Abstract: A system, device and method for enforcing privacy during a communication session with a voice assistant are disclosed. In response to a determination that an environment of a first voice assistant device is not private, a first secure communication session between the first voice assistant device and an application server is suspended. In response a determination that one or more other voice assistant devices have been authorized for communication with the application server is made and input to transfer the first secure communication session, a second secure communication session between a second voice assistant device and the application server is initiated. The first secure communication session between the first voice assistant device and the application server is terminated in response to successful initiation of the second secure communication session.

Abstract: A method for evaluating security of third-party application is disclosed. The method includes: receiving, from a first application, a request to obtain first account data for a user account associated with a protected data resource; generating fake data for at least a portion of the requested first account data; providing, to the first application, a first data set in response to the request, the first data set including at least the generated fake data; monitoring use of the first data set by the first application; detecting a trigger condition indicating misuse of account data based on monitoring use of the first data set by the first application; in response to detecting the trigger condition, generating a notification identifying the misuse of account data; and transmitting the notification to a computing device associated with an application user.

Abstract: A method for evaluating security of third-party application is disclosed. The method includes: launching, in an automated test environment, a test instance of a first application; detecting at least one data retrieval operation by the first application of retrieving data from a protected data resource; for each of the at least one data retrieval operation, identifying an application state of the first application at a time of detecting the at least one data retrieval operation; determining a data access pattern for the first application of accessing the protected data resource based on the at least one data retrieval operation and application states of the first application associated with the at least one data retrieval operation; and presenting the data access pattern for the first application on a client device associated with a user.

Abstract: The disclosed exemplary embodiments include computer-implemented devices, apparatuses, and processes that, among other things, perform dynamic biometric authentication based on distributed ledger data. For example, a device may compute a first hash value based on first biometric data captured by a sensor unit, and may transmit a request to, and receive a response from, a computing system across a communications network via the communications unit. The request may cause the computing system to execute instructions maintained within the distributed ledger data, and to extract second biometric data maintained within an element of the distributed ledger data. The second biometric data may include a second hash, which the computing system may incorporate into the response. The device may authenticate an identity associated with the device when the first hash value corresponds to the second hash value incorporated within the response.

Abstract: Computer-implemented methods and systems reliant on establishing a common session key between an electronic device and a computer server are disclosed. The method and systems may be for processing de-tokenization requests in payment transaction processing and for preparing an electronic device to perform payment transactions. During such a transaction, the server may perform a method that includes receiving a de-tokenization request including a payment token and a cryptogram generated by the electronic device using a session key generated by the electronic device based on a fingerprint of the electronic device, a secret value previously shared with the electronic device, the payment token, and a transaction counter; retrieving the fingerprint, the secret value, and the transaction counter and generating the session key based on the same; verifying the cryptogram using the session key; retrieving an associated account number; and sending response to the request including the account number.

Abstract: An electronic device is disclosed. The electronic device includes a memory, a camera module, a communications module, and a processor that is configured to: receive, from the camera module, image data associated with a machine-readable optical label, the optical label encoding transaction details of a transfer of data to a recipient account, wherein the transaction details do not indicate an identity of the recipient account; receive a user input indicating authorization to initiate a transfer of data, via a protected resource, from an account associated with the user to the recipient account; and in response to receiving the user input, generate a request for initiating the transfer of data based on the transaction details, the request including an access token for use in authenticating the user on requests to access the protected resource.

Abstract: A method for evaluating security of third-party application is disclosed. The method includes: in an automated test environment: launching a test instance of a first application; and obtaining a data access signature of the first application based on identifying at least one application state of the first application and account data retrieved by the first application from a user account at a protected data resource in the at least one application state; receiving, from a client device associated with the user account, an indication of access permissions for the first application to access the user account for retrieving account data; detecting a change in the data access signature of the first application; and in response to detecting the change in the data access signature of the first application, notifying the user of the detected change.

Abstract: A method for controlling third-party access of a protected resource is disclosed.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that dynamically manage consent, permissioning, and trust between computing systems and unrelated, third-party applications operating within a computing environment. By way of example, the apparatus may receive a request for an element of data that includes an access token and first credential data associated with an application program. When the first credential data corresponds to second credential data associated with the application program, may determine that the requested data element is accessible to the application program and perform operations that validate the access token. Further, and based on the validation of the access token, that apparatus may obtain and encrypt the requested data element, and may transmit the encrypted data element to a device via the communications interface.

Abstract: A method for controlling third-party access of a protected data resource is disclosed. The method includes: receiving an access token associated with a first application, the access token indicating access permissions for the first application to access a user account at a protected data resource; receiving a first request to perform a first access operation of accessing the user account using the access token; determining whether the first access operation is permitted based on the access permissions; in response to determining that the first access operation is not permitted: modifying the first request to obtain a second request for performing a second access operation of accessing the user account using the access token, the second access operation complying with the access permissions for the first application; transmitting the second request to a server associated with the protected data resource.

Abstract: The present disclosure involves systems, software, and computer implemented methods for personalizing interactions within a conversational interface based on an input context. One example system performs operations including receiving a conversational input received via a conversational interface. The conversational input is analyzed to determine an intent and lexical personality score based on the input's characteristics. A set of responsive content is determined and includes a set of initial tokens representing an initial response. A set of synonym tokens associated with at least some of the initial tokens are identified, and at least one synonym token associated with a similar lexical personality score to the input is determined. At least one of the initial tokens are replaced with the determined synonym token to generate a modified version of the set of response content. The modified version of the response is then transmitted to a device in response to the input.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that, among other things, authorize initiated exchanges of data in real-time based on dynamically generated tokenized data. For example, an apparatus may receive first positional data identifying a first geographic position of a client device and based on the first positional data, the apparatus may determine a value of a parameter characterizing an exchange of data between the client device and a terminal device disposed proximate to the client device during a temporal interval. The apparatus may transmit data requesting a pre-authorization of the data exchange to a computing system, which perform operations that pre-authorize the data exchange in accordance with the parameter value and transmit a digital token representative of the pre-authorized data exchange to the terminal device. The digital token may be valid during the temporal interval and may include a cryptogram associated with the client device.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that, among other things, authorize initiated exchanges of data based on tokenized data characterized by a limited temporal or geographic validity. For example, an apparatus may receive a first signal that includes first information identifying a first geographic position of a client device. The apparatus may also obtain a digital token representative of a pre-authorization of a data exchange between the client device and a terminal device during a corresponding temporal interval. The terminal device may, for example, be disposed within a geographic region that includes the first geographic position of the client device. The apparatus may generate and transmit a second signal that includes the digital token to the client device. In some examples, the apparatus may transmit the second signal being through a programmatic interface associated with an application program executed by the client device.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that dynamically implement and manage hash-based consent and permissioning protocols. By way of example, an apparatus may obtain consent data that identifies one or more elements of data accessible to an application program executed by a device. The apparatus may generate a consent document for the application program based on at least a portion of the consent data, and may compute a consent hash value representative of the consent document. The apparatus may also generate and transmit permissioning data that includes at least the consent hash value to the device. The permissioning data may, for example, include information that instructs the executed application program to store the consent hash value within a local memory of the device and to associate the consent hash value with an access token of the executed application program.

Abstract: A computer system provides a user interface efficient in its use of screen space allowing values to be provided for attributes. The computer system comprises a processor and a display, an input interface, and a memory coupled to the processor. The memory stores instructions that, when executed by the processor, cause the computer system to: display, within a first region of the display, a plurality of icons corresponding to a plurality of attributes; receive, via the input interface, input corresponding to a drag-and-drop operation wherein a particular one of the plurality of icons is dragged to and then dropped at a drop position within a second region of the display; and assign a value to an attribute corresponding to the particular one of the plurality of icons based on a location of the drop position within the second region. Related methods and computer-readable media are also disclosed.

Abstract: A computer-implemented method is disclosed. The method includes: receiving, from a web server associated with a protected resource, a first signal including a request to validate a bearer token submitted by a client device to the web server, the bearer token including a digital signature; validating the bearer token, the validating including verifying the digital signature using a public key associated with an end user of the client device; and in response to validating the bearer token, sending to the web server a second signal including a notification that the bearer token is valid.

Abstract: The present disclosure involves systems, software, and computer implemented methods for personalizing interactions within a conversational interface based on an input context. One example system performs operations including receiving a conversational input via a conversational interface associated with a particular user profile. The input is analyzed via a natural language processing engine to determine an intent and a personality input type. A persona response type associated with the determined personality input type is identified, and responsive content is determined. A particular persona associated with the particular user profile based on a related set of social network activity information associated with the user profile and that corresponds to the identified persona response type is identified.

Abstract: An electronic device is disclosed. The electronic device includes a memory, a camera module, a communications module, and a processor that is configured to: receive first credentials identifying a user; transmit, via the communications module to an authentication server, a first signal including a request to verify that the first credentials are authorized for accessing a protected resource; when the first credentials are authorized for accessing the protected resource, receive, via the communications module from the authentication server, a second signal including an access token for use in authenticating the user on requests to access the protected resource; receive, from the camera module, image data associated with a machine-readable optical label, the optical label encoding transaction details of a first transaction; and generate a request based on the transaction details to access the protected resource for initiating the first transaction, the request including the access token.

Abstract: In an aspect, the present application may describe a method including: receiving, from a remote computing device and at a server, an indication of consent for an authenticated entity to share data with a third party server; in response to receiving the indication of consent, issuing an access token to the third party server, the access token for accessing data associated with the authenticated entity; monitoring a risk parameter associated with one or both of the third party server and the authenticated entity to detect a change in the risk parameter; determining, based on input received from the authenticated entity, that data sharing with the third party server is to be modified based on the change in risk parameter; and modifying the sharing of data for the authenticated entity with the third party server by revoking the access token or modifying an access permission associated with the access token.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, devices, apparatuses, and processes that dynamically implement and manage consent and permissioning protocols using container-based applications. By way of example, a device may receive, through a programmatic interface, a first request for an element of data generated by an executed application program. When the first request is consistent with consent data associated the executed application program, the device may obtain the requested data element and a digital signature applied to the requested data element by a computing system. Based on a verification of the applied digital signature, the device may generate and present a representation of the requested data element within a digital interface, along with an interface element that confirms the verification of the digital signature.