A computer system manages role-based digital rights by creating a chain of trust that originates with a user who purports to act as a registration authority whose status can be verified to ascertain that the user is licensed to act as the registration authority. The registration authority creates an organization account and a first member whose status is verified by consulting a status verification server. Derivative authorities granted to members are predicated on the first member and ultimately the registration authority to ensure that there is a chain of trust linking each member of an organization back to the registration authority.

Nested namespaces for selective content sharing.

A request to replicate a first account maintained by a data platform is received. Based on the request, account data associated with the account is accessed. The account data comprises security configurations for the first account. In response to the request, the first account is replicated using the account data. A second account results from replicating the first account. The replicating of the first account comprises automatically replicating the security configurations for the first account to the second account. The replicating of the security configurations comprises replicating an identity management configuration of the first account; replicating an authorization configuration of the first account; and replicating an authentication configuration of the first account.

The present invention relates to compositions and a process in the field of self-cleaning system using digestive proteins. One composition includes a substrate, a digestive protein capable of decomposing a stain molecule, and a link moiety bound to both said digestive protein and said substrate. An alternative composition includes a digestive protein capable of decomposing a stain molecule and a coating substrate wherein said digestive protein may be dispersed in said coating substrate. The process claim includes binding a substrate to a surface and forming a linker moiety between a digestive protein and said substrate.

Systems, methods, and media for controlling the review of documents. Methods may include receiving a request to review a document, responsive to the request, retrieving the document, the document including source content in an extensible markup language format, the document having a read-only access file permission, converting the document to read-write access file permission such that the source content is modifiable, receiving a modification of the source content of the document, incorporating the modification of the source content into the document to create a modified document, and automatically providing the modified document in a displayable format via the web-based interface.

An approach for detecting anomalous flows in a network using header field entropy. This can be useful in detecting anomalous or malicious traffic that may attempt to “hide” or inject itself into legitimate flows. A malicious endpoint might attempt to send a control message in underutilized header fields or might try to inject illegitimate data into a legitimate flow. These illegitimate flows will likely demonstrate header field entropy that is higher than legitimate flows. Detecting anomalous flows using header field entropy can help detect malicious endpoints.

Systems and methods generate a first security node hash identifier by performing a first hash operation, such as a one-way hash, on a first data resource identifier associated with a first data resource, such as a data set, produced by a data resource platform. The systems and methods generate a dependent second security node hash identifier by performing a second hash operation on a second data resource identifier associated with a dependent second data resource produced by the data resource platform and on the first security node hash identifier, receive an access request for access to the dependent second data resource; and in response to the access request, grant permission to access the dependent second data resource to a user associated with the access request based on the dependent second security node hash identifier.

Techniques are disclosed relating to the distribution of database key permissions. A database system may distribute first permission information to a plurality of database nodes that identifies a distribution of key range permissions to ones of the plurality of database nodes. A given key range permission being distributed to a given database node may permit that database node to write records whose keys fall within a key range associated with the given key range permission. The database system may receive, from a first database node, a request for a first key range permission provisioned to a second database node. The database system may modify the first permission information to derive second permission information that provisions the first key range permission to the first database node instead of the second database node. The database system may distribute the second permission information to ones of the plurality of database nodes.

A request to replicate a first account maintained by a data platform is received. Based on the request, account data associated with the account is accessed. The account data comprises security configurations for the first account. In response to the request, the first account is replicated using the account data. A second account results from replicating the first account. The replicating of the first account comprises automatically replicating the security configurations for the first account to the second account. The replicating of the security configurations comprises replicating an identity management configuration of the first account; replicating an authorization configuration of the first account; and replicating an authentication configuration of the first account.

In one embodiment, a system for managing a virtualization environment includes a set of host machines, each of which includes a hypervisor, virtual machines, and a virtual machine controller, and a virtualized file server backup system configured to identify backup data, wherein the backup data comprises data stored on the virtual disks and VFS configuration information, and the first data is identified in accordance with a backup policy, send the backup data to one or more remote sites for storage, and, in response to detection of changes in the backup data, send the changes to the remote sites in accordance with a replication policy. The backup data may be identified based on a protection domain associated with the backup policy. The data stored on the VFS may include one or more storage objects. The storage objects may include shares, groups of shares, files, or directories.