Abstract: Embodiments of the present systems and methods may provide data watermarking without reliance on error-tolerant fields, thereby providing for the incorporation of watermarks in data that was not considered suitable for watermarking. For example, in an embodiment, a computer-implemented method for watermarking data may comprise inserting watermark data into a field that requires format-preserving encryption.

Abstract: A data security method including creating a token-including plaintext by including a predefined token into a plaintext, generating a cyphertext by encrypting the token-including plaintext using format-preserving encryption, generating a decrypted cyphertext by decrypting an input text, determining whether the decrypted cyphertext includes a first predefined token, if the decrypted cyphertext includes the first predefined token, recreating the plaintext by removing the first predefined token from the decrypted cyphertext, and if the decrypted cyphertext does not include the first predefined token, using the input text as the plaintext.

Abstract: In an approach to masking data in a software application associated with a mobile computing device, one or more computer processors receive a request to display data in a software application on a mobile computing device. The one or more computer processors determine whether one or more masking rules apply to the data, where determining whether one or more masking rules apply to the data is performed by an instrumentation of application binary of the software application. In response to determining that one or more masking rules apply to the data, the one or more computer processors mask, based on the one or more masking rules, the data, where masking is performed by the instrumentation of application binary of the software application.

Abstract: Controlling computer-based access to data by receiving from a computer software application a request specifying a computer user, a type of data associated with an entity, and an intended purpose for the type of data associated with the entity, accessing, responsive to receiving the request, a consent record indicating an association between the specified entity, the specified type of data associated with the entity, and the computer software application, and granting the request if the consent record includes an indication of consent in association with a specified purpose for the type of data associated with the entity, and if the specified purpose matches the intended purpose.

Abstract: A method of creating an application purpose certificate, comprising: receiving from a software publisher an application code and declared privacy information, the declared privacy information includes at least one allowed usage purpose for each of a plurality of data types; analyzing the application's usage of data of each of the plurality of data types; verifying the usage is compliant with the least one allowed usage purpose according to the analysis; creating an encrypted digital purpose certificate, the digital purpose certificate is unique for the application code; and sending the digital purpose certificate to the software publisher to be bundled with the application code and a publisher authentication certificate.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include defining, for a data masking engine executing in a platform as a service (PaaS) based software environment, one or more data masking rules. Upon detecting, by the data masking engine, data processed by a software application executing within the PaaS based software environment and in accordance with a given data masking rule, the data masking engine can perform a data masking operation on the data.

Abstract: A method comprising using at least one hardware processor for: receiving input from a user with respect to masking of a data element in one or more documents of a java script object notation (JSON) type, wherein the input comprises: an identifier of the data element, and one or more constraints for masking the data element based on the hierarchy of the one or more documents of the JSON-type; and generating a masking rule for the one or more documents of the JSON-type based on the input.

Abstract: A data processing method is provided including intercepting a data query for deriving data from a data set, intercepting data results of processing the data query, and processing the data results in accordance with a processing rule that specifies a processing action to be performed with one or more portions of the data results if a processing condition is met, thereby producing processed data results, wherein the processing condition is dependent on both a) information associated with the data query, wherein the information associated with the data query is ascertained independently from the data results, and b) information associated with the data results, wherein the information associated with the data results is other than the information associated with the data query.

Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include defining, for a data masking engine executing in a platform as a service (PaaS) based software environment, one or more data masking rules. Upon detecting, by the data masking engine, data processed by a software application executing within the PaaS based software environment and in accordance with a given data masking rule, the data masking engine can perform a data masking operation on the data.

Abstract: A data security method including creating a token-including plaintext by including a predefined token into a plaintext, generating a cyphertext by encrypting the token-including plaintext using format-preserving encryption, generating a decrypted cyphertext by decrypting an input text, determining whether the decrypted cyphertext includes a first predefined token, if the decrypted cyphertext includes the first predefined token, recreating the plaintext by removing the first predefined token from the decrypted cyphertext, and if the decrypted cyphertext does not include the first predefined token, using the input text as the plaintext.

Abstract: In an approach to masking data in a software application associated with a mobile computing device, one or more computer processors receive a request to display data in a software application on a mobile computing device. The one or more computer processors determine whether one or more masking rules apply to the data, where determining whether one or more masking rules apply to the data is performed by an instrumentation of application binary of the software application. In response to determining that one or more masking rules apply to the data, the one or more computer processors mask, based on the one or more masking rules, the data, where masking is performed by the instrumentation of application binary of the software application.

Abstract: Machines, systems and methods for remotely provisioning computing power over a communications network are provided. The method may comprise selecting one or more tasks being executed on a first computing system to be migrated for execution on a second computing system connected to the first computing system by way of a communications network; determining a first point of execution reached during the execution of at least a selected task on the first computing system prior to the selected task being migrated for execution to the second computing system; migrating the selected task to the second computing system, wherein the second computing system continues to execute the selected task from the first point of execution; and monitoring the connection between the first computing system and the second computing system so that in response to detecting a disconnection, execution of the selected task continues seamlessly.

Abstract: Machines, systems and methods for remotely provisioning computing power over a communications network are provided. The method may comprise selecting one or more tasks being executed on a first computing system to be migrated for execution on a second computing system connected to the first computing system by way of a communications network; determining a first point of execution reached during the execution of at least a selected task on the first computing system prior to the selected task being migrated for execution to the second computing system; migrating the selected task to the second computing system, wherein the second computing system continues to execute the selected task from the first point of execution; and monitoring the connection between the first computing system and the second computing system so that in response to detecting a disconnection, execution of the selected task continues seamlessly.

Abstract: A method comprising using at least one hardware processor for: receiving input from a user with respect to masking of a data element in one or more documents of a java script object notation (JSON) type, wherein the input comprises: an identifier of the data element, and one or more constraints for masking the data element based on the hierarchy of the one or more documents of the JSON-type; and generating a masking rule for the one or more documents of the JSON-type based on the input.

Abstract: A method, system or computer usable program product for masking communication data using context based rules including intercepting a communication between a server and a client by an intermediary, the communication having a recipient, parsing the communication by the intermediary to determine whether a context based alteration rule should be applied, responsive to an affirmative determination, applying the rule to the communication to produce an altered communication with altered data, and sending the altered communication to the recipient so that the altered data in the communication is utilized in a masked manner.

Abstract: Machines, systems and methods for remotely provisioning computing power over a communications network are provided. The method may comprise selecting one or more tasks being executed on a first computing system to be migrated for execution on a second computing system connected to the first computing system by way of a communications network; determining a first point of execution reached during the execution of at least a selected task on the first computing system prior to the selected task being migrated for execution to the second computing system; migrating the selected task to the second computing system, wherein the second computing system continues to execute the selected task from the first point of execution; and monitoring the connection between the first computing system and the second computing system so that in response to detecting a disconnection, execution of the selected task continues seamlessly.

Abstract: A method, system or computer usable program product for masking communication data using context based rules including intercepting a communication between a server and a client by an intermediary, the communication having a recipient, parsing the communication by the intermediary to determine whether a context based alteration rule should be applied, responsive to an affirmative determination, applying the rule to the communication to produce an altered communication with altered data, and sending the altered communication to the recipient so that the altered data in the communication is utilized in a masked manner.