Network-level user validation for network-based exchanges that leverages universally unique ephemeral key to eliminate use of persistent credentials
地域:
TX
TX Lakeway
摘要
Various embodiments of the present disclosure provide techniques for adjudicating a credential-less exchange over a network using a plurality of identifier mappings and member interfaces. The techniques may include receiving an exchange request for executing a value-based exchange that includes a universally unique ephemeral key (UUEK) and identifies an object. The techniques may include identifying a user and an instrument for servicing the exchange request based on the UUEK. The techniques may include determining validated and invalidated objects for the exchange request based on the user and providing an exchange authorization request indicative of the validated objects to a member platform associated with the instrument. The techniques may include receiving an exchange authorization response indicating whether the exchange request is approved by the member platform and replying to the exchange request with an exchange response that is reflective of the exchange authorization response and the invalidated objects.
說明書
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
This application claims the benefit of U.S. Provisional Patent Application Ser. No. 63/370,274 filed on Aug. 3, 2022, which is incorporated herein by reference in its entirety, including any figures, tables, drawings, and appendices.
Embodiments of the present disclosure generally relate to credential-less exchanges of value between multiple entities in a value system.
Various embodiments of the present disclosure address technical challenges related to network-based value exchanges given limitations of existing exchange processing techniques and architectures. Existing processes for executing an exchange over a computing network rely on the use of persistent credentials, such as payment credentials (e.g., card numbers, usernames, passwords, bank routing numbers, account numbers, etc.) and their proxies, which expose recipients of the credentials to fraud, regulatory and compliance costs, and reputational risk. Moreover, due to the static nature of traditional credentials, users must accept risk of financial loss, damaged credit scores, identity theft, and other outcomes each time the user provides their credentials to enable a transaction. The inherent insecurity of persistent credentials is conventionally addressed using strict communication protocols, data governance procedures, and authentication schemes, each of which introduce additional technical problems by adding overhead and complicating network-based transactions without solving the root technical problem of data security.
權利要求
The invention claimed is:1. A computer-implemented method comprising:receiving, by one or more processors and using a partner interface, an exchange request for executing a value-based exchange, wherein the exchange request is indicative of a universally unique ephemeral key (UUEK) that comprises an exchange identifier; identifying, by the one or more processors, an exchange data object based at least in part on the exchange identifier, wherein the exchange data object comprises (i) an instrument identifier for a service provider instrument of a member platform and (ii) a user identifier for a user associated with the service provider instrument; determining, by the one or more processors, one or more validated objects and one or more invalidated objects for the exchange request based at least in part on one or more user attributes corresponding to the user; providing, by the one or more processors and using a service provider interface, an exchange authorization request to the member platform, wherein the exchange authorization request is indicative of the instrument identifier and the one or more validated objects for the exchange request; receiving, by the one or more processors and using the service provider interface, an exchange authorization response that is indicative of at least one of an exchange approval or an exchange denial; and providing, by the one or more processors and using the partner interface, an exchange response based at least in part on the exchange authorization response, wherein the exchange response is indicative of (i) the exchange approval or the exchange denial and (ii) the one or more invalidated objects for the exchange request. 2. The computer-implemented method of claim 1 , wherein the exchange request is indicative of a plurality of objects, and determining the one or more validated objects and the one or more invalidated objects comprises:identifying one or more restricted objects from the plurality of objects, wherein the one or more restricted objects are associated with one or more obtainment restrictions; and determining the one or more validated objects and the one or more invalidated objects based at least in part on a comparison between the one or more user attributes and the one or more obtainment restrictions. 3. The computer-implemented method of claim 2 , wherein the one or more obtainment restrictions are based at least in part on an exchange location associated with the value-based exchange. 4. The computer-implemented method of claim 2 , wherein the one or more user attributes are indicative of an age band for the user and the one or more validated objects and the one or more invalidated objects are based at least in part on the age band. 5. The computer-implemented method of claim 4 , wherein the age band corresponds to at least one category defined by the one or more obtainment restrictions. 6. The computer-implemented method of claim 2 , wherein the exchange request comprises a plurality of object identifiers corresponding to the plurality of objects and identifying a restricted object of the one or more restricted objects comprises:identifying a recorded data object for an object of the plurality of objects based at least in part on an object identifier of the plurality of object identifiers; and identifying the restricted object based at least in part on the recorded data object. 7. The computer-implemented method of claim 6 , wherein the object identifier is a stock keeping unit. 8. The computer-implemented method of claim 2 , wherein the exchange request comprises a plurality of object attributes corresponding to the plurality of objects and a restricted object is identified based at least in part on a comparison between one or more object attributes of the plurality of object attributes and the one or more obtainment restrictions. 9. The computer-implemented method of claim 8 , wherein the plurality of object attributes comprise at least one of a composition attribute or a categorical attribute. 10. The computer-implemented method of claim 1 , wherein the exchange request is indicative of an exchange location and the one or more validated objects and the one or more invalidated objects for the exchange request are based at least in part on the exchange location. 11. The computer-implemented method of claim 1 , wherein the exchange request comprises a plurality of object values corresponding to a plurality of objects associated with the value-based exchange and an initial exchange value for the plurality of objects, and wherein the computer-implemented method further comprises:determining an exchange value for the value-based exchange by modifying the initial exchange value based at least in part on one or more of the plurality of object values that correspond to the one or more validated objects; and providing, using the service provider interface, the exchange authorization request to the member platform, wherein the exchange authorization request is indicative of the exchange value. 12. A computing system comprising memory and one or more processors communicatively coupled to the memory, the one or more processors configured to:receive, using a partner interface, an exchange request for executing a value-based exchange, wherein the exchange request is indicative of a universally unique ephemeral key (UUEK) that comprises an exchange identifier; identify an exchange data object based at least in part on the exchange identifier, wherein the exchange data object comprises (i) an instrument identifier for a service provider instrument of a member platform and (ii) a user identifier for a user associated with the service provider instrument; determine one or more validated objects and one or more invalidated objects for the exchange request based at least in part on one or more user attributes corresponding to the user; provide, using a service provider interface, an exchange authorization request to the member platform, wherein the exchange authorization request is indicative of the instrument identifier and the one or more validated objects for the exchange request; receive, using the service provider interface, an exchange authorization response that is indicative of at least one of an exchange approval or an exchange denial; and provide, using the partner interface, an exchange response based at least in part on the exchange authorization response, wherein the exchange response is indicative of (i) the exchange approval or the exchange denial and (ii) the one or more invalidated objects for the exchange request. 13. The computing system of claim 12 , wherein the exchange request is indicative of a plurality of objects, and determining the one or more validated objects and the one or more invalidated objects comprises:identifying one or more restricted objects from the plurality of objects, wherein the one or more restricted objects are associated with one or more obtainment restrictions; and determining the one or more validated objects and the one or more invalidated objects based at least in part on a comparison between the one or more user attributes and the one or more obtainment restrictions. 14. The computing system of claim 13 , wherein the one or more obtainment restrictions are based at least in part on an exchange location associated with the value-based exchange. 15. The computing system of claim 13 , wherein the one or more user attributes are indicative of an age band for the user and the one or more validated objects and the one or more invalidated objects are based at least in part on the age band. 16. The computing system of claim 15 , wherein the age band corresponds to at least one category defined by the one or more obtainment restrictions. 17. One or more non-transitory computer-readable storage media including instructions that, when executed by one or more processors, cause the one or more processors to:receive, using a partner interface, an exchange request for executing a value-based exchange, wherein the exchange request is indicative of a universally unique ephemeral key (UUEK) that comprises an exchange identifier; identify an exchange data object based at least in part on the exchange identifier, wherein the exchange data object comprises (i) an instrument identifier for a service provider instrument of a member platform and (ii) a user identifier for a user associated with the service provider instrument; determine one or more validated objects and one or more invalidated objects for the exchange request based at least in part on one or more user attributes corresponding to the user; provide, using a service provider interface, an exchange authorization request to the member platform, wherein the exchange authorization request is indicative of the instrument identifier and the one or more validated objects for the exchange request; receive, using the service provider interface, an exchange authorization response that is indicative of at least one of an exchange approval or an exchange denial; and provide, using the partner interface, an exchange response based at least in part on the exchange authorization response, wherein the exchange response is indicative of (i) the exchange approval or the exchange denial and (ii) the one or more invalidated objects for the exchange request. 18. The one or more non-transitory computer-readable storage media of claim 17 , wherein the exchange request is indicative of a plurality of objects, and determining the one or more validated objects and the one or more invalidated objects comprises:identifying one or more restricted objects from the plurality of objects, wherein the one or more restricted objects are associated with one or more obtainment restrictions; and determining the one or more validated objects and the one or more invalidated objects based at least in part on a comparison between the one or more user attributes and the one or more obtainment restrictions. 19. The one or more non-transitory computer-readable storage media of claim 18 , wherein the exchange request comprises a plurality of object attributes corresponding to the plurality of objects and a restricted object is identified based at least in part on a comparison between one or more object attributes of the plurality of object attributes and the one or more obtainment restrictions. 20. The one or more non-transitory computer-readable storage media of claim 19 , wherein the plurality of object attributes comprise at least one of a composition attribute or a categorical attribute.
意見反饋