Abstract: The disclosed embodiments include computerized systems and methods for generating secured blockchain-based ledger data structures that track occurrences of events across fragmented and geographically dispersed lines-of-business of an enterprise. In one instance, an apparatus associated with a rules authority of the secured blockchain-based ledger may detect an occurrence of a triggering event, and may access and decrypt a set of rules hashed into the secured blockchain-based ledger using a confidentially-held master cryptographic key. The apparatus may identify a rule associated with the detected event, and perform one or more operations consistent with the rule, including a disbursement of various rewards to employees in response to customer-specific interactions with the enterprise. The disclosed embodiments provide a rules process for aggregating mutually incompatible enterprise data that specifies the events, and for tracking the events in uniform data structures accessible across the enterprise.

Abstract: The disclosed embodiments include computerized systems and methods for generating secured block-chain-based ledger data structures that track subdivide ownership and usage of one or more assets, such as Internet-connected devices. In one instance, an apparatus associated with a rules authority of the secured block-chain-based ledger may detect an occurrence of a triggering event related to at least one of partial ownership interests in the assets, and may access and decrypt a set of rules hashed into the secured block-chain-based ledger using a confidentially-held master cryptographic key. The apparatus may identify a rule associated with the detected event, and perform one or more operations consistent with the rule, including a generation of additional data blocks reflecting a change in at least one of the partial ownership interests, and additionally or alternatively, processes that adaptively monitor a compliance of one or more partial owners with an imposed usage restriction.

Abstract: An apparatus for use in a digital asset tracking system includes a storage device and a processor coupled to the storage device. The storage device stores software instructions for controlling the processor that when executed by the processor configure the processor to receive a signal representing a request comprising a first transfer from a first digital container associated with a first client to a second digital container associated with a second client. A value of the first transfer is compared to a total value in one or more accounts associated with the first client. At least one of the one or more accounts associated with the first client has a value in a first currency. A first draft is generated from a first account to an account associated with the second client. The first draft comprises a value in a second currency equivalent to the value of the first transfer.

Abstract: An apparatus for use in a digital messaging system includes a storage device and a processor coupled to the storage device. The storage device storing software instructions for controlling the processor that when executed by the processor configured the processor to: generate a first message comprising a payload portion; encrypt the payload portion of the message; derive a first session key from a domain-specific key; and sign the message using the first session key.

Abstract: A method for authenticating a wearable device is disclosed. The method includes: receiving, a signal representing an indication that the wearable device is in active use; in response to receiving the signal, updating a device database to associate a first status with the wearable device; receiving, from a tokenization service provider (TSP), a signal representing a first code derived by the TSP from decrypting a security token previously provisioned in the wearable device, wherein the security token was received at a terminal from the wearable device and transmitted to the TSP; obtaining, based on the received first code, a device identifier of the wearable device and an identifier of an account; querying the device database to verify that the wearable device is associated with the first status; verifying that the account is enabled for an operation initiated using the wearable device; and transmitting an authorization message to the terminal, the authorization message authorizing the operation.

Abstract: A computer-implemented method for allocating resources includes identifying event conditions matched by events identified based on a monitoring of events associated with an account. Modifiers associated with the matched event conditions are retrieved. An account modifier is computed based on the modifiers. A selected quantity of resources is determined by modifying a base resource level based on the account modifier and allocated for use in association with the account. The allocating includes initiating a blockchain transaction to update a distributed ledger to indicate the quantity of resources in association with an address associated with the account. The events are associated with consumption of computing resources. The modifiers associated with particular event conditions are updateable based on a comparison of computing resources consumed by events matching the particular event conditions with a resource allocation for those events. Related systems and computer-readable media are also disclosed.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that, among other things, authorize initiated exchanges of data in real-time based on dynamically generated tokenized data. For example, an apparatus may receive first positional data identifying a first geographic position of a client device and based on the first positional data, the apparatus may determine a value of a parameter characterizing an exchange of data between the client device and a terminal device disposed proximate to the client device during a temporal interval. The apparatus may transmit data requesting a pre-authorization of the data exchange to a computing system, which perform operations that pre-authorize the data exchange in accordance with the parameter value and transmit a digital token representative of the pre-authorized data exchange to the terminal device. The digital token may be valid during the temporal interval and may include a cryptogram associated with the client device.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that, among other things, generate and provision digital tokens based on dynamically obtained contextual data. For example, an apparatus may receive first information that characterizes an exchange of data initiated by a first application program executed by the apparatus, and may generate and transmit a signal to a computing system through a programmatic interface associated with a second application program executed by the apparatus. In some instances, the first signal may include the first information and data that instructs the computing system to obtain a digital token representative of a data type available for use in the data exchange. The apparatus may also receive a second signal that includes the digital token and based on the digital token, perform operations that present second information characterizing the available data type on an interface.

Abstract: The disclosed exemplary embodiments include computer-implemented devices, apparatuses, and processes that, among other things, perform dynamic biometric authentication based on distributed ledger data. For example, a device may compute a first hash value based on first biometric data captured by a sensor unit, and may transmit a request to, and receive a response from, a computing system across a communications network via the communications unit. The request may cause the computing system to execute instructions maintained within the distributed ledger data, and to extract second biometric data maintained within an element of the distributed ledger data. The second biometric data may include a second hash, which the computing system may incorporate into the response. The device may authenticate an identity associated with the device when the first hash value corresponds to the second hash value incorporated within the response.

Abstract: The disclosed embodiments include processes that manage a cryptographically secure generation and exchange of data between network-connected systems operating within a computing environment using a permissioned distributed ledger. For example, and based on secure interaction with a distributed smart contract maintained within ledger blocks of the permissioned distributed ledger, an apparatus and a counterparty system may generate local symmetric encryption keys that facilitate a secure communication session between the apparatus and the counterparty system. Using the symmetric encryption key, the apparatus may generate a cryptographically secure representation of generated or obtained data, which may be transmitted to the counterparty system across the secure communications channel.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that, among other things, authorize initiated exchanges of data based on tokenized data characterized by a limited temporal or geographic validity. For example, an apparatus may receive a first signal that includes first information identifying a first geographic position of a client device. The apparatus may also obtain a digital token representative of a pre-authorization of a data exchange between the client device and a terminal device during a corresponding temporal interval. The terminal device may, for example, be disposed within a geographic region that includes the first geographic position of the client device. The apparatus may generate and transmit a second signal that includes the digital token to the client device. In some examples, the apparatus may transmit the second signal being through a programmatic interface associated with an application program executed by the client device.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that, among other things, authenticate device identity and authorize exchanges of data in real-time based on dynamically generated cryptographic data. For example, an apparatus may receive a first signal that includes a first cryptogram associated with a client device, and may perform operations that authenticate an identity of the client device based on a comparison of the received first cryptogram and a second cryptogram generated by a computing system associated with an application program executed by the client device. In response to the authenticated identity, the apparatus may load profile data associated with the client device from a storage unit, and perform operations consistent with the profile data in accordance with the authenticated identity.

Abstract: The disclosed embodiments include processes that manage a cryptographically secure generation and exchange of data between network-connected systems operating within a computing environment using a permissioned distributed ledger. For example, and based on secure interaction with a distributed smart contract maintained within ledger blocks of the permissioned distributed ledger, an apparatus and a counterparty system may generate local symmetric encryption keys that facilitate a secure communication session between the apparatus and the counterparty system. Using the symmetric encryption key, the apparatus may generate a cryptographically secure representation of generated or obtained data, which may be transmitted to the counterparty system across the secure communications channel.

Abstract: An apparatus for use in a digital messaging system includes a storage device and a processor coupled to the storage device. The storage device storing software instructions for controlling the processor that when executed by the processor configured the processor to: generate a master private and public key pair; associate the master private and public key pair with a first certificate; and derive at least one domain-specific key from the one of the master private and public key pair. The first certificate is registered to a group comprising a plurality of domains. The domain-specific key is associated with one of the plurality of domains.

Abstract: An apparatus maintains a segregated database in a multiple distributed ledger system. The apparatus includes a storage device that stores software instructions for controlling a processor that when executed by the processor configure the processor to: create distributed ledgers, each created distributed ledger being associated with a respective individual profile; maintain a segregated database apart from the distributed ledgers including, for each individual profile, profile balance data; and process a data exchange between exchanging profiles.

Abstract: The disclosed embodiments include computerized systems and methods that generate secured distributed storage ledger structures, such as block-chain-based ledger structures, that facilitate event-based control of tracked assets. In one embodiment, an apparatus associated with a centralized authority of the secured distributed storage ledger may detect an occurrence of a triggering event, and may access and decrypt a set of rules hashed into the secured distributed storage ledger using a confidentially-held master cryptographic key. The apparatus may identify a rule associated with the detected event, and perform one or more operations consistent with the rule and involving at least one of assets tracked within the secured distributed storage ledger or an owner of a portion of the tracked assets.

Abstract: The disclosed embodiments include computer-implemented systems, apparatuses, and processes that perform a real-time delegated approval of initiated data exchanges by network-connected devices. For example, an apparatus determines determine a value of a parameter that characterizes an exchange of data and a first data type involved in the data exchange, and generates and transmits a first signal to a communications device associated with a second data type available for use in the data exchange and associated with the first data type. The apparatus receives, from the communications device, a second signal that includes information indicative of an approval of the second data type for use in the data exchange, and in response to the received approval, the apparatus performs the data exchange using the second data type and in accordance with the parameter value.

Abstract: The disclosed embodiments include computer-implemented systems, apparatuses, and processes that dynamically generate and provision digital tokens to network-connected devices. For example, an apparatus receives a first signal that includes information identifying a current geographic location of a communications device. Based on the current geographic location, the apparatus computes an expected value of a parameter of a second data exchange during a future temporal interval, identifies a data type for use in the second data exchange based on the expected parameter value, and apparatus generates and transmits a second signal to a computing system associated with the identified data type. The second signal may include additional information instructing the computing system to provide, to the communications device, a digital token usable to initiate the second data exchange during the future temporal interval.

Abstract: An apparatus for use in a digital messaging system includes a storage device and a processor coupled to the storage device. The storage device storing software instructions for controlling the processor that when executed by the processor configured the processor to: generate a master private and public key pair; associate the master private and public key pair with a first certificate; and derive at least one domain-specific key from the one of the master private and public key pair. The first certificate is registered to a group comprising a plurality of domains. The domain-specific key is associated with one of the plurality of domains.

Abstract: The disclosed embodiments include computerized systems and methods that generate secured distributed storage ledger structures, such as block-chain-based ledger structures, that facilitate event-based control of tracked assets. In one embodiment, an apparatus associated with a centralized authority of the secured distributed storage ledger may detect an occurrence of a triggering event, and may access and decrypt a set of rules hashed into the secured distributed storage ledger using a confidentially-held master cryptographic key. The apparatus may identify a rule associated with the detected event, and perform one or more operations consistent with the rule and involving at least one of assets tracked within the secured distributed storage ledger or an owner of a portion of the tracked assets.