Abstract: A system that includes a first network node configured to store a first ledger, a second network node configured to store a second ledger, and a third network node. The third network node includes a transformation engine configured to obtain a plurality of enriched shares from at least one ledger using an index identifying enriched shares linked with a data entry. The number of obtained enriched shares is at least a threshold value corresponding to the number of enriched shares needed to determine the data entry. The transformation engine configured to remove enriched data from the plurality of enriched shares to generate a plurality of shares and perform polynomial interpolation using the plurality of shares to determine the result of the polynomial interpolation at zero. The result of the polynomial interpolation at zero is equal to the data entry.

Abstract: A system that includes a first network node configured to store a first ledger, a second network node configured to store a second ledger, and a third network node. The third network node includes a transformation engine configured to generate a plurality of shares derived using a data entry, which includes setting a share quantity indicating the number of shares to generate and setting a threshold value indicating the number of shares from the share quantity needed to determine the data entry. The transformation engine generates a first share for the first ledger and a second share for the second ledger using a polynomial function. The transformation engine includes enriched data with information indicating when to publish the first share and the second share. The transformation engine transmits the first enriched share to the first network node and transmit the second enriched share to the second network node.

Abstract: An apparatus that includes a memory configured to store encryption keys and encrypted data entries. The apparatus further includes an encryption service engine configured to periodically re-encrypt the encrypted data element, which includes determining that an encryption wait time period has lapsed, obtaining a first encryption key using a first key index, and decrypting the encrypted data element using the first encryption key to recover the original data. The encryption service engine is further configured to obtain a second encryption key, encrypt the original data using the second encryption key, and modify the metadata linked with the encrypted data element with a second key index referencing the second encryption key. The encryption service engine is further configured to receive a data request for the encrypted data element, to send the encrypted data element, and to limit the bandwidth of a data channel used to send the encrypted data element.

Abstract: A method, a system, and a device for monitoring risks associated with at least one business process, including: evaluating at least one of a plurality of document instances, wherein each of the document instances includes, in association therewith, a plurality of document values, against a plurality of risk categories; implementing the plurality of risk categories pursuant to at least one acceptable risk policy approved for the at least one business process; and qualifying at least one of the at least one of the plurality of documents pursuant to an approval rating of the at least one document in at least one risk category. The system, method, and device efficiently monitor risk, and allow for flexibility in modifying or updating risk policy.

Abstract: Aspects of the disclosure relate to deploying, configuring, and utilizing cash handling devices to provide dynamic and adaptable operating functions. A cash handling device having at least one processor, a memory, and a communication interface may store a device registration module, a containerized operating module, a non-engagement services module, and a secure communications module. The device registration module may include instructions that cause the cash handling device to register with a support server and a plurality of financial institution servers. The containerized operating module may include instructions that cause the cash handling device to selectively execute a first operating application or a second operating application. The non-engagement services module may include instructions that cause the cash handling device to generate and present one or more non-engagement user interfaces.

Abstract: Aspects of the disclosure relate to deploying, configuring, and utilizing cash handling devices to provide dynamic and adaptable operating functions. A cash handling device having at least one processor, a memory, and a communication interface may store a device registration module, a containerized operating module, a non-engagement services module, and a secure communications module. The device registration module may include instructions that cause the cash handling device to register with a support server and a plurality of financial institution servers. The containerized operating module may include instructions that cause the cash handling device to selectively execute a first operating application or a second operating application. The non-engagement services module may include instructions that cause the cash handling device to generate and present one or more non-engagement user interfaces.

Abstract: Aspects of the disclosure relate to deploying, configuring, and utilizing cash handling devices to provide dynamic and adaptable operating functions. A cash handling device having at least one processor, a memory, and a communication interface may store a device registration module, a containerized operating module, a non-engagement services module, and a secure communications module. The device registration module may include instructions that cause the cash handling device to register with a support server and a plurality of financial institution servers. The containerized operating module may include instructions that cause the cash handling device to selectively execute a first operating application or a second operating application. The non-engagement services module may include instructions that cause the cash handling device to generate and present one or more non-engagement user interfaces.

Abstract: Aspects of the disclosure relate to deploying, configuring, and utilizing cash handling devices to provide dynamic and adaptable operating functions. A cash handling device having at least one processor, a memory, and a communication interface may store a device registration module, a containerized operating module, a non-engagement services module, and a secure communications module. The device registration module may include instructions that cause the cash handling device to register with a support server and a plurality of financial institution servers. The containerized operating module may include instructions that cause the cash handling device to selectively execute a first operating application or a second operating application. The non-engagement services module may include instructions that cause the cash handling device to generate and present one or more non-engagement user interfaces.

Abstract: Disclosed is a personal device container system. The personal device container system typically includes a processor, a memory, and an access management module stored in the memory. The personal device container system is typically configured to establish network communication between a personal computing device and a provisioning system that validates the identity of the personal computing device and provides a certificate to the personal computing device. Thereafter, the personal computing device requests access to a secured network segment and provides the certificate to the personal device container system. The personal device container system then authenticates the personal computing device's certificate before allowing the personal computing device to communicate with the secured network segment. User credentials associated with a user are authenticated before user-specific content associated with the user is provided to the personal computing device.

Abstract: Methods, systems, and computer-readable media for providing access to account information using authentication tokens are presented. In some embodiments, a customer of a financial institution may visit an account information aggregator site and request to add an account maintained by the financial institution to a collection of accounts for which the aggregator collects account information on behalf of the customer. Rather than providing their username, password, or other bank login credentials to the aggregator, the customer may be redirected to a page provided by the financial institution where the customer can enter the customer's credentials and authenticate with the financial institution. After authenticating the customer, the financial institution may generate a token and provide the token to the aggregator.

Abstract: Methods, systems, and computer-readable media for providing access to account information using authentication tokens are presented. In some embodiments, a customer of a financial institution may visit an account information aggregator site and request to add an account maintained by the financial institution to a collection of accounts for which the aggregator may collect account information on behalf of the customer. Rather than providing their username, password, and/or other bank login credentials to the aggregator, the customer may be redirected to a page provided by the financial institution where the customer can enter their credentials and authenticate with the financial institution. After authenticating the customer, the financial institution may generate a token and provide the token to the aggregator.

Abstract: Disclosed is a personal device container system. The personal device container system typically includes a processor, a memory, and an access management module stored in the memory. The personal device container system is typically configured to establish network communication between a personal computing device and a provisioning system that validates the identity of the personal computing device and provides a certificate to the personal computing device. Thereafter, the personal computing device requests access to a secured network segment and provides the certificate to the personal device container system. The personal device container system then authenticates the personal computing device's certificate before allowing the personal computing device to communicate with the secured network segment. User credentials associated with a user are authenticated before user-specific content associated with the user is provided to the personal computing device.

Abstract: Disclosed is a system for providing multi-user management for personal computing devices over an entity network. The system is typically configured to (i) receive a first request from the personal computing device to receive first user-specific information, (ii) authenticate the user identifier associated with the first user, (iii) associate the user identifier associated with the first user with the device identifier, (iv) communicate a first response to the personal computing device based on authenticating the user identifier, (v) receiving a second request from the personal computing device to receive second user-specific information associated with the first user for a second application, (vi) determining that the device identifier is associated with the user identifier associated with the first user, (vii) and communicating a second response to the personal computing device based on determining that the device identifier is associated with the user identifier associated with the first user.

Abstract: Methods, systems, and computer-readable media for providing access to account information using authentication tokens are presented. In some embodiments, a customer of a financial institution may visit an account information aggregator site and request to add an account maintained by the financial institution to a collection of accounts for which the aggregator may collect account information on behalf of the customer. Rather than providing their username, password, and/or other bank login credentials to the aggregator, the customer may be redirected to a page provided by the financial institution where the customer can enter their credentials and authenticate with the financial institution. After authenticating the customer, the financial institution may generate a token and provide the token to the aggregator.

Abstract: Methods, systems, and computer-readable media for providing access to account information using authentication tokens are presented. In some embodiments, a customer of a financial institution may visit an account information aggregator site and request to add an account maintained by the financial institution to a collection of accounts for which the aggregator may collect account information on behalf of the customer. Rather than providing their username, password, and/or other bank login credentials to the aggregator, the customer may be redirected to a page provided by the financial institution where the customer can enter their credentials and authenticate with the financial institution. After authenticating the customer, the financial institution may generate a token and provide the token to the aggregator.

Abstract: Disclosed is a system for providing multi-user management for personal computing devices over an entity network. The system is typically configured to (i) receive a first request from the personal computing device to receive first user-specific information, (ii) authenticate the user identifier associated with the first user, (iii) associate the user identifier associated with the first user with the device identifier, (iv) communicate a first response to the personal computing device based on authenticating the user identifier, (v) receiving a second request from the personal computing device to receive second user-specific information associated with the first user for a second application, (vi) determining that the device identifier is associated with the user identifier associated with the first user, (vii) and communicating a second response to the personal computing device based on determining that the device identifier is associated with the user identifier associated with the first user.

Abstract: Disclosed is a personal device container system. The personal device container system typically includes a processor, a memory, and an access management module stored in the memory. The personal device container system is typically configured to establish network communication between a personal computing device and a provisioning system that validates the identity of the personal computing device and provides a certificate to the personal computing device. Thereafter, the personal computing device requests access to a secured network segment and provides the certificate to the personal device container system. The personal device container system then authenticates the personal computing device's certificate before allowing the personal computing device to communicate with the secured network segment. User credentials associated with a user are authenticated before user-specific content associated with the user is provided to the personal computing device.

Abstract: Disclosed is a personal device container system. The personal device container system typically includes a processor, a memory, and an access management module stored in the memory. The personal device container system is typically configured to establish network communication between a personal computing device and a provisioning system that validates the identity of the personal computing device and provides a certificate to the personal computing device. Thereafter, the personal computing device requests access to a secured network segment and provides the certificate to the personal device container system. The personal device container system then authenticates the personal computing device's certificate before allowing the personal computing device to communicate with the secured network segment. User credentials associated with a user are authenticated before user-specific content associated with the user is provided to the personal computing device.

Abstract: A method, a system, and a device for monitoring risks associated with at least one business process, including: evaluating at least one of a plurality of document instances, wherein each of the document instances includes, in association therewith, a plurality of document values, against a plurality of risk categories; implementing the plurality of risk categories pursuant to at least one acceptable risk policy approved for the at least one business process; and qualifying at least one of the at least one of the plurality of documents pursuant to an approval rating of the at least one document in at least one risk category. The system, method, and device efficiently monitor risk, and allow for flexibility in modifying or updating risk policy.

Abstract: A method, a system, and a device for monitoring risks associated with at least one business process, including: evaluating at least one of a plurality of document instances, wherein each of the document instances includes, in association therewith, a plurality of document values, against a plurality of risk categories; implementing the plurality of risk categories pursuant to at least one acceptable risk policy approved for the at least one business process; and qualifying at least one of the at least one of the plurality of documents pursuant to an approval rating of the at least one document in at least one risk category. The system, method, and device efficiently monitor risk, and allow for flexibility in modifying or updating risk policy.