Abstract: The disclosed exemplary embodiments include computer-implemented systems, devices, apparatuses, and processes that maintain data confidentiality in communications involving voice-enabled devices in a distributed computing environment using homomorphic encryption. By way of example, an apparatus may receive encrypted command data from a computing system, decrypt the encrypted command data using a homomorphic private key, and perform operations that associate the decrypted command data with a request for an element of data. Using a public cryptographic key associated with a device, the apparatus generate an encrypted response that includes the requested data element, and transmit the encrypted response to the device. The device may decrypt the encrypted response using a private cryptographic key and to perform operations that present first audio content representative of the requested data element through an acoustic interface.

Abstract: A trusted session is to be established between a smart speaker and a computer server. The computer server may receive an instruction to initiate a trusted session with the smart speaker. The instruction includes an indication of an account linking token for linking a first and second account associated with the smart speaker and the computer server, respectively. The computer server generates a session token and sends it to the smart speaker for acoustic signalling. The acoustic signal is captured by a mobile device and used to reconstruct the session token. The computer server receives the reconstructed session token along with identifying information from the mobile device. The computer server system uses the identifying information to confirm that the mobile device is associated with the second accord. Upon so confirming, the computer server may establish a trusted session between the first smart speaker and the computer server system.

Abstract: In an aspect, the present application may describe a method. The method may include: receiving, from a remote computing device, a first indication of consent for an authenticated entity to share data with a first third party server, the first indication of consent associated with a first sharing permission defining a first sharing scope; in response to receiving the first indication of consent: configuring a server to share data for the authenticated entity with the first third party server based on the sharing permission; identifying a first safety score, the first safety score associated with the first third party server; and updating a risk score for the authenticated entity based on the first safety score and the first sharing permission; and sending the updated risk score for the authenticated entity to the remote computing device for display thereon.

Abstract: The disclosed embodiments include computer-implemented systems and processes that perform operations that initiate, approve, and execute exchanges of data between network-connected systems, apparatuses, and devices in a computing environment. For example, a network-connected apparatus may receive a first value of a parameter that characterizes an exchange of data initiated at a terminal device, identify a second value of the parameter allocated to the client device. In response to a determination that the first parameter value exceeds the second parameter value, the apparatus may request, and receive, parameter data from an application program executed by the at least one processor. The parameter data may identify a third value of the parameter allocated to the client device by the executed application program, and the apparatus may authorize, based on the second and third parameter values, a performance of the initiated data exchange in accordance with the first parameter value.

Abstract: The disclosed embodiments include computer-implemented systems, apparatuses, and processes that perform a real-time delegated approval of initiated data exchanges by network-connected devices. For example, an apparatus determines determine a value of a parameter that characterizes an exchange of data and a first data type involved in the data exchange, and generates and transmits a first signal to a communications device associated with a second data type available for use in the data exchange and associated with the first data type. The apparatus receives, from the communications device, a second signal that includes information indicative of an approval of the second data type for use in the data exchange, and in response to the received approval, the apparatus performs the data exchange using the second data type and in accordance with the parameter value.

Abstract: A computer system and method for managing a data request interface. The system includes a memory associated with the data request interface and coupled to a processor. The memory includes processor-executable instructions of the method for managing the data request interface. The method includes: receiving, from a first client device, a first signal including a primary authorization credential associated with a data record and a second signal including a request to generate an alternate authorization credential for use by a software module. The alternate authorization credential is associated with data retrieval constraints. The method includes generating the alternate authorization credential and configuring the data request interface to impose the data retrieval constraints for constraining data operations on the data record upon receipt of the alternate authorization credential.

Abstract: A system comprises a communications module; a processor coupled with the communications module; and a memory coupled to the processor and storing processor-executable instructions which, when executed by the processor, configure the processor to receive, via the communications module and from a point of sale terminal, a PIN associated with a token and a request for identity data; authenticate the PIN to confirm customer consent to release the identity data; obtain the identity data; and send, via the communications module, the identity data to the point of sale terminal.

Abstract: A system and method for managing access to entity identity data are described. The system comprises a communications module; a processor coupled with the communications module; and a memory coupled to the processor and storing processor-executable instructions which, when executed by the processor, configure the processor to authenticate a remote device as being associated with an entity; receive, via the communications module and from the remote device, pre-consent data identifying one or more third parties permitted to access entity identity data for the entity; store, in the memory, the pre-consent data in association with the entity; receive, via the communications module and from a digital identity network, a signal representing a request to release the entity identity data to the third party; determine, based on the pre-consent data, that the entity identity data is to be released to the third party; and initiate release of the entity identity data to a computing device associated with the third party.

Abstract: A computer-implemented method is disclosed. The method includes: receiving, via a communication interface from a client application executing on a first device, a first signal including a request to obtain an access token for accessing a protected resource, the request including a public key associated with an end user; validating the request to obtain the access token; and in response to validating the request: encrypting an authorization code associated with the request using the public key to generate a first code; and transmitting, via the communication interface to the client application on the first device, a second signal including both the access token for accessing the protected resource and the first code.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that, among other things, authenticate device identity and authorize exchanges of data in real-time based on dynamically generated cryptographic data. For example, an apparatus may receive a first signal that includes a first cryptogram associated with a client device, and may perform operations that authenticate an identity of the client device based on a comparison of the received first cryptogram and a second cryptogram generated by a computing system associated with an application program executed by the client device. In response to the authenticated identity, the apparatus may load profile data associated with the client device from a storage unit, and perform operations consistent with the profile data in accordance with the authenticated identity.

Abstract: A server comprises a communications module; a processor coupled to the communications module; and a memory coupled to the processor, the memory storing processor-executable instructions which, when executed, configure the processor to receive, via the communications module and from a remote computing device, user input indicating a response to one or more prompts; generate an aspirational profile for a user based at least on the received user input; receive, via the communications module and from a monitoring application installed on the remote computing device, monitoring data; generate a behavior profile for the user based at least on the monitoring data; and when the behavior profile is misaligned with the aspirational profile, send, via the communications module and to the remote computing device, a notification indicating that the behavior profile is misaligned with the aspirational profile.

Abstract: The disclosure generally describes computer-implemented methods, software, and systems, including a method for placing a card into an alert state. An alert detection indication is received during an attempted data exchange using a permanent account number (PAN) associated with a card. The alert detection indication is received by an electronic controller embedded in the card and is received through an interface. The alert detection indication indicates that the PAN has an alert state identified for the PAN by an entity that issued the card. An operational mode of the card is modified into the alert state by the electronic controller and is based on receipt of the alert detection indication. An electronic display indicating that the card is in the alert state is displayed by the electronic controller.

Abstract: The present disclosure involves systems, software, and computer implemented methods for a remittance system that pre-populates remittance data based on historical usage of remittance transactions. One example system includes operations to generate, using a predictive model, data indicating a predicted likelihood of a user selecting at least one data exchange transaction, wherein the data indicates the predicted likelihood of the user performing the at least one data exchange transaction. A request is received to access a remittance page. In response, the at least one data exchange transaction that was previously generated is selected from a repository of predicted likelihoods. Remittance data associated with a UI element is generated that includes the at least one data exchange transaction. The remittance data is transmitted to the device. An indication from the device is received for interacting with the UI element. The data exchange transaction is executed in response to receiving the indication.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that manage cryptographically secure exchanges of data using a permissioned distributed ledger. For example, an apparatus obtains parameter values characterizing an exchange of data and transmits the parameter values to a first computing system, which executed instructions included within a distributed ledger. The executed additional instructions cause the first computing system to access rules data recorded onto the distributed ledger and establish a consistency between the parameter values and at least a portion of the accessed rules data. The apparatus receives, from the first computing system, confirmation data indicative of the established consistency, and based on the confirmation data, transmit a request to execute the data exchange in accordance with at least the portion of the parameter values to a second computing system.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that, among other things, generate and provision digital tokens based on dynamically obtained contextual data. For example, an apparatus may receive first information that characterizes an exchange of data initiated by a first application program executed by the apparatus, and may generate and transmit a signal to a computing system through a programmatic interface associated with a second application program executed by the apparatus. In some instances, the first signal may include the first information and data that instructs the computing system to obtain a digital token representative of a data type available for use in the data exchange. The apparatus may also receive a second signal that includes the digital token and based on the digital token, perform operations that present second information characterizing the available data type on an interface.

Abstract: The disclosed embodiments include computer-implemented systems and processes that perform operations that initiate, approve, and execute exchanges of data between network-connected systems, apparatuses, and devices in a computing environment. For example, a network-connected apparatus may receive a first value of a parameter that characterizes an exchange of data initiated at a terminal device, identify a second value of the parameter allocated to the client device. In response to a determination that the first parameter value exceeds the second parameter value, the apparatus may request, and receive, parameter data from an application program executed by the at least one processor. The parameter data may identify a third value of the parameter allocated to the client device by the executed application program, and the apparatus may authorize, based on the second and third parameter values, a performance of the initiated data exchange in accordance with the first parameter value.

Abstract: In an aspect, the present application may describe a method. The method may include: receiving, from a remote computing device, a first indication of consent for an authenticated entity to share data with a first third party server, the first indication of consent associated with a first sharing permission defining a first sharing scope; in response to receiving the first indication of consent: configuring a server to share data for the authenticated entity with the first third party server based on the sharing permission; identifying a first safety score, the first safety score associated with the first third party server; and updating a risk score for the authenticated entity based on the first safety score and the first sharing permission; and sending the updated risk score for the authenticated entity to the remote computing device for display thereon.

Abstract: A trusted session is to be established between a smart speaker and a computer server. The computer server may receive an instruction to initiate a trusted session with the smart speaker. The instruction includes an indication of an account linking token for linking a first and second account associated with the smart speaker and the computer server, respectively. The computer server generates a session token and sends it to the smart speaker for acoustic signalling. The acoustic signal is captured by a mobile device and used to reconstruct the session token. The computer server receives the reconstructed session token along with identifying information from the mobile device. The computer server system uses the identifying information to confirm that the mobile device is associated with the second accord. Upon so confirming, the computer server may establish a trusted session between the first smart speaker and the computer server system.

Abstract: The disclosed embodiments include computer-implemented systems, apparatuses, and processes that perform a real-time delegated approval of initiated data exchanges by network-connected devices. For example, an apparatus determines determine a value of a parameter that characterizes an exchange of data and a first data type involved in the data exchange, and generates and transmits a first signal to a communications device associated with a second data type available for use in the data exchange and associated with the first data type. The apparatus receives, from the communications device, a second signal that includes information indicative of an approval of the second data type for use in the data exchange, and in response to the received approval, the apparatus performs the data exchange using the second data type and in accordance with the parameter value.

Abstract: A computer system and method for managing a data request interface. The system includes a memory associated with the data request interface and coupled to a processor. The memory includes processor-executable instructions of the method for managing the data request interface. The method includes: receiving, from a first client device, a first signal including a primary authorization credential associated with a data record and a second signal including a request to generate an alternate authorization credential for use by a software module. The alternate authorization credential is associated with data retrieval constraints. The method includes generating the alternate authorization credential and configuring the data request interface to impose the data retrieval constraints for constraining data operations on the data record upon receipt of the alternate authorization credential.