Abstract: Methods of secure resource authorization for external identities using remote principal objects are performed by systems and devices. An external entity creates a user group and defines entitlements to an owning entity's secure resource as a set of permissions for the group. An immutable access template with the permissions and an access policy for the secure resource are provided to the owning entity for approval. On approval, a remote principal object is created in the owner directory according to the permissions and access policy. A remote principal that is a group member requests access via an interface to the owner domain using external domain credentials. The identity of the remote principal is verified against the remote principal object by a token service. Verification causes generation and issuance of a token, with the enumerated entitlements, to the remote principal interface affecting a redirect for access to the secure resource.

Abstract: Methods of secure resource authorization for external identities using remote principal objects are performed by systems and devices. An external entity creates a user group and defines entitlements to an owning entity's secure resource as a set of permissions for the group. An immutable access template with the permissions and an access policy for the secure resource are provided to the owning entity for approval. On approval, a remote principal object is created in the owner directory according to the permissions and access policy. A remote principal that is a group member requests access via an interface to the owner domain using external domain credentials. The identity of the remote principal is verified against the remote principal object by a token service. Verification causes generation and issuance of a token, with the enumerated entitlements, to the remote principal interface affecting a redirect for access to the secure resource.

Abstract: Methods of secure resource authorization for external identities using remote principal objects are performed by systems and devices. An external entity creates a user group and defines entitlements to an owning entity's secure resource as a set of permissions for the group. An immutable access template with the permissions and an access policy for the secure resource are provided to the owning entity for approval. On approval, a remote principal object is created in the owner directory according to the permissions and access policy. A remote principal that is a group member requests access via an interface to the owner domain using external domain credentials. The identity of the remote principal is verified against the remote principal object by a token service. Verification causes generation and issuance of a token, with the enumerated entitlements, to the remote principal interface affecting a redirect for access to the secure resource.

Abstract: Methods of secure resource authorization for external identities using remote principal objects are performed by systems and devices. An external entity creates a user group and defines entitlements to an owning entity's secure resource as a set of permissions for the group. An immutable access template with the permissions and an access policy for the secure resource are provided to the owning entity for approval. On approval, a remote principal object is created in the owner directory according to the permissions and access policy. A remote principal that is a group member requests access via an interface to the owner domain using external domain credentials. The identity of the remote principal is verified against the remote principal object by a token service. Verification causes generation and issuance of a token, with the enumerated entitlements, to the remote principal interface affecting a redirect for access to the secure resource.

Abstract: Methods of secure resource authorization for external identities using remote principal objects are performed by systems and devices. An external entity creates a user group and defines entitlements to an owning entity's secure resource as a set of permissions for the group. An immutable access template with the permissions and an access policy for the secure resource are provided to the owning entity for approval. On approval, a remote principal object is created in the owner directory according to the permissions and access policy. A remote principal that is a group member requests access via an interface to the owner domain using external domain credentials. The identity of the remote principal is verified against the remote principal object by a token service. Verification causes generation and issuance of a token, with the enumerated entitlements, to the remote principal interface affecting a redirect for access to the secure resource.

Abstract: Methods of secure resource authorization for external identities using remote principal objects are performed by systems and devices. An external entity creates a user group and defines entitlements to an owning entity's secure resource as a set of permissions for the group. An immutable access template with the permissions and an access policy for the secure resource are provided to the owning entity for approval. On approval, a remote principal object is created in the owner directory according to the permissions and access policy. A remote principal that is a group member requests access via an interface to the owner domain using external domain credentials. The identity of the remote principal is verified against the remote principal object by a token service. Verification causes generation and issuance of a token, with the enumerated entitlements, to the remote principal interface affecting a redirect for access to the secure resource.

Abstract: Methods of secure resource authorization for external identities using remote principal objects are performed by systems and devices. An external entity creates a user group and defines entitlements to an owning entity's secure resource as a set of permissions for the group. An immutable access template with the permissions and an access policy for the secure resource are provided to the owning entity for approval. On approval, a remote principal object is created in the owner directory according to the permissions and access policy. A remote principal that is a group member requests access via an interface to the owner domain using external domain credentials. The identity of the remote principal is verified against the remote principal object by a token service. Verification causes generation and issuance of a token, with the enumerated entitlements, to the remote principal interface affecting a redirect for access to the secure resource.

Abstract: Systems, methods, and computer-executable instructions for providing privacy to relative location data includes receiving a request for a location of an object. Privacy settings associated with the object are retrieved. A position of the object within a construct of a physical space is determined. An area within the construct of the physical space based on the position is determined. A location value of the object based on the area and the privacy settings is determined. The location value in response to the request for the location of the object is returned.

Abstract: Methods of secure resource authorization for external identities using remote principal objects are performed by systems and devices. An external entity creates a user group and defines entitlements to an owning entity's secure resource as a set of permissions for the group. An immutable access template with the permissions and an access policy for the secure resource are provided to the owning entity for approval. On approval, a remote principal object is created in the owner directory according to the permissions and access policy. A remote principal that is a group member requests access via an interface to the owner domain using external domain credentials. The identity of the remote principal is verified against the remote principal object by a token service. Verification causes generation and issuance of a token, with the enumerated entitlements, to the remote principal interface affecting a redirect for access to the secure resource.

Abstract: Methods of secure resource authorization for external identities using remote principal objects are performed by systems and devices. An external entity creates a user group and defines entitlements to an owning entity's secure resource as a set of permissions for the group. An immutable access template with the permissions and an access policy for the secure resource are provided to the owning entity for approval. On approval, a remote principal object is created in the owner directory according to the permissions and access policy. A remote principal that is a group member requests access via an interface to the owner domain using external domain credentials. The identity of the remote principal is verified against the remote principal object by a token service. Verification causes generation and issuance of a token, with the enumerated entitlements, to the remote principal interface affecting a redirect for access to the secure resource.

Abstract: Systems, methods, and computer-executable instructions for providing privacy to proximity data. A beacon identifier associated with a first object is received. Privacy data associated with the beacon identifier is determined. A filter determination of the beacon identifier based on the first privacy data is determined. An indication to filter the beacon identifier is provided. The beacon identifier is filtered, such that a running application is never aware of the detected beacon identifier.

Abstract: Systems, methods, and computer-executable instructions for determining a temperature of an individual including receiving, from a first camera, first image frames. The individual is detected in the first image frames. Facial features of the individual are detected from the first image frames. A brain thermal tunnel location is determined from the facial features of the individual. A second camera provides second image frames that include thermal data. The brain thermal tunnel locations from the first image frames are mapped to the second image frames. For each second image frame, a temperature of the individual is determined based on the mapped brain thermal tunnel location. A combined temperature is determined based on the temperatures determined from the second image frames.

Abstract: Systems, methods, and computer-executable instructions for contact tracing including receiving a first beacon identifier associated with a first person and a second beacon identifier associated with a second person over a time period from a plurality of readers. A location of the first person and the second person is determined. Health data associated with the first person is received. The first person is determined to be sick and a sick period of time is determined. Two or more people, including the second person, are determined to have been within a proximity of the first person during the sick period of time. A list of the two or more people is generated.

Abstract: Aspects of the disclosure relate to an ATM internal self-repair recovery system. The system may be included in software updates transmitted to the ATM. The system may include an XML file and a log file. Prior to execution of each instruction included in the XML file, the system may write an intelligent log statement to the log file. A standalone web service may monitor the log file to determine new entries to the log file. When a new entry is the last entry for more than a predetermined amount of time, a midstream ATM stall may be determined. The system may compare the new entry to an ATM stall action table. The comparison may determine an appropriate action to repair the installation process based on the table. The ATM may perform the appropriate action and thereby recover from the failures that occurred during the update process.

Abstract: Aspects of the disclosure relate to an ATM internal self-repair recovery system. The system may be included in software updates transmitted to the ATM. The system may include an XML file and a log file. Prior to execution of each instruction included in the XML file, the system may write an intelligent log statement to the log file. A standalone web service may monitor the log file to determine new entries to the log file. When a new entry is the last entry for more than a predetermined amount of time, a midstream ATM stall may be determined. The system may compare the new entry to an ATM stall action table. The comparison may determine an appropriate action to repair the installation process based on the table. The ATM may perform the appropriate action and thereby recover from the failures that occurred during the update process.

Abstract: An apparatus for invoking a degraded mode architecture is provided. The apparatus may include a desktop application, a branch processor, and/or a data center. The branch processor may be in communication with the data center and the desktop application. The branch processor may transmit activities that occurred in the branch processor and the desktop application to the data center. During a termination of communication between the data center and the branch processor, the branch processor may save branch processor activities and desktop application activities. After the termination of communication, the branch processor may transmit the saved activities to the data center. In addition, many components which may be found on the desktop application may also be found on the branch processor. This may enable the branch processor to perform the desktop application capabilities when there is a termination of communication between the desktop application and the branch processor.

Abstract: Apparatus for providing a QST are disclosed herein. The QST may identify a customer in response to a swipe of a customer identifying instrument. The QST may include a reading head, a processor, a keypad, and a communications medium. The reading head may detect identification information in response to the swipe of the instrument. The identification information may be associated with a personal identification instrument. The processor may bypass a PIN acceptance state and perform a search for at least one banking record corresponding to the personal identification instrument. The processor may terminate the identification session in response to failure to obtain a record corresponding to the identification instrument. In response, at least in part, to identification of at least one record that corresponds to the personal identification instrument, the communications medium may receive a session-auth instruction from a remote location. The session-auth instruction may initiate a banking session.

Abstract: An apparatus for invoking a degraded mode architecture is provided. The apparatus may include a desktop application, a branch processor, and/or a data center. The branch processor may be in communication with the data center and the desktop application. The branch processor may transmit activities that occurred in the branch processor and the desktop application to the data center. During a termination of communication between the data center and the branch processor, the branch processor may save branch processor activities and desktop application activities. After the termination of communication, the branch processor may transmit the saved activities to the data center. In addition, many components which may be found on the desktop application may also be found on the branch processor. This may enable the branch processor to perform the desktop application capabilities when there is a termination of communication between the desktop application and the branch processor.

Abstract: Apparatus and methods for distributed currency dispensing across automated teller machine (“ATM”) networks are provided. In response to a malfunction component of an ATM, a customer may be directed to continue a banking transaction at another location. The other location may include a neighboring ATM. The other location may include a shared resource located within a banking center. The shared resource may perform a function of the malfunctioning ATM component. A shared resource may be accessible by a teller workstation, a platform area workstation or any suitable transaction station within a banking center.

Abstract: Apparatus for providing a QST are disclosed herein. The QST may identify a customer in response to a swipe of a customer identifying instrument. The QST may include a reading head, a processor, a keypad, and a communications medium. The reading head may detect identification information in response to the swipe of the instrument. The identification information may be associated with a personal identification instrument. The processor may bypass a PIN acceptance state and perform a search for at least one banking record corresponding to the personal identification instrument. The processor may terminate the identification session in response to failure to obtain a record corresponding to the identification instrument. In response, at least in part, to identification of at least one record that corresponds to the personal identification instrument, the communications medium may receive a session-auth instruction from a remote location. The session-auth instruction may initiate a banking session.