Abstract: Systems and methods may include receiving performance data of components in a system. The performance data may include data for parameters for each of the components. The systems and methods may include determining aggregate data for each group of similar components of the components. The aggregate data for each group of similar components may include a group characteristic for each of the parameters. The systems and methods may include, for each group of similar components, determining whether the data for each of the parameters for each component is consistent with the group characteristic for the respective parameter. The systems and methods may include, for each component of the respective group determining that the component is anomalous in response to determining that the data for a parameter for the component is not consistent with the group characteristic for the parameter.

Abstract: Systems and methods may include receiving real-time data about a real component operating in a real-world environment. The systems and methods may further include generating a virtual representation of the real component based on the real-time data about the real component and historical data associated with the real component. In addition, the systems and methods may include receiving injected data from a lab. The injected data may provide data about a lab component operating in the lab. The systems and methods may also include simulating, in a virtual environment, a real-time interaction in the real-world environment between the real component and the lab component using the virtual representation of the real component and the injected data. Moreover, the systems and methods may include determining a real-time performance characteristic of at least one of the lab component and the real component based on the simulated real-time interaction in the real-world environment.

Abstract: Systems and methods may include receiving data of a physical system. The systems and methods may include determining whether an anomalous event has occurred based on the data. The systems and methods may include, in response to determining that the anomalous event has occurred, capturing data of the physical system and of an environment. The systems and methods may include generating a virtual representation of the physical system and the environment based on the captured data. The systems and methods may include repeatedly simulating data of the virtual representation by varying parameters of the captured data. The systems and methods may include determining which parameters are a root cause of the anomalous event based on the simulated performance data. The systems and methods may include determining particular values of the parameters that are likely the root cause of the anomalous event to use as a trigger for a proactive process.

Abstract: An API transaction risk assessment equipment is disclosed that receives an API transaction request through a data network from an application processed by a source node, and generates a risk assessment score based on context information that characterizes the API transaction request. The risk assessment score indicates a level of trustworthiness of the API transaction request for processing by an application on a destination node. The API transaction risk assessment equipment then controls deliverability of the API transaction request through the data network to the destination node for processing based on the risk assessment score. Corresponding methods by API transaction risk assessment equipment are disclosed.

Abstract: Systems and methods may include receiving first data of components, which may represent performance characteristics of the components at a first time. The systems and methods may include performing a first cluster analysis of the first data to identify clusters of the components with similar characteristics. The systems and methods may include receiving second data of the components, which may represent performance characteristics of the components at a second time. The systems and methods may include performing a second cluster analysis of the second data to identify clusters of the components with similar characteristics. The systems and methods may include determining whether a component transitioned from a cluster identified in the first cluster analysis to a different cluster identified in the second cluster analysis. The systems and methods may include determining that an anomaly occurred in response to determining that the component transitioned from the cluster to the different cluster.

Abstract: Methods of operating an application programming interface (API) request risk assessment system include receiving an API request from a source computer application that is directed to a destination computer application. A risk assessment score is generated based on a characteristic of the API request. The risk assessment score indicates a level of trustworthiness of the source computer application. Deliverability of the API request to the destination computer application is controlled based on the risk assessment score. Related methods of operating a source computer and related operations by API request risk assessment systems and source computers are disclosed.

Abstract: Systems and methods may include receiving real-time data from real components operating in a real-world environment. The systems and methods may further include generating a virtual representation of the real components based on the real-time data received from the real components and historical data associated with the real components. In addition, the systems and methods may include determining whether the real-time data from a component of the real components indicates an anomaly. The systems and methods also may include, in response to determining that the real-time data from the component indicates the anomaly, determining whether the anomaly indicated by the real-time data from the component is consistent with the virtual representation of the real components.

Abstract: A method includes receiving an application programming interface (API) request from a source computer application that is directed to a destination computer application. An attack response message that is configured to trigger operation of a defined action by the source computer application is sent to the source computer application. Deliverability of the API request to the destination computer application is controlled based on whether the attack response message triggered operation of the defined action. Related operations by API request risk assessment systems are disclosed.

Abstract: Systems and methods may include receiving performance data of components in a system. The performance data may include data for parameters for each of the components. The systems and methods may include determining aggregate data for each group of similar components of the components. The aggregate data for each group of similar components may include a group characteristic for each of the parameters. The systems and methods may include, for each group of similar components, determining whether the data for each of the parameters for each component is consistent with the group characteristic for the respective parameter. The systems and methods may include, for each component of the respective group determining that the component is anomalous in response to determining that the data for a parameter for the component is not consistent with the group characteristic for the parameter.

Abstract: Systems and methods may include receiving real-time data from real components operating in a real-world environment. The systems and methods may further include generating a virtual representation of the real components based on the real-time data received from the real components and historical data associated with the real components. In addition, the systems and methods may include determining whether the real-time data from a component of the real components indicates an anomaly. The systems and methods also may include, in response to determining that the real-time data from the component indicates the anomaly, determining whether the anomaly indicated by the real-time data from the component is consistent with the virtual representation of the real components.

Abstract: Systems and methods may include receiving real-time data about a real component operating in a real-world environment. The systems and methods may further include generating a virtual representation of the real component based on the real-time data about the real component and historical data associated with the real component. In addition, the systems and methods may include receiving injected data from a lab. The injected data may provide data about a lab component operating in the lab. The systems and methods may also include simulating, in a virtual environment, a real-time interaction in the real-world environment between the real component and the lab component using the virtual representation of the real component and the injected data. Moreover, the systems and methods may include determining a real-time performance characteristic of at least one of the lab component and the real component based on the simulated real-time interaction in the real-world environment.

Abstract: Systems and methods may include receiving first data of components, which may represent performance characteristics of the components at a first time. The systems and methods may include performing a first cluster analysis of the first data to identify clusters of the components with similar characteristics. The systems and methods may include receiving second data of the components, which may represent performance characteristics of the components at a second time. The systems and methods may include performing a second cluster analysis of the second data to identify clusters of the components with similar characteristics. The systems and methods may include determining whether a component transitioned from a cluster identified in the first cluster analysis to a different cluster identified in the second cluster analysis. The systems and methods may include determining that an anomaly occurred in response to determining that the component transitioned from the cluster to the different cluster.

Abstract: Systems and methods may include receiving data of a physical system. The systems and methods may include determining whether an anomalous event has occurred based on the data. The systems and methods may include, in response to determining that the anomalous event has occurred, capturing data of the physical system and of an environment. The systems and methods may include generating a virtual representation of the physical system and the environment based on the captured data. The systems and methods may include repeatedly simulating data of the virtual representation by varying parameters of the captured data. The systems and methods may include determining which parameters are a root cause of the anomalous event based on the simulated performance data. The systems and methods may include determining particular values of the parameters that are likely the root cause of the anomalous event to use as a trigger for a proactive process.

Abstract: Systems and methods may include receiving performance data of a system. The systems and methods may include generating a virtual representation of the system based on the performance data. The systems and methods may include simulating interactions between the virtual representation and an environment based on the performance data. The systems and methods may include generating an alert indicating an occurrence of an anomalous event based on the simulated interactions. The systems and methods may include determining that the alert was a false positive indicator of the occurrence of the anomalous event. The systems and methods may include, in response to determining that the alert was a false positive indicator, determining differences between a behavior of the system and the simulated interactions. The systems and methods may include determining an adjustment to the virtual representation to mitigate the differences between the behavior of the system and the simulated interactions.

Abstract: Some aspects of the present disclosure operate an application programming interface (API) risk assessment equipment. An API transaction request is received from an application processed by a source node. A risk assessment score is generated based on comparison of content of the API transaction request to content of earlier API transaction requests. The risk assessment score indicates trustworthiness of the API transaction request. Deliverability of the API transaction request to a destination node for processing is controlled based on the risk assessment score.

Abstract: This invention relates to a method and a system for generating user passcodes for each of a plurality of transaction providers from a mobile user device. A method and system for activating a plurality of passcode generators on a user device configured with a passcode application installed on the user device is provided. Each of the passcode generators may correspond to a different user account or transaction provider, such that each passcode generator provides a user passcode configured for the corresponding account or transaction provider. One or more of the passcode generators may include a passcode generating algorithm and a passcode key. Access to one or more of the passcode generators may require providing a PIN or a challenge.

Abstract: A method includes receiving an application programming interface (API) request from a source computer application that is directed to a destination computer application. An attack response message that is configured to trigger operation of a defined action by the source computer application is sent to the source computer application. Deliverability of the API request to the destination computer application is controlled based on whether the attack response message triggered operation of the defined action. Related operations by API request risk assessment systems are disclosed.

Abstract: Some aspects of the present disclosure operate an application programming interface (API) risk assessment equipment. An API transaction request is received from an application processed by a source node. A risk assessment score is generated based on comparison of content of the API transaction request to content of earlier API transaction requests. The risk assessment score indicates trustworthiness of the API transaction request. Deliverability of the API transaction request to a destination node for processing is controlled based on the risk assessment score.

Abstract: Methods of operating an application programming interface (API) request risk assessment system include receiving an API request from a source computer application that is directed to a destination computer application. A risk assessment score is generated based on a characteristic of the API request. The risk assessment score indicates a level of trustworthiness of the source computer application. Deliverability of the API request to the destination computer application is controlled based on the risk assessment score. Related methods of operating a source computer and related operations by API request risk assessment systems and source computers are disclosed.

Abstract: An API transaction risk assessment equipment is disclosed that receives an API transaction request through a data network from an application processed by a source node, and generates a risk assessment score based on context information that characterizes the API transaction request. The risk assessment score indicates a level of trustworthiness of the API transaction request for processing by an application on a destination node. The API transaction risk assessment equipment then controls deliverability of the API transaction request through the data network to the destination node for processing based on the risk assessment score. Corresponding methods by API transaction risk assessment equipment are disclosed.