Abstract: In some aspects, systems and methods for efficiently clustering a large-scale dataset for improving the construction and training of machine-learning models, such as neural network models, are provided. A dataset used for training a neural network model configured can be clustered into a first set of clusters and a second set of clusters. The neural network model can be constructed with a number of nodes in a hidden layer that is based on the number of clusters in the first set of clusters. The neural network can be trained based on training samples selected from the second set of clusters. In some aspects, the trained neural network model can be utilized to satisfy risk assessment queries to compute output risk indicators for target entities. The output risk indicator can be used to control access to one or more interactive computing environments by the target entities.

Abstract: In some aspects, a computing system can control access of a user computing device to a resource. The computing system can obtain an access request submitted by a user computing device. The computing system can verify permission information in the access request to determine that the access request is valid. If the access request is valid, the computing system submits an authentication request to request an authentication system to authenticate the user and obtains authentication results generated by the authentication system. The computing system further provides, based on the authentication results, an access control decision for the access request.

Abstract: Bayesian modeling can be used for risk assessment. For example, a computing device determines, using a Bayesian prediction model, a risk indicator for a target entity from predictor variables associated with the target entity. The Bayesian prediction model determines the risk indicator based on a set of parameters associated with the Bayesian prediction model. The Bayesian prediction model is generated based on an initial training dataset. The initial training dataset includes training records and predictor variables. The Bayesian prediction model can be generated by calculating the set of parameters based on the initial training dataset. The Bayesian prediction model can be updated by updating the set of parameters using an additional training dataset. The computing device transmits, to a remote computing device, the risk indicator for use in controlling access of the target entity to one or more interactive computing environments.

Abstract: In some aspects, techniques for creating representative and informative training datasets for the training of machine-learning models are provided. For example, a risk assessment system can receive a risk assessment query for a target entity. The risk assessment system can compute an output risk indicator for the target entity by applying a machine learning model to values of informative attributes associated with the target entity. The machine learning model may be trained using training samples selected from a representative and informative (RAI) dataset. The RAI dataset can be created by determining the informative attributes based on attributes used by a set of models and further extracting representative data records from an initial training dataset based on the determined informative attributes. The risk assessment system can transmit a responsive message including the output risk indicator for use in controlling access of the target entity to an interactive computing environment.

Abstract: According to certain implementations, an access control system controls access to secured data that is stored on a secured source. A requestor system may request information representing the secured data. The access control system receives the secured data from the secured source, and selects a portion of the secured data based on a lens including a filter criteria or a modification instruction. Adjusted data may be generated based on a modification of the selected portion of data, where the modification is based on the lens. The access control system provides the adjusted data to the requestor system via an access interface. In some cases, upon completion of a time period, the access control system prevents the requestor system from accessing the adjusted data, by disabling the access interface used to access the adjusted data. The adjusted data may be deleted from the access control system.

Abstract: In some aspects, systems and methods for efficiently clustering a large-scale dataset for improving the construction and training of machine-learning models, such as neural network models, are provided. A dataset used for training a neural network model configured can be clustered into a first set of clusters and a second set of clusters. The neural network model can be constructed with a number of nodes in a hidden layer that is based on the number of clusters in the first set of clusters. The neural network can be trained based on training samples selected from the second set of clusters. In some aspects, the trained neural network model can be utilized to satisfy risk assessment queries to compute output risk indicators for target entities. The output risk indicator can be used to control access to one or more interactive computing environments by the target entities.

Abstract: According to certain implementations, an access control system controls access to secured data that is stored on a secured source. A requestor system may request information representing the secured data. The access control system receives the secured data from the secured source, and selects a portion of the secured data based on a lens including a filter criteria or a modification instruction. Adjusted data may be generated based on a modification of the selected portion of data, where the modification is based on the lens. The access control system provides the adjusted data to the requestor system via an access interface. In some cases, upon completion of a time period, the access control system prevents the requestor system from accessing the adjusted data, by disabling the access interface used to access the adjusted data. The adjusted data may be deleted from the access control system.

Abstract: In some aspects, systems and methods for efficiently clustering a large-scale dataset for improving the construction and training of machine-learning models, such as neural network models, are provided. A dataset used for training a neural network model configured can be clustered into a first set of clusters and a second set of clusters. The neural network model can be constructed with a number of nodes in a hidden layer that is based on the number of clusters in the first set of clusters. The neural network can be trained based on training samples selected from the second set of clusters. In some aspects, the trained neural network model can be utilized to satisfy risk assessment queries to compute output risk indicators for target entities. The output risk indicator can be used to control access to one or more interactive computing environments by the target entities.

Abstract: Systems and methods for secure resource management are provided. A secure resource management system receives from a client computing system associated with a resource provider a query for classifying a resource user associated with the resource provider. The secure resource management system determining a set of resource abuser criteria for classifying the resource user as a resource abuser. The secure resource management system determines that the resource user is a resource abuser or a potential resource abuser based on the set of resource abuser criteria and a resource transaction history associated with the resource user. Based on determining that the resource user is a resource abuser or a potential resource abuser, the secure resource management system generates and transmits a response to the query to the client computing system. The response can be used to restrict or deny access to the resource by the resource user.

Abstract: According to certain implementations, a permissions gateway receives an access request indicating multiple sets of secured data that include high-granularity data stored on multiple secured data repositories. The access request is compared to a permission set with multiple consent parameters, which indicate access types for the secured data. Based on a comparison of the access request to a permission set, the permissions gateway queries, the permission gateway queries a first data repository for a high-granularity dataset that includes a portion of the high-granularity data, and queries a second data repository for a low-granularity dataset that includes a summary of part of the high-granularity data. The permissions gateway generates a multi-granularity response to the access request, based on a combination of the high-granularity dataset and the low-granularity dataset.

Abstract: Systems and methods for secure resource management are provided. A secure resource management system includes a resource record repository, such as a secure database or a blockchain, for storing resource records for resources. The resource records contain information of resource providers, information of resource users having a right to obtain resources, and resource transaction histories. Responsive to a request to verify an authorized user of a resource, the secure resource management system further queries the resource record repository, retrieves the resource record, determines the resource user currently having a right to obtain the resource as the authorized user of the resource, and transmits the verification result in response to the request. The verification result identifies the authorized user of the resource and can be used to grant access to the resource by the authorized user.

Abstract: In some aspects, a computing system can receive, from a client device, a request to perform an analytical operation that involves a query regarding a common entity type. The computing system can extract a query parameter having a particular standardized entity descriptor for the common entity type and parse a transformed dataset that is indexed in accordance with standardized entity descriptors. The computing system can match the particular standardized entity descriptor from the query to records from the transformed dataset having index values with the particular standardized entity descriptor. The computing system can retrieve the subset of the transformed dataset having the index values with the particular standardized entity descriptor. In some aspects, the computing system can generate the transformed dataset by performing conversion operations that transform records in a data structure by converting a set of different entity descriptors into a standardized entity descriptor for the common entity type.

Abstract: In some aspects, a computing system can control access of a user computing device to a resource. The computing system can obtain an access request submitted by a user computing device. The computing system can verify permission information in the access request to determine that the access request is valid. If the access request is valid, the computing system submits an authentication request to request an authentication system to authenticate the user and obtains authentication results generated by the authentication system. The computing system further provides, based on the authentication results, an access control decision for the access request.

Abstract: According to certain implementations, a permissions gateway receives an access request indicating multiple sets of secured data that include high-granularity data stored on multiple secured data repositories. The access request is compared to a permission set with multiple consent parameters, which indicate access types for the secured data. Based on a comparison of the access request to a permission set, the permissions gateway queries, the permission gateway queries a first data repository for a high-granularity dataset that includes a portion of the high-granularity data, and queries a second data repository for a low-granularity dataset that includes a summary of part of the high-granularity data. The permissions gateway generates a multi-granularity response to the access request, based on a combination of the high-granularity dataset and the low-granularity dataset.

Abstract: In some aspects, a computing system can control access of a user computing device to a resource. The computing system can obtain an access request submitted by a user computing device. The computing system can verify permission information in the access request to determine that the access request is valid. If the access request is valid, the computing system submits an authentication request to request an authentication system to authenticate the user and obtains authentication results generated by the authentication system. The computing system further provides, based on the authentication results, an access control decision for the access request.

Abstract: In some aspects, systems and methods for efficiently clustering a large-scale dataset for improving the construction and training of machine-learning models, such as neural network models, are provided. A dataset used for training a neural network model configured can be clustered into a first set of clusters and a second set of clusters. The neural network model can be constructed with a number of nodes in a hidden layer that is based on the number of clusters in the first set of clusters. The neural network can be trained based on training samples selected from the second set of clusters. In some aspects, the trained neural network model can be utilized to satisfy risk assessment queries to compute output risk indicators for target entities. The output risk indicator can be used to control access to one or more interactive computing environments by the target entities.

Abstract: A unit-classification system receives a data set with identity data objects corresponding to personal identity components. Feature vectors are determined for the identity data objects. A trained classifier model determines, based on a feature vector for each identity data object, whether the corresponding personal identity components are included in a identity component (“IC”) category. The unit-classification system generates an IC identification for a first IC category, and associates the IC identification with a first identity data object corresponding to a first personal identity component. The unit-classification system identifies a second identity data object corresponding to a second personal identity component included in the first IC category. The unit-classification system modifies the first and second identity data objects to include the IC identification.

Abstract: According to certain implementations, a permissions gateway receives an access request indicating multiple sets of secured data that include high-granularity data stored on multiple secured data repositories. The access request is compared to a permission set with multiple consent parameters, which indicate access types for the secured data. Based on a comparison of the access request to a permission set, the permissions gateway queries, the permission gateway queries a first data repository for a high-granularity dataset that includes a portion of the high-granularity data, and queries a second data repository for a low-granularity dataset that includes a summary of part of the high-granularity data. The permissions gateway generates a multi-granularity response to the access request, based on a combination of the high-granularity dataset and the low-granularity dataset.

Abstract: In some aspects, a computing system can control access of a user computing device to a resource. The computing system can obtain an access request submitted by a user computing device. The computing system can verify permission information in the access request to determine that the access request is valid. If the access request is valid, the computing system submits an authentication request to request an authentication system to authenticate the user and obtains authentication results generated by the authentication system. The computing system further provides, based on the authentication results, an access control decision for the access request.

Abstract: In some aspects, a computing system can receive, from a client device, a request to perform an analytical operation that involves a query regarding a common entity type. The computing system can extract a query parameter having a particular standardized entity descriptor for the common entity type and parse a transformed dataset that is indexed in accordance with standardized entity descriptors. The computing system can match the particular standardized entity descriptor from the query to records from the transformed dataset having index values with the particular standardized entity descriptor. The computing system can retrieve the subset of the transformed dataset having the index values with the particular standardized entity descriptor. In some aspects, the computing system can generate the transformed dataset by performing conversion operations that transform records in a data structure by converting a set of different entity descriptors into a standardized entity descriptor for the common entity type.