TREA

Context-based security screening for accessing data

Follow

Information

  • Patent Grant
  • 9811683
  • Patent Number
    9,811,683
  • Date Filed
    Friday, July 29, 2016
    8 years ago
  • Date Issued
    Tuesday, November 7, 2017
    7 years ago
Information
Abstract
A computer system securely accesses a specific data store. A non-contextual data object is associated with a context object to define a first synthetic context-based object. The non-contextual data object ambiguously describes multiple types of persons, and the context object provides a circumstantial context that identifies a specific type of person from the multiple types of persons. The first synthetic context-based object is associated with at least one specific data store in a data structure. A string of binary data that describes a requester of data, including a time window for receipt and security level of the requester, is received by the computer system for generating a new synthetic context-based object. If there is a match between the new synthetic context-based object, the first synthetic context-based object, and the security level of the requester, then the data is returned to the requester by the computer system.
Description
BACKGROUND

The present disclosure relates to the field of computers, and specifically to the use of databases in computers. Still more particularly, the present disclosure relates to security clearances needed to access data from a particular database.


A database is a collection of data. Examples of database types include relational databases, graph databases, network databases, and object-oriented databases. Each type of database presents data in a non-dynamic manner, in which the data is statically stored.


SUMMARY

In an embodiment of the present invention, a computer system includes: one or more processors; one or more computer readable memories; and one or more non-transitory computer readable storage mediums, where program instructions are stored on at least one of the one or more non-transitory storage mediums for execution by at least one of the one or more processors via at least one of the one or more computer readable memories to perform a method that includes, but is not limited to: associating a first non-contextual data object with a first context object to define a first synthetic context-based object, wherein the first non-contextual data object describes multiple types of persons, where the first context object provides a context that identifies a specific type of person from the multiple types of persons, and where the first context object further describes a location of a computer that is being used by a requester of data as being a public Wi-Fi hot spot that provides the computer with access to a network; associating the first synthetic context-based object with at least one specific data store in a data structure; receiving a string of binary data that describes a request, from the requester, for data from said at least one specific data store in the data structure; determining the context according to a physical location of a computer being used, by the requester, to send the request to a security module; generating a new synthetic context-based object for the requester; determining whether the new synthetic context-based object matches the first synthetic context-based object; in response to determining that the new synthetic context-based object matches the first synthetic context-based object, locating, via the first synthetic context-based object, the at least one specific data store; providing the requester access to said at least one specific data store; constructing a dimensionally constrained hierarchical synthetic context-based object library for multiple synthetic context-based objects, where synthetic context-based objects within a same dimension of the dimensionally constrained hierarchical synthetic context-based object library share data from a same non-contextual data object, and where synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library contain disparate data from different context objects; receiving the request for data from at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library; receiving a time window for receiving the data from said at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library, where the time window describes an amount of time that the requester of data is willing to wait for at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library; determining a security level of the requester based on the time window received from the requester, where a longer time window is indicative of a higher security level for the requester than a relatively shorter time window; matching, based on the time window for the requester, the security level of the requester to data from the at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library; and returning, to the requester, data from the at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library and that matches the security level of the requester.


In an embodiment of the present invention, a computer system includes one or more processors; one or more computer readable memories; and one or more non-transitory computer readable storage mediums, where program instructions are stored on at least one of the one or more non-transitory storage mediums for execution by at least one of the one or more processors via at least one of the one or more computer readable memories to perform a method that includes, but is not limited to: associating a first non-contextual data object with a first context object to define a first synthetic context-based object, where the first non-contextual data object relates to multiple subject-matters and describes multiple types of persons, where the first context object provides a context that identifies a specific type of person from the multiple types of persons, and where the first context object further describes a location of a computer that is being used by a requester of data as being a public Wi-Fi hot spot that provides the computer with access to a network; associating the first synthetic context-based object with at least one specific data store in a data structure; receiving a string of binary data that describes the requester of data from the at least one specific data store in the data structure; generating a new synthetic context-based object for the requester; determining whether the new synthetic context-based object matches the first synthetic context-based object; in response to determining that the new synthetic context-based object matches the first synthetic context-based object, locating, via the first synthetic context-based object, the at least one specific data store; providing the requester access to the at least one specific data store; constructing a dimensionally constrained hierarchical synthetic context-based object library for multiple synthetic context-based objects, where synthetic context-based objects within a same dimension of the dimensionally constrained hierarchical synthetic context-based object library share data from a same non-contextual data object, and where synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library contain disparate data from different context objects; receiving, from the requester, a request for at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library; receiving, from the requester, a time window for receiving the data from said at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library, where the time window describes an amount of time that the requester of data is willing to wait for at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library; determining a security level of the requester based on the time window received from the requester, where a longer time window is indicative of a higher security level for the requester than a relatively shorter time window; matching, based on the time window for the requester, the security level of the requester to data from the at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library; and returning, to the requester, data from said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library and that matches the security level of the requester.


In an embodiment of the present invention, a computer system includes one or more processors; one or more computer readable memories; and one or more non-transitory computer readable storage mediums, where program instructions are stored on at least one of the one or more non-transitory storage mediums for execution by at least one of the one or more processors via at least one of the one or more computer readable memories to perform a method that includes, but is not limited to: associating a first non-contextual data object with a first context object to define a first synthetic context-based object, where the first non-contextual data object describes multiple types of persons, and where the first context object provides a context that identifies a specific type of person from the multiple types of persons; associating the first synthetic context-based object with at least one specific data store in a data structure; receiving a string of binary data that describes a requester of data from the at least one specific data store in the data structure; determining the context according to a physical location of a computer being used, by the requester, to send the request to the security module; generating a new synthetic context-based object for the requester; determining whether the new synthetic context-based object matches the first synthetic context-based object; in response to determining that the new synthetic context-based object matches the first synthetic context-based object, locating, via the first synthetic context-based object, the at least one specific data store; providing the requester access to the at least one specific data store; constructing a dimensionally constrained hierarchical synthetic context-based object library for multiple synthetic context-based objects, where synthetic context-based objects within a same dimension of the dimensionally constrained hierarchical synthetic context-based object library share data from a same non-contextual data object, and where synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library contain disparate data from different context objects; receiving, from the requester, the request for data from at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library; and returning, to the requester, data from said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library.





BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 depicts an exemplary system and network in which the present disclosure may be implemented;



FIG. 2 illustrates a process for generating one or more synthetic context-based objects;



FIG. 3 illustrates an exemplary use case in which synthetic context-based objects are defined for the non-contextual data object data “good company” used to describe a company about which information is being requested;



FIG. 4 depicts an exemplary use case in which synthetic context-based objects are defined for the non-contextual data object “requester”, who is requesting information about a particular company, based on the requester's work context;



FIG. 5 illustrates an exemplary use case in which synthetic context-based objects are defined for the non-contextual data object “requester” based on a location of a computer being used by the requester;



FIG. 6 depicts an exemplary use case in which synthetic context-based objects are defined for the non-contextual data object “requester” based on the requester's professional certifications;



FIG. 7 illustrates an exemplary use case in which synthetic context-based objects are defined for the non-contextual data object “requester” based on a time constraint established by the requester;



FIG. 8 depicts an exemplary use case in which synthetic context-based objects are defined for the non-contextual data object “requester” based on the requester's employment status;



FIG. 9 illustrates an exemplary use case in which synthetic context-based objects are defined for the non-contextual data object “requester” based on the requester's amount of time working for an enterprise who manages requested data about a specific company;



FIG. 10 depicts an exemplary user interface for inputting user context information related to a data request;



FIG. 11 illustrates a process for associating one or more data stores with specific synthetic context-based objects that define a data requester;



FIG. 12 depicts a process for applying security protection to a particular data store through the use of a particular synthetic context-based object that describes a requester of data about “Company X”;



FIG. 13 depicts the process shown in FIG. 12 with an additional security layer of synthetic context-based objects that contextually describe “Company X”;



FIG. 14 illustrates a hierarchical synthetic context-based object database; and



FIG. 15 is a high-level flow chart of one or more steps performed by a computer processor to secure data stores through the use of synthetic context-based objects.





DETAILED DESCRIPTION

As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or computer program product. Accordingly, aspects of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system”. Furthermore, aspects of the present invention may take the form of a computer program product embodied in one or more computer readable medium(s) having computer readable program code embodied thereon.


Any combination of one or more computer readable medium(s) may be utilized. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium is any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.


A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.


Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including, but not limited to, wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.


Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++ or the like and conventional procedural programming languages, such as the “C” programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).


Aspects of the present invention are described below with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the present invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.


These computer program instructions may also be stored in a computer readable medium that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the computer readable medium produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.


The computer program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.


With reference now to the figures, and in particular to FIG. 1, there is depicted a block diagram of an exemplary system and network that may be utilized by and in the implementation of the present invention. Note that some or all of the exemplary architecture, including both depicted hardware and software, shown for and within computer 102 may be utilized by software deploying server 150, a data storage system 152, and/or a user computer 154.


Exemplary computer 102 includes a processor 104 that is coupled to a system bus 106. Processor 104 may utilize one or more processors, each of which has one or more processor cores. A video adapter 108, which drives/supports a display 110, is also coupled to system bus 106. System bus 106 is coupled via a bus bridge 112 to an input/output (I/O) bus 114. An I/O interface 116 is coupled to I/O bus 114. I/O interface 116 affords communication with various I/O devices, including a keyboard 118, a mouse 120, a media tray 122 (which may include storage devices such as CD-ROM drives, multi-media interfaces, etc.), a printer 124, and external USB port(s) 126. While the format of the ports connected to I/O interface 116 may be any known to those skilled in the art of computer architecture, in one embodiment some or all of these ports are universal serial bus (USB) ports.


As depicted, computer 102 is able to communicate with a software deploying server 150, using a network interface 130. Network interface 130 is a hardware network interface, such as a network interface card (NIC), etc. Network 128 may be an external network such as the Internet, or an internal network such as an Ethernet or a virtual private network (VPN).


A hard drive interface 132 is also coupled to system bus 106. Hard drive interface 132 interfaces with a hard drive 134. In one embodiment, hard drive 134 populates a system memory 136, which is also coupled to system bus 106. System memory is defined as a lowest level of volatile memory in computer 102. This volatile memory includes additional higher levels of volatile memory (not shown), including, but not limited to, cache memory, registers and buffers. Data that populates system memory 136 includes computer 102's operating system (OS) 138 and application programs 144.


OS 138 includes a shell 140, for providing transparent user access to resources such as application programs 144. Generally, shell 140 is a program that provides an interpreter and an interface between the user and the operating system. More specifically, shell 140 executes commands that are entered into a command line user interface or from a file. Thus, shell 140, also called a command processor, is generally the highest level of the operating system software hierarchy and serves as a command interpreter. The shell provides a system prompt, interprets commands entered by keyboard, mouse, or other user input media, and sends the interpreted command(s) to the appropriate lower levels of the operating system (e.g., a kernel 142) for processing. Note that while shell 140 is a text-based, line-oriented user interface, the present invention will equally well support other user interface modes, such as graphical, voice, gestural, etc.


As depicted, OS 138 also includes kernel 142, which includes lower levels of functionality for OS 138, including providing essential services required by other parts of OS 138 and application programs 144, including memory management, process and task management, disk management, and mouse and keyboard management.


Application programs 144 include a renderer, shown in exemplary manner as a browser 146. Browser 146 includes program modules and instructions enabling a world wide web (WWW) client (i.e., computer 102) to send and receive network messages to the Internet using hypertext transfer protocol (HTTP) messaging, thus enabling communication with software deploying server 150 and other computer systems.


Application programs 144 in computer 102's system memory (as well as software deploying server 150's system memory) also include a synthetic context-based object based security logic (SCBOBSL) 148. SCBOBSL 148 includes code for implementing the processes described below, including those described in FIGS. 2-15. In one embodiment, computer 102 is able to download SCBOBSL 148 from software deploying server 150, including in an on-demand basis, wherein the code in SCBOBSL 148 is not downloaded until needed for execution. Note further that, in one embodiment of the present invention, software deploying server 150 performs all of the functions associated with the present invention (including execution of SCBOBSL 148), thus freeing computer 102 from having to use its own internal computing resources to execute SCBOBSL 148.


The data storage system 152 stores an electronic data structure, which may be audio files, video files, website content, text files, etc. In one embodiment, computer 102 contains the synthetic context-based object database described herein, while data storage system 152 contains the non-contextual data object database, context object database, and data structure described herein. For example, in one embodiment, exemplary synthetic context-based object database 202 depicted in FIG. 2 is stored in a synthetic context-based object database storage system, which is part of the hard drive 134 and/or system memory 136 of computer 102 and/or data storage system 152; non-contextual data object database 206 depicted in FIG. 2 is stored in a non-contextual data object database storage system, which is part of the hard drive 134 and/or system memory 136 of computer 102 and/or data storage system 152; context object database 212 depicted in FIG. 2 is stored in a context object database storage system, which is part of the hard drive 134 and/or system memory 136 of computer 102 and/or data storage system 152; and data structure 1105 depicted in FIG. 11 is stored in a data structure storage system, which is part of data storage system 152 and/or the hard drive 134 and/or system memory 136 of computer 102.


Note that the hardware elements depicted in computer 102 are not intended to be exhaustive, but rather are representative to highlight essential components required by the present invention. For instance, computer 102 may include alternate memory storage devices such as magnetic cassettes, digital versatile disks (DVDs), Bernoulli cartridges, and the like. These and other variations are intended to be within the spirit and scope of the present invention.


Note that SCBOBSL 148 is able to generate and/or utilize some or all of the databases depicted in the context-based system referenced in FIGS. 2-15.


With reference now to FIG. 2, a process for generating one or more synthetic context-based objects in a system 200 is presented. Note that system 200 is a processing and storage logic found in computer 102 and/or data storage system 152 shown in FIG. 1, which process, support, and/or contain the databases, pointers, and objects depicted in FIG. 2.


Within system 200 is a synthetic context-based object database 202, which contains multiple synthetic context-based objects 204a-204n (thus indicating an “n” quantity of objects, where “n” is an integer). Each of the synthetic context-based objects 204a-204n is defined by at least one non-contextual data object and at least one context object. That is, at least one non-contextual data object is associated with at least one context object to define one or more of the synthetic context-based objects 204a-204n. The non-contextual data object ambiguously relates to multiple subject-matters, and the context object provides a context that identifies a specific subject-matter, from the multiple subject-matters, of the non-contextual data object.


Note that the non-contextual data objects contain data that have no meaning in and of themselves, and therefore ambiguously describe multiple subject-matters. That is, the data in the context objects are not merely attributes or descriptors of the data/objects described by the non-contextual data objects. Rather, the context objects provide additional information about the non-contextual data objects in order to give these non-contextual data objects meaning. Thus, the context objects do not merely describe something, but rather they define what something is. Without the context objects, the non-contextual data objects contain data that is meaningless; with the context objects, the non-contextual data objects become meaningful.


For example, assume that a non-contextual data object database 206 includes multiple non-contextual data objects 208r-208t (thus indicating a “t” quantity of objects, where “t” is an integer). However, data within each of these non-contextual data objects 208r-208t by itself is ambiguous, since it has no context. That is, the data within each of the non-contextual data objects 208r-208t is data that, standing alone, has no meaning, and thus is ambiguous with regards to its subject-matter. In order to give the data within each of the non-contextual data objects 208r-208t meaning, they are given context, which is provided by data contained within one or more of the context objects 210x-210z (thus indicating a “z” quantity of objects, where “z” is an integer) stored within a context object database 212. For example, if a pointer 214a points the non-contextual data object 208r to the synthetic context-based object 204a, while a pointer 216a points the context object 210x to the synthetic context-based object 204a, thus associating the non-contextual data object 208r and the context object 210x with the synthetic context-based object 204a (e.g., storing or otherwise associating the data within the non-contextual data object 208r and the context object 210x in the synthetic context-based object 204a), the data within the non-contextual data object 208r now has been given unambiguous meaning by the data within the context object 210x. This contextual meaning is thus stored within (or otherwise associated with) the synthetic context-based object 204a.


Similarly, if a pointer 214b associates data within the non-contextual data object 208s with the synthetic context-based object 204b, while the pointer 216c associates data within the context object 210z with the synthetic context-based object 204b, then the data within the non-contextual data object 208s is now given meaning by the data in the context object 210z. This contextual meaning is thus stored within (or otherwise associated with) the synthetic context-based object 204b.


Note that more than one context object can give meaning to a particular non-contextual data object. For example, both context object 210x and context object 210y can point to the synthetic context-based object 204a, thus providing compound context meaning to the non-contextual data object 208r shown in FIG. 2. This compound context meaning provides various layers of context to the data in the non-contextual data object 208r.


Note also that while the pointers 214a-214b and 216a-216c are logically shown pointing toward one or more of the synthetic context-based objects 204a-204n, in one embodiment the synthetic context-based objects 204a-204n actually point to the non-contextual data objects 208r-208t and the context objects 210x-210z. That is, in one embodiment the synthetic context-based objects 204a-204n locate the non-contextual data objects 208r-208t and the context objects 210x-210z through the use of the pointers 214a-214b and 216a-216c.


Note that the data within the non-contextual data objects described herein are so ambiguous that they are essentially meaningless. For example, consider the exemplary case depicted in FIG. 3, where data from the non-contextual data object 308r is simply the term “good company”. Standing alone, “good company” is meaningless, since it is vague and ambiguous what the descriptor “good” means and/or what aspect (i.e., component, function, etc.) of “company” is being described by “good”. As depicted, data (i.e., “good” and/or “company”) from the non-contextual data object 308r is associated with (e.g., stored in or associated by a look-up table, etc.) a synthetic context-based object 304a, which is devoted to the subject-matter “good employer”. This data (“good company”) from non-contextual data object 308r is also associated with a synthetic context-based object 304b, which is devoted to the subject-matter “good customer” and a synthetic context-based object 304n, which is devoted to the subject-matter “technology leader”. In order to give contextual meaning to the term “good company” in the context of describing Company X as a “good employer”, context object 310x, which contains the context data “job benefits” is also associated with (e.g., stored in or associated by a look-up table, etc.) the synthetic context-based object 304a. Similarly, associated with the synthetic context-based object 304b is a context object 310y, which provides the context data from “financial reports” to the term “good company” provided by the non-contextual data object 308r. Thus, the synthetic context-based object 304b now defines the term “good company” according to data (from context object 310y) from “financial reports” about Company X, thus describing whether Company X is a “good customer” (i.e., is able to pay their bills). Similarly, associated with the synthetic context-based object 304n is a context object 310z, which provides the context data from “Intellectual Property (IP) data” (i.e., a database of patents owned by Company X) to the term “good company” provided by the non-contextual data object 308r. Thus, the synthetic context-based object 304n now defines the term “technology leader” according to data (from context object 310z) from “IP data” about Company X, thus describing whether Company X is a “technology leader” (i.e., owns a substantial IP portfolio of innovations).


As described above, synthetic context-based objects can be used to provide context to a query itself (i.e., “Is Company X a good company”). In one embodiment of the present invention, however, synthetic context-based objects are used to provide a context of the person making the request/query. As described herein, the context of the person making the request is then used as a security screening feature. That is, the context of the person making the request determines if that particular person is authorized to access specific data. Examples of different contexts that are used to define the context of the data requester are presented in FIGS. 4-9.


With reference now to FIG. 4, assume that a requester is simply identified in a non-contextual data object 408r, found in a non-contextual data object database 406, as “requester”. The term “requester” is meaningless, since there is no context as to who the requester is, what the requester's activities are, where the requester is located, how much of a rush the requester is in, how experienced the requester is, etc. That is, there is no context provided to describe the environment, circumstances, and/or other information about the requester.


The system 400 is a processing and storage logic found in computer 102 and/or data storage system 152 shown in FIG. 1, which process, support, and/or contain the databases, pointers, and objects depicted in FIG. 4 that are used to create a synthetic context-based object to describe a particular type of data requester. Thus, in the example shown in FIG. 4, data from context object 410x (“job applicant screening”) from context object database 412 describes what type of job/project a requester (identified by non-contextual data object 408r) is working on at the time data about a particular subject (e.g., “Company X”) is being requested. The context from context object 410x, when applied to the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 404a in a synthetic context-based object database 402. As depicted, synthetic context-based object 404a provides a contextual descriptor of the requester as working in human resources (HR) activities, based on the circumstance of the requester (described in non-contextual data object 408r) performing the task of screening job applicants (described in context object 410x) at the time that the request for information about Company X is made. Similarly, data from context object 410y describes the job/project that the requester is performing as being a “sales call.” The context from context object 410y, when applied to the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 404b, which provides a contextual descriptor of the requester as working on sales activities, based on the circumstance that the requester is performing the task of making a sales call (described in context object 410y) at the time that the request for information about Company X is made. Similarly, data from context object 410z describes the job/project that the requester is performing as working on a “research project.” The context from context object 410z, when applied to the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 404n, which provides a contextual descriptor of the requester as currently working on research activities, based on the circumstance that the requester is performing the task of working on a research project (described in context object 410z) at the time that the request for information about Company X is made. Note that the synthetic context-based objects 404a-n do not define a role/title of the requester. Rather, the synthetic context-based objects 404a-n define the activity of the requester at the time of the request for information about Company X.


With reference now to FIG. 5, a system 500 (which is a processing and storage logic found in computer 102 and/or data storage system 152 shown in FIG. 1), processes, supports, and/or contains the databases, pointers, and objects depicted in FIG. 5 for creating another synthetic context that describes a data requester. In the example shown in FIG. 5, data from context object 510x (“desk”) from context object database 512 describes where a computer that is being used by a data requester (identified by non-contextual data object 408r) is located. The context from context object 510x, when applied to the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 504a in a synthetic context-based object database 502. As depicted, synthetic context-based object 504a provides a contextual descriptor of the requester as a person who is working from a secure location, based on the circumstance that the requester (described in non-contextual data object 408r) and the location described in context object 510x (i.e., the data requester is working from his own desk, which has been previously determined to be a secure location) at the time that the request for information about Company X is made. Similarly, data from context object 510y describes the location from which the request is being made as the customer's site. The context from context object 510y, when applied to the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 504b, which provides a contextual descriptor of the requester as working from a restricted location, based on the circumstance that the requester is performing the task of making the request from the customer's site (described in context object 510y). Similarly, data from context object 510z describes the location of the requester when making the data request as being at a public Wi-Fi hot spot. The context from context object 510z, when applied to the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 504n, which provides a contextual descriptor of the requester as making the data request from an unsecure location.


With reference now to FIG. 6, a system 600 (which is a processing and storage logic found in computer 102 and/or data storage system 152 shown in FIG. 1), processes, supports, and/or contains the databases, pointers, and objects depicted in FIG. 6 for creating another synthetic context that describes a data requester. In the example shown in FIG. 6, data from context object 610x (“HR certification”) from context object database 612 describes the requester as having a specific type of “HR certification. The context from context object 610x, when applied to the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 604a in a synthetic context-based object database 602. As depicted, synthetic context-based object 604a provides a contextual descriptor of the requester as a person who is working on HR activities, based on the HR certification that the requester (described in non-contextual data object 408r) holds. Similarly, data from context object 610y describes the requester as holding a law license. The context from context object 610y, when applied to the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 604b, which provides a contextual descriptor of the requester as working on contract negotiations, which have been predetermined to require the requester to hold a law license. Similarly, data from context object 610z describes the requester as holding an advanced engineering degree, which when combined with the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 604n, which provides a contextual descriptor of the requester currently working on research collaboration. Note that the synthetic context-based objects 604a-604n do not define a role/title of the requester. Rather, the synthetic context-based objects 604a-604n define the activity of the requester at the time of the request for information about Company X.


With reference now to FIG. 7, a system 700 (which is a processing and storage logic found in computer 102 and/or data storage system 152 shown in FIG. 1), processes, supports, and/or contains the databases, pointers, and objects depicted in FIG. 7 for creating another synthetic context that describes a data requester. In the example shown in FIG. 7, data from context object 710x (“5 minutes”) from context object database 712 describes the requester as requiring that the requested data be returned within 5 minutes. The context from context object 710x, when applied to the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 704a in a synthetic context-based object database 702. As depicted, synthetic context-based object 704a provides a contextual descriptor of the requester as a person who can only have access to data that is protected by a low level of security, since there is not enough time to traverse through all of the screening steps needed to access high-security data. Similarly, data from context object 710y describes the requester as needing the requested data within “1 hour.” The context from context object 710y, when applied to the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 704b, which provides a contextual descriptor of the requester as being a person who can access data that is protected by medium security, which has more security protection (e.g., has a higher level of encryption, requires additional passwords, etc.) than the low security data associated with synthetic context-based object 704a. That is, by being willing to wait 1 hour instead of 5 minutes, the requester associated with the synthetic context-based object is indicating that he has enough time to pass through these additional security protection steps/levels. Similarly, data from context object 710z describes the requester as needing the requested data within “1 week.” The context from context object 710z, when applied to the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 704n, which provides a contextual descriptor of the requester as being a person who can access data that is protected by high security, which has more security protection (e.g., has a higher level of encryption, requires additional passwords, etc.) than the medium security data associated with synthetic context-based object 704b.


With reference now to FIG. 8, a system 800 (which is a processing and storage logic found in computer 102 and/or data storage system 152 shown in FIG. 1), processes, supports, and/or contains the databases, pointers, and objects depicted in FIG. 8 for creating another synthetic context that describes a data requester. In the example shown in FIG. 8, data from context object 810x (“full time employee”) from context object database 812 describes the requester as a full-time employee of the enterprise that owns and/or manages and/or maintains the database that contains data being requested by the requester. The context from context object 810x, when applied to the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 804a in a synthetic context-based object database 802. As depicted, synthetic context-based object 804a provides a contextual descriptor of the requester as a person who can have access to data that is protected by a high level of security, since the person is a full time employee of the enterprise that owns the data, and thus is deemed to be a low security risk. Similarly, data from context object 810y describes the requester as being a contract employee of the enterprise that owns the data. The context from context object 810y, when applied to the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 804b, which provides a contextual descriptor of the requester as being a person who can access data that is protected by medium security, which has less security protection (e.g., has a lower level of encryption, requires fewer passwords, etc.) than the high security data that can be accessed by requesters that are associated with synthetic context-based object 804a. That is, contract employees have been deemed to be less trustworthy than full time employees of the enterprise that owns the data, and thus such employees are only allowed to access data that is protected by less security than that data that is protected by the high security associated with synthetic context-based object 804a. Similarly, data from context object 810z describes the requester as being a non-employee of the enterprise that owns the requested data. The context from context object 810z, when applied to the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 804n, which provides a contextual descriptor of the requester as being a person who can access only data that is protected by a low level of security, which has even less security protection (e.g., has an even lower level of encryption, requires even fewer passwords, etc.) than the medium security data associated with synthetic context-based object 804b.


With reference now to FIG. 9, a system 900 (which is a processing and storage logic found in computer 102 and/or data storage system 152 shown in FIG. 1), processes, supports, and/or contains the databases, pointers, and objects depicted in FIG. 9 for creating another synthetic context that describes a data requester. In the example shown in FIG. 9, data from context object 910x (“employee for less than 1 month”) from context object database 912 describes the requester as a person who has been an employee, for less than one month, of the enterprise that owns and/or manages and/or maintains the database that contains data being requested by the requester. The context from context object 910x, when applied to the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 904a in a synthetic context-based object database 902. As depicted, synthetic context-based object 904a provides a contextual descriptor of the requester as a person who can only have access to data that is relatively insensitive, and thus is protected by a low level of security, since the new employee of the enterprise is deemed to be a high security risk. Similarly, data from context object 910y describes the requester as being an employee of the enterprise for more than a month, but less than a year. The context from context object 910y, when applied to the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 904b, which provides a contextual descriptor of the requester as being a person who can access data that is protected by medium security, which has more security protection (e.g., has a higher level of encryption, requires more passwords, etc.) than the low security data that can be accessed by requesters that are associated with synthetic context-based object 904a. That is, employees with 1-12 months' work experience with the enterprise have been deemed to be more trustworthy than employees with less than one month with the enterprise, and thus such employees are allowed to access data that is protected by more security than that data that is protected by the low security associated with synthetic context-based object 904a. Similarly, data from context object 910z describes the requester as being an employee of the enterprise for more than a year. The context from context object 910z, when applied to the term “requester” from non-contextual data object 408r, defines a synthetic context-based object 904n, which provides a contextual descriptor of the requester as being a person who can access data that is protected by a high level of security, which has even more security protection (e.g., has an even higher level of encryption, requires even more passwords, etc.) than the medium security data associated with synthetic context-based object 904b.


Referring now to FIG. 10, an exemplary user interface 1000 for allowing the data requester to enter information that is used to create the context objects described above is presented. A data search program 1002 allows the user to enter a query in a block 1004 in a pane 1006. In the example shown, the query asks in active section 1008 about a “Company X”. More specifically, the query asks in active section 1010 if Company X is a “good” company. Standing alone, this query is so ambiguous that it is meaningless. That is, what is meant by “good”? However, by associating this query to one of particular synthetic context-based objects described above in FIG. 3, an appropriate data store to answer the query can be located. The particular context object 310x can be defined from an entry in box 1011. For example, if the requester indicates that he is interested in job benefits of Company X, then context object 310x shown in FIG. 3 is associated with non-contextual data object 308r to create the synthetic context-based object 304a.


In the present invention, information can also be received from (i.e., derived from) entries in blocks 1012, 1014, 1016, 1018, 1020, and 1022. These entries relate respectively to the context objects depicted and described above in FIGS. 4-9. For example, if the data requester clicks option 1013 within block 1012, indicating that he is currently working on a sales call project, then context object 410y in FIG. 4 is associated with the non-contextual data object 408r, thus generating the synthetic context-based object 404b for association with that data requester.


Once the synthetic context-based objects are defined, they can be linked to data stores. A data store is defined as a data repository of a set of integrated data, such as text files, video files, webpages, etc. With reference now to FIG. 11, a process for associating one or more data stores with specific synthetic context-based objects in a system 1100 is presented. Note that system 1100 is a processing and storage logic found in computer 102 and/or data storage system 152 shown in FIG. 1, which process, support, and/or contain the databases, pointers, and objects depicted in FIG. 11. The data structure 1105 is a database of multiple data stores 1102m-1102p (thus indicating a “p” number of data stores, where “p” is an integer), which may be text documents, hierarchical files, tuples, object oriented database stores, spreadsheet cells, uniform resource locators (URLs), etc.


That is, in one embodiment, the data structure 1105 is a database of text documents (represented by one or more of the data stores 1102m-1102p), such as journal articles, webpage articles, electronically-stored business/medical/operational notes, etc.


In one embodiment, the data structure 1105 is a database of text, audio, video, multimedia, etc. files (represented by one or more of the data stores 1102m-1102p) that are stored in a hierarchical manner, such as in a tree diagram, a lightweight directory access protocol (LDAP) folder, etc.


In one embodiment, the data structure 1105 is a relational database, which is a collection of data items organized through a set of formally described tables. A table is made up of one or more rows, known as “tuples”. Each of the tuples (represented by one or more of the data stores 1102m-1102p) share common attributes, which in the table are described by column headings. Each tuple also includes a key, which may be a primary key or a foreign key. A primary key is an identifier (e.g., a letter, number, symbol, etc.) that is stored in a first data cell of a local tuple. A foreign key is typically identical to the primary key, except that it is stored in a first data cell of a remote tuple, thus allowing the local tuple to be logically linked to the foreign tuple.


In one embodiment, the data structure 1105 is an object oriented database, which stores objects (represented by one or more of the data stores 1102m-1102p). As understood by those skilled in the art of computer software, an object contains both attributes, which are data (i.e., integers, strings, real numbers, references to another object, etc.), as well as methods, which are similar to procedures/functions, and which define the behavior of the object. Thus, the object oriented database contains both executable code and data.


In one embodiment, the data structure 1105 is a spreadsheet, which is made up of rows and columns of cells (represented by one or more of the data stores 1102m-1102p). Each cell (represented by one or more of the data stores 1102m-1102p) contains numeric or text data, or a formula to calculate a value based on the content of one or more of the other cells in the spreadsheet.


In one embodiment, the data structure 1105 is a collection of universal resource locators (URLs) for identifying a webpage, in which each URL (or a collection of URLs) is represented by one or more of the data stores 1102m-1102p.


The described types of data stores are exemplary, and are not to be construed as limiting what types of data stores are found within data structure 1105.


Note that the data structure 1105 is homogenous in one embodiment, while data structure 1105 is heterogeneous in another embodiment. For example, assume in a first example that data structure 1105 is a relational database, and all of the data stores 1102m-1102p are tuples. In this first example, data structure 1105 is homogenous, since all of the data stores 1102m-1102p are of the same type. However, assume in a second example that data store 1102m is a text document, data store 1102n is a financial spreadsheet, data store 1102p is a tuple from a relational database, etc. In this second example, data structure 1105 is a heterogeneous data structure, since it contains data stores that are of different formats.



FIG. 11 thus represents various data stores being “laid over” one or more of the synthetic context-based objects 1104a-1104n. That is, one or more of the data stores 1102m-1102p is mapped to a particular synthetic context-based object from the synthetic context-based objects 1104a-1104n, in order to facilitate exploring/searching the data structure 1105. For example, a pointer 1106 (e.g., an identifier located within both synthetic context-based object 1104a and data store 1102m) points the synthetic context-based object 1104a to the data store 1102m, based on the fact that the data store 1102m contains data (“requester”) found in the non-contextual data object 408r as well as data (“job applicant screening”) in the context object 410x, which together gave the subject-matter meaning to the synthetic context-based object 1104a as described above. Similarly, pointer 1108 points the synthetic context-based object 1104b to the data store 1102n, since synthetic context based object 1104b and data store 1102n both contain data from the non-contextual data object 408r as well as the context object 410y. Similarly, pointer 1110 points the synthetic context-based object 1104n to the data store 1102p, since synthetic context based object 1104n and data store 1102p both contain data from the non-contextual data object 408r as well as the context object 410z.


With reference now to FIG. 12, a process for applying security protection to a particular data store through the use of a particular synthetic context-based object that describes a requester of data about a particular subject is presented. A requester of data uses a requesting computer 1202 to send a data request 1204 to a security module 1206. In one embodiment, the requesting computer 1202 is the user computer 154 shown in FIG. 1, security module 1206 is computer 102 (e.g., in one embodiment, SCBOBSL 148 described in FIG. 1), synthetic context-based object database 1102 is stored in computer 102, and data structure 1105 is stored in data storage system 152.


When the security module 1206 receives the data request 1204 from the requesting computer 1202, the data request 1204 includes 1) the context of the data is being requested and 2) the context of the data requester. The context of the data being requested is provided by a synthetic context-based object such as synthetic context-based objects 304a-304n described in FIG. 3. The context of the data requester is provided by a synthetic context-based object such as synthetic context-based objects 404a-n described in FIG. 4. In one embodiment, the security module 1206 derives both types of synthetic context-based objects based on data entered in a user interface such as that described in FIG. 10. The security module 1206 then uses an appropriate pointer 1208a-1208c to point to the synthetic context-based object (from synthetic context-based objects 1104a-1104n) that matches the synthetic context-based object (e.g., synthetic context based object 404a) that describes the circumstantial context of the data requester. That is, if the security module 1206, using data received from user interface 1000 in FIG. 10, determines that the circumstantial context of the data requester is that of human resources activities (i.e., the security module 1206 creates/derives the synthetic context-based object 404a shown in FIG. 4), then the security module 1206 will use pointer 1208a to point to a matching synthetic context-based object 1104a (which has been preconfigured and stored within the synthetic context-based object database 1102). The synthetic context-based object 1104a then uses pointer 1210a, from pointers 1210a-1210c, to point the request to data store 1102m, which, based on the matching of the just-derived synthetic context-based object to synthetic context-based object 1104a, is now deemed to be available to the data requester (i.e., the data requester is now authorized to access data from data store 1102m).


As described in FIG. 13, an additional layer of context is provided in one embodiment by interposing two synthetic context-based object databases between the security module and the data structure. As in FIG. 12, a security module 1306 receives a data request 1304 from a requesting computer 1202. In this embodiment, the security module 1306 uses one of the pointers 1308a-1308c to point to one of the synthetic context-based objects 1304a-1304n found in the first synthetic context-based object database 1302, which describe the context of the data requester, and (one of which) match the synthetic context-based object that has just been derived by the security module 1306 for the data requester. However, in this embodiment, rather than pointing directly to the appropriate data store from the synthetic context-based object that matches that of the data requester (i.e., one of synthetic context-based objects 1304a-1304n), a pointer selected from pointers 1314a-1314c points to one of the synthetic context-based objects 304a-304n, which are found in the second synthetic context-based object database 1312, and which provide context to the data request itself. That is, the synthetic context-based objects 1304a-1304n provide context to the data requester, while the synthetic context-based objects 304a-304n provide context to the request itself. These two types of synthetic context-based objects are linked by sharing a descriptor, such as descriptor 1322 (for “HR” activities), descriptor 1324 (for “sales” activities), or descriptor 1326 (for “research” activities). One of the synthetic context-based objects 304a-304n then points to the appropriate data store from data stores 1102m-1102p.


With reference then to FIG. 14, a process for applying security protection to one or more data stores through the use of a hierarchical synthetic context-based object library is presented. The requesting computer 1202 sends a query request 1204 to the security module 1206, as described above in FIGS. 12-13. The security module 1206/1306 then points to a vertical library 1404 in a system 1402, as depicted in FIG. 14. This allows pointers from the security module 1206/1306 to access all data stores that are pointed to by synthetic context-based objects 1406, 1408, and 1410. However, if security module 1206/1306 points (i.e., directs the query request) to only synthetic context-based object 1408, then only data stores that are associated with synthetic context-based objects 1408, 1412 and 1414 are accessed for the user. Furthermore, if security module 1206/1306 points (i.e., directs the query request) to only synthetic context-based object 1410, then only data stores that are associated with synthetic context-based object 1410 are accessed for the user.


With reference now to FIG. 15, a high-level flow chart of one or more steps performed by a computer processor to secure data stores through the use of synthetic context-based objects is presented. After initiator block 1502, a non-contextual data object is associated with a context object to define a synthetic context-based object (block 1504). As described herein, the non-contextual data object either ambiguously relates to multiple subject-matters, or it describes a data requester without providing any context to the data request. Standing alone, it is unclear as to which of these multiple-subject matters the data in the non-contextual data object is directed, and it is also unclear as to which data, if any, the data requester is authorized to access. However, as described herein, associating a first non-contextual data object with a first context object to define a first synthetic context-based object, where the first non-contextual data object ambiguously describes multiple types of persons, and where the first context object provides a circumstantial context, allows for the identification of a specific type of person from the multiple types of persons.


As described in block 1506, the synthetic context-based object is associated with at least one specific data store. This at least one specific data store contains data that is associated with data contained in the non-contextual data object and the context object. That is, the data in the data store may be identical to that found in the non-contextual data object and the context object; it may be synonymous to that found in the non-contextual data object and the context object; and/or it may simply be deemed related by virtue of a lookup table that has been previously created.


As described in block 1508, a request for data is received from a requester. This request includes both the type of data needed, as well as information describing the current circumstances of the data requester (e.g., using data entered in UI 1000 described above). As described herein, the circumstantial context of the data requester may be a current activity of the requester (and NOT a role of the data requester); a physical location of a computer being used, by the requester, to send the request to a security module that received the data request; a professional certification possessed by the requester; a time window within which data from said at least one specific data store must be returned to the requester; a length of time that the requester has been an employee of the enterprise that owns the data; whether the requester is a full time employee of the enterprise, a contract employee of the enterprise, or a non-employee of the enterprise; etc. In one embodiment, the circumstantial context of the requester is determined by data mining a database that describes current interests of the requester. In one embodiment, the circumstantial context of the requester is determined by data mining a database that describes an educational background of the requester.


In one embodiment, the terms in the data stores are identified by data mining a data structure in order to locate the data from the non-contextual data object and the context object in one or more data stores. Thus, this data mining locates at least one specific data store that contains data contained in the non-contextual data object and the context object.


In one embodiment, the data store is a text document. In this embodiment, the data mining entails searching the text document for text data that is part of the synthetic context-based object, and then associating the text document that contains this text data with the synthetic context-based object.


In one embodiment, the data store is a video file. In this embodiment, the data mining entails searching metadata associated with the video file for text data that is part of the synthetic context-based object, and then associating the video file having this metadata with the synthetic context-based object.


In one embodiment, the data store is a web page. In this embodiment, the data mining entails searching the web page for text data that is part of the synthetic context-based object, and then associating the web page that contains this text data with the synthetic context-based object.


Note that in one embodiment, the specific subject-matter for a particular data store in the data structure is exclusive to only that particular data store. That is, only one data store is mapped to a particular synthetic context-based object, such that there is a one-to-one relationship between each synthetic context-based object and each data store. Note further that in another embodiment, the specific subject-matter for a particular data store in the data structure overlaps at least one other data store. That is, multiple data stores are mapped to a particular synthetic context-based object, such that there is a one-to-many relationship between a particular synthetic context-based object and multiple data stores.


As described herein, the synthetic context-based object used to point to one or more data stores may be from a dimensionally constrained hierarchical synthetic context-based object library (e.g., vertical library 1404 in FIG. 14), which has been constructed for multiple synthetic context-based objects. As described herein, synthetic context-based objects within a same dimension of the dimensionally constrained hierarchical synthetic context-based object library share data from a same non-contextual data object, and synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library contain disparate data from different context objects.


As depicted in block 1510, a determination is then made (e.g., by security module 706) as to whether the context of a person requesting the data matches the synthetic context-based object that have been previously matched to a particular data store. That is, in one embodiment the security module will generate a user-based synthetic context-based object for the requester. This user-based synthetic context-based object is then compared to a previously generated synthetic context-based object that describes a context/circumstances of a requester when making the data request. If the two synthetic context-based objects to not match (query block 1512), then that data requester is blocked from accessing the data stores (block 1514). However, if the synthetic context-based objects match, then the appropriate specific data store is located (block 1516), and its data is provided to the requester (block 1518). The process ends at terminator block 1520.


Note that the security systems described herein using synthetic context-based objects to describe a data requester may be used in addition to, or in conjunction with, a pre-existing security system, which may be based on firewalls, passwords, roles, titles, etc. Again, note that the synthetic context-based objects for the data requesters, as described herein, ignore and do not use such firewalls, passwords, roles, titles, etc. That is, in one embodiment, security is provided by just the synthetic context-based objects described herein for the data requester, while in another embodiment security is provided by a combination of the synthetic context-based objects along with another security system.


The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.


The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the present invention. As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms “comprises” and/or “comprising,” when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.


The corresponding structures, materials, acts, and equivalents of all means or step plus function elements in the claims below are intended to include any structure, material, or act for performing the function in combination with other claimed elements as specifically claimed. The description of various embodiments of the present invention has been presented for purposes of illustration and description, but is not intended to be exhaustive or limited to the present invention in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the present invention. The embodiment was chosen and described in order to best explain the principles of the present invention and the practical application, and to enable others of ordinary skill in the art to understand the present invention for various embodiments with various modifications as are suited to the particular use contemplated.


Note further that any methods described in the present disclosure may be implemented through the use of a VHDL (VHSIC Hardware Description Language) program and a VHDL chip. VHDL is an exemplary design-entry language for Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), and other similar electronic devices. Thus, any software-implemented method described herein may be emulated by a hardware-based VHDL program, which is then applied to a VHDL chip, such as a FPGA.


Having thus described embodiments of the present invention of the present application in detail and by reference to illustrative embodiments thereof, it will be apparent that modifications and variations are possible without departing from the scope of the present invention defined in the appended claims.

Claims
  • 1. A computer system comprising: one or more processors;one or more computer readable memories; andone or more non-transitory computer readable storage mediums, wherein program instructions are stored on at least one of the one or more non-transitory storage mediums for execution by at least one of the one or more processors via at least one of the one or more computer readable memories to perform a method comprising:associating a first non-contextual data object with a first context object to define a first synthetic context-based object, wherein the first non-contextual data object describes multiple types of persons, wherein the first context object provides a context that identifies a specific type of person from the multiple types of persons, and wherein the first context object further describes a location of a computer that is being used by a requester of data as being a public Wi-Fi hot spot that provides the computer with access to a network;associating the first synthetic context-based object with at least one specific data store in a data structure;receiving a string of binary data that describes a request, from the requester, for data from said at least one specific data store in the data structure;determining the context according to the physical location of the computer being used, by the requester, to send the request to a security module;generating a new synthetic context-based object for the requester;determining whether the new synthetic context-based object matches the first synthetic context-based object;in response to determining that the new synthetic context-based object matches the first synthetic context-based object, locating, via the first synthetic context-based object, said at least one specific data store;providing the requester access to said at least one specific data store;constructing a dimensionally constrained hierarchical synthetic context-based object library for multiple synthetic context-based objects, wherein synthetic context-based objects within a same dimension of the dimensionally constrained hierarchical synthetic context-based object library share data from a same non-contextual data object, and wherein synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library contain disparate data from different context objects;receiving the request for data from at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library;receiving a time window for receiving the data from said at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library, wherein the time window describes an amount of time that the requester of data is willing to wait for at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library;determining a security level of the requester based on the time window received from the requester, wherein a first time window that the requester to willing to wait for the at least one data store is longer than a second time window that the requester is willing to wait for the at least one data store, and wherein the first time window is indicative of a higher security level for the requester than the second time window;matching, based on the time window for the requester, the security level of the requester to data from said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library; andreturning, to the requester, data from said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library and that matches the security level of the requester.
  • 2. The computer system of claim 1, wherein the method further comprises: blocking the requester from accessing data stores other than said at least one specific data store in the data structure.
  • 3. The computer system of claim 1, wherein the method further comprises: further determining the context according to a current activity of the requester, wherein the current activity is not based on a role or title of the requester.
  • 4. The computer system of claim 1, wherein the method further comprises: further determining the context according to a professional certification possessed by the requester.
  • 5. The computer system of claim 1, wherein said at least one specific data store is owned by an enterprise, and wherein the requester is an employee of the enterprise, and wherein the method further comprises: further determining the context according to a length of time that the requester has been an employee of the enterprise.
  • 6. The computer system of claim 1, wherein said at least one specific data store is owned by an enterprise, and wherein the method further comprises: further determining the context according to whether the requester is a full time employee of the enterprise, a contract employee of the enterprise, or a non-employee of the enterprise.
  • 7. The computer system of claim 1, wherein the method further comprises: further determining the context of the requester by data mining a database that describes current interests of the requester.
  • 8. The computer system of claim 1, wherein the method further comprises: further determining the context of the requester by data mining a database that describes an educational background of the requester.
  • 9. The computer system of claim 1, wherein the method further comprises: associating a second non-contextual data object with a second context object to define a second synthetic context-based object, wherein the second non-contextual data object relates to multiple subject-matters, and wherein the second context object provides a context that identifies a specific subject-matter, from the multiple subject-matters, of the second non-contextual data object;associating the second synthetic context-based object with said at least one specific data store in the data structure;associating the second synthetic context-based object with the first synthetic context-based object; andaccessing said at least one specific data store by accessing the second synthetic context-based object via the first synthetic context-based object.
  • 10. The computer system of claim 9, wherein said at least one specific data store is a text document, and wherein the method further comprises: searching the text document for text data that is part of the second synthetic context-based object; andassociating the text document that contains said text data with the second synthetic context-based object.
  • 11. The computer system of claim 9, wherein said at least one specific data store is a video file, and wherein the method further comprises: searching metadata associated with the video file for text data that is part of the second synthetic context-based object; andassociating the video file having said metadata with the second synthetic context-based object.
  • 12. The computer system of claim 9, wherein said at least one specific data store is a web page, and wherein the method further comprises: searching the web page for text data that is part of the second synthetic context-based object; andassociating the web page that contains said text data with the second synthetic context-based object.
  • 13. A computer system comprising: one or more processors;one or more computer readable memories; andone or more non-transitory computer readable storage mediums, wherein program instructions are stored on at least one of the one or more non-transitory storage mediums for execution by at least one of the one or more processors via at least one of the one or more computer readable memories to perform a method comprising:associating a first non-contextual data object with a first context object to define a first synthetic context-based object, wherein the first non-contextual data object relates to multiple subject-matters and describes multiple types of persons, wherein the first context object provides a context that identifies a specific type of person from the multiple types of persons, and wherein the first context object further describes a location of a computer that is being used by a requester of data as being a public Wi-Fi hot spot that provides the computer with access to a network;associating the first synthetic context-based object with at least one specific data store in a data structure;receiving a string of binary data that describes the requester of data from said at least one specific data store in the data structure;generating a new synthetic context-based object for the requester;determining whether the new synthetic context-based object matches the first synthetic context-based object;in response to determining that the new synthetic context-based object matches the first synthetic context-based object, locating, via the first synthetic context-based object, said at least one specific data store;providing the requester access to said at least one specific data store;constructing a dimensionally constrained hierarchical synthetic context-based object library for multiple synthetic context-based objects, wherein synthetic context-based objects within a same dimension of the dimensionally constrained hierarchical synthetic context-based object library share data from a same non-contextual data object, and wherein synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library contain disparate data from different context objects;receiving, from the requester, a request for at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library;receiving, from the requester, a time window for receiving the data from said at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library, wherein the time window describes an amount of time that the requester of data is willing to wait for at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library;determining a security level of the requester based on the time window received from the requester, wherein a first time window that the requester to willing to wait for the at least one data store is longer than a second time window that the requester is willing to wait for the at least one data store, and wherein the first time window is indicative of a higher security level for the requester than the second time window;matching, based on the time window for the requester, the security level of the requester to data from said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library; andreturning, to the requester, data from said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library and that matches the security level of the requester.
US Referenced Citations (253)
Number Name Date Kind
5450535 North Sep 1995 A
5664179 Tucker Sep 1997 A
5689620 Kopec et al. Nov 1997 A
5701460 Kaplan et al. Dec 1997 A
5943663 Mouradian Aug 1999 A
5974427 Reiter Oct 1999 A
6167405 Rosensteel et al. Dec 2000 A
6199064 Schindler Mar 2001 B1
6269365 Kiyoki et al. Jul 2001 B1
6275833 Nakamura et al. Aug 2001 B1
6314555 Ndumu et al. Nov 2001 B1
6334156 Matsuoka Dec 2001 B1
6353818 Carino, Jr. Mar 2002 B1
6381611 Roberge et al. Apr 2002 B1
6405162 Segond et al. Jun 2002 B1
6424969 Gruenwald Jul 2002 B1
6553371 Gutierrez-Rivas et al. Apr 2003 B2
6735593 Williams May 2004 B1
6768986 Cras et al. Jul 2004 B2
6925470 Sangudi et al. Aug 2005 B1
6990480 Burt Jan 2006 B1
7019740 Georgalas Mar 2006 B2
7047253 Murthy et al. May 2006 B1
7058628 Page Jun 2006 B1
7103836 Nakamura et al. Sep 2006 B1
7152070 Musick et al. Dec 2006 B1
7191183 Goldstein Mar 2007 B1
7209923 Cooper Apr 2007 B1
7337174 Craig Feb 2008 B1
7441264 Himmel et al. Oct 2008 B2
7477165 Fux Jan 2009 B2
7493253 Ceusters et al. Feb 2009 B1
7503007 Goodman et al. Mar 2009 B2
7523118 Friedlander et al. Apr 2009 B2
7523123 Yang et al. Apr 2009 B2
7571163 Trask Aug 2009 B2
7679534 Kay et al. Mar 2010 B2
7702605 Friedlander et al. Apr 2010 B2
7748036 Speirs, III et al. Jun 2010 B2
7752154 Friedlander et al. Jul 2010 B2
7778955 Kuji Aug 2010 B2
7783586 Friedlander et al. Aug 2010 B2
7788202 Friedlander et al. Aug 2010 B2
7788203 Friedlander et al. Aug 2010 B2
7792774 Friedlander et al. Sep 2010 B2
7792776 Friedlander et al. Sep 2010 B2
7792783 Friedlander et al. Sep 2010 B2
7797319 Piedmonte Sep 2010 B2
7805390 Friedlander et al. Sep 2010 B2
7805391 Friedlander et al. Sep 2010 B2
7809660 Friedlander et al. Oct 2010 B2
7853611 Friedlander et al. Dec 2010 B2
7870113 Gruenwald Jan 2011 B2
7877682 Aegerter Jan 2011 B2
7925610 Elbaz et al. Apr 2011 B2
7930262 Friedlander et al. Apr 2011 B2
7940959 Rubenstein May 2011 B2
7953686 Friedlander et al. May 2011 B2
7970759 Friedlander et al. Jun 2011 B2
7996373 Zoppas et al. Aug 2011 B1
7996393 Nanno et al. Aug 2011 B1
8032508 Martinez et al. Oct 2011 B2
8046358 Thattil Oct 2011 B2
8055603 Angell et al. Nov 2011 B2
8069188 Larson et al. Nov 2011 B2
8086614 Novy Dec 2011 B2
8095726 O'Connell et al. Jan 2012 B1
8145582 Angell et al. Mar 2012 B2
8150882 Meek et al. Apr 2012 B2
8155382 Rubenstein Apr 2012 B2
8161048 Procopiuc Apr 2012 B2
8199982 Fueyo et al. Jun 2012 B2
8234285 Cohen Jul 2012 B1
8250581 Blanding et al. Aug 2012 B1
8341626 Gardner et al. Dec 2012 B1
8447273 Friedlander et al. May 2013 B1
8457355 Brown et al. Jun 2013 B2
8489641 Seefeld et al. Jul 2013 B1
8620958 Adams et al. Dec 2013 B1
8799323 Nevin, III Aug 2014 B2
8849907 Hession et al. Sep 2014 B1
8914413 Adams et al. Dec 2014 B2
8983981 Adams et al. Mar 2015 B2
20010051881 Filler Dec 2001 A1
20020091677 Sridhar Jul 2002 A1
20020111792 Cherny Aug 2002 A1
20020184401 Kadel et al. Dec 2002 A1
20030065626 Allen Apr 2003 A1
20030088576 Hattori et al. May 2003 A1
20030097589 Syvanne May 2003 A1
20030149562 Walther Aug 2003 A1
20030149934 Worden Aug 2003 A1
20030212664 Breining et al. Nov 2003 A1
20030212851 Drescher et al. Nov 2003 A1
20040036716 Jordahl Feb 2004 A1
20040111410 Burgoon et al. Jun 2004 A1
20040153461 Brown et al. Aug 2004 A1
20040162838 Murayama et al. Aug 2004 A1
20040249789 Kapoor et al. Dec 2004 A1
20050050030 Gudbjartsson et al. Mar 2005 A1
20050086243 Abbott Apr 2005 A1
20050165866 Bohannon et al. Jul 2005 A1
20050181350 Benja-Athon Aug 2005 A1
20050188088 Fellenstein et al. Aug 2005 A1
20050222890 Cheng et al. Oct 2005 A1
20050273730 Card et al. Dec 2005 A1
20050283679 Heller et al. Dec 2005 A1
20060004851 Gold et al. Jan 2006 A1
20060036568 Moore et al. Feb 2006 A1
20060190195 Watanabe et al. Aug 2006 A1
20060197762 Smith et al. Sep 2006 A1
20060200253 Hoffberg et al. Sep 2006 A1
20060256010 Tanygin et al. Nov 2006 A1
20060271586 Federighi et al. Nov 2006 A1
20060290697 Madden et al. Dec 2006 A1
20070006321 Bantz et al. Jan 2007 A1
20070016614 Novy Jan 2007 A1
20070038651 Bernstein et al. Feb 2007 A1
20070067343 Mihaila et al. Mar 2007 A1
20070073734 Doan et al. Mar 2007 A1
20070079356 Grinstein Apr 2007 A1
20070088663 Donahue Apr 2007 A1
20070130182 Forney Jun 2007 A1
20070136048 Richardson-Bunbury et al. Jun 2007 A1
20070174840 Sharma et al. Jul 2007 A1
20070185850 Walters et al. Aug 2007 A1
20070239710 Jing et al. Oct 2007 A1
20070282916 Albahari et al. Dec 2007 A1
20070300077 Mani et al. Dec 2007 A1
20080065655 Chakravarthy et al. Mar 2008 A1
20080066175 Dillaway et al. Mar 2008 A1
20080086442 Dasdan et al. Apr 2008 A1
20080091503 Schirmer et al. Apr 2008 A1
20080133474 Hsiao et al. Jun 2008 A1
20080147780 Trevor et al. Jun 2008 A1
20080159317 Iselborn et al. Jul 2008 A1
20080172715 Geiger et al. Jul 2008 A1
20080208813 Friedlander et al. Aug 2008 A1
20080208838 Friedlander et al. Aug 2008 A1
20080208901 Friedlander et al. Aug 2008 A1
20080281801 Larson et al. Nov 2008 A1
20080306926 Friedlander et al. Dec 2008 A1
20090024553 Angell et al. Jan 2009 A1
20090064300 Bagepalli et al. Mar 2009 A1
20090080408 Natoli et al. Mar 2009 A1
20090125546 Iborra et al. May 2009 A1
20090144609 Liang et al. Jun 2009 A1
20090164649 Kawato Jun 2009 A1
20090165110 Becker et al. Jun 2009 A1
20090177484 Davis et al. Jul 2009 A1
20090182707 Kinyon et al. Jul 2009 A1
20090287676 Dasdan Nov 2009 A1
20090299988 Hamilton, II et al. Dec 2009 A1
20090327632 Glaizel et al. Dec 2009 A1
20100024036 Morozov Jan 2010 A1
20100030780 Eshghi et al. Feb 2010 A1
20100070640 Allen et al. Mar 2010 A1
20100077033 Lowry Mar 2010 A1
20100088322 Chowdhury et al. Apr 2010 A1
20100125604 Martinez et al. May 2010 A1
20100125605 Nair et al. May 2010 A1
20100131293 Linthicum et al. May 2010 A1
20100131379 Dorais et al. May 2010 A1
20100169137 Jastrebski et al. Jul 2010 A1
20100169758 Thomsen Jul 2010 A1
20100174692 Meyer et al. Jul 2010 A1
20100179933 Bai et al. Jul 2010 A1
20100191743 Perronnin et al. Jul 2010 A1
20100191747 Ji et al. Jul 2010 A1
20100241644 Jackson et al. Sep 2010 A1
20100257198 Cohen et al. Oct 2010 A1
20100268747 Kern et al. Oct 2010 A1
20100274785 Procopiuc et al. Oct 2010 A1
20110040724 Dircz Feb 2011 A1
20110066649 Berlyant et al. Mar 2011 A1
20110077048 Busch Mar 2011 A1
20110078143 Aggarwal Mar 2011 A1
20110087678 Frieden et al. Apr 2011 A1
20110093479 Fuchs Apr 2011 A1
20110098056 Rhoads et al. Apr 2011 A1
20110123087 Nie et al. May 2011 A1
20110137882 Weerasinghe Jun 2011 A1
20110161073 Lesher et al. Jun 2011 A1
20110194744 Wang et al. Aug 2011 A1
20110208688 Ivanov et al. Aug 2011 A1
20110246483 Darr et al. Oct 2011 A1
20110246498 Forster Oct 2011 A1
20110252045 Garg et al. Oct 2011 A1
20110282888 Koperski et al. Nov 2011 A1
20110299427 Chu et al. Dec 2011 A1
20110301967 Friedlander et al. Dec 2011 A1
20110314155 Narayanaswamy et al. Dec 2011 A1
20120004891 Rameau et al. Jan 2012 A1
20120005239 Nevin, III Jan 2012 A1
20120016715 Brown et al. Jan 2012 A1
20120023141 Holster Jan 2012 A1
20120072468 Anthony et al. Mar 2012 A1
20120079493 Friedlander et al. Mar 2012 A1
20120109640 Anisimovich et al. May 2012 A1
20120110004 Meijer May 2012 A1
20120110016 Phillips May 2012 A1
20120131139 Siripurapu et al. May 2012 A1
20120131468 Friedlander et al. May 2012 A1
20120166373 Sweeney et al. Jun 2012 A1
20120191704 Jones Jul 2012 A1
20120209858 Lamba et al. Aug 2012 A1
20120221439 Sundaresan et al. Aug 2012 A1
20120233194 Ohyu et al. Sep 2012 A1
20120239761 Linner et al. Sep 2012 A1
20120240080 O'Malley Sep 2012 A1
20120246148 Dror Sep 2012 A1
20120259841 Hsiao et al. Oct 2012 A1
20120278897 Ang et al. Nov 2012 A1
20120281830 Stewart et al. Nov 2012 A1
20120290950 Rapaport et al. Nov 2012 A1
20120297278 Gattani et al. Nov 2012 A1
20120311587 Li et al. Dec 2012 A1
20120316821 Levermore et al. Dec 2012 A1
20120330880 Arasu et al. Dec 2012 A1
20120330958 Xu et al. Dec 2012 A1
20130019084 Orchard et al. Jan 2013 A1
20130031302 Byom et al. Jan 2013 A1
20130060696 Martin et al. Mar 2013 A1
20130103389 Gattani et al. Apr 2013 A1
20130124564 Oztekin et al. May 2013 A1
20130173292 Friedlander et al. Jul 2013 A1
20130173585 Friedlander et al. Jul 2013 A1
20130191392 Kumar et al. Jul 2013 A1
20130238667 Carvalho et al. Sep 2013 A1
20130246562 Chong et al. Sep 2013 A1
20130254202 Friedlander et al. Sep 2013 A1
20130291051 Balinsky Oct 2013 A1
20130291098 Chung et al. Oct 2013 A1
20130311473 Safovich et al. Nov 2013 A1
20130326412 Treiser et al. Dec 2013 A1
20130339379 Ferrari et al. Dec 2013 A1
20140006411 Boldyrev et al. Jan 2014 A1
20140012884 Bornea et al. Jan 2014 A1
20140025702 Curtiss et al. Jan 2014 A1
20140074833 Adams et al. Mar 2014 A1
20140074885 Adams et al. Mar 2014 A1
20140074886 Medelyan et al. Mar 2014 A1
20140074892 Adams et al. Mar 2014 A1
20140081939 Adams et al. Mar 2014 A1
20140090049 Friedlander Mar 2014 A1
20140098101 Friedlander Apr 2014 A1
20140172417 Monk et al. Jun 2014 A1
20140184500 Adams et al. Jul 2014 A1
20140188960 Adams et al. Jul 2014 A1
20140214865 Adams et al. Jul 2014 A1
20140214871 Adams et al. Jul 2014 A1
20140250111 Morton et al. Sep 2014 A1
20140344718 Rapaport et al. Nov 2014 A1
Foreign Referenced Citations (8)
Number Date Country
101866342 Oct 2010 CN
102201043 Sep 2011 CN
102236701 Nov 2011 CN
102385483 Mar 2012 CN
1566752 Aug 2005 EP
1843259 Oct 2007 EP
2006086179 Aug 2006 WO
2007044763 Apr 2007 WO
Non-Patent Literature Citations (68)
Entry
U.S. Appl. No. 13/861,058 Non-Final Office Action dated Apr. 25, 2016.
U.S. Appl. No. 13/648,801 Examiner's Answer Mailed Oct. 1, 2015.
U.S. Appl. No. 13/610,523—Non-Final Office Action dated Apr. 30, 2015.
U.S. Appl. No. 13/540,267—Non-Final Office Action dated Jun. 4, 2015.
U.S. Appl. No. 13/609,710—Examiner's Answer mailed Jun. 9, 2015.
U.S. Appl. No. 13/780,779—Non-Final Office Action dated Apr. 3, 2015.
U.S. Appl. No. 13/896,461—Non-Final Office Action dated Apr. 21, 2015.
U.S. Appl. No. 13/569,366—Non-Final Office Action dated Jun. 30, 2015.
Faulkner, Paul, “Common Patterns for Synthetic Events in Websphere Business Events,” Jan. 15, 2011, http://www.ibm.com/developerworks/websphere/bpmjournal/1101—faulkner2/1101—faulkner2.html, pp. 1-6.
Evaggelio Pitoura et al., “Context in Databases”, University of Ioannina, Greece, 2004, pp. 1-19.
Avinash Kaushik, “End of Dumb Tables in Web Analytics Tools! Hello: Weighted Sort”, Sep. 7, 2010, www.kaushik.net, pp. 1-15.
Lorenzo Alberton, “Graphs in the Database: SQL Meets Social Networks,” Techportal, Sep. 7, 2009, http://techportal.inviqa.com/2009/09/07/graphs-in-the-database-sql-meets-social-networks/, pp. 1-11.
Visual Paradigm, “DB Visual Architect 4.0 Designer's Guide: Chapter 6—Mapping Object Model to Data Model and Vice Versa”, 2007, pp. 6-2-6-26.
U.S. Appl. No. 13/609,710—Non-Final Office Action dated Jan. 27, 2014.
U.S. Appl. No. 13/540,295—Non-Final Office Action dated Jan. 30, 2014.
U.S. Appl. No. 13/540,230—Non-Final Office Action dated Jan. 30, 2014.
U.S. Appl. No. 13/540,267—Non-Final Office Action dated Feb. 4, 2014.
U.S. Appl. No. 13/628,853—Notice of Allowance dated Mar. 4, 2014.
U.S. Appl. No. 13/595,356—Non-Final Office Action dated Apr. 14, 2014.
“Ninth New Collegiate Dictionary”, Merriam-Webster Inc., 1991, pp. 77 and 242.
“The American Heritage College Dictionary”, Fourth Edition, Houghton Mifflin Company, 2004, pp. 44 and 262.
U.S. Appl. No. 13/680,832—Non-Final Office Action dated Apr. 8, 2014.
U.S. Appl. No. 13/592,905—Notice of Allowance dated Oct. 25, 2013.
U.S. Appl. No. 13/342,406—Non-Final Office Action dated Sep. 27, 2013.
U.S. Appl. No. 13/610,347—Non-Final Office Action dated Jul. 19, 2013.
U.S. Appl. No. 13/610,347—Notice of Allowance dated Aug. 19, 2013.
M.J. Flynn, et al., “Sparse Distributed Memory Principles of Operation”, Research Institute for Advanced Computer Science, 1989, pp. 1-60.
P. Kanerva, “Hyperdimensional Computing: An Introduction to Computing in Distributed Representation With High-Dimensional Random Vectors”, Springer Science+Business Media, LLC, Cogn Comput, 1, 2009, pp. 139-159.
P. Kanerva, “What We Mean When We Say “What's the Dollar of Mexico?”: Prototypes and Mapping in Concept Space”, Quantum Informatics for Cognitive, Social, and Semantic Processes: Papers From the AAAI Fall Symposium, Association for the Advancement of Artificial Intelligence, 2010, pp. 2-6.
M. Yu, et al., “Secure and Robust Error Correction for Physical Unclonable Functions”, Verifying Physical Trustworthiness of ICS and Systems, IEEE Design & Test of Computers, IEEE, Jan./Feb. 2010, pp. 48-64.
A. Jin, et al., “Biohashing: Two Factor Authentication Featuring Fingerprint Data and Tokenised Random Number,” Pattern Recognition 37, Elsevier LTD., 2004, pp. 2245-2255.
N. Saxena et al., “Data remanence effects on memory-based entropy collection for RFID systems”, International Journal of Information Security 10.4 (2011), pp. 213-222.
A. Birrell et al., “A design for high-performance flash disks.” ACM SIGOPS Operating Systems Review 41.2 (2007), pp. 88-93.
Richard Saling, “How to Give a Great Presentation! From the HP Learning Center”, Jul. 28, 2008, <http://rsaling.wordpress.com/2008/07/28/how-to-give-a-great-presentation/>, pp. 1-28.
K. Matterhorn, “How to Share Data Between a Host Computer & Virtual Machine,” Ehow, pp. 1-3, <http://www.ehow.com/how—7385388—share-host-computer-virtual-machine.html>, Retrieved Feb. 17, 2013.
W. Caid et al., “Context Vector-Based Text Retrieval”, Fair Isaac Corporation, Aug. 2003, pp. 1-20.
Anonymous “Fraud Detection Using Data Analytics in the Banking Industry,” ACL Services LTD., 2010, pp. 1-9 <http://www.acl.com/pdfs/DP—Fraud—detection—BANKING.pdf>.
J. Cheng et al., “Context-Aware Object Connection Discovery in Large Graphs”, Data Engineering, 2009. ICDE '09. IEEE 25th International Conferen.
R. Angles et al., “Survey of Graph Database Models”, ACM Computing Surveys, vol. 40, No. 1, Article 1, Feb. 2008, pp. 1-65.
U.S. Appl. No. 13/592,905—Non-Final Office Action dated May 8, 2013.
U.S. Appl. No. 13/628,853—Non-Final Office Action dated Nov. 7, 2013.
U.S. Appl. No. 13/342,406—Notice of Allowance dated Mar. 20, 2014.
U.S. Appl. No. 13/755,623—Notice of Allowance dated May 27, 2014.
S. Alam et al., “Interoperability of Security-Enabled Internet of Things”, Springer, Wireless Personal Communications, Dec. 2011, vol. 61, pp. 567-586.
U.S. Appl. No. 13/648,801—Non-Final Office Action dated Jul. 1, 2014.
U.S. Appl. No. 13/609,710—Final Office Action dated Jul. 24, 2014.
U.S. Appl. No. 13/861,058—Non-Final Office Action dated Dec. 11, 2014.
U.S. Appl. No. 13/733,052—Non-Final Office Action dated Sep. 18, 2014.
U.S. Appl. No. 13/755,987—Non-Final Office Action dated Jan. 2, 2015.
U.S. Appl. No. 13/648,801—Final Office Action dated Jan. 13, 2015.
U.S. Appl. No. 13/609,710 Decision on Appeal dated Nov. 4, 2016.
U.S. Appl. No. 13/733,066 Examiner's Answer dated Dec. 20, 2016.
U.S. Appl. No. 13/861,058 Final Office Action dated Dec. 29, 2016.
U.S. Appl. No. 13/648,801 Decision on Appeal dated Jan. 18, 2017.
G. Begelman et al., “Automated Tag Clustering: Improving Search and Exploration in the TagSpace”, Collaborative Tagging Workshop, WWW2006, Edinburgh, Scotland, May 2006, pp. 1-29.
U.S. Appl. No. 13/621,931—Non-Final Office Action dated Jan. 28, 2015.
U.S. Appl. No. 13/732,567—Non-Final Office Action dated Jan. 30, 2015.
U.S. Appl. No. 14/078,135—Notice of Allowance dated Feb. 24, 2015.
U.S. Appl. No. 13/756,051—Notice of Allowance dated Feb. 27, 2015.
U.S. Appl. No. 13/732,567—Non-Final Office Action dated Mar. 26, 2015.
L. Du et al., “A Unified Object-Oriented Toolkit for Discrete Contextual Computer Vision”, IEEE, IEEE Colloquium on Pattern Recognition, Feb. 1997, pp. 3/1-3/5. (Abstract Only).
S. Ceri et al., “Model-Driven Development of Context-Aware Web Applications”, ACM, ACM Transactions on Internet Technology, 2007, (Abstract Only).
Graham Pryor, “Attitudes and Aspirations in a Diverse World: The Project Store Perspective on Scientific Repositories”. Ukoln, University of Bath, Digital Curation Center. The International Journal of Digital Curation, Issue 1, vol. 2, 2007. Nov. 2006.
Filippova, Katja and Keith B. Hall, “Improved Video Categorization From Text Metadata and User Comments”. Proceedings of the 34th International SCM SIGIR Conference on Research and Development in Information Retrieval. ACM, 2011.
U.S. Appl. No. 13/896,506 Non-Final Office Action dated Oct. 26, 2015.
U.S. Appl. No. 13/342,305, filed Jan. 3, 2012.
U.S. Appl. No. 13/562,714, filed Jul. 31, 2012.
U.S. Appl. No. 13/861,058 Non-Final Office Action dated Aug. 28, 2017.
Related Publications (1)
Number Date Country
20160335449 A1 Nov 2016 US
Continuations (2)
Number Date Country
Parent 14526103 Oct 2014 US
Child 15223296 US
Parent 13680832 Nov 2012 US
Child 14526103 US