Abstract: An electronic device is disclosed. The electronic device includes a memory, a camera module, a communications module, and a processor that is configured to: receive first credentials identifying a user; transmit, via the communications module to an authentication server, a first signal including a request to verify that the first credentials are authorized for accessing a protected resource; when the first credentials are authorized for accessing the protected resource, receive, via the communications module from the authentication server, a second signal including an access token for use in authenticating the user on requests to access the protected resource; receive, from the camera module, image data associated with a machine-readable optical label, the optical label encoding transaction details of a first transaction; and generate a request based on the transaction details to access the protected resource for initiating the first transaction, the request including the access token.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, devices, apparatuses, and processes that dynamically implement and manage consent and permissioning protocols using container-based applications. By way of example, a device may receive, through a programmatic interface, a first request for an element of data generated by an executed application program. When the first request is consistent with consent data associated the executed application program, the device may obtain the requested data element and a digital signature applied to the requested data element by a computing system. Based on a verification of the applied digital signature, the device may generate and present a representation of the requested data element within a digital interface, along with an interface element that confirms the verification of the digital signature.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that dynamically manage consent, permissioning, and trust between computing systems that maintain confidential data and unrelated third-party applications. By way of example, an apparatus may obtain interaction data that identifies an interaction between an application program executed at a first computing system and a programmatic interface of a second computing system. Based on the interaction data, the apparatus may generate outcome data characterizing a probability that the requested access to the data element is inconsistent with an access permission granted to the executed application program, and may modify the access permission in accordance with the outcome data. The apparatus may also perform that generate permissioning data indicative of the modified access permission and that store the permissioning data within a locally accessible or cloud-based repository.

Abstract: The present disclosure involves systems, software, and computer implemented methods for providing user interface (UI)-based modifications to adjust and interact with data exchange splits. An example client device can include can identify a data exchange (DE) associated with at least three entities, the DE associated with a total value. A visualization representing the DE can be presented via a UI and can include a chart comprising the total value of the DE exchange divided into value areas that are each associated with a particular entity. In response to a detection of input associated with a selection of an edge between a first and second value area, the combined value area associated with the first and second value areas can be locked. In response to detected movement input associated with the edge, the relative values of the first and second inside the combined value area can be adjusted in the visualization.

Abstract: A system, device and method for enforcing privacy during a communication session with a voice assistant are disclosed. In response to a determination that an environment of a first voice assistant device is not private, a first secure communication session between the first voice assistant device and an application server is suspended. In response a determination that one or more other voice assistant devices have been authorized for communication with the application server is made and input to transfer the first secure communication session, a second secure communication session between a second voice assistant device and the application server is initiated. The first secure communication session between the first voice assistant device and the application server is terminated in response to successful initiation of the second secure communication session.

Abstract: A computer system provides a user interface efficient in its use of screen space allowing values to be provided for attributes. The computer system comprises a processor and a display, an input interface, and a memory coupled to the processor. The memory stores instructions that, when executed by the processor, cause the computer system to: display, within a first region of the display, a plurality of icons corresponding to a plurality of attributes; receive, via the input interface, input corresponding to a drag-and-drop operation wherein a particular one of the plurality of icons is dragged to and then dropped at a drop position within a second region of the display; and assign a value to an attribute corresponding to the particular one of the plurality of icons based on a location of the drop position within the second region. Related methods and computer-readable media are also disclosed.

Abstract: A system, device and method for enforcing privacy during a communication session with a voice assistant are disclosed. A user is authenticated via one or more first criteria in response to a request to initiate a communication session with a voice assistant. Periodically during the communication session with the voice assistant, sensor data is acquired. The sensor data is processed to determine a number of persons present in an environment of the voice assistant via one or more second criteria. The communication of private data by the voice assistant is enabled when one person is in the environment and that person is the authenticated user. The communication of private data by the voice assistant is disabled when one person is in the environment and that person is not the authenticated user.

Abstract: A method for regulating access to a protected resource is disclosed.

Abstract: The present disclosure involves systems, software, and computer implemented methods for providing user interface (UI)-based modifications to adjust and interact with data exchange splits. An example client device can include can identify a data exchange (DE) associated with at least three entities, the DE associated with a total value. A visualization representing the DE can be presented via a UI and can include a chart comprising the total value of the DE exchange divided into value areas that are each associated with a particular entity. In response to a detection of input associated with a selection of an edge between a first and second value area, the combined value area associated with the first and second value areas can be locked. In response to detected movement input associated with the edge, the relative values of the first and second inside the combined value area can be adjusted in the visualization.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that monitor and reconcile indirectly initiated exchanges of data between network-connected devices and computing systems using a permissioned distributed ledger. For example, an apparatus may obtain and transmit first transaction information characterizing a data exchange to a first computing system. The first computing system may submit a portion of the first transaction information to a second computing system through a programmatic interface inaccessible to the apparatus, and the second computing system may execute the data exchange in accordance with at least the portion of the first transaction information.

Abstract: A system, device and method for enforcing privacy during a communication session with a voice assistant are disclosed. Periodically during the communication session with the voice assistant, sensor data is acquired. The sensor data is processed to determine a number of persons present in an environment of the voice assistant. The communication of private data by the voice assistant is enabled when one person is in the environment and that person is the authorized user. The communication of private data by the voice assistant is disabled when one person is in the environment and that person is not the authorized user. When more than one person is present in the environment of the voice assistant, the communication of private data by the voice assistant may be enabled when the environment of the voice assistant is determined to match the one or more predetermined privacy criteria for a multi-person environment.

Abstract: An apparatus for use in a digital messaging system includes a storage device and a processor coupled to the storage device. The storage device storing software instructions for controlling the processor that when executed by the processor configured the processor to: generate a master private and public key pair; associate the master private and public key pair with a first certificate; and derive at least one domain-specific key from the one of the master private and public key pair. The first certificate is registered to a group comprising a plurality of domains. The domain-specific key is associated with one of the plurality of domains.

Abstract: A computer system for selectively enabling a data transfer method is disclosed. The computer system includes a processor, a communications module, and a memory. The memory stores instructions that, when executed by the processor, cause the computer system to: receive a signal from a remote electronic device via a network using the communications module, the received signal representing information including a context for a transfer of value between a database record associated with a data sender and a database record associated with a data receiver, the context including an identifier for the data receiver; obtain a condition to be satisfied in performing the transfer of value based on the identifier for the data receiver; determine that the condition is satisfied by performing the transfer of value using a particular data transfer method; and enable the transfer of value using the particular data transfer method.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that manage cryptographically secure exchanges of data using a permissioned distributed ledger. For example, an apparatus may obtain parameter data and additional content associated with a data exchange. The apparatus may generate first data that includes at least a portion of the additional content accessible to a first computing system, and may generate second data that includes at least a portion of the parameter data. The apparatus may provide the first data to a peer computing system, which records encrypted information associated with the first data within an element of a distributed ledger accessible at the first computing system. The apparatus may also provide the second data to a second computing system, which executes the data exchange in accordance with at least the portion of the parameter data.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that manage cryptographically secure exchanges of data using a permissioned distributed ledger. For example, an apparatus obtains parameter values characterizing an exchange of data and transmits the parameter values to a first computing system, which executed instructions included within a distributed ledger. The executed additional instructions cause the first computing system to access rules data recorded onto the distributed ledger and establish a consistency between the parameter values and at least a portion of the accessed rules data. The apparatus receives, from the first computing system, confirmation data indicative of the established consistency, and based on the confirmation data, transmit a request to execute the data exchange in accordance with at least the portion of the parameter values to a second computing system.

Abstract: A computer server includes a processor that is configured to receive an incoming authorization request that includes an original numeric value and an identification number, and locate a profile that is associated with the identification number. The located profile includes at least one adjustment criterion. The processor is configured to determine a primary numeric value and a secondary numeric value from the original numeric value and the adjustment criterion, confirm that the secondary numeric value is not greater than a balance value in a loyalty points account associated with the identification number, and reduce the balance value in the loyalty points account by the secondary numeric value. The processor is configured to, after confirming the secondary numeric value, generate a revised authorization request and transmit the revised authorization request to an authorization server. The revised authorization request includes the identification number and the primary numeric value.

Abstract: A computer system for selectively enabling a data transfer method is disclosed. The computer system includes a processor, a communications module, and a memory. The memory stores instructions that, when executed by the processor, cause the computer system to: receive a signal from a remote electronic device via a network using the communications module, the received signal representing information including a context for a transfer of value between a database record associated with a data sender and a database record associated with a data receiver, the context including an identifier for the data receiver; obtain a condition to be satisfied in performing the transfer of value based on the identifier for the data receiver; determine that the condition is satisfied by performing the transfer of value using a particular data transfer method; and enable the transfer of value using the particular data transfer method.

Abstract: An apparatus for use in electronic document control includes a storage device a processor coupled to the storage device. The storage device storing software instructions for controlling the processor that when executed by the processor configure the processor to: receive a signal representing data including an original document, append a unique identifier to the original document to generate a modified document, generate a hash value of the modified document, and transmit the hash value corresponding to the modified document to an electronic distributed ledger.

Abstract: A computer server includes a transaction processor that is configured to receive from a POS terminal an incoming authorization request that includes an original numeric value, a token cryptogram and an identification number identifying an identity token; confirm that the token cryptogram was generated from the original numeric value and a cryptographic key associated with the token; determine primary and secondary numeric values from the original numeric value and a user profile associated with the identification number; confirm that the secondary numeric value is not greater than the balance in a loyalty points account associated with the identification number; transmit to an authorization server a revised authorization request that includes the identification number and the primary numeric value; and receive from the authorization server a confirmation message confirming that the primary numeric value is not greater than the balance in a payment account associated with the identification number.

Abstract: Systems and methods are provided that use a trained process to reply to a request comprising query data defining a query and context data defining contextual factors for the query from a device. The query is answered by one or more selected APIs of a plurality of APIs that invoke respective services to prepare a response. The trained process determines an execution plan responsive to the query data and the context data and is configured using training to define execution plans comprising selected APIs where a particular API is selected for the plan if it answers at least a portion of the query and the selected APIs together prepare the response optimized for the device according to the context data. The plan is provided to an execution component to execute the plan using the selected APIs and send the response to the requesting device.