Embodiments of the present invention relate to password authentication. According to an embodiment of the present invention, a password associated with a user identification is received from a user device. The password is authenticated based on a preset relationship between a seed password and a graphical password associated with the user identification. The seed password consists of a string of characters. The graphical password is a directed path traversing all keys of a keypad in an order. Each of the keys represents one of the characters and is associated with an order number according to the order of the keys being traversed. The preset relationship is that the password consists of respective order numbers associated with respective keys representing corresponding characters of the seed password.

A technique to implement access control from within an application begins by dynamically-generating a “management scope” for a transaction associated with a set of managed resources. The management scope is a collection of permissions defined by at least one of: a set of roles, and a set of resource administration rights, that are assigned to a first operator that issues the transaction. As the transaction executes, a request to alter the transaction is then received from a second operator. According to the technique, the management scope for the transaction and associated with the first operator is then evaluated against a management scope associated with the second operator. Upon determining the management scope associated with the first operator has a given relationship to the management scope for the second operator, the transaction is permitted to be altered in response to the request. The given relationship is scoped by one or more rules.

A method for filtering communication data arriving from a communication partner via a communication connection, which provides access to at least one storage means of a receiving data processing device having at least one computation unit, in the data processing device, wherein PCI Express, in an interface unit, receiving the communication data, of the data processing device, a filter means, at least part of which is embodied as hardware, is used so that, according to configuration information, prescribed on the data processing device, containing at least one approval condition that rates the at least one property of the useful data contained in the communication data, only the communication data meeting at least one approval condition are forwarded from the interface unit to at least one further component of the data processing device.

The present invention provides an improved system and method for using cryptography to secure computer-implemented choice mechanisms. In several preferred embodiments, a process is provided for securing participants' submissions while simultaneously providing the capability of validating their submissions. This is referred to as a random permutation. In several other preferred embodiments, a process is provided for securing participants' advance instructions while simultaneously providing the capability of validating their advance instructions. This is referred to as a secure advance instruction. Applications include voting mechanisms, school choice mechanisms, and auction mechanisms.

A record linking platform having a computer system with a processor, multiple databases each having records, such as private health information. Each of the multiple databases are not in direct communication with one another. A control center is in communication with the different entities, the control center configured to: generate a site configuration file, a key configuration file, and a broker configuration file. A keymaster configured to: receive the key configuration file, generate a hash key, and transmit the hash key to the databases. The databases configured to: receive the site configuration file and the hash key; process the records to generate evaluation records data that conform to a data model specified in the site configuration file; and encrypt the evaluation records using the hash key. An honest broker configured to: receive the broker configuration file and the encrypted evaluation records; and link the encrypted evaluation records without decrypting.

A system and method for storing and recovering a computer file. The method includes calculating fingerprint data of the file, separating the file into a plurality of data sub-files each having the same size and a single data sub-file having a smaller size than the other data sub-files, and attaching file metadata to the single data sub-file or as a metadata sub-file. The method also includes padding the single data sub-file including the metadata so that it is the same size as the plurality of data sub-files or the metadata sub-file so that it is the same size as the plurality of data sub-files, adding a header to each data sub-file that includes information about the sub-file, assigning a unique filename to each data sub-file, encrypting each data sub-file, and storing each data sub-file as separate files under their unique filename.

Methods, systems, and apparatus, including computer programs encoded on computer storage media for data security protection are provided. One of the methods includes: receiving a job associated with a project, wherein the project is associated with one or more data sources; identifying a plurality of inputs and a plurality of outputs associated with the job; determining a plurality of required permissions associated with the job, wherein each of the required permissions comprises an operation on a required data source, the operation corresponding to at least one of the inputs or the outputs; verifying that the one or more data sources associated with the project comprise the required data source associated with each of the required permissions; and generating a token associated with the job, the token encoding the required permissions associated with the job, wherein the token is required for execution of the job.

A computer system is provided. The computer system includes a memory and a processor. The processor is configured to scan user interface (UI) data representative of a plurality of UI controls; detect a portion of the UI data associated with private information, the portion corresponding to a UI control of the plurality of UI controls; record first session data comprising an obfuscated version of the UI control and unobfuscated versions of other UI controls of the plurality of UI controls; record second session data comprising an unobfuscated version of the UI control; encrypt the second session data to generate encrypted session data; and store the encrypted session data in association with the first session data.

An integrated circuit (IC) can include a processor system configured to execute program code, a programmable logic, and a platform management controller coupled to the processor system and the programmable logic. The platform management controller is adapted to configure and control the processor system and the programmable logic independently.

An integrated circuit (IC) can include a processor system configured to execute program code, a programmable logic, and a platform management controller coupled to the processor system and the programmable logic. The platform management controller is adapted to configure and control the processor system and the programmable logic independently.