Abstract: In some aspects, a computing system can obtain, via a first communication channel with a host server, a data network identifier that identifies a mobile device accessing an interactive computing environment provide by a host server. The computing system can generate, from communications with a telecommunication provider server via a second communication channel, a dynamic identity-verification element that includes the data network identifier and a location identifier that identifies a geographic location of the mobile device. The computing system can match the dynamic identity-verification element to a device-and-location combination indicating unauthorized use of the host server by the mobile device. The computing system can prevent the mobile device from accessing a function for advancing an electronic transaction within the interactive computing environment.

Abstract: Techniques for risk evaluation include receiving, from a requesting entity, a request for monitoring target entities specifying a first identifier associated with each target entity and target entity information. The system generates a second identifier and a third identifier for each target entity and stores a mapping of the second identifiers to the first identifiers and the third identifiers, preventing the second identifiers from being provided to the requesting entity. The system monitors a periodically updated data set and determines risk metrics for the target entities, comparing each risk metric to a threshold value to identify target entities whose risk data indicates an insider threat. The system generates a third identifier for the identified target entities and provides the third identifiers to the requesting entity. Responsive to a request for a corresponding first identifier, the system identifies and provides the first and third identifiers to the requesting entity.

Abstract: Aspects and examples are disclosed for improving security of authentication elements for validating a user of a user device. In one example, a processor of a user device establishes a first communication channel with a host computing system, and a user interface capable of transmitting information to the host computing system via the first channel. An API on the user device establishes a second communication channel with an identification-and-authentication system. The API receives sensitive information entered in the user interface and prevents transmission of the sensitive information to the host computing systems via the first channel. The API also transmits to the identification-and-authentication system, via the second channel, a signal including the sensitive information. The identification-and-authentication system may use the signal to send to the host computing system an additional signal verifying that the user of the user device is authenticated.

Abstract: Aspects and examples are disclosed for facilitating mobile commerce. In one example, a processing device receives a data network identifier or other identifier from a commerce application. The data network identifier or other identifier can be associated with a mobile device conducting a transaction with the commerce application. The processing device can also obtain a credential associated with the mobile device using the data network identifier. The processing device can additionally retrieve identification information from a credit file associated with the credential. The identification information can be useable for completing the transaction. The processing device can further transmit the identification information to a computing device executing the commerce application.

Abstract: In some aspects, a verification exchange system transforms consumer data (e.g., employment or income data) from different contributor computing systems to a standardized format and stores this standardized data in a consumer-status verification repository. The verification exchange system can selectively provide portions of the consumer data to authorized client system via a security portal to a public network. For example, the verification exchange system can use standardized consumer data to service verification queries requesting confirmation of employment or income level for consumers. The verification exchange system can do so by ensuring that a verifier system from which the query is received has provided a valid credential.

Abstract: In some aspects, a computing system can generate entity links between a primary entity object identifying a primary entity for multiple accounts and secondary entity objects identifying secondary entities from the accounts. The computing system can determine a rate at which secondary users change on the accounts. The computing system can update, based on the determined rate, the primary entity object to include a fraud-facilitation flag. The computing system can also service a query from a client system regarding a presence of a fraud warning for a target consumer associated with a consumer system that accesses a service provided with the client system. For instance, the computing system can generate a fraud warning based on the target consumer being identified in a secondary entity object associated with the primary entity object having the fraud-facilitation flag. The computing system can transmit the fraud warning to the client system.

Abstract: According to certain implementations, a permissions gateway receives an access request indicating multiple sets of secured data that include high-granularity data stored on multiple secured data repositories. The access request is compared to a permission set with multiple consent parameters, which indicate access types for the secured data. Based on a comparison of the access request to a permission set, the permissions gateway queries, the permission gateway queries a first data repository for a high-granularity dataset that includes a portion of the high-granularity data, and queries a second data repository for a low-granularity dataset that includes a summary of part of the high-granularity data. The permissions gateway generates a multi-granularity response to the access request, based on a combination of the high-granularity dataset and the low-granularity dataset.

Abstract: In some aspects, a computing system can receive, from a client device, a request to perform an analytical operation that involves a query regarding a common entity type. The computing system can extract a query parameter having a particular standardized entity descriptor for the common entity type and parse a transformed dataset that is indexed in accordance with standardized entity descriptors. The computing system can match the particular standardized entity descriptor from the query to records from the transformed dataset having index values with the particular standardized entity descriptor. The computing system can retrieve the subset of the transformed dataset having the index values with the particular standardized entity descriptor. In some aspects, the computing system can generate the transformed dataset by performing conversion operations that transform records in a data structure by converting a set of different entity descriptors into a standardized entity descriptor for the common entity type.

Abstract: According to certain implementations, a permissions gateway receives an access request indicating multiple sets of secured data that include high-granularity data stored on multiple secured data repositories. The access request is compared to a permission set with multiple consent parameters, which indicate access types for the secured data. Based on a comparison of the access request to a permission set, the permissions gateway queries, the permission gateway queries a first data repository for a high-granularity dataset that includes a portion of the high-granularity data, and queries a second data repository for a low-granularity dataset that includes a summary of part of the high-granularity data. The permissions gateway generates a multi-granularity response to the access request, based on a combination of the high-granularity dataset and the low-granularity dataset.

Abstract: In some aspects, a computing system can control access of a user computing device to a resource. The computing system can obtain an access request submitted by a user computing device. The computing system can verify permission information in the access request to determine that the access request is valid. If the access request is valid, the computing system submits an authentication request to request an authentication system to authenticate the user and obtains authentication results generated by the authentication system. The computing system further provides, based on the authentication results, an access control decision for the access request.

Abstract: In some aspects, an entity-resolution computing system for entity resolution is provided. The entity-resolution computing system includes an entity resolution computing device configured as an interface between a client computing device and an encrypted identity data repository that contain resolved entity dataset. The entity resolution computing device is configured for servicing a resolution request from the client computing device by matching encrypted indexes generated from identity data objects stored in a client identity database to encrypted data objects stored in the encrypted identity data repository. The resolution computing device retrieves and transmits a common entity identifier associated with the encrypted data objects so that the client computing device can link the identity data objects stored in a client identity database via the common entity identifier.

Abstract: An online identity can be verified based on data from multiple identity sources stored in a blockchain. For example, a request for a token is received from an entity for authenticating an online identity of the entity to an online service. The request can be stored in a blockchain that represents the online identity of the entity by adding a new block to the blockchain. The new block can include data indicating the request for the token. The token can be generated based on the one or more ordered blocks in the blockchain. The token can be transmitted to the entity. The token can be received from the online service. Confirmation of the online identity of the entity can be transmitted to the online service based on receiving the token from the online service.

Abstract: A telecommunications network server system provides a digital identifier to a user device. The digital identifier may include identification data corresponding to a user of the user device. In addition, the telecommunications network server system receives, from one or more third-party systems, requests to authenticate the user for an electronic transaction with the respective third-party system. The telecommunications network server system provides a unique electronic transaction code to each third-party system. Responsive to receiving from the user device one of the unique electronic transaction codes, the telecommunications network server system provides, to the respective third-party system, authentication of the user.

Abstract: A global matching system can include a processing device and a memory device on which instructions can be stored. The processing device can execute the instructions to receive input data to be matched to target data stored in the memory device. The processing device can identify at least one context parameter for the input data. The context parameter indicate a location-specific characteristic or culturally specific characteristic of an entity associated with the input data. The processing device can access program code for matching tools and select a subset of the matching tools' program code based on the identified context parameter. The processing device can identify, based on the identified context parameter, an order of execution for the selected program code. The processing device can execute the selected program code in the identified order of execution and output a matching result for the input data and the target data.

Abstract: Certain embodiments involve data security. For instance, Records having sensitive information can be transformed to generate transformed data using a hashing algorithm. An electronic communication comprising content can be received. Transformed content can be generated by transforming the content. The transformed content can be compared to the transformed data. The transformed content can be determined to match at least one of the transformed records. The electronic communication can be prevented from being transmitted to a network.

Abstract: Certain aspects involve optimizing neural networks or other models for assessing risks and generating explanatory data regarding predictor variables used in the model. In one example, a system identifies predictor variables. The system generates a neural network for determining a relationship between each predictor variable and a risk indicator. The system performs a factor analysis on the predictor variables to determine common factors. The system iteratively adjusts the neural network so that (i) a monotonic relationship exists between each common factor and the risk indicator and (ii) a respective variance inflation factor for each common factor is sufficiently low. Each variance inflation factor indicates multicollinearity among the common factors. The adjusted neural network can be used to generate explanatory indicating relationships between (i) changes in the risk indicator and (ii) changes in at least some common factors.

Abstract: In some aspects, an interconnectivity evaluation system identifies, in a data structure with data indicating links among entity data objects, first links between a first entity data object and additional entity data objects and second links between a second entity data object and the additional entity data objects. A connectivity score for the first and second entity data objects, which indicates a weight of a relationship between the first and second entity data objects, is computed based on the first links and the second links. Data in the data structure is modified to indicate a relationship between the first and second entity data objects. The relationship is associated with the computed connectivity score. If a difference between the connectivity score and a desired connectivity score exceeds a threshold, a recommendation is outputted to modify the connectivity score by changing at least some of the links among the entity data objects.

Abstract: A telecommunications network server system provides a digital identifier to a user device. The digital identifier may include identification data corresponding to a user of the user device. In addition, the telecommunications network server system receives, from one or more third-party systems, requests to authenticate the user for an electronic transaction with the respective third-party system. The telecommunications network server system provides a unique electronic transaction code to each third-party system. Responsive to receiving from the user device one of the unique electronic transaction codes, the telecommunications network server system provides, to the respective third-party system, authentication of the user.

Abstract: An exchange processing system may include multiple exchange components that are respectively included in multiple computing systems. A central exchange component may receive a request to enable access to secured data, the request having identity data encrypted via an identity encryption module and inquiry data encrypted via a first request encryption module. The central exchange component may decrypt the identity data via the identity encryption module, and decrypt the inquiry data via the first request encryption module. Response data may be generated from secured data that is selected based on the identity and inquiry data. The central exchange component may encrypt the response data via a second request encryption module and re-encrypt the identity data via the identity encryption module. The encrypted identity and response data may be provided to a second remote exchange module.

Abstract: A telecommunications network server system provides a digital identifier to a user device. The digital identifier may include identification data corresponding to a user of the user device. In addition, the telecommunications network server system receives, from one or more third-party systems, requests to authenticate the user for an electronic transaction with the respective third-party system. The telecommunications network server system provides a unique electronic transaction code to each third-party system. Responsive to receiving from the user device one of the unique electronic transaction codes, the telecommunications network server system provides, to the respective third-party system, authentication of the user.