An information processing system includes a first storage that stores user information about one or more users of the information processing system; a second storage; a first determining unit that determines, depending on whether a program sets the second storage to store predetermined user information from the user information stored in the first storage, the predetermined user information being used in the program, whether to store the predetermined user information in the second storage; and a user information process unit that obtains the predetermined user information from the user information and stores the predetermined user information in the second storage if the first determining unit determines that the predetermined user information is to be stored in the second storage.

The present disclosure pertains to systems and methods of restricting access to devices utilizing tokens. In some embodiments, a system may include a user requesting a token, ensuring the user requesting a token has the permission to request the token and is not the user approving the token. In some embodiments, the system may include the user granting the token, wherein the user granting the token is not the user receiving the token. The system ensures that the user accessing the device has the permission to access the device. Additionally, the system decreases the opportunities for insider attacks and increases the resistance to credential theft attacks. Further, the system increases the accountability for changes and the ability to review changes.

A system, method and computer program product are disclosed for integrating a user interface of external or foreign applications, running on second physical machines, into a user interface of a first application running on a first physical machine. In an embodiment, the generated integrated user interface is displayed on a monitor of the first physical machine. The applications refer to MR-scanning and post-processing applications. The user is only working with one single, common and integrated user interface although he controls two different sets of applications on different machines.

A device may analyze a first file for malware. The device may determine that the first file causes a second file to be downloaded. The device may store linkage information that identifies a relationship between the first file and the second file based on determining that the first file causes the second file to be downloaded. The device may analyze the second file for malware. The device may determine a first malware score for the first file based on analyzing the second file for malware and based on the linkage information. The device may determine a second malware score for the second file based on analyzing the first file for malware and based on the linkage information.

Systems, methods, and computer-readable media for annotating process and user information for network flows. In some embodiments, a capturing agent, executing on a first device in a network, can monitor a network flow associated with the first device. The first device can be, for example, a virtual machine, a hypervisor, a server, or a network device. Next, the capturing agent can generate a control flow based on the network flow. The control flow may include metadata that describes the network flow. The capturing agent can then determine which process executing on the first device is associated with the network flow and label the control flow with this information. Finally, the capturing agent can transmit the labeled control flow to a second device, such as a collector, in the network.

In one embodiment, a system for managing a virtualization environment comprises a plurality of host machines, one or more virtual disks comprising a plurality of storage devices, a virtualized file server (VFS) comprising a plurality of file server virtual machines (FSVMs), wherein each of the FSVMs is running on one of the host machines and conducts I/O transactions with the one or more virtual disks, and a virtualized file server self-healing system configured to identify one or more corrupt units of stored data at one or more levels of a storage hierarchy associated with the storage devices, wherein the levels comprise one or more of file level, filesystem level, and storage level, and when data corruption is detected, cause each FSVM on which at least a portion of the unit of stored data is located to recover the unit of stored data.

The present disclosure relates to compositions and processes in the field of self-cleaning system using digestive proteins. One composition includes a substrate, a digestive protein capable of decomposing a stain molecule, and a linker moiety bound to both said digestive protein and said substrate. The processes include binding a substrate to a surface and forming a linker moiety between a digestive protein and said substrate.

Constraining authorization tokens via filtering in one example implementation can include generating a first authorization token that provides a first level of access to first data matching a first set of criteria. A filter can be applied to constrain a second authorization token that provides a second level of access to second data matching a second set of criteria. The first authorization token and the second authorization token can have a subset relationship where the first level of access is greater than the second level of access, and the relationship between the first and second authorization token can be maintained.

A system may generate abstracted graphs from a social relationship graph in response to a query. A query may identify a person for which permission has been obtains to collect their data. The abstracted graphs may include summary statistics for various relationships of the person. The relationships may include other persons, places, things, concepts, brands, or other object that may be present in a social relationship graph, and the relationships may be presented in an abstracted or summarized form. The abstracted form may preserve data that may be useful for the requestor, yet may prevent the requestor from receiving some raw data. When two or more people have given consent, the data relating to the consenting persons may be presented in a non-abstracted manner, while other data may be presented in an abstracted manner.

A method for managing data processes in a network of computing resources includes: receiving at least one child request being routed from an intermediary device to at least one corresponding destination device, the at least one child request requesting execution of at least one corresponding child data process, each of the at least one child data process for executing at least a portion of the at least one parent data process from an instructor device, and each of the at least one child request including a destination key derived at least in part from the at least one instructor key; storing the at least one child request in at least one storage device; modifying the at least one child request upon receiving a child request modification signal; and generating signals for communicating the child requests to one or more requesting devices.