Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that dynamically manage consent, permissioning, and trust between computing systems that maintain confidential data and unrelated third-party applications. By way of example, an apparatus may obtain interaction data that identifies an interaction between an application program executed at a first computing system and a programmatic interface of a second computing system. Based on the interaction data, the apparatus may generate outcome data characterizing a probability that the requested access to the data element is inconsistent with an access permission granted to the executed application program, and may modify the access permission in accordance with the outcome data. The apparatus may also perform that generate permissioning data indicative of the modified access permission and that store the permissioning data within a locally accessible or cloud-based repository.

Abstract: A method for evaluating security of third-party application is disclosed. The method includes: receiving, from a first application, a request to obtain first account data for a user account associated with a protected data resource; generating fake data for at least a portion of the requested first account data; providing, to the first application, a first data set in response to the request, the first data set including at least the generated fake data; monitoring use of the first data set by the first application; detecting a trigger condition indicating misuse of account data based on monitoring use of the first data set by the first application; in response to detecting the trigger condition, generating a notification identifying the misuse of account data; and transmitting the notification to a computing device associated with an application user.

Abstract: In an aspect, the present application may describe a method including: receiving, from a remote computing device and at a server, an indication of consent for an authenticated entity to share data with a third party server; in response to receiving the indication of consent, issuing an access token to the third party server, the access token for accessing data associated with the authenticated entity; monitoring a risk parameter associated with one or both of the third party server and the authenticated entity to detect a change in the risk parameter; determining, based on input received from the authenticated entity, that data sharing with the third party server is to be modified based on the change in risk parameter; and modifying the sharing of data for the authenticated entity with the third party server by revoking the access token or modifying an access permission associated with the access token.

Abstract: In an aspect, the present application may describe a method. The method may include: receiving, from a remote computing device, a first indication of consent for an authenticated entity to share data with a first third party server, the first indication of consent associated with a first sharing permission defining a first sharing scope; in response to receiving the first indication of consent: configuring a server to share data for the authenticated entity with the first third party server based on the sharing permission; identifying a first safety score, the first safety score associated with the first third party server; and updating a risk score for the authenticated entity based on the first safety score and the first sharing permission; and sending the updated risk score for the authenticated entity to the remote computing device for display thereon.

Abstract: A computer-implemented method is disclosed. The method includes: receiving, via a communication interface from a client application executing on a first device, a first signal including a request to obtain an access token for accessing a protected resource, the request including a public key associated with an end user; validating the request to obtain the access token; and in response to validating the request: encrypting an authorization code associated with the request using the public key to generate a first code; and transmitting, via the communication interface to the client application on the first device, a second signal including both the access token for accessing the protected resource and the first code.

Abstract: In an aspect, the present application may describe a method. The method may include: receiving, from a remote computing device, a first indication of consent for an authenticated entity to share data with a first third party server, the first indication of consent associated with a first sharing permission defining a first sharing scope; in response to receiving the first indication of consent: configuring a server to share data for the authenticated entity with the first third party server based on the sharing permission; identifying a first safety score, the first safety score associated with the first third party server; and updating a risk score for the authenticated entity based on the first safety score and the first sharing permission; and sending the updated risk score for the authenticated entity to the remote computing device for display thereon.

Abstract: A method for regulating access to a protected resource is disclosed. The method includes: receiving, via the communication interface from a client application executing on a first device, a first signal including a request to obtain an access token for accessing a protected resource, the request including: a client identifier uniquely identifying the client application; an authorization code for authorizing the client application's access of the protected resource; and a public key associated with the end user; and in response to validating the request: encrypting the authorization code using the public key to generate a first code; and transmitting, via the communication interface to the client application on the first device, a second signal including both an access token for accessing the protected resource and the first code.

Abstract: A method for evaluating security of third-party application is disclosed. The method includes: receiving, from a first application, a request to obtain first account data for a user account associated with a protected data resource; generating fake data for at least a portion of the requested first account data; providing, to the first application, a first data set in response to the request, the first data set including at least the generated fake data; monitoring use of the first data set by the first application; detecting a trigger condition indicating misuse of account data based on monitoring use of the first data set by the first application; in response to detecting the trigger condition, generating a notification identifying the misuse of account data; and transmitting the notification to a computing device associated with an application user.

Abstract: A method for evaluating security of third-party application is disclosed. The method includes: in an automated test environment: launching a test instance of a first application; and obtaining a data access signature of the first application based on identifying at least one application state of the first application and account data retrieved by the first application from a user account at a protected data resource in the at least one application state; receiving, from a client device associated with the user account, an indication of access permissions for the first application to access the user account for retrieving account data; detecting a change in the data access signature of the first application; and in response to detecting the change in the data access signature of the first application, notifying the user of the detected change.

Abstract: An electronic device is disclosed. The electronic device includes a memory, a camera module, a communications module, and a processor that is configured to: receive, from the camera module, image data associated with a machine-readable optical label, the optical label encoding transaction details of a transfer of data to a recipient account, wherein the transaction details do not indicate an identity of the recipient account; receive a user input indicating authorization to initiate a transfer of data, via a protected resource, from an account associated with the user to the recipient account; and in response to receiving the user input, generate a request for initiating the transfer of data based on the transaction details, the request including an access token for use in authenticating the user on requests to access the protected resource.

Abstract: A method for controlling third-party access of a protected resource is disclosed.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that dynamically manage consent, permissioning, and trust between computing systems and unrelated, third-party applications operating within a computing environment. By way of example, the apparatus may receive a request for an element of data that includes an access token and first credential data associated with an application program. When the first credential data corresponds to second credential data associated with the application program, may determine that the requested data element is accessible to the application program and perform operations that validate the access token. Further, and based on the validation of the access token, that apparatus may obtain and encrypt the requested data element, and may transmit the encrypted data element to a device via the communications interface.

Abstract: A method for controlling third-party access of a protected data resource is disclosed. The method includes: receiving an access token associated with a first application, the access token indicating access permissions for the first application to access a user account at a protected data resource; receiving a first request to perform a first access operation of accessing the user account using the access token; determining whether the first access operation is permitted based on the access permissions; in response to determining that the first access operation is not permitted: modifying the first request to obtain a second request for performing a second access operation of accessing the user account using the access token, the second access operation complying with the access permissions for the first application; transmitting the second request to a server associated with the protected data resource.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that dynamically implement and manage hash-based consent and permissioning protocols. By way of example, an apparatus may obtain consent data that identifies one or more elements of data accessible to an application program executed by a device. The apparatus may generate a consent document for the application program based on at least a portion of the consent data, and may compute a consent hash value representative of the consent document. The apparatus may also generate and transmit permissioning data that includes at least the consent hash value to the device. The permissioning data may, for example, include information that instructs the executed application program to store the consent hash value within a local memory of the device and to associate the consent hash value with an access token of the executed application program.

Abstract: A computer-implemented method is disclosed. The method includes: receiving, from a web server associated with a protected resource, a first signal including a request to validate a bearer token submitted by a client device to the web server, the bearer token including a digital signature; validating the bearer token, the validating including verifying the digital signature using a public key associated with an end user of the client device; and in response to validating the bearer token, sending to the web server a second signal including a notification that the bearer token is valid.

Abstract: An electronic device is disclosed. The electronic device includes a memory, a camera module, a communications module, and a processor that is configured to: receive first credentials identifying a user; transmit, via the communications module to an authentication server, a first signal including a request to verify that the first credentials are authorized for accessing a protected resource; when the first credentials are authorized for accessing the protected resource, receive, via the communications module from the authentication server, a second signal including an access token for use in authenticating the user on requests to access the protected resource; receive, from the camera module, image data associated with a machine-readable optical label, the optical label encoding transaction details of a first transaction; and generate a request based on the transaction details to access the protected resource for initiating the first transaction, the request including the access token.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, devices, apparatuses, and processes that dynamically implement and manage consent and permissioning protocols using container-based applications. By way of example, a device may receive, through a programmatic interface, a first request for an element of data generated by an executed application program. When the first request is consistent with consent data associated the executed application program, the device may obtain the requested data element and a digital signature applied to the requested data element by a computing system. Based on a verification of the applied digital signature, the device may generate and present a representation of the requested data element within a digital interface, along with an interface element that confirms the verification of the digital signature.

Abstract: In an aspect, the present application may describe a method including: receiving, from a remote computing device and at a server, an indication of consent for an authenticated entity to share data with a third party server; in response to receiving the indication of consent, issuing an access token to the third party server, the access token for accessing data associated with the authenticated entity; monitoring a risk parameter associated with one or both of the third party server and the authenticated entity to detect a change in the risk parameter; determining, based on input received from the authenticated entity, that data sharing with the third party server is to be modified based on the change in risk parameter; and modifying the sharing of data for the authenticated entity with the third party server by revoking the access token or modifying an access permission associated with the access token.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that dynamically manage consent, permissioning, and trust between computing systems that maintain confidential data and unrelated third-party applications. By way of example, an apparatus may obtain interaction data that identifies an interaction between an application program executed at a first computing system and a programmatic interface of a second computing system. Based on the interaction data, the apparatus may generate outcome data characterizing a probability that the requested access to the data element is inconsistent with an access permission granted to the executed application program, and may modify the access permission in accordance with the outcome data. The apparatus may also perform that generate permissioning data indicative of the modified access permission and that store the permissioning data within a locally accessible or cloud-based repository.

Abstract: A method for regulating access to a protected resource is disclosed.