2842 results about "User group" patented technology

A system, method, and various software products provide for consistent identification of web users across multiple web sites, servers and domains, monitoring and capture of data describing the users' web activities, categorization of the web activity data, aggregation of the data into time dependent models describing interest of users and groups over time. Categorization is made with respect to a category tree which may be standardized or customized for each web site. User groups may be defined based on membership rules for category interest information and demographics. Individual user profiles are then created for users automatically based on satisfaction of the user group membership rules. As new data is collected on a user over time, the category interest information extracted from the user's web activity is updated to form a current model of the user's interests relative to the various categories. This information is also used to automatically update group membership and user profile information. Identification of users across multiple sites is provided by a global service that recognizes each user and provides a globally unique identifier to a requesting web server, which can use the identifier to accumulate activity data for the user. Client side user identification is provided to track user activity data on web servers that do not communicate with the global service and do not process activity for category information. User profiles may be shared among web sites that form alliances. User activity data may be aggregated along various dimensions including users/user groups, categorization, and time to provide robust models of interest at any desired time scale.

A system and method for providing users with granular control over arbitrary information that allows for selective, real-time information sharing in a communications network such as the Internet is provided. In a network including a plurality of network devices operated by a plurality of users, a real-time information exchange system for sharing user profile information between respective users includes a database management system connected to the network. The database management system, which may be distributed across the network, stores the user profile information for a plurality of registered users of the information exchange system The user profile information includes a plurality of data elements, each data element having an associated one of the plurality of registered users. Each data element has an associated group of users to whom access to the data element has been granted, and users not included in the associated group of users are denied access to the data element. Each registered user may selectively control the granting and denying of access to each of its associated data elements by other respective user, on an element-by-element, and user-by-user basis. Further, each registered user may dynamically create its own data fields.

The invention describes an identity management system (IDMS) based on the concept of peer-to-peer protocols and the public identities ledger. The system manages digital identities, which are digital objects that contain attributes used for the identification of persons and other entities in an IT system and for making identity claims. The identity objects are encoded and cryptographically encapsulated. Identity management protocols include the creation of identities, the validation of their binding to real-world entities, and their secure and reliable storage, protection, distribution, verification, updates, and use. The identities are included in a specially constructed global, distributed, append-only public identities ledger. They are forward- and backward-linked using the mechanism of digital signatures. The linking of objects and their chaining in the ledger is based on and reflect their mutual validation relationships. The identities of individual members are organized in the form of linked structures called the personal identities chains. Identities of groups of users that validated identities of other users in a group are organized in community identities chains. The ledger and its chains support accurate and reliable validation of identities by other members of the system and by application services providers without the assistance of third parties. The ledger designed in this invention may be either permissioned or unpermissioned. Permissioned ledgers have special entities, called BIX Security Policy Providers, which validate the binding of digital identities to real-world entities based on the rules of a given security policy. In unpermissioned ledgers, community members mutually validate their identities. The identity management system provides security, privacy, and anonymity for digital identities and satisfies the requirements for decentralized, anonymous identities management systems.

Computer network method and apparatus provides targeting of appropriate audience based on psychographic or behavioral profiles of end users. The psychographic profile is formed by recording computer activity and viewing habits of the end user. Content of categories of interest and display format in each category are revealed by the psychographic profile, based on user viewing of agate information. Using the profile (with or without additional user demographics), advertisements are displayed to appropriately selected users. Based on regression analysis of recorded responses of a first set of users viewing the advertisements, the target user profile is refined. Viewing by and regression analysis of recorded responses of subsequent sets of users continually auto-targets and customizes ads for the optimal end user audience.

The invention pertains to a method, online service, and system, for creating partnerships based on trust relationships over a public network, authenticating trade partners, infrastructure providers and collaborators to each other, and providing users with an environment suitable for conducting transactions requiring a high level of trust. A service according to the invention is a persistent authentication and mediation service (PAMS) which is provided as an on-line service. One embodiment is a method for conducting authenticated business transactions involving microprocessor equipped devices over the Internet comprising:

• • A. providing an on-line authentication service available on the distributed network;
  • B. authenticating a plurality of users to said on-line authentication service using a closed authentication system to produce a plurality of authenticated users; and
  • C. connecting a group of at least two of said plurality of authenticated users under persistent mediation of said on-line authentication service, producing a connected group of authenticated users.

A method, system, and computer program product for selectively encrypting one or more elements of a document using style sheet processing. Disclosed is a policy-driven augmented style sheet processor (e.g. an Extensible Stylesheet Language, or “XSL”, processor) that creates a selectively-encrypted document (e.g. an Extensible Markup Language, or “XML”, document) carrying key-distribution material, such that by using an augmented document processor (e.g. an augmented XML processing engine), an agent can recover only the information elements for which it is authorized. The Document Type Definition (DTD) or schema associated with a document is modified, such that the DTD or schema specifies a reference to stored security policy to be applied to document elements. Each document element may specify a different security policy, such that the different elements of a single document can be encrypted differently (and, some elements may remain unencrypted). The key distribution material enables a document to be encrypted for decryption by an audience that is unknown at the time of document creation, and enables access to the distinct elements of a single encrypted document to be controlled for multiple users and/or groups of users. In this manner, group collaboration is improved by giving more people easier access to information for which they are authorized, while protecting sensitive data from unauthorized agents. A key recovery technique is also defined, whereby the entire document can be decrypted by an authorized agent regardless of how the different elements were originally encrypted and the access protections which were applied to those elements.

A sharing model enables users to easily and conveniently create and share standard and custom database objects, and applications, among users or groups of users. The sharing model includes systems and methods that allow users to conveniently create and customize tabs and tab sets that define relationships between custom objects and fields, standard objects and fields, and applications. A tab visually represents a user interface into an element of an application or into a database object. Selection of a tab provides a user access to the object or element of the application represented by the tab. A tab set is a group of related tabs that work as a unit to provide application functionality. New tabs and tab sets may be defined and tab set views may be customized so that an end user can easily and conveniently switch between the various objects and application elements represented by the displayed tabs and tab set views.

A conventional operating system folder or directory based file system is implemented with, or enhanced to provide, attributes of shared collaborative workspaces. In particular, the conventional file system is connected to either a server based or a distributed collaboration system and the user interface of the operating system file system is augmented to allow it to control aspects of the collaboration system. Each folder or directory can be synchronized and treated as a “workspace” that can be viewed and shared with other users or groups of users. Folder can also be provided with “awareness” information that indicates collaborators that are present and those that are sharing the workspace.

The present invention is directed to generating audience analytics that includes providing a database containing a plurality of user input pattern profiles representing the group of users of terminal device, in which each user of the group is associated with one of the plurality of user input pattern profiles. A clickstream algorithm, tracking algorithm, neural network, Bayes classifier algorithm, or affinity-day part algorithm can be used to generate the user input pattern profiles. A user input pattern is detected based upon use of the terminal device by the current user and the user input pattern of the current user is dynamically matched with one of the user input pattern profiles contained in the database. The current user is identified based upon dynamic matching of the user input pattern generated by the current user with one of the user input pattern profiles. The present invention processes each user input pattern profile to identify a demographic type. A plurality of biometric behavior models are employed to identify a unique demographic type. Each user input pattern profile is compared against the plurality of biometric behavior models to match each user input pattern profile with one of the biometric behavior models such that each user input pattern profile is correlated with one demographic type. Audience analytics are then based upon the identified demographic types.

A policy system includes the policy server (2617); a policy database (2619) which located at policy decision point (2723); the access/response entity (2603); resource server (2711); policy message (2725) and policy enforcement point (2721). System connected through public network (2702) or internal network (103). The access filter (107, 203, 403) control access by use a local copy of an access control data base to determine whether an access request made by a user. Changes made by administrators in the local copies are propagated to all of the other local copies. Access is permitted or denied according to of access policies (307) which define access in terms of the user groups (FIGS. 9-12) and information sets (FIGS. 13A-18). The rights of administrators are similarly determined by administrative policies (FIGS. 23A-C). Access is further permitted only if the trust levels of the network by which is made by the sufficient access (FIGS. 25-29). A policy server component of the access filter has been separated from the access filter and the policies have been generalized to permit administrators of the policy server to define new types of actions and new types of entities. Policies may now further have specifications for time intervals during which the policies are in force and the entities may be associated with attributes that specify how the entity is to be used when the policy applies.

A method, system, and computer program product for selectively encrypting one or more elements of a document using style sheet processing. Disclosed is a policy-driven augmented style sheet processor (e.g. an Extensible Stylesheet Language, or “XSL”, processor) that creates a selectively-encrypted document (e.g. an Extensible Markup Language, or “XML”, document) carrying key-distribution material, such that by using an augmented document processor (e.g. an augmented XML processing engine), an agent can recover only the information elements for which it is authorized. The Document Type Definition (DTD) or schema associated with a document is modified, such that the DTD or schema specifies a reference to stored security policy to be applied to document elements. Each document element may specify a different security policy, such that the different elements of a single document can be encrypted differently (and, some elements may remain unencrypted). The key distribution material enables a document to be encrypted for decryption by an audience that is unknown at the time of document creation, and enables access to the distinct elements of a single encrypted document to be controlled for multiple users and/or groups of users. In this manner, group collaboration is improved by giving more people easier access to information for which they are authorized, while protecting sensitive data from unauthorized agents. A key recovery technique is also defined, whereby the entire document can be decrypted by an authorized agent regardless of how the different elements were originally encrypted and the access protections which were applied to those elements.

A method by which a User can associate selectable Markers, Data Packets and/or Objects with Content. The Content may generally be distributed electronically, and the Markers allow for insertion and/or overlay of Objects when the Content is selected for viewing by a Viewer. Objects and Data Packets are generally provided by a User, Promoter, Host, Service, or other entity to convey information to a Viewer. A Service provides tools and capabilities to both the User and the Promoter to facilitate their respective actions according to embodiments of the invention, including enabling the creation of live social networks (such as those linked to a specific Service provider, a specific User group, activities by a specific Promoter, and/or to specific Data Packets) and the creation of n-dimensional Virtual Environments.

A multi-user file storage service and system enables each user of a user group to operate an arbitrary client node at an arbitrary geographic location to communicate with a remote file server node via a wide area network. More than one user of the user group is permitted to access the file group at the remote file server node simultaneously, but the integrity of the files is maintained by controlling access so that each access to one of the files at the remote file server is performed, if at all, on a respective portion of that file as most recently updated at the remote file server node.

A method and corresponding tool are described for security policy management in a network comprising a plurality of hosts and at least one configurable policy enforcement point. The method, comprises creating one or more policy templates representing classes of usage control models within the network that are enforceable by configuration of the policy enforcement points; creating one or more policy instances, each based on one of the templates and instantiating the template for identified sets of hosts within the network to which the usage control model is to be applied, deploying the policy instances by generating and providing one or more configuration files for provisioning corresponding policy enforcement points within the network. Access to the templates and policy instances is controlled so that the policy templates are only modifiable by a first predeterminable user group, the policy instances are only modifiable by the first or a second predeterminable user group and the policy instances are only deployable by a third predeterminable user group.

A method of generating an avatar for a user may include receiving image data of a user from a camera, generating feature vectors for a plurality of features of a user, associating the user with a likely user group selected from a number of defined user groups based on the feature vectors, and assigning an avatar based on the associated user group.

This invention provides a data access control apparatus arranged to automatically set access right information limiting data access, in accordance with a user attribute when a user accesses a database. In setting, for a plurality of users, access right information corresponding to each user, the load on an operator can be reduced, and access right information setting errors can be prevented. An automatic setting unit reads out information from a login management information file and an employee information file on the basis of definition information of a definition files to automatically generate a user access right management file which stores a login ID, an item access right, and a record access right group code for each user. When a login ID is input in accessing the employee information file, a setting controller refers to the management file to determine a user group to which the user belongs and an access enabled/disabled state of the data on the basis of the access right made to correspond to this user group.

A method, device, and system for communicating with multiple users via a map over the Internet are disclosed. The device includes a processor for executing computer programs, a memory for storing data, an input module for entering user commands, a communication module for transmitting and receiving data, and a display for showing information on a screen. The device further includes logic for selecting a group of users, logic for creating a map to share among the group of users, logic for displaying locations of the group of users on the map, and logic for broadcasting changes of a user's location to the group over the Internet.

Embodiments of a location sharing network manager process are described. The process is executed on a server computer coupled to a plurality of mobile communication devices over a wireless network. Each mobile device is a location-aware mobile communication device. The process determines the geographic location of a mobile communication device operated by a user within an area, displays a map representation of the area around the mobile communication device on a graphical user interface of the mobile communication device, and superimposes on the map the respective locations of one or more other trusted users of mobile communication devices coupled to the mobile communication device over the network. A comprehensive network manager process provides management functions to allow communication with mobile phone users outside of the service network and allows for efficient communication with groups of users within the service network.

Enables intelligent synchronization and transfer of generally concise event videos synchronized with motion data from motion capture sensor(s) coupled with a user or piece of equipment. Greatly saves storage and increases upload speed by uploading event videos and avoiding upload of non-pertinent portions of large videos. Provides intelligent selection of multiple videos from multiple cameras covering an event at a given time, for example selecting one with least shake. Enables near real-time alteration of camera parameters during an event determined by the motion capture sensor, and alteration of playback parameters and special effects for synchronized event videos. Creates highlight reels filtered by metrics and can sort by metric. Integrates with multiple sensors to save event data even if other sensors do not detect the event. Also enables analysis or comparison of movement associated with the same user, other user, historical user or group of users.

In one embodiment, the invention relates to an adaptive engine for creating provisioning policies and rules for network storage provisioning, which can be driven by service level objectives. The service level objectives can be defined for a given quality of service (“QoS”) for one or more users or user groups, file systems, databases, or applications, or classes of file systems, databases, or applications. In addition, the service level objectives can define the cost, availability, time to provision, recoverability, performance and accessibility objectives for the file system, database or application.

A method, system, and computer program product for selectively encrypting one or more elements of a document using style sheet processing. Disclosed is a policy-driven augmented style sheet processor (e.g. an Extensible Stylesheet Language, or “XSL”, processor) that creates a selectively-encrypted document (e.g. an Extensible Markup Language, or “XML”, document) carrying key-distribution material, such that by using an augmented document processor (e.g. an augmented XML processing engine), an agent can recover only the information elements for which it is authorized. The Document Type Definition (DTD) or schema associated with a document is modified, such that the DTD or schema specifies a reference to stored security policy to be applied to document elements. Each document element may specify a different security policy, such that the different elements of a single document can be encrypted differently (and, some elements may remain unencrypted). The key distribution material enables a document to be encrypted for decryption by an audience that is unknown at the time of document creation, and enables access to the distinct elements of a single encrypted document to be controlled for multiple users and/or groups of users. In this manner, group collaboration is improved by giving more people easier access to information for which they are authorized, while protecting sensitive data from unauthorized agents. A key recovery technique is also defined, whereby the entire document can be decrypted by an authorized agent regardless of how the different elements were originally encrypted and the access protections which were applied to those elements.

A communication system may include a serving base station and neighboring base stations. Each of the serving base station and the neighboring base stations may have a corresponding user group. Terminals belonging to a particular user group may feed back information associated with interference channels, and reasonably generate a precoding matrix. Through this, it is possible to perform an accurate interference alignment and to enhance a throughput. In this instance, terminals belonging to the other user groups may feed back information associated with a throughput, and a corresponding base station may perform the interference alignment using a user selection resulting in decreased overhead.

User names and user groups serve as the basis of a formal policy in a network. A passive monitor examines network traffic in near real time and indicates: which network traffic is flowing on the network as before; which users or user groups were logged into workstations initiating this network traffic; and which of this traffic conforms to the formal policy definition. In one embodiment of the invention, users and user groups are determined by querying Microsoft® Active Directory and Microsoft® Windows servers, to determine who is logged onto the Microsoft® network. Other sources of identity information are also possible. The identity information is then correlated with the network traffic, so that even traffic that does not bear on the Microsoft® networking scheme is still tagged with identity

A “trusted service” establishes a trust relationship with an identity provider and interacts with the identity provider over a trusted connection. The trusted service acquires a token from the identity provider for a given user (or set of users) without having to present the user's credentials. The trusted service then uses this token (e.g., directly, by invoking an API, by acquiring another token, or the like) to access and obtain a cloud service on a user's behalf even in the user's absence. This approach enables background services to perform operations within a hosted session (e.g., via OAuth-based APIs) without presenting user credentials or even having the user present.

A policy storage stores an access control policy as a set of setting information items to make resources (access destinations) shared by an adhoc group. When a part of the access control policy is edited, a policy analyzer updates a rule generated from the edited access control policy. At this time, the rule is updated with use of object knowledge having a data configuration capable of expressing a user as belonging to plural user groups. An access control list setting means updates a part of an access control list, based on the updated rule. Accordingly, an access control list can be generated with respect to a user group including a user who belongs to plural organizations, and the access control list can be updated efficiently.

The invention concerns a method for determining whether to grant access of a user equipment (UE) to a radio access network in a present position of the user equipment (UE) within a communications system. The communications system comprises a control node (N1, N2) handling services for the user equipment (UE) and an access node (AN1, AN2) controlling the access network. The method is initiated by receiving a request for service processing for the user equipment (UE) in the control node (N1, N2) with an identification of the user equipment (UE). A subscriber group information is determined for the user equipment (UE) according to the identification of the user equipment and sent to the access node (AN1, AN2). Furthermore, an area access information according to the present location of the user equipment (UE) is determined in the access node (AN1, AN2). The access granting of the user equipment (UE) to the radio access network is performed according to a logical combination of the subscriber group information and the area access information. A communication network, nodes and software programs embodying the invention are also described.

A method, system, and computer program product for selectively encrypting one or more elements of a document using style sheet processing. Disclosed is a policy-driven augmented style sheet processor (e.g. an Extensible Stylesheet Language, or “XSL”, processor) that creates a selectively-encrypted document (e.g. an Extensible Markup Language, or “XML”, document) carrying key-distribution material, such that by using an augmented document processor (e.g., an augmented XML processing engine), an agent can recover only the information elements for which it is authorized. The Document Type Definition (DTD) or schema associated with a document is modified, such that the DTD or schema specifies a reference to stored security policy to be applied to document elements. Each document element may specify a different security policy, such that the different elements of a single document can be encrypted differently (and, some elements may remain unencrypted). The key distribution material enables a document to be encrypted for decryption by an audience that is unknown at the time of document creation, and enables access to the distinct elements of a single encrypted document to be controlled for multiple users and/or groups of users. In this manner, group collaboration is improved by giving more people easier access to information for which they are authorized, while protecting sensitive data from unauthorized agents. A key recovery technique is also defined, whereby the entire document can be decrypted by an authorized agent regardless of how the different elements were originally encrypted and the access protections which were applied to those elements.

Targeted or other advertising may comprise one or more advertisements presented to multiple users in a virtual world environment such that participating users can interact with one another and/or with executed advertisements. Groups of users may be invited to participate in collaborative virtual world environments based on consumer contact lists or profiles establishing matching preferences for such groups. Synchronized data may be narrowcasted or broadcasted to invited users. Such data may define one or more virtual world environments as well as traditional and/or virtual world advertisements for execution in the shared environment(s). Advertisements may be selected based on one or more consumer preferences associated with one or more of the users participating in the shared virtual world environment.

The present invention is directed to a method and system for managing the inventory level of, and the distribution of, electronic media rental units, including but not limited to videogame discs, musical compact disks, or movie VCD/DVDs. More specifically, preferred embodiments of the present invention forecasts future rental and sales demand for a given electronic media, such as a videogame, prior to the release of that electronic media to the general public. The forecast is based on the pre-release demand of the electronic media in that the future rental and sales demand is estimated from the rental and sales demand of previously released electronic media having similar pre-release demand. Furthermore, the preferred embodiments of the present invention allows registered members of a rental user group to keep rented units of the electronic media for a purchase price, which is dynamically controlled to minimize rental shortage and maximize profits.

Method and apparatus for collecting and storing information about individuals in a social network. A member account is created by verifying a user's identity and collecting user identity data from the user. The user sends an invitation to one or more members or non-members. The one or more members or non-members can accept or decline the user's invitation. If the one or more non-members accept or decline, they must create a member account. The one or more members post paid comments or free comments about the user and one or more user weight values are calculated based on one or more of the following: a number of members in a user's group and their one or more user weight values, a total value of posted paid comments about the user and volume of posted comments about the user. The user can post a reply to the posted comment by the one or more members.