more attributes of one or more members of the group is collected. Anonymized statistical data regarding the group is provided, based upon, at least in part, the information regarding one or more attributes of one or more members of the group. | 07-01-2010 |
20100169431 | SYSTEM AND METHOD FOR CIRCUMVENTING INSTANT MESSAGING DO-NOT-DISTURB - A system and method for circumventing a do-not-disturb status of an instant messaging user including defining requesting, from one or more do not disturb circumvention mediators, do-not-disturb status circumvention of an instant messaging user. Circumvention permission for the do-not-disturb status of the instant messaging user is received. The do-not-disturb status of the instant messaging user is circumvented based upon, at least in part, the circumvention permission. | 07-01-2010 |
20100169438 | SYSTEM AND METHOD FOR CIRCUMVENTING INSTANT MESSAGING DO-NOT-DISTURB - A system and method for circumventing a do-not-disturb status of an instant messaging user including defining a trusted user. A do-not-disturb status of an instant messaging user is identified. The trusted user is allowed to circumvent the do-not-disturb status of the instant messaging user. | 07-01-2010 |
20100169957 | WEAK PASSWORD SUPPORT IN A MULTI-USER ENVIRONMENT - Embodiments of the present invention provide a method, system and computer program product for supporting weak password authentication in a multi-user application environment. In an embodiment of the invention, a method for supporting weak password authentication in a multi-user application environment can be provided. The method can include acquiring log in data for a log in attempt by an end user amongst end users in a multi-user application. The method also can include messaging the log in data to others of the end users for subjective analysis by the others of the end users in detecting an unauthorized log in attempt. | 07-01-2010 |
20110078197 | FILE RESHARING MANAGEMENT - Managing file distribution in an online file sharing system implemented by at least one server includes inviting a first entity to access a shared file hosted by the online file sharing system, and allowing the first entity to reshare the shared file through the online file sharing system with at least a second entity only to an extent permitted by a resharing policy stored by the online file sharing system. | 03-31-2011 |
20110137664 | Providing Schedule Related Information to External Entities - A method for providing schedule related information to external entities includes storing schedule data of a user on a server, the schedule data corresponding to a computerized calendar service; exposing, with the computerized calendar service, at least a portion of the schedule data to an entity other than the user; and enabling the entity to communicate an offer based on the schedule data to at least the user. | 06-09-2011 |
20110145891 | Securing Asynchronous Client Server Transactions - A method, system, and computer usable program product for securing asynchronous client server transactions are provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided. | 06-16-2011 |
20110289546 | Method and apparatus for protecting markup language document against cross-site scripting attack - A method for decomposing a web application into one or more domain sandboxes ensures that the contents of each sandbox are protected from attacks on the web application outside that sandbox. Sandboxing is achieved on a per-element basis by identifying content that should be put under protection, generating a secure domain name for the identified content, and replacing the identified content with a unique reference (e.g., an iframe) to the generated secure domain. The identified content is then served only from the generated secure domain. | 11-24-2011 |
20110289556 | Method and Apparatus for Serving Content Elements of a Markup Language Document Protected Against Cross-Site Scripting Attack - A web application decomposed into one or more domain sandboxes ensures that the contents of each sandbox are protected from attacks on the web application outside that sandbox. Sandboxing is achieved on a per-element basis by identifying content that should be put under protection, generating a secure domain name for the identified content, and replacing the identified content with a unique reference (e.g., an iframe) to the generated secure domain. The identified content is then served only from the generated secure domain using a content handler. | 11-24-2011 |
20120005720 | Categorization Of Privacy Data And Data Flow Detection With Rules Engine To Detect Privacy Breaches - A runtime approach receives a request from a target location. Data elements are received from a data store. Privacy data type categories corresponding to retrieved data elements are identified. Data flow category is identified based on the target location. Privacy actions are performed modifying some data elements based on the identified privacy data type categories and the data flow category so that the modified data elements comply with one or more data privacy rules pertaining to the target location. A design-time approach retrieves data types included in a software application data design. Privacy categories are selected that correspond to the retrieved data types. Flow categorization data is retrieved that correspond to software application processes. Privacy categories and flow categorization data are compared to privacy rules. A user is informed if privacy rules are violated to facilitate software application modification in order to comply with the privacy rules. | 01-05-2012 |
20120023394 | Method and apparatus for context-aware output escaping using dynamic content marking - A technique to provide runtime output sanitization filtering of web application content that contains multiple contexts in which dynamic output is included. To facilitate this operation, dynamically-generated content is prepared for sanitization in advance, preferably by being “marked” by the web application itself (or by middleware used by or associated with the application). Preferably, given dynamically-generated content is marked by enclosing it between dynamic content indicators. Then, after the document generation is completed but before it is output (delivered), the application-generated content is processed by a content sanitization filter. The filter uses the dynamic content identifiers to identify and locate the content that needs output escaping. The filter detects the appropriate context within which the dynamically-generated content has been placed, and it then applies the appropriate escaping. In this manner, the output content is fully prepared for escaping in advance even if it is being assembled from multiple input sources that do not operate in the same runtime environment. In this approach, escaping is added after all other application processing is finished and the complete document is ready for delivery to the requesting end user. | 01-26-2012 |
20120023395 | Method and apparatus for dynamic content marking to facilitate context-aware output escaping - A technique to provide runtime output sanitization filtering of web application content that contains multiple contexts in which dynamic output is included. To facilitate this operation, dynamically-generated content is prepared for sanitization in advance, preferably by being “marked” by the web application itself (or by middleware used by or associated with the application). Preferably, given dynamically-generated content is marked by enclosing it between dynamic content indicators. Then, after the document generation is completed but before it is output (delivered), the application-generated content is processed by a content sanitization filter. The filter uses the dynamic content identifiers to identify and locate the content that needs output escaping. The filter detects the appropriate context within which the dynamically-generated content has been placed, and it then applies the appropriate escaping. In this manner, the output content is fully prepared for escaping in advance even if it is being assembled from multiple input sources that do not operate in the same runtime environment. In this approach, escaping is added after all other application processing is finished and the complete document is ready for delivery to the requesting end user. | 01-26-2012 |
20120117626 | Business pre-permissioning in delegated third party authorization - A method to manage access to end user-protected resources hosted in a shared pool of configurable computing resources, such as a cloud computing environment, begins by registering a particular application or service into the environment. The application or service is one that is being permitted to access resources on behalf of end users via a delegated authorization protocol, such as OAuth. For at least one end user associated with the organization, a permission is set, preferably by an organization entity, such as an organization administrator. The permission determines whether the application or service is permitted to access one or more resources associated with the end user. Then, in response to a request by the third party application to access a resource, where the request is received via the delegated authorization protocol, the permission is then used to determine whether the third party application is permitted to access the resource. | 05-10-2012 |
20120151568 | Method and system for authenticating a rich client to a web or cloud application - A rich client performs single sign-on (SSO) to access a web- or cloud-based application. According to the described SSO approach, the rich client delegates to its native application server the task of obtaining a credential, such as a SAML assertion. The native server, acting on behalf of the user, obtains an assertion from a federated identity provider (IdP) that is then returned to the rich client. The rich client provides the assertion to a cloud-based proxy, which presents the assertion to an identity manager to attempt to prove that the user is entitled to access the web- or cloud-based application using the rich client. If the assertion can be verified, it is exchanged with a signed token, such as a token designed to protect against cross-site request forgery (CSRF). The rich client then accesses the web- or cloud-based application making a REST call that includes the signed token. The application, which recognizes the request as trustworthy, responds to the call with the requested data. | 06-14-2012 |
20120233664 | SECURING ASYNCHRONOUS CLIENT SERVER TRANSACTIONS - A method for securing asynchronous client server transactions is provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided. | 09-13-2012 |
20130014239 | Authenticating a rich client from within an existing browser session - A user authenticates to a Web- or cloud-based application from a browser-based client. The browser-based client has an associated rich client. After a session is initiated from the browser-based client (and a credential obtained), the user can discover that the rich client is available and cause it to obtain the credential (or a new one) for use in authenticating the user to the application (using the rich client) automatically, i.e., without additional user input. An application interface provides the user with a display by which the user can configure the rich client authentication operation, such as specifying whether the rich client should be authenticated automatically if it detected as running, whether and what extent access to the application by the rich client is to be restricted, if and when access to the application by the rich client is to be revoked, and the like. | 01-10-2013 |
20130054780 | Monitoring Geographic Location Changes of Assets in a Cloud - Despite the best intentions of a cloud service provider, digital assets of may be moved to a geographic location that deviates from a geographic preference, policy, or setting of the owner of the digital assets. A monitoring tool can monitor network location of a digital asset hosted by a cloud service provider. Movement of the digital asset from a first network location to a second network location is detected. In response to detecting that the digital asset moves, a geographic location that corresponds to the second network location is determined. It is then determined that the geographic location deviates from a geographic setting configured for the digital asset. A notification that the digital asset has been moved to the geographic location that deviates from the geographic setting is generated. | 02-28-2013 |
20130178190 | MOBILE DEVICE IDENTIFICATION FOR SECURE DEVICE ACCESS - An embodiment of the invention includes initially registering information with a data system, wherein the registered information pertains to a user of a mobile device and includes credential information, and further includes a message address associated with the user. An enrollment request, together with the specified credential information, is sent to a management server. Responsive thereto, the server sends a message of specified type to the message address associated with the user, wherein such message includes a pin code. The pin code is then sent from the device to the server, and responsive to receiving the pin code, the server is operated to deliver a security token, for use in authenticating the mobile device to selectively access the particular data processing system. | 07-11-2013 |
20130179941 | Identifying guests in web meetings - A technique that identifies registered or guest users in web meetings of the type wherein users must follow a supplied URL to attend the meeting. Registered and guest users are provided different forms of the meeting invite URL. Each registered user receives a common web meeting link (a URL) that he must follow to join the meeting. This link forces the registered user to authenticate to the service when used. A guest user invitee receives a unique URL for the meeting that is generated with a nonce value associated with the guess user's contact information. The nonce value does not expose the contact information. To join the meeting, each registered user must follow the common web meeting link and authenticate to the service. True identities of the web meeting participants are displayed. | 07-11-2013 |
20130205368 | RETROSPECTIVE POLICY SAFETY NET - These and other objectives are attained with a method and system for evaluating an access policy change. The method comprises the step of providing an access control mechanism having a first policy, and an audit log having entries of accesses made under that first policy. The method comprises the further steps of submitting a second policy to the access control mechanism, comparing the log entries to the second policy, and based on the results of the comparing step, taking one of a predetermined number of actions. | 08-08-2013 |
20130238789 | MONITORING GEOGRAPHIC LOCATION CHANGES OF ASSETS IN A CLOUD - A monitoring tool can monitor network location of a digital asset hosted by a cloud service provider. Movement of the digital asset from a first network location to a second network location is detected. In response to detecting that the digital asset moves, a geographic location that corresponds to the second network location is determined. It is then determined that the geographic location deviates from a geographic setting configured for the digital asset. A notification that the digital asset has been moved to the geographic location that deviates from the geographic setting is generated. | 09-12-2013 |
20130246515 | SECURING ASYNCHRONOUS CLIENT SERVER TRANSACTIONS - A method for securing asynchronous client server transactions is provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided. | 09-19-2013 |
20130297681 | SECURING ASYNCHRONOUS CLIENT SERVER TRANSACTIONS - A system, and computer usable program product for securing asynchronous client server transactions are provided in the illustrative embodiments. A request including an application identifier and a version of a second application is received at a first application. A service identifier is generated if a session with the second application is valid. A registry is generated at the first application. A catalog is generated based on the registry and the service identifier and the catalog are sent to the second application. A sub-request including the service identifier is received as part of an asynchronous client server transaction. Validity of the sub-request is determined by determining whether the service identifier has expired, whether the sub-request requests a service that is permissible according to the catalog, whether the service identifier is used in conjunction with the second application, or a combination thereof. If the sub-request is valid, the service is provided. | 11-07-2013 |
20130310002 | Mobile Device Validation - The illustrative embodiments provide a method, apparatus, and computer program product for validating a mobile device. Voice data is received from the mobile device. The voice data comprises a recording of a pass phrase spoken by a user at the mobile device. A determination is made as to whether the mobile device is a valid mobile device using the voice data. An access code to the mobile device is sent in response to a determination that the mobile device is the valid mobile device. | 11-21-2013 |
20140282939 | Increasing Chosen Password Strength - An approach is provided to increase password strength in a group of users. The approach detects a password event corresponding to one of the users. In response to the detected password event, the approach identifies a strength of the user's password and compares it to one or more password strength metrics that correspond to the group of users. The password strength comparison data is then transmitted as feedback back to the user. | 09-18-2014 |
20140372474 | EMPLOYING ORGANIZATIONAL CONTEXT WITHIN A COLLABORATIVE TAGGING SYSTEM - A computer-implemented method of employing organizational context within a collaborative tagging system can include receiving at least one tag for an artifact from a user, determining at least one attribute of the user, and storing a tag record including the tag, the attribute of the user, and an association of the tag with the artifact. | 12-18-2014 |
20150046972 | RETROSPECTIVE POLICY SAFETY NET - These and other objectives are attained with a method and system for evaluating an access policy change. The method comprises the step of providing an access control mechanism having a first policy, and an audit log having entries of accesses made under that first policy. The method comprises the further steps of submitting a second policy to the access control mechanism, comparing the log entries to the second policy, and based on the results of the comparing step, taking one of a predetermined number of actions. | 02-12-2015 |