Abstract: Embodiments of the present disclosure relate to deep content inspection of API traffic. Initially, messages are received from users of an API at an API gateway. The messages comprise a structure and metadata and are intended for an API server. The API gateway selectively communicates copies of the messages to a traffic sampler. The traffic sampler comprises a database of traffic samples, a machine learning system, and a database comprising one or more models. The traffic sample communicates the models corresponding to usage of the API servers to the API gateway. The models are built by the machine learning system based on the structure and metadata of the traffic samples and may be utilized to perform tests on the API servers.

Abstract: An application programming interface (API) security gateway communicates with a client computer application to establish a URL key rotation operation. An API request is received from the client computer application that is directed to a computer server. The API request contains a URL address. The URL address is parsed to identify a URL key. A local validation key is generated based on the URL key rotation operation. The URL key is validated based on the local validation key to determine whether the URL key is valid. Based on determining that the URL key is valid, a modified API request is generated which contains the URL address with at least part of the URL key removed. The modified API request is provided to the computer server.

Abstract: A method is described for receiving a plurality of node data streams through a data network from a plurality of source nodes, respectively, each of the plurality of node data streams comprising a plurality of node data. The method further comprises determining a respective risk assessment for each of the plurality of node data streams based on a plurality of elements, wherein the respective risk assessment indicates a level of trustworthiness of each of the plurality of node data streams. Moreover, the method comprises determining a plurality of respective actions for each of the plurality of source nodes, based on the respective risk assessment of the plurality of node data streams. The method further comprises instructing each of the plurality of source nodes to perform the respective action.

Abstract: An application programming interface (API) security gateway communicates with a client computer application to establish a URL key rotation operation. An API request is received from the client computer application that is directed to a computer server. The API request contains a URL address. The URL address is parsed to identify a URL key. A local validation key is generated based on the URL key rotation operation. The URL key is validated based on the local validation key to determine whether the URL key is valid. Based on determining that the URL key is valid, a modified API request is generated which contains the URL address with at least part of the URL key removed. The modified API request is provided to the computer server.

Abstract: Data privacy is provided in a computer network using a security inference control processor of a network device in the computer network which receives a query from a user device through a network interface circuit. In response to the query, a query result data set is generated based on information in a database stored in a non-volatile data storage device. Personally Identifiable Information (PII) exposure risk associated with the query result data set is determined based on an evaluation of combining the query result data set with an exposure storage log that includes result data sets from past queries associated with the user. Based on the PII exposure risk, the query result data set is provided to the user, so as to refrain from providing the query result data set if the PII exposure risk is greater than a risk threshold. Related methods, devices, and computer program products are provided.

Abstract: An API transaction risk assessment equipment is disclosed that receives an API transaction request through a data network from an application processed by a source node, and generates a risk assessment score based on context information that characterizes the API transaction request. The risk assessment score indicates a level of trustworthiness of the API transaction request for processing by an application on a destination node. The API transaction risk assessment equipment then controls deliverability of the API transaction request through the data network to the destination node for processing based on the risk assessment score. Corresponding methods by API transaction risk assessment equipment are disclosed.

Abstract: Data privacy is provided in a computer network using a security inference control processor of a network device in the computer network which receives a query from a user device through a network interface circuit. In response to the query, a query result data set is generated based on information in a database stored in a non-volatile data storage device. Personally Identifiable Information (PII) exposure risk associated with the query result data set is determined based on an evaluation of combining the query result data set with an exposure storage log that includes result data sets from past queries associated with the user. Based on the PII exposure risk, the query result data set is provided to the user, so as to refrain from providing the query result data set if the PII exposure risk is greater than a risk threshold. Related methods, devices, and computer program products are provided.

Abstract: A method is described for receiving a plurality of node data streams through a data network from a plurality of source nodes, respectively, each of the plurality of node data streams comprising a plurality of node data. The method further comprises determining a respective risk assessment for each of the plurality of node data streams based on a plurality of elements, wherein the respective risk assessment indicates a level of trustworthiness of each of the plurality of node data streams. Moreover, the method comprises determining a plurality of respective actions for each of the plurality of source nodes, based on the respective risk assessment of the plurality of node data streams. The method further comprises instructing each of the plurality of source nodes to perform the respective action.

Abstract: Methods of operating an application programming interface (API) request risk assessment system include receiving an API request from a source computer application that is directed to a destination computer application. A risk assessment score is generated based on a characteristic of the API request. The risk assessment score indicates a level of trustworthiness of the source computer application. Deliverability of the API request to the destination computer application is controlled based on the risk assessment score. Related methods of operating a source computer and related operations by API request risk assessment systems and source computers are disclosed.

Abstract: A method includes receiving an application programming interface (API) request from a source computer application that is directed to a destination computer application. An attack response message that is configured to trigger operation of a defined action by the source computer application is sent to the source computer application. Deliverability of the API request to the destination computer application is controlled based on whether the attack response message triggered operation of the defined action. Related operations by API request risk assessment systems are disclosed.

Abstract: A secure protocol for registering a user, device and application with a computing device, such as a server, is provided. The protocol uses a single sign-on or registration request that enables multiple applications executing on single mobile computing device to access server resources' without each application separately registering with the server. After registration, a server is able to determine which user is using which application on which computing device whenever a request is sent from a device to the server. This type of registration enables fine grained access control to protected resources, such as information and/or services, of the server.

Abstract: Some aspects of the present disclosure operate an application programming interface (API) risk assessment equipment. An API transaction request is received from an application processed by a source node. A risk assessment score is generated based on comparison of content of the API transaction request to content of earlier API transaction requests. The risk assessment score indicates trustworthiness of the API transaction request. Deliverability of the API transaction request to a destination node for processing is controlled based on the risk assessment score.

Abstract: A user device transmits a location update message, indicating a location of the user device, to a network server. Responsive to the location update message, the user device receives from the network server a list of radio frequency beacons transmitted by resource devices and associated service identifiers for services available from the resource devices. A radio frequency beacon received from a resource device is identified as being in the list. A message is sent to the resource device requesting access to a service identified by a service identifier in the list associated with the radio frequency beacon and providing credentials for a user of the user device in the message.

Abstract: Some aspects of the present disclosure operate an application programming interface (API) risk assessment equipment. An API transaction request is received from an application processed by a source node. A risk assessment score is generated based on comparison of content of the API transaction request to content of earlier API transaction requests. The risk assessment score indicates trustworthiness of the API transaction request. Deliverability of the API transaction request to a destination node for processing is controlled based on the risk assessment score.

Abstract: A method includes receiving an application programming interface (API) request from a source computer application that is directed to a destination computer application. An attack response message that is configured to trigger operation of a defined action by the source computer application is sent to the source computer application. Deliverability of the API request to the destination computer application is controlled based on whether the attack response message triggered operation of the defined action. Related operations by API request risk assessment systems are disclosed.

Abstract: Methods of operating an application programming interface (API) request risk assessment system include receiving an API request from a source computer application that is directed to a destination computer application. A risk assessment score is generated based on a characteristic of the API request. The risk assessment score indicates a level of trustworthiness of the source computer application. Deliverability of the API request to the destination computer application is controlled based on the risk assessment score. Related methods of operating a source computer and related operations by API request risk assessment systems and source computers are disclosed.

Abstract: An API transaction risk assessment equipment is disclosed that receives an API transaction request through a data network from an application processed by a source node, and generates a risk assessment score based on context information that characterizes the API transaction request. The risk assessment score indicates a level of trustworthiness of the API transaction request for processing by an application on a destination node. The API transaction risk assessment equipment then controls deliverability of the API transaction request through the data network to the destination node for processing based on the risk assessment score. Corresponding methods by API transaction risk assessment equipment are disclosed.