Abstract: The disclosed embodiments include computer-implemented systems and processes that perform operations that initiate, approve, and execute exchanges of data between network-connected systems, apparatuses, and devices in a computing environment. For example, a network-connected apparatus may receive a first value of a parameter that characterizes an exchange of data initiated at a terminal device, identify a second value of the parameter allocated to the client device. In response to a determination that the first parameter value exceeds the second parameter value, the apparatus may request, and receive, parameter data from an application program executed by the at least one processor. The parameter data may identify a third value of the parameter allocated to the client device by the executed application program, and the apparatus may authorize, based on the second and third parameter values, a performance of the initiated data exchange in accordance with the first parameter value.

Abstract: A computer-implemented method is disclosed. The method includes: receiving, from a web server associated with a protected resource, a first signal including a request to validate a bearer token submitted by a client device to the web server, the bearer token including a digital signature; validating the bearer token, the validating including verifying the digital signature using a public key associated with an end user of the client device; and in response to validating the bearer token, sending to the web server a second signal including a notification that the bearer token is valid.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that, among other things, authenticate device identity and authorize exchanges of data in real-time based on dynamically generated cryptographic data. For example, an apparatus may receive a first signal that includes a first cryptogram associated with a client device, and may perform operations that authenticate an identity of the client device based on a comparison of the received first cryptogram and a second cryptogram generated by a computing system associated with an application program executed by the client device. In response to the authenticated identity, the apparatus may load profile data associated with the client device from a storage unit, and perform operations consistent with the profile data in accordance with the authenticated identity.

Abstract: A computer-implemented method is disclosed. The method includes: receiving, via a client device, a resource transfer request for resources to be transferred to a transferee account; generating a secure data object based on request data of the resource transfer request, the secure data object including a first hash computed based on an input string comprising a transferee account identifier; signing the secure data object using a private key of a transferee resource account management system; and sending the signed secure data object to a messaging address associated with a transferor account.

Abstract: A computer-implemented method is disclosed. The method includes: receiving an authentication request to authenticate a first entity with a first service; in response to receiving the authentication request: identifying an access-restricted first data record associated with the first entity; generating a message associated with a first transfer of resources between the first data record and a designated second data record, the message identifying one of the first and second data records as a recipient data record for the first transfer and defining a first quantity of resources to transfer; and transmitting the message to a first server associated with the first entity, the first server requiring user authentication to access the message; determining a completion status of the first transfer; and generating a response to the authentication request based on the completion status of the first transfer.

Abstract: A computer-implemented method is disclosed.

Abstract: A method for evaluating security of third-party application is disclosed. The method includes: receiving, from a first application, a request to obtain first account data for a user account associated with a protected data resource; generating fake data for at least a portion of the requested first account data; providing, to the first application, a first data set in response to the request, the first data set including at least the generated fake data; monitoring use of the first data set by the first application; detecting a trigger condition indicating misuse of account data based on monitoring use of the first data set by the first application; in response to detecting the trigger condition, generating a notification identifying the misuse of account data; and transmitting the notification to a computing device associated with an application user.

Abstract: A processor-implemented method is disclosed. The method includes: generating a secure data object associated with a request for transfer of resources, the secure data object indicating one or more resource transfer parameters including account information for a transferee account at a resource account management system, wherein the secure data object includes a first hash computed based on the one or more resource transfer parameters; signing the secure data object using a private key associated with the resource account management system; and sending the secure data object to a messaging address associated with a transferor of the requested resources.

Abstract: According to an aspect there is provided an ambient commerce system. The ambient commerce system may include a sensor at an ambient commerce premises, a communication module, and a processor coupled to the sensor and the communication module. The ambient commerce system further includes a memory coupled to the processor. The memory stores processor-executable instructions which, when executed, cause the processor to: detect, based on an output of one or more of the sensors, an unauthenticated entity at an ambient commerce premises; receive, from a first independent trusted system and via the communication module, an indication that authentication has been performed by the first independent trusted system for the unauthenticated entity using a first authentication parameter; determine that the entity is an authenticated entity based on the indication that the authentication has been performed and at least a second authentication parameter; and perform an ambient commerce operation for the authenticated entity.

Abstract: A server computer system, comprises a processor; a communications module coupled to the processor; and a memory coupled to the processor, the memory storing instructions that, when executed, configure the processor to receive, via the communications module and from a client device, a signal including a request to configure a transfer of data to a particular data record; determine that the particular data record is associated with a third party server; obtain a trust score associated with the particular data record; determine that the trust score satisfies trust criteria; and responsive to determining that the trust score satisfies trust criteria, enable one or more transfer features associated with a real-time transfer protocol.

Abstract: A computer-implemented method is disclosed. The method includes: receiving, via a communication interface from a client application executing on a first device, a first signal including a request to obtain an access token for accessing a protected resource, the request including a public key associated with an end user; validating the request to obtain the access token; and in response to validating the request: encrypting an authorization code associated with the request using the public key to generate a first code; and transmitting, via the communication interface to the client application on the first device, a second signal including both the access token for accessing the protected resource and the first code.

Abstract: A server computer system, comprises a processor; a communications module coupled to the processor; and a memory coupled to the processor, the memory storing instructions that, when executed, configure the processor to obtain information associated with a request to transfer data to a data record; determine, based on an identifier associated with the data record, whether a real-time transfer protocol is available to complete the transfer; and send, via the communications module and to a client device associated with a recipient of the request to transfer the data to the data record, a signal updating one or more interface elements of an interface displayed on the client device based on whether the real-time transfer protocol is available to complete the transfer.

Abstract: A computer-implemented method is disclosed. The method includes: receiving, via a first application, a request to connect a first data record associated with the first application on a computing device with a second data record associated with a second application on the computing device; establishing a secure data communication channel between the first application and the second application; receiving, via the first application, a request for transfer of data between the first application and the second application; and in response to receiving the request, transmit, by the first application to the second application via the secure data communication channel, a message comprising the second device token using a trusted link associated with the second application.

Abstract: The present disclosure involves systems, software, and computer implemented methods for a remittance system that pre-populates remittance data based on historical usage of remittance transactions. One example system includes operations to generate, using a predictive model, data indicating a predicted likelihood of a user selecting at least one data exchange transaction, wherein the data indicates the predicted likelihood of the user performing the at least one data exchange transaction. A request is received to access a remittance page. In response, the at least one data exchange transaction that was previously generated is selected from a repository of predicted likelihoods. Remittance data associated with a UI element is generated that includes the at least one data exchange transaction. The remittance data is transmitted to the device. An indication from the device is received for interacting with the UI element. The data exchange transaction is executed in response to receiving the indication.

Abstract: Methods and computer systems for controlling access to software features in a computing environment. Obtaining a plurality of electronic documents associated with an account, each particular electronic document in the plurality of electronic documents including a respective first data item in a first field and a respective second data item in a second field. Categorizing each respective first data item based on the corresponding respective second data item. Applying a scoring model to the respective first data items included in the plurality of electronic documents according to the categorizations to create a score. Unlocking a software feature associated with the account in response to determining that the score meets a threshold.

Abstract: A method may include: causing a point-of-sale terminal processing a transaction to display a machine-readable code, the machine-readable code encoding a web address; receiving a request from a device that scanned the machine-readable code, the request received at the web address; in response to receiving the request, causing the device that scanned the machine-readable code to output an interface; receiving, through the interface, an input of an indication to separate the transaction into multiple transaction parts and one or more parameters indicating how the transaction is to be separated; and sending, to the point-of-sale terminal, a message that configures the point-of-sale terminal to separate the transaction in accordance with the one or more parameters.

Abstract: Systems and methods for reversing a transfer of a digital asset are described. A method may include storing a token, the token providing for one or more transfers from a second storage location to a first storage location; receiving notification of a first transfer from the first storage location to the second storage location; detecting the first transfer from the first storage location to the second storage location; receiving a request for a reversal of the first transfer; determining an eligibility of the request for the reversal of the first transfer; and responsive to determining the eligibility of the request for the reversal of the first transfer, performing the reversal of the first transfer by executing, using the token, an offsetting transfer from the second storage location to the first storage location.

Abstract: A computer-implemented method is disclosed. The method includes: receiving, via a computing device of a transferor entity, a first request to process a transfer of resources associated with a first resource account, the first request indicating a maximum resource transfer amount for the transfer; generating a locked virtual allocation of resources associated with the first resource account, the virtual allocation representing a defined quantity of resources committed for the transfer; obtaining request data for a second request to transfer resources to a second resource account, the request data indicating a minimum requested resource amount; validating the second request based on identifying information of a recipient entity associated with the second request; determining that the first request and the second request satisfy a defined resource transfer condition; and in response to the determining, automatically granting, to the recipient entity, access to the virtual allocation of resources.

Abstract: Computer-implemented methods and systems reliant on establishing a common session key between an electronic device and a computer server are disclosed. The method and systems may be for processing de-tokenization requests in payment transaction processing and for preparing an electronic device to perform payment transactions. During such a transaction, the server may perform a method that includes receiving a de-tokenization request including a payment token and a cryptogram generated by the electronic device using a session key generated by the electronic device based on a fingerprint of the electronic device, a secret value previously shared with the electronic device, the payment token, and a transaction counter; retrieving the fingerprint, the secret value, and the transaction counter and generating the session key based on the same; verifying the cryptogram using the session key; retrieving an associated account number; and sending response to the request including the account number.

Abstract: A computer system provides a user interface efficient in its use of screen space allowing values to be provided for attributes. The computer system comprises a processor and a display, an input interface, and a memory coupled to the processor. The memory stores instructions that, when executed by the processor, cause the computer system to: display, within a first region of the display, a plurality of icons corresponding to a plurality of attributes; receive, via the input interface, input corresponding to a drag-and-drop operation wherein a particular one of the plurality of icons is dragged to and then dropped at a drop position within a second region of the display; and assign a value to an attribute corresponding to the particular one of the plurality of icons based on a location of the drop position within the second region. Related methods and computer-readable media are also disclosed.