Abstract: This disclosure describes an automated process of discovering characteristics needed to integrate a web-based application to a web portal, such as a reverse proxy. This process eliminates the need for application owners and security analysts to manually discover the information needed for the on-boarding process. To this end, application-specific information is determined by monitoring network traffic flows in and out of the application, user authentication and authorization event data, and the like. An application discovery engine analyzes the discovered data, preferably against a set of patterns and heuristic-based rules, to discover or identify the one or more application characteristics. A set of configuration data is then generated, and this configuration data is then used to integrate the application into the web reverse proxy and, in particular, by specifying the configuration needed to “board” the application.

Abstract: This disclosure describes an automated process of discovering characteristics needed to integrate a web-based application to a web portal, such as a reverse proxy. This process eliminates the need for application owners and security analysts to manually discover the information needed for the on-boarding process. To this end, application-specific information is determined by monitoring network traffic flows in and out of the application, user authentication and authorization event data, and the like. An application discovery engine analyzes the discovered data, preferably against a set of patterns and heuristic-based rules, to discover or identify the one or more application characteristics. A set of configuration data is then generated, and this configuration data is then used to integrate the application into the web reverse proxy and, in particular, by specifying the configuration needed to “board” the application.

Abstract: Gathering auditable data concerning actions in a cloud computing environment is automated by determining that one or more auditable data items are available associated with a requester and with at least one application program; responsive to determining that data items are available, transmitting a list of the available auditable data items to a requesting cloud client computer; subsequent to transmitting the list, receiving a data request from the cloud client computer for one or more particular auditable data items from the list; preparing the requested particular auditable data items for transmission according to a predetermined format; and transmitting the prepared requested particular auditable data items to the cloud client computer. Optionally, in some embodiments, the requesting cloud client computer may negotiate a data exchange format with the cloud service provider for receipt of the requested auditable information.

Abstract: A method enables user-directed, selective control of payment transactions for a user's payment device by enabling a payment device user to create and manage self-defined policies on how a particular payment device (tangible or intangible) may be used. This approach enables the end user, as opposed to the financial or commercial institution, to control transactions with respect to the account. Thus, for example, using a display interface, the account holder can control factors such as: allowed or disallowed vendors, a number of charges, timing of charges, a charge frequency, types of purchases allowed, and the amount charged. This fine-grained, device-specific control mechanism enables account holders to protect financial assets against fraudulent or improper activity. The approach provides a policy management system by which user-directed options for selectively controlling and restricting payment transactions may be realized, thereby providing better security and more customized account control.

Abstract: A method, apparatus and computer program product enables user-directed, selective control of payment transactions for a user's payment device. The techniques enable a payment device user to create and manage self-defined policies on how a particular payment device (tangible or intangible) may be used. This approach enables the end user, as opposed to the financial or commercial institution, to control transactions with respect to the account. Thus, for example, using a display interface, the account holder can control factors such as: allowed or disallowed vendors, a number of charges, timing of charges, a charge frequency, types of purchases allowed, and the amount charged. This fine-grained, device-specific control mechanism enables account holders to protect financial assets against fraudulent or improper activity.

Abstract: Gathering auditable data concerning actions in a cloud computing environment is automated by determining that one or more auditable data items are available associated with a requester and with at least one application program; responsive to determining that data items are available, transmitting a list of the available auditable data items to a requesting cloud client computer; subsequent to transmitting the list, receiving a data request from the cloud client computer for one or more particular auditable data items from the list; preparing the requested particular auditable data items for transmission according to a predetermined format; and transmitting the prepared requested particular auditable data items to the cloud client computer. Optionally, in some embodiments, the requesting cloud client computer may negotiate a data exchange format with the cloud service provider for receipt of the requested auditable information.

Abstract: Gathering auditable data concerning actions in a cloud computing environment is automated by determining that one or more auditable data items are available associated with a requester and with at least one application program; responsive to determining that data items are available, transmitting a list of the available auditable data items to a requesting cloud client computer; subsequent to transmitting the list, receiving a data request from the cloud client computer for one or more particular auditable data items from the list; preparing the requested particular auditable data items for transmission according to a predetermined format; and transmitting the prepared requested particular auditable data items to the cloud client computer. Optionally, in some embodiments, the requesting cloud client computer may negotiate a data exchange format with the cloud service provider for receipt of the requested auditable information.