US20220075877A1

US20220075877A1 - Interface and system for updating isolated repositories

Info

Publication number: US20220075877A1
Application number: US17/015,761
Authority: US
Inventors: Andy Helms; David Riley; Brandon Hines; William Kuk
Original assignee: Self Financial Inc
Current assignee: Self Financial Inc
Priority date: 2020-09-09
Filing date: 2020-09-09
Publication date: 2022-03-10
Also published as: US11630822B2; US20220075825A1

Abstract

Provided is a method including obtaining a first web message from a device and retrieving values of a profile. The method may include obtaining a first value of a first account based on the profile, respectively. The process may include determining a boundary based on the first value and providing a user interface (UI) to a computing device via a response to the first web message. The UI may include a UI element that is movable from a first configuration to a second configuration, where positioning the UI element in the first configuration and second configuration causes a first and second limit associated with the first and second configuration to be displayed, respectively. The method may include obtaining a second web message having a third value determined from an updated configuration of the UI element and adjusting a second value based on the third value.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS

This patent does not claim priority to any patent filings at this time.

BACKGROUND

1. Field

The present disclosure relates generally to interfaces and cryptography.

2. Description of the Related Art

Modern web infrastructure provide user interfaces that permit a user to interact with highly sensitive data stored in encryption-secured databases. Such interfaces may accommodate users having varying amounts of domain-specific sophistication and be performant across a wide range of platforms when providing, obtaining, or editing data. Such data may be used for actions such as transferring an amount from a first account to a second account, confirming a previous instruction, or consolidating data stored across different systems. Storing and updating this data across thousands, hundreds of thousands, or millions of accounts in a secure fashion may be performed using an encrypted database.

SUMMARY

The following is a non-exhaustive listing of some aspects of the present techniques. These and other aspects are described in the following disclosure.
Some aspects include a process including obtaining, with a computing system, a first web message from a device and retrieving, with the computing system, values of a profile from a database based on the first web message. The process may include obtaining, with the computing system, a first value of a first account and a second value of a second account based on the values of the profile, wherein the first account is of a first account type, and wherein the second account is of a second account type. The process may include determining, with the computing system, a boundary based on the first value. The process may include providing, with the computing system, a user interface (UI) to client computing device via a response to the first web message, the UI comprising a UI element that is movable from a first configuration to a second configuration, wherein: positioning the UI element in the first configuration causes a first limit associated with the first configuration to be displayed in the UI, positioning the UI element in the second configuration causes a second limit associated with the second configuration to be displayed in the UI, the second limit is determined based on the boundary, and the UI displays the second value. The process may include obtaining, with the computing system, a second web message comprising a third value determined from a updated configuration of the UI element. The process may include adjusting, with the computing system, the second value based on the third value.
Some aspects include a tangible, non-transitory, machine-readable medium storing instructions that when executed by a data processing apparatus cause the data processing apparatus to perform operations including the above-mentioned process.
Some aspects include a system, including: one or more processors; and memory storing instructions that when executed by the processors cause the processors to effectuate operations of the above-mentioned process.

BRIEF DESCRIPTION OF THE DRAWINGS

The above-mentioned aspects and other aspects of the present techniques will be better understood when the present application is read in view of the following figures in which like numbers indicate similar or identical elements:

FIG. 1 is a schematic diagram of a first computing environment in which a score stored in an account may be updated, in accordance with some embodiments of the present technique.

FIG. 2 is a logical and physical architecture block diagram illustrating a computing environment in which various learning infrastructure may be implemented with the present techniques in accordance with some embodiments.

FIG. 3 is a flowchart illustrating a process to provide and obtain data via a UI, in accordance with some embodiments of the present techniques.

FIG. 4 is a flowchart illustrating a process to encrypt and decrypt data across accounts, in accordance with some embodiments of the present techniques.

FIG. 5 shows an example of a computing device by which the present techniques may be implemented.

While the present techniques are susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. The drawings may not be to scale. It should be understood, however, that the drawings and detailed description thereto are not intended to limit the present techniques to the particular form disclosed, but to the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the present techniques as defined by the appended claims.

DETAILED DESCRIPTION OF CERTAIN EMBODIMENTS

To mitigate the problems described herein, the inventors had to both invent solutions and, in some cases just as importantly, recognize problems overlooked (or not yet foreseen) by others in the field of data systems. Indeed, the inventors wish to emphasize the difficulty of recognizing those problems that are nascent and will become much more apparent in the future should trends in industry continue as the inventors expect. Further, because multiple problems are addressed, it should be understood that some embodiments are problem-specific, and not all embodiments address every problem with traditional systems described herein or provide every benefit described herein. That said, improvements that solve various permutations of these problems are described below.
In a variety of scenarios, it may be useful for a user to adjust scores of different accounts subject to constraints on the adjustment and linkable therebetween. Examples include adjusting a credit limit in one account and an accumulated credit stored in another, wherein the linkage is linear (e.g., one-to-one, or according to some other coefficient). Other examples include various forms of industrial process controls, where metrics reported by sensors at one stage of the process affect performance of downstream processes and appropriate target setpoints for those process steps, such as a thermal budget for processing an annealed metal workpiece or semiconductor device in which thermal budget consumed by upstream processes limits thermal budget consumable by downstream processes. In another example, manufacturing lines are often tuned with target inventory levels at each step, and deviations from that target at one step may affect the desired target levels at another.
In some embodiments, computer systems may determine quantitative or categorical values for storage in a first data structure using information stored in another data structure isolated from the first data structure. In many such cases, the mechanisms used to isolate or otherwise silo information stored in different data structures can increase the difficulty of determining of these values or updating a data structure based on these values. Additionally, some cases may require a user to manually edit or confirm changes to the values using interfaces compatible with various platforms. In some cases, performance limitations or user comfort may challenge the performance of such interfaces or increase user frustration when using the interfaces.
Some embodiments may include operations to adjust a value of a first account based on the value of a second account, where each account may be of different account types and may be associated with a different data structure, a different set of categories or a different set of encryption systems. Some embodiments may obtain the web message from a client computing device and, in response, provide a user interface (UI) to the computing device via a set of program instructions or other data used to generate an instance of the user interface on the client computing device. The UI may include UI elements, such as sliders, radio buttons, rotating objects, text entry boxes, or the like. Some embodiments may determine a boundary usable for defining the limits to the possible configurations of the UI element. Some embodiments may generate multiple intermediate values causing a UI element to be configurable to a corresponding number of possible intermediate configurations. The UI may include program code to then reconfigure the UI element to a smaller number of allowed configurations, where each of the smaller number of allowed configurations may be equal to a boundary value or a value between the boundary values. Alternatively, the first account and the second account may share an account type, and may share a data structure or a number and type of fields being stored.
Some embodiments may determine that a set of update requests to an account value are within a determined time interval and, in response, combine values stored in the set of update requests before updating the account. Some embodiments may determine that the update requests are within the time interval based on timestamps associated with each request based on a directed comparison of each timestamp, a binning operation to assign requests to different times, or the like. Some embodiments may store a record of the combined value in an account without storing a record of the two individual values in the same account. Some embodiments may store data associated with an account in an encrypted data structure, such as an encrypted database, using a symmetric, block cipher encryption and decryption algorithm, where the use of a symmetric block cipher algorithm may increase security and inhibit unauthorized decryption of sensitive data.
By providing one or more of the features described in this disclosure, some embodiments may increase the front-facing performance of interfaces being used at a client computing device. Additionally, some embodiments may more efficiently store transaction data or other data associated with a user account by reducing data storage consumption. Additionally, some embodiments may more efficiently encrypt data in an efficient manner that accommodates digit limitations of external application protocol interfaces (APIs) or reduces processing of encrypted data. That said, none of the preceding (or following) should be read as a disclaimer of any subject matter, as a variety of independently useful techniques are described, and some of those techniques may be deployed to address some issues without addressing other described problems with earlier approaches. Furthermore, while some embodiments may be described as having a feature, this is not to suggest that all embodiments have this feature or that any other described feature is not also amenable to variation. For example, while some embodiments may use a first account having a first type and a second account having a different account type, some embodiments may perform operations described in this disclosure for accounts of a same account type.
FIG. 1 is a schematic diagram of a first computing environment in which a score stored in an account may be updated, in accordance with some embodiments of the present technique. In some embodiments, the computing environment 100 may be configured to mitigate some of the above-described problems, such as challenges associated with securely updating cross-account information. The computing environment 100 may include a network 150 in communication with a computer system 110 that receive messages such as web requests or responses from a client computing device 102. As further discussed below, the client computing device 102 may include mobile computing devices, laptops, virtual reality headsets, desktop computers, kiosk terminals, or the like. A user of the client computing device 102 may access data associated with a profile of the user, where the profile may be stored in a first database 112. As used in this disclosure, a database may refer to various types of data structures, such as a relational database or a non-relational database. The computer system 110 may include servers stored in a centralized location, a cloud server system, a distributed computing platform using different components or services, or the like. Records from each of the first database 112, second database 113, or third database 114 may include links to associated records with respect to each other. In some embodiments, each of the databases may include values obtained from messages provided by external computing systems, such data indicating a borrowed loan amount of a bank.
Some embodiments may store data in a set of relational databases such as PostgreSQL™, Oracle mySQL™, or the like. For example, some embodiments may store a set of profile data in a SQL table, where each record of the SQL table may represent a user profile and include, as table fields, a user's name, a user identifier, a set of associated account identifiers, a password hash, or the like. Alternatively, or in addition, some embodiments may store data in a non-relational or distributed database such as Apache Cassandra™, MongoDB™, or the like. For example, some embodiments may store a set of loan account information in a first MongoDB database and a set of credit account information a second MongoDB database. In some embodiments, the data of each database may be encrypted at rest or in transit, where records of a database may be linked another associated record in a different database (e.g., a record stored in a SQL table). Some embodiments may use a relational or non-relational database to store a pointer, map, or other value usable for indicating relationships between a profile, associated accounts, associated account value, or associated data stored in external systems. As further discussed in this disclosure, some embodiments may perform operations to reduce data consumption of data stored in the computer system 110. Databases need not be persistent and can include in-memory databases, which can include non-persistent program state. Or in some cases, databases may persist program state to a media that can retain information even in the event that power is lost.
Accounts store and associate various types of scores with entities, and entities may be associated with profiles. In some cases, entities are associated with profiles in a one-to-one mapping, and multiple accounts may be associated with a single entity and corresponding profile. Examples of scores include in-game scores of video games, monetary amounts credited to or owed by an entity, accumulated or lost amounts of feedstock at various stages of industrial processes, and inventor amounts at various stages of a manufacturing process. In some cases, the scores denote rivalrous quantities, like money or inventory, or in some cases, scores denote non-rivalrous quantities, like character strengths in various dimensions in a video game. Reference to “an account” followed by reference to “the account” is consistent with scenarios where the account has changed in some regard between when the item is referenced, i.e., use of the indefinite article followed by the definite article should not be read to suggest that the thing referenced is immutable. Similar principles of construction should be applied to other mutable entities.
The computer system 110 may include or communicate with an encrypted virtual private cloud (VPC) 130 via the network 150, which may include a database of encrypted values 132. The data stored in the encrypted VPC 130 may be isolated from other components of the computer system 110. Some embodiments may enforce the encryption of any data being transferred into the VPC 130 or enforce a requirement that data encrypted in the encrypted VPC 130 remain encrypted while at rest or while being edited. Data from the encrypted VPC 130 may be stored in other components of the computer system 110 or may be communicated to an external network 190. As discussed further below, the external network 190 may include application program interfaces to securely receive data from the encrypted VPC 130, which may cause the external network 190 to perform actions such as determining a card identifier or causing a manufacturing device to generate a physical card based on the card identifier.
FIG. 2 is a logical and physical architecture block diagram illustrating a computing environment in which various learning infrastructure may be implemented with the present techniques in accordance with some embodiments. In some cases, some or all of the techniques described in this disclosure may be implemented in the computing environment 200. The computing device 202 may send data via a web message 204 to a computing system 250. Data sent in the web message 204 from the computing device 202 may include account identifiers (e.g., a username, in account number), passwords, values for account parameters (e.g., an amount to deposit), parameters indicating the creation, modification, or deletion of an account, or the like.
Some embodiments may be written in or provide program code written in a computer language that is supported by a web browsing application via a set of libraries or engines. For example, an application described in this disclosure may be written in JavaScript, where the application may call one or more APIs of an application such as Google Chrome™, Microsoft Edge™, or Apple Safari™. Alternatively, or in addition, some embodiments may be written in other computer languages such as C#, C++, Python, Ruby, and the like. Additionally, some embodiments may use a web application development framework to provide application functionality or to provide UI features. These development frameworks may include Vue, React.js, Angular, Flutter, or the like. For example, some embodiments may use one or more functions of React.js in a source code to compile when determining a UI.
A “web message” is an application-layer communication over a network to or from a web browser (which may include a webview object in a native application, a headless browser, or a browser extension). Web messages are not limited to rendered content or user inputs, and web messages may be encoded in hypertext transport language protocol (HTTP, like HTTP 2) or according to other application-layer protocols. A “web message” (expressed as singular) can include one or more transmissions, in some cases with intervening responsive messages, like acknowledgements or API responses.
In some embodiments, the present techniques may be implemented as JavaScript code (or other ECMAScript compliant language). In some embodiments, code implementing the present techniques may be executed by a JavaScript engine (e.g., the Chakra, SpiderMonkey, JavascriptCore, Carakan, or V8 JavaScript engine) running in a web browser. In some embodiments, the code may be parsed to an abstract syntax tree. This abstract syntax tree may be transformed into a bytecode representation. The bytecode representation may then be compiled into machine code, such as the native machine code of the computer executing the web browser or a machine code of a virtual machine. In some cases, a UI or UI-associated function may be provided or implemented with WebAssembly code.
Some embodiments may use the data provided by the computing device 202 to access a first account 210 stored in the profile database 211, which is part of the computing system 250. The first account 210 may represent a profile and may store data field values for fields such as a score field 212, a second account identifier field 213, and a third account identifier field 214. The value for the second account identifier field 213 may include an identifier usable to identify or access a second account 220. The second account 220 may be of a first account type and may be stored as a record in a second account database 221. The value for the third account identifier field 214 may include an identifier usable to identify or access a third account 230 of a third database 231. The third account 230 may be of a second account type, where the second account type is different from the first account type with respect to the fields of the account types, number of fields of the account types, links to other databases, or the like.
As discussed further below, accounts of different types may be structured as different data structures, include different data structures, store different fields (e.g., different data types, different types of tuples, etc.), be secured with different encryption methods, or the like. For example, the second account 220 may be of the first account type and may be associated with loans. The second account 220 and may include fields that indicates a loan borrower, a loan principle amount, a loan interest, a loan repayment amount, or the like. The third account 230 may be of a second account type and may be associated with credit values. The third account 230 and may include fields that indicates a credit identifier, a card identifier, a credit limit, an amount borrowed, a maximum credit, or the like. Other account types may apply to other non-monetary use cases, like inventory back-log relative to a target, inventory surplus relative to a target in a manufacturing process, or process metric surplus relative to a target and process metric deficit relative to a target in industrial process controls.
Some embodiments may include methods of providing UI program instructions 260 to the computing device 202 based on a respective profile and set of accounts associated with the respective profile. For example, after receiving the web message 204 from the computing device 202, some embodiments may determine a boundary having a permitted lower bound of 200 and a permitted upper bound of 650 based on the data stored in the second account 220 and the third account 230. As further discussed below, the UI program instructions 260 may cause a computing device 202 to display a UI element 262 that ranges between a first value written as “200” on the UI element 262 and a second value written as “650.”
The term “user interface” can reference both a static interface for a user and one that evolves over time. For example, a single UI can transition from one state to the next as part of an animated transition or responsive to user input. Reference to things displayed or otherwise done by a UI do not require that those things be displayed or done concurrently, as a UI can display or do one thing and then later display or do another, while still being the same UI as that term is used herein. The term “user interface” is used broadly to refer to something presented to a user, like by a client computing device, and instructions or data by which that presentation is composed at a remote device, like a server. For instance, a server can generate a user interface by generating the HTML or JSON by which the client device renders a webpage, without displaying that webpage itself at the server. In some cases, both a client device and server system may cooperate as part of the same computer system to determine a user interface.
Some embodiments may provide ownership of an account to third-party entities, such as a commercial organization, financial institute, government organization, or the like, and indicate ownership of an account using a field of the account. For example, as indicated by the account owner field 222, the second account 220 may be registered to a user listed by the first account 210 and be owned by the entity “Ent1.” Some embodiments may separate control of an account from ownership of an account, where a first entity may be able to control or update an account owned by a second entity. For example, some embodiments may allow a company to provide the UI program instructions 260 to the computing device 202. A UI instantiated by the computing device 202 based on the UI program instructions 260 may enable a computing device user to update a credit payment. The credit payment may be associated with the third account 230 of the computing device user, where the credit payment account may be owned by a second entity set in the account owner field 232 as “Ent2,” and where the credit payment may decrease the amount in the borrowed amount field 233.
Some embodiments may update the encrypted record 240, which may be stored in the fourth database 241. For example, changes in the borrowed amount field 233 may be used to update the encrypted record 240. In some embodiments, one or more values of the fourth database 241 may be encrypted, and may be a part of a VPC, such as the VPC 130. It should be mentioned that, while the encrypted record 240 is described as encrypted, other values of other databases may also be encrypted. For example, the value for the borrowed amount field 233 of the third database 231 may be encrypted using one or more encryption methods described in this disclosure. Alternatively, some or all of the databases described in this disclosure, such as the databases 211, 221, 231, or 241, may be encrypted or include encrypted values, where some or all of the databases described in this disclosure may be part of one or more VPCs.
The processes of FIGS. 3-4 presented below are intended to be illustrative and non-limiting. In some embodiments, for example, the methods may be accomplished with one or more additional operations not described, and/or without one or more of the operations discussed. For example, some embodiments may perform the process 300 by performing operations described for blocks 304, 308, 312, 316, 320, and 340 without performing operations described for blocks 328, 332, or 336. Additionally, the order in which the processing operations of the methods are illustrated (and described below) is not intended to be limiting. For example, some embodiments may perform the process 300 by performing operations described for blocks 304, 308, 312, 316, 320, and 340 after performing operations described for blocks 328, 332, or 336. In some embodiments, the methods may be implemented in one or more processing devices (e.g., a digital processor, an analog processor, a digital circuit designed to process information, an analog circuit designed to process information, a state machine, and/or other mechanisms for electronically processing information). The processing devices may include one or more devices executing some or all of the operations of the methods in response to instructions stored electronically on an electronic storage medium. The processing devices may include one or more devices configured through hardware, firmware, and/or software to be specifically designed for execution of one or more of the operations of the methods.
FIG. 3 is a flowchart illustrating a process to provide and obtain data via a UI, in accordance with some embodiments of the present techniques. In some embodiments, the process 300 may include obtaining a set of web messages from a computing device, as indicated by block 304. As described in this disclosure, a message may include a set of sub-messages sent in the form of one or more data packets sent according to an internet protocol. The message may be provided in the form of a web request or a response to the web request (“web response”) sent over the Internet. For example, the message may include a web request including textual information encoded in the ASCII format divided into frames and including hashed account identifiers or passwords. In some embodiments, the message may include account access such as a username, password, verification identifier, or the like. For example, the message may include a username and password usable to access a profile.
Some embodiments may receive a web request to update an account, where updating an account may include generating an account, modifying a field value of an account, or deleting an account. For example, some embodiments may receive a request to generate a new account representing a credit account, where the credit account will be associated with an existing account representing a loan account. Some embodiments may receive a request that causes a server to provide a response that includes program instructions. In some embodiments, the web response program instructions may cause a client computing device to display a UI usable to obtain data required to update an account.
The process 300 may include determining a profile based on the set of web messages, as indicated by block 308. The profile may be a type of account stored as record in a database of profiles. As discussed elsewhere in this disclosure, the database of profiles may include a relational database such as a SQL database, a non-relational database, or other data structure. The profile may include one or more fields identifying an individual user, an organization, or other entity. For example, a profile may include a user name, an organization that the user represents, a set of permissions indicating what accounts the user has access to, a set of account identifiers corresponding to the other accounts the user has access to, a set of account owners representing one or more entities that own the user's account(s), or the like.
Some embodiments may include a profile having associations to another account associated with the profile, where the other account may be stored in a database different from the database used to store the profile. Records of different databases may store different types of values, may be updated in different ways, or the like. For example, a first reference in the profile may be linked to a first account of a first type, such as a loan account type, and a second reference in the profile may be linked to a second account of a second type, such as a credit account type. The first account may include a score assigned to a user associated with the profile, where changes to the score may be tracked. The second account may include a second score assigned to the user, where, as further described below, increases or possible increases to the second score may be calculated based on updates to the first score or another field of the first account. As used in this disclosure, a score may indicate one or more types of a quantitative value, such as a quantified computing resource amount, a monetary amount, a credit score or estimate of a credit score provided by a credit rating agency, a digital asset amount, an amount to be repaid, an amount that is owed, or the like.
In some embodiments, the profile may include a set of scores obtained from an API that receives communication from external entities. For example, a profile may include scores associated with a user identified by the profile, where the scores may be updated by messages received by API and sent from a server controlled by a financial institute, ratings agency, government organization, or the like. Some embodiments may include a heartbeat routine to regularly request data from one or more external entities associated with a profile. For example, some embodiments may execute a routine that sends a request for a credit score, where a response to the request may be received at an API of a third-party verification entity, such as an API of a credit rating agency server.
In some embodiments, the process 300 may include determining a boundary based on the values stored in the profile or otherwise associated with the profile, as indicated by block 312. A boundary or set of confirmable values of the boundary may be used when displaying a UI, where some embodiments may provide the UI to a client computing device. In some embodiments, the set of confirmable values may include the values of the boundary itself, and, as further described below, may correspond with values useable for updating a score in an account. Some embodiments may store the boundary or set of confirmable values of the boundary in an account and may store the boundary or set of confirmable values in association with a profile. For example, some embodiments may store the boundary in the form of a list “[300, 900]” directly in a profile record. Alternatively, or in addition, some embodiments may store a boundary in association with a profile by storing the boundary or set of confirmable values within the boundary in a second account record associated with the profile.
Alternatively, or in addition, some embodiments may calculate a list or other set of values for use as a boundary or set of confirmable values. For example, after determining a profile based on a web message comprising profile information, some embodiments may search through an account associated with the profile to determine a maximum score threshold. Some embodiments may then determine a set of confirmable values to display between a minimum value and the maximum score threshold, where the set of confirmable values may include a predetermined set of values. Some embodiments may determine a maximum score threshold based on an account value, such as by determining a maximum score threshold based on an amount repaid into a loan account that is indicated as repaying a principle account. For example, if a value for a first field of a first account is equal to a score of 2000, where the value of a second field of the first account indicates a total decrease of 951 to the value of the first field, some embodiments may set the maximum score threshold to be equal to the second field value of 951. Various other functions or data from an account may be used. For example, if the first field mentioned above is a loan principle amount and the second field mentioned above is a repayment amount, some embodiments may set the maximum score threshold based on determining the result of a step-wise function, square function, logarithmic function, other function, or combination of functions being applied on the second field or other field(s) of an account.
Some embodiments may determine the set of confirmable values based on a set of allowed score values between (either inclusively or exclusively) a minimum value and the maximum score threshold. For example, some embodiments may include a pre-existing set of values stored as an array “[50, 125, 200, 250, 400, 500, 750, 1000].” After a determination that the maximum score threshold for a score associated with a profile is equal to 537, some embodiments may provide the set of confirmable values in the form of an array [50, 125, 200, 250, 400, 500],” where the set of confirmable values includes all values from the pre-existing set of values less than the maximum score threshold. Alternatively, or in addition, some embodiments may determine a set of confirmable values based on a step size value or a boundary. For example, some embodiments may determine that a maximum value is 157. Some embodiments may then determine that the set of confirmable values to be provided in association with a UI is 0, 50, 100, and 150, based on each value of the set of confirmable values being less than 157.
Some embodiments may determine the set of confirmable values using a neural network or other predictive modeling system. For example, some embodiments may search through a history of other users with respect to a first user to determine a credit limit value associated with a maximum return value (e.g., highest rate of paying off a credit limit). The history of other users may be filtered by users having profile data matching or similar to data stored in the user's profile. Some embodiments may then use the predictive-model-found maximum credit limit to as part of a boundary value or base a determination of an upper limit to the boundary value based on the predictive-model-found maximum credit limit.
In some embodiments, the process 300 may include providing a UI having a selection element based on the boundary, as indicated by block 316. Some embodiments may provide a UI in the form of a web message, such as a web response, where the web message includes program instructions or other data that causes a computing device to display the UI. Some embodiments may provide the UI by providing program code to be interpreted and displayed on a web browser executing on a desktop computer, laptop computer, mobile computing device, augmented reality headset, or the like. Alternatively, or in addition, some embodiments may provide the UI by providing program code to be executed as native application on a computing device.
Some embodiments may provide a UI that includes a UI element that is manipulatable from a first configuration to a second configuration, where the first configuration corresponds with a lower limit and a second configuration corresponds to upper limit. In some embodiments, the lower limit may be equal to zero, a value stored in an account associated with a profile, a minimum of a set of confirmable values, or the like. In some embodiments, the lower limit may be or otherwise include a result of a function applied onto a value provided a server as a part of the UI or otherwise in association with the UI. For example, some embodiments may provide a UI element and a boundary represented by the list “[200, 650],” which includes a lower limit of 200 and an upper limit of 650. Some embodiments may display a UI element as a slidable element (i.e. “slider”) that can be slid via a mouse drag or a touchpad from the left side to a right side of the slider, where the left side may correspond to the lower limit and the right side may correspond to the higher limit. Some embodiments may provide a UI element that displays the value corresponding with a UI element configured into the first configuration, second configuration, or other configuration. For example, a UI element of a UI set in a first configuration may cause a text box of the UI to display the value of 200, where the value of 200 corresponds with the first configuration. After the UI element is moved to a second configuration corresponding with the value 650, the text box of the UI may display the value 650. It should be noted that, while the above discloses the use of a slider, other some embodiments may use other UI elements, such as a text box entry or a rotatable element (e.g., a dial, a wheel, or the like). In addition, the UI may display a current value associated with an account, such as a credit limit value associated with a credit account associated with the user.
Some embodiments may provide a UI element that is configurable into having multiple configurations between two or more values of a set of confirmable values, where the UI element may then be automatically moved to a nearest value of the set of confirmable values. For example, some embodiments may provide a set of confirmable values represented by the list “[100, 150, 200, 250]” in association with a first UI element. The first UI element may include program code to be movable between a lowest configuration corresponding with the value of 100 and a highest configuration at value intervals of five, such that moving the slider may cause the UI to display or modify an internal state value to multiples of five such as 5, 10, 15, 20, the like. In some embodiments, the UI element may further include or be associated with program code that causes the slider to snap to a nearest value stored in the set of confirmable values. For example, some embodiments may provide program code to search for a nearest value in the list “[150, 200, 250]” for the initially-selected value 205 and determine that 200 is the nearest value in the list. In response, the UI element may be automatically set to an updated configuration corresponding with the value of 200 after the UI element is first set into an initial configuration corresponding with the initially-selected value 205.
An issue in sliding, rotating, or other movable UIs having discrete boundaries or discrete selectable intervals is either a configuration that causes a lack of responsiveness to micromotions or over-responsiveness. Additionally, some UI elements may be configured based on values allowing tens of thousands or more possible configurations, which may slow down operations to reconfigure the UI element to an allowed configuration or changing a data type being analyzed. Some embodiments may provide a second set of configurations for the UI element, where the second set of configurations may provide a greater number of configurations than the first set of configurations. By providing a second set of configurations, some embodiments may increase the number of configurations of the UI element to increase the smoothness and efficiency of a UI. By providing a UI element capable of moving through a set of intermediate configuration values, some embodiments may provide an interface experience emulating a continuous UI element while decreasing the time needed to determine a nearest value of an allowed list of values.
In some embodiments the process 300 may include obtaining an interface-selected value from an instance of the UI, as indicated by block 320. The interface-selected value may include a value corresponding to an initial configuration or updated configuration state of a UI element. For example, the interface-selected value may correspond to an updated configuration of a slider or other UI element of an instance of a UI executing on a client computing device after a confirmation button of the UI is clicked or tapped. Alternatively, some embodiments may receive an interface-selected value that is a transformation of the value corresponding to an updated configuration of the UI element. As further described below some embodiments may then update a profile value or value associated with the profile (e.g., a value stored in an account linked to the profile). For example, some embodiments may obtain the interface-selected value “200” via a request payload of a web request or other web message sent from a client computing device.
The interface-selected value may represent various types of values and be used to adjust or otherwise update a value associated with a profile. For example, as further described below, the interface selected value may include an interface-selected credit limit value usable increase a corresponding credit limit of a credit account, where the interface-selected credit limit may be greater than or less than a current credit limit. As described further below, some embodiments may encrypt an account value updated by the interface-selected value. Some embodiments may then store the encrypted value in persistent storage or send the encrypted value to a third-party API. In some embodiments, the adjustment of a value of an account may include adjusting a value of an account that has not been instantiated or otherwise made accessible, such as in adjustment of a credit limit value for a credit account that has not been created. In such cases, some embodiments may store the value in a first storage or temporary memory and retrieve the value for inclusion the account after the account has been created. Reference to “an account” can include references to accounts that are yet-to-be created. For example, assigning a value to an account can be done by determining a value for an account that will be created after the value is assigned.
In some embodiments, the interface-selected value may include instructions to update one or more accounts. For example, some embodiments may receive an interface-selected value comprising, representing, or confirming instructions to deactivate an account. In response, some embodiments may determine whether an account is permitted to be deactivated based on one or more criteria, such as by determining whether a stored variable of the account satisfies an outstanding balance threshold. Deactivating an account may include updating a value associated with an account, where the updated value prevents the account from being further used or modified. Alternatively, deactivating the account may include permanently deleting the account. Some embodiments may perform one or more score updates as a part of deactivating an account or in response to a determination that an account is to be deactivated. For example, some embodiments may transfer an amount associated with a first account to a second account in response to a determination that an account is to be deactivated. Various criteria may be satisfied to confirm that an account is to be deactivated. For example, in response to receiving instructions to deactivate an account and a determination that a stored variable of the account satisfies an outstanding balance threshold, some embodiments may determine that the account is to be deactivated.
In some embodiments, the process 300 may include determining whether a new account or account card associated with the profile should be generated, as indicated by block 328. Some embodiments may determine that a new account or account card associate with the profile may be generated based on receiving instructions to generate the new account for account card or based on an existing set of criteria. For example, some embodiments may provide a UI having an option to generate a new account. Some embodiments may then receive a confirmation from a client computing device indicating that a user has selected the option to generate new account.
Some embodiments may include operations to determine whether the new account or account card is permitted for generation based on one or more criteria. Some embodiments may determine whether a number of updates satisfies a threshold number of updates. For example, some embodiments may determine whether a loan repayment count satisfies a threshold number of payments. If the threshold number of payments is three, then some embodiments may determine that a new account card is permitted based on a first account having been updated at least three times, and some embodiments may determine that a new account card is not permitted based on the first account having been updated only once. In response to a determination that a new account for account card associate with the profile should be generated, operations of the process 300 may proceed to block 332. Otherwise, operations of the process 300 may proceed to block 340.
In some embodiments, the process 300 may include sending an account generation request to an API based on data associated with the profile, as indicated by block 332. As discussed further below, some embodiments may encrypt data in a request sent to an API and may store or send data in a separate or otherwise isolated system or subsystem such as a virtual private cloud (VPC). For example, some embodiments may send account data including a username, a date of birth, identification number, to an address of a VPC after encrypting the account data. The VPC may then send the encrypted account data or other encrypted value(s) to an API of a third-party entity, where the entity may determine a new account identifier, cause the manufacture of a new physical card showing the new account identifier, or generate a counterpart account associated with the new account identified.
In some embodiments, the account generation request may include encrypted versions of profile data such as a name, an address, an image, another account identifier, or the like. In some embodiments, the account generation request may cause a server or other computing device of a third-party entity to generate a physical card and a corresponding card identifier. For example, as further described below, some embodiments may generate or cause the generation of a physical transaction card containing a name obtained from a user profile.
In some embodiments, the process 300 may include receiving a second set of web messages that includes the new account identifier from the third-party entity, as indicated by block 336. The second set of web messages may include a web response that indicates that a new account was confirmed, a physical card was queued for manufacture, or the like. In some embodiments, the new account identifier may include information associated with the new account, such as a security value, a digital signature, a card-specific model number, or the like. By receiving a card identifier or other information associated with a physical transaction card, some embodiments may update an account with the information and track account changes without necessitating continuously updating the third-party entity.
In some embodiments, the web message may include a card identifier corresponding to a physical transaction card. For example, some embodiments may receive a web message that includes a credit card number, where the web message was by a third-party server in response to a first web message received at an API of the third-party server. In some embodiments, a physical transaction card or another type of physical card may be generated by adding a record represented by the card identifier to a manufacturing device queue. After receiving a card identifier, some embodiments may associate an account with the card identifier, where use the card identifier during a transaction may cause a corresponding value of the account to change.
In some embodiments, the process 300 may include updating an account based on an interface-selected value or other data from a set of web messages, as indicated by block 340. Some embodiments may update an account with a value such as an interface-selected value or a new account identifier and associate the account with a profile. In some embodiments, the web message may include an interface-selected value that is then used to update one or more database records or other data structures storing data related to an account. For example, some embodiments may receive an encrypted web message that includes an interface-selected value representing an increased (or decreased) maximum credit limit. Some embodiments may then update one or more records of a database by decrypting the web message, determining a record based on the web message, and update one or more fields in the record based on the web message.
Some embodiments may then re-encrypt data in the updated record before storing the encrypted data in local persistent storage or in the storage of a VPC. As discussed further below, various encryption operations or methods may be used, where different types of encryption may be selected based on their efficiency, reliability, or the like. Furthermore, as described elsewhere in this disclosure, encrypting data in a record may include encrypting the specific field in the record, encrypting the record, encrypting the column of the field for the database storing the record, encrypting the entire database storing the record, or the like. Additionally, some embodiments may update an account based on an interface-selected value, new account information, or other data as it is received independently of other messages or data. For example, after receiving an interface-selected value as described for block 320, some embodiments may then proceed to update an account without waiting for additional account information such as a new account identifier described for block 336.
FIG. 4 is a flowchart illustrating a process to encrypt and decrypt data across accounts, in accordance with some embodiments of the present techniques. In some embodiments, the process 400 may include receiving instructions to update data in an account, as indicated by block 404. Some embodiments may receive instructions to update an account in the form of routines activated by web messages. For example, some embodiments may receive instructions to update a loan payment parameter with a new quantitative number indicating payment of a portion of a loan, which may deduct a loan principle amount (which may have its own corresponding parameter). Alternatively, or in addition, some embodiments may receive instructions to update an account based on internal program code. For example, some embodiments may determine that a maximum value threshold associated with a specific profile may be increased and, in response, begin operations to update an account of the profile based on the maximum value threshold increase.
In some embodiments, the process 400 may include operations to update data associated with a database of encrypted values, as indicated by block 404. Some embodiments may include operations to store updates to data associated with an account, where the corresponding update values may be compressed into a single net update to account based on a threshold time interval. For example, some embodiments may receive a plurality of update requests that have occurred within a pre-determined time interval such as an interval less than a 1 minute time interval, less than a 10 minute interval, less than a 1 hour time interval, less than a 24-hour time interval, less than a 72-hour time interval, or the like. Some embodiments may then determine an arithmetic sum of the plurality of score changes and store the arithmetic sum of the plurality of score changes in an encrypted record, as further discussed below. For example, some embodiments may receive three update requests, each update request including an update value representing changes to an account score. Some embodiments may sum the three update values to compute a sum of the three update values (or other combined value of the three update values), each of the three update values having a timestamp within a same pre-defined time interval (e.g., within the same day).
In some embodiments, the process 400 may include encrypting data using an encryption method based on an encryption key, as indicated by block 414. In some embodiments, the encryption method may include one or more of various types encryption methods, such as a symmetric encryption method, an asymmetric encryption method, a hybrid encryption method, or a quantum encryption method. Some embodiments may use a symmetric encryption method, such as an encryption method based on the advanced encryption standard (AES), where a data encrypted with a symmetric encryption method using a single encryption key may be decrypted with the same encryption key. For example, some embodiments may implement AES encryption using 128-bit or 256-bit keys and 128-bit blocks, where using AES encryption may include encrypting a data using consecutive rounds of a substitution-permutation network (SPN). Various symmetrical algorithms may be used to encrypt or decrypt data, such as Twofish, RC6, Serpent, Mars, or the like, and may further be described by Rachmat et al. (Rachmat, N., 2019, March. Performance analysis of 256-bit AES encryption algorithm on android smartphone. In Journal of Physics: Conference Series (Vol. 1196, No. 1, p. 012049). IOP Publishing), which is hereby incorporated by reference.
Alternatively, some embodiments may use an asymmetric encryption method to encrypt or decrypt a value, where an asymmetric encryption method includes the use of a public key to encrypt a message and a private key to decrypt the encrypted message. One or more various types of asymmetric encryption algorithms may be used, such as a Rivest-Shamir-Adleman (RSA) encryption algorithm, an ElGamal encryption algorithm, a Diffie-Hellman key exchange protocol, an elliptic-curve cryptography method, or the like, where such algorithms may be described by Mahto et al. (Mahto, D. and Yadav, D. K., 2018. Performance Analysis of RSA and Elliptic Curve Cryptography. IJ Network Security, 20(4), pp.625-635). For example, some embodiments may use an RSA encryption method by using a first encryption key to encrypt an account identifier and using a first decryption key that is different from the first encryption key to decrypt the encrypted account identifier. Some embodiments may implement an asymmetric encryption method in distributed computing environments, where different subsystems or services of an application may be independent of one another or not necessarily trusted.
Some embodiments may use a format-preserving cipher, where the encryption key for the format-preserving cipher may be protected in a different virtual or physical memory of a computing system than the data that it is used to encrypt. A format-preserving cipher may be used to convert a value into a same format (e.g., same number of fields), and may include various types of encryption methods such as block cipher encryption. For example, some embodiments may use a format-preserving cipher to convert a first account identifier to a second account identifier having the same number of digits. Various format-preserving cipher methods may be used, such as the Black and Rogaway encryption method, an encryption method using a Feistel network, another Feistel-based encryption method, another block cipher, or the like, where such encryption may be described in Bellare et al. 2009 (Bellare, M., Ristenpart, T., Rogaway, P. and Stegers, T., 2009, August. Format-preserving encryption. In International workshop on selected areas in cryptography (pp. 295-312). Springer, Berlin, Heidelberg), which is hereby incorporated by reference.
Use of a format-preserving cipher may preserve the uniqueness of each account number while reducing the amount of memory used to encrypt the data. For example, some embodiments may use a block cipher encryption method, such as an FFX encryption method, to encrypt a block (e.g., a number, a string, list, or the like), which is further described in Bellare et al. 2010 (Bellare, M., Rogaway, P. and Spies, T., 2010 The FFX mode of operation for format-preserving encryption. NIST submission, 20, p.19), which is hereby incorporated by reference. Some embodiments using the FFX method may perform multiple encryption rounds of operations that include splitting an input value for the encryption method into to subsets. After dividing the block into two block sections, using the FFX method may including using the first block section as an input for a first half of an encryption round for a function that takes, as parameters, the encryption key and the second block section. Various functions may be used, and may include combinations of arithmetic operations, vector product operations, logarithmic operations, exponential operations, or the like. Some embodiments using the FFX method also perform an exclusive or (XOR) operation across elements (e.g., individual bits) between the function result and the second block section to produce an intermediate block that includes the encrypted first block section. Some embodiments using the FFX method may then switch the operations being performed on the first and second block sections in a second half of an encryption round by using the second block section as an input to a function using the first now-encrypted block section and the encryption key as function parameters. Some embodiments may then perform multiple encryption rounds to encrypt a block.
Some embodiments may encrypt or decrypt data using a lattice-based encryption method or other quantum-proof encryption method. For example, some embodiments using a lattice-based encryption method may obtain a path through a multi-dimensional lattice and, in response, encrypt or decrypt data based on an encryption key stored at a point in the multi-dimensional lattice along the path. Additionally, some embodiments may use quantum cryptography to encrypt or decrypt data. For example, some embodiments may distribute a quantum key between two databases, such as a profile database and an account database stored in a VPC.
In some embodiments, the process 400 may include sending the encrypted message to an encrypted persistent storage, as indicated by block 430. The encrypted persistent storage may be isolated from other data storage or systems of a computing environment. In some embodiments, data being sent to the encrypted persistent storage, stored in the encrypted persistent storage, or retrieved from the encrypted persistent storage may be in an encrypted state. The encrypted persistent storage may include a solid state drive, a spinning disk drive, or the like. In some embodiments, the encrypted persistent storage may be part of a VPC capable of isolating a database stored in the persistent storage from other components of the system.
In some embodiments, the encrypted message may be stored in a database of encrypted values, where various encryption methods may be used. Some embodiments may perform transparent data encryption (TDE), where an unencrypted database having multiple records and multiple columns may be encrypted to form an encrypted block(s) of data or decrypted from the encrypted block(s) of data into an unencrypted database. Various TDE operations may be used to encrypt a database. For example, while some embodiments may encrypt a database using one or more of the encryption methods described above such that the database may remain encrypted while being transmitted in a network or while at rest (e.g., while not being edited or moved). Alternatively, or in addition, some embodiments may perform a column-level encryption operation, where columns of a database may be separately encrypted with different encryption keys. Some embodiments may perform column-level encryption of account data, where commonly retrieved and less sensitive fields of the account data remains unencrypted, while sensitive fields are encrypted. In some cases, use of a column-level encryption may be increase the flexibility of data structures holding sensitive information (e.g., account identifiers) with respect to response times when retrieving unencrypted data. Alternatively, or additionally, some embodiments may perform field-level encryption of account data, where individual fields of data may be encrypted using methods such as probabilistic encryption methods. As used in this disclosure, a field of a record may be understood as the specific column for a single record (unless otherwise stated), whereas a column of a database may include each field having a shared field name in the database.
in some embodiments, the process 400 may include retrieving encrypted data from the encrypted persistent storage, as indicated by block 432. Some embodiments may retrieve encrypted data from an encrypted persistent storage in response to instructions to perform an action using data stored in an encrypted form. For example, some embodiments may receive instructions to increase a maximum score threshold based on a web message. In response, some embodiments may retrieve a verification number from an encrypted account to verify data in the request, where retrieving the verification number may include performing a decryption operation.
In some embodiments, the process 400 may include decrypting the encrypted data of the encrypted account, as indicated by block 440. The decryption method used to decrypt the encrypted data may be based on the encryption method used to first encrypted data. For example, some embodiments may use a block cipher decryption method to decrypt data encrypted by a block cipher encryption method. Some decryption methods may use a same key to encrypt and decrypt data, while other methods may use different keys to encrypt and decrypt data. After decrypting the data, some embodiments may then use the data to confirm a transaction, update an account, store additional data, or the like. For example, some embodiments may decrypt an account identifier stored in a database of encrypted values to update an account balance or update a loan repayment.
Some embodiments may use an FFX decryption method to decrypt a block that was encrypted with an FFX encryption method. For example, some embodiments may divide an encrypted block into two block sections, where using the FFX method may including using the first block section as input for a first half of an decryption round for a function that takes, as parameters, the encryption key and the second block section. Various functions may be used to produce an intermediate block that includes the (partially) decrypted first block section and the second block, where the function used may be based on an inverse function of the function used during FFX encryption. For example, if a modular addition operation based on the second block was used to encrypt data into an encrypted block, some embodiments may use a modular subtraction based on the second block to decrypt the data into a decrypted block. Some embodiments using the FFX method may then switch the operations being performed on the first and second block sections in a second half of an decryption round by using the second block section as an input to a function using the (partially) decrypted block section and the encryption key as function parameters. Some embodiments may then perform multiple decryption rounds to decrypt an encrypted block to its original form, where the number of decryption rounds is equal to the number of encryption rounds used to encrypt the decrypted block.
FIG. 5 shows an example of a computing device by which the present techniques may be implemented. FIG. 5 is a diagram that illustrates an exemplary computing system 1000 in accordance with embodiments of the present technique. Various portions of systems and methods described herein, may include or be executed on one or more computer systems similar to computing system 1000. Further, processes and modules described herein may be executed by one or more processing systems similar to that of computing system 1000.
Computing system 1000 may include one or more processors (e.g., processors 1010 a-1010 n) coupled to system memory 1020, an input/output I/O device interface 1030, and a network interface 1040 via an input/output (I/O) interface 1050. A processor may include a single processor or a plurality of processors (e.g., distributed processors). A processor may be any suitable processor capable of executing or otherwise performing instructions. A processor may include a central processing unit (CPU) that carries out program instructions to perform the arithmetical, logical, and input/output operations of computing system 1000. A processor may execute code (e.g., processor firmware, a protocol stack, a database management system, an operating system, or a combination thereof) that creates an execution environment for program instructions. A processor may include a programmable processor. A processor may include general or special purpose microprocessors. A processor may receive instructions and data from a memory (e.g., system memory 1020). Computing system 1000 may be a uni-processor system including one processor (e.g., processor 1010 a), or a multi-processor system including any number of suitable processors (e.g., 1010 a-1010 n). Multiple processors may be employed to provide for parallel or sequential execution of one or more portions of the techniques described herein. Processes, such as logic flows, described herein may be performed by one or more programmable processors executing one or more computer programs to perform functions by operating on input data and generating corresponding output. Processes described herein may be performed by, and apparatus can also be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application specific integrated circuit). Computing system 1000 may include a plurality of computing devices (e.g., distributed computer systems) to implement various processing functions.
I/O device interface 1030 may provide an interface for connection of one or more I/O devices 1060 to computer system 1000. I/O devices may include devices that receive input (e.g., from a user) or output information (e.g., to a user). I/O devices 1060 may include, for example, graphical UI presented on displays (e.g., a cathode ray tube (CRT) or liquid crystal display (LCD) monitor), pointing devices (e.g., a computer mouse or trackball), keyboards, keypads, touchpads, scanning devices, voice recognition devices, gesture recognition devices, printers, audio speakers, microphones, cameras, or the like. I/O devices 1060 may be connected to computer system 1000 through a wired or wireless connection. I/O devices 1060 may be connected to computer system 1000 from a remote location. I/O devices 1060 located on remote computer system, for example, may be connected to computer system 1000 via a network and network interface 1040.
Network interface 1040 may include a network adapter that provides for connection of computer system 1000 to a network. Network interface may 1040 may facilitate data exchange between computer system 1000 and other devices connected to the network. Network interface 1040 may support wired or wireless communication. The network may include an electronic communication network, such as the Internet, a local area network (LAN), a wide area network (WAN), a cellular communications network, or the like.
System memory 1020 may be configured to store program instructions 1100 or data 1110. Program instructions 1100 may be executable by a processor (e.g., one or more of processors 1010 a-1010 n) to implement one or more embodiments of the present techniques. Instructions 1100 may include modules of computer program instructions for implementing one or more techniques described herein with regard to various processing modules. Program instructions may include a computer program (which in certain forms is known as a program, software, software application, script, or code). A computer program may be written in a programming language, including compiled or interpreted languages, or declarative or procedural languages. A computer program may include a unit suitable for use in a computing environment, including as a stand-alone program, a module, a component, or a subroutine. A computer program may or may not correspond to a file in a file system. A program may be stored in a portion of a file that holds other programs or data (e.g., one or more scripts stored in a markup language document), in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub programs, or portions of code). A computer program may be deployed to be executed on one or more computer processors located locally at one site or distributed across multiple remote sites and interconnected by a communication network.
System memory 1020 may include a tangible program carrier having program instructions stored thereon. A tangible program carrier may include a non-transitory computer readable storage medium. A non-transitory computer readable storage medium may include a machine-readable storage device, a machine readable storage substrate, a memory device, or any combination thereof. Non-transitory computer readable storage medium may include non-volatile memory (e.g., flash memory, ROM, PROM, EPROM, EEPROM memory), volatile memory (e.g., random access memory (RAM), static random access memory (SRAM), synchronous dynamic RAM (SDRAM)), bulk storage memory (e.g., CD-ROM or DVD-ROM, hard-drives), or the like. System memory 1020 may include a non-transitory computer readable storage medium that may have program instructions stored thereon that are executable by a computer processor (e.g., one or more of processors 1010 a-1010 n) to cause the subject matter and the functional operations described herein. A memory (e.g., system memory 1020) may include a single memory device or a plurality of memory devices (e.g., distributed memory devices). Instructions or other program code to provide the functionality described herein may be stored on a tangible, non-transitory computer readable media. In some cases, the entire set of instructions may be stored concurrently on the media, or in some cases, different parts of the instructions may be stored on the same media at different times.
I/O interface 1050 may be configured to coordinate I/O traffic between processors 1010 a-1010 n, system memory 1020, network interface 1040, I/O devices 1060, or other peripheral devices. I/O interface 1050 may perform protocol, timing, or other data transformations to convert data signals from one component (e.g., system memory 1020) into a format suitable for use by another component (e.g., processors 1010 a-1010 n). I/O interface 1050 may include support for devices attached through various types of peripheral buses, such as a variant of the Peripheral Component Interconnect (PCI) bus standard or the Universal Serial Bus (USB) standard.
Embodiments of the techniques described herein may be implemented using a single instance of computer system 1000 or multiple computer systems 1000 configured to host different portions or instances of embodiments. Multiple computer systems 1000 may provide for parallel or sequential processing/execution of one or more portions of the techniques described herein.
Those skilled in the art will appreciate that computer system 1000 is merely illustrative and is not intended to limit the scope of the techniques described herein. Computer system 1000 may include any combination of devices or software that may perform or otherwise provide for the performance of the techniques described herein. For example, computer system 1000 may include or be a combination of a cloud-computing system, a data center, a server rack, a server, a virtual server, a desktop computer, a laptop computer, a tablet computer, a server device, a client device, a mobile telephone, a personal digital assistant (PDA), a mobile audio or video player, a game console, a vehicle-mounted computer, or a Global Positioning System (GPS), or the like. Computer system 1000 may also be connected to other devices that are not illustrated, or may operate as a stand-alone system. In addition, the functionality provided by the illustrated components may in some embodiments be combined in fewer components or distributed in additional components. Similarly, in some embodiments, the functionality of some of the illustrated components may not be provided or other additional functionality may be available.
Those skilled in the art will also appreciate that while various items are illustrated as being stored in memory or on storage while being used, these items or portions of them may be transferred between memory and other storage devices for purposes of memory management and data integrity. Alternatively, in other embodiments some or all of the software components may execute in memory on another device and communicate with the illustrated computer system via inter-computer communication. Some or all of the system components or data structures may also be stored (e.g., as instructions or structured data) on a computer-accessible medium or a portable article to be read by an appropriate drive, various examples of which are described above. In some embodiments, instructions stored on a computer-accessible medium separate from computer system 1000 may be transmitted to computer system 1000 via transmission media or signals such as electrical, electromagnetic, or digital signals, conveyed via a communication medium such as a network or a wireless link. Various embodiments may further include receiving, sending, or storing instructions or data implemented in accordance with the foregoing description upon a computer-accessible medium. Accordingly, the present techniques may be practiced with other computer system configurations.
In block diagrams, illustrated components are depicted as discrete functional blocks, but embodiments are not limited to systems in which the functionality described herein is organized as illustrated. The functionality provided by each of the components may be provided by software or hardware modules that are differently organized than is presently depicted, for example such software or hardware may be intermingled, conjoined, replicated, broken up, distributed (e.g., within a data center or geographically), or otherwise differently organized. The functionality described herein may be provided by one or more processors of one or more computers executing code stored on a tangible, non-transitory, machine readable medium. In some cases, notwithstanding use of the singular term “medium,” the instructions may be distributed on different storage devices associated with different computing devices, for instance, with each computing device having a different subset of the instructions, an implementation consistent with usage of the singular term “medium” herein. In some cases, third party content delivery networks may host some or all of the information conveyed over networks, in which case, to the extent information (e.g., content) is said to be supplied or otherwise provided, the information may provided by sending instructions to retrieve that information from a content delivery network.
The reader should appreciate that the present application describes several independently useful techniques. Rather than separating those techniques into multiple isolated patent applications, applicants have grouped these techniques into a single document because their related subject matter lends itself to economies in the application process. But the distinct advantages and aspects of such techniques should not be conflated. In some cases, embodiments address all of the deficiencies noted herein, but it should be understood that the techniques are independently useful, and some embodiments address only a subset of such problems or offer other, unmentioned benefits that will be apparent to those of skill in the art reviewing the present disclosure. Due to costs constraints, some techniques disclosed herein may not be presently claimed and may be claimed in later filings, such as continuation applications or by amending the present claims. Similarly, due to space constraints, neither the Abstract nor the Summary of the Invention sections of the present document should be taken as containing a comprehensive listing of all such techniques or all aspects of such techniques.
It should be understood that the description and the drawings are not intended to limit the present techniques to the particular form disclosed, but to the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the present techniques as defined by the appended claims. Further modifications and alternative embodiments of various aspects of the techniques will be apparent to those skilled in the art in view of this description. Accordingly, this description and the drawings are to be construed as illustrative only and are for the purpose of teaching those skilled in the art the general manner of carrying out the present techniques. It is to be understood that the forms of the present techniques shown and described herein are to be taken as examples of embodiments. Elements and materials may be substituted for those illustrated and described herein, parts and processes may be reversed or omitted, and certain features of the present techniques may be utilized independently, all as would be apparent to one skilled in the art after having the benefit of this description of the present techniques. Changes may be made in the elements described herein without departing from the spirit and scope of the present techniques as described in the following claims. Headings used herein are for organizational purposes only and are not meant to be used to limit the scope of the description.
As used throughout this application, the word “may” is used in a permissive sense (i.e., meaning having the potential to), rather than the mandatory sense (i.e., meaning must). The words “include”, “including”, and “includes” and the like mean including, but not limited to. As used throughout this application, the singular forms “a,” “an,” and “the” include plural referents unless the content explicitly indicates otherwise. Thus, for example, reference to “an element” or “a element” includes a combination of two or more elements, notwithstanding use of other terms and phrases for one or more elements, such as “one or more.” The term “or” is, unless indicated otherwise, non-exclusive, i.e., encompassing both “and” and “or.” Terms describing conditional relationships, e.g., “in response to X, Y,” “upon X, Y,”, “if X, Y,” “when X, Y,” and the like, encompass causal relationships in which the antecedent is a necessary causal condition, the antecedent is a sufficient causal condition, or the antecedent is a contributory causal condition of the consequent, e.g., “state X occurs upon condition Y obtaining” is generic to “X occurs solely upon Y” and “X occurs upon Y and Z.” Such conditional relationships are not limited to consequences that instantly follow the antecedent obtaining, as some consequences may be delayed, and in conditional statements, antecedents are connected to their consequents, e.g., the antecedent is relevant to the likelihood of the consequent occurring. Statements in which a plurality of attributes or functions are mapped to a plurality of objects (e.g., one or more processors performing steps A, B, C, and D) encompasses both all such attributes or functions being mapped to all such objects and subsets of the attributes or functions being mapped to subsets of the attributes or functions (e.g., both all processors each performing steps A-D, and a case in which processor 1 performs step A, processor 2 performs step B and part of step C, and processor 3 performs part of step C and step D), unless otherwise indicated. Further, unless otherwise indicated, statements that one value or action is “based on” another condition or value encompass both instances in which the condition or value is the sole factor and instances in which the condition or value is one factor among a plurality of factors. Unless otherwise indicated, statements that “each” instance of some collection have some property should not be read to exclude cases where some otherwise identical or similar members of a larger collection do not have the property, i.e., each does not necessarily mean each and every. Limitations as to sequence of recited steps should not be read into the claims unless explicitly specified, e.g., with explicit language like “after performing X, performing Y,” in contrast to statements that might be improperly argued to imply sequence limitations, like “performing X on items, performing Y on the X'ed items,” used for purposes of making claims more readable rather than specifying sequence. Statements referring to “at least Z of A, B, and C,” and the like (e.g., “at least Z of A, B, or C”), refer to at least Z of the listed categories (A, B, and C) and do not require at least Z units in each category. Unless specifically stated otherwise, as apparent from the discussion, it is appreciated that throughout this specification discussions utilizing terms such as “processing,” “computing,” “calculating,” “determining” or the like refer to actions or processes of a specific apparatus, such as a special purpose computer or a similar special purpose electronic processing/computing device. Features described with reference to geometric constructs, like “parallel,” “perpendicular/orthogonal,” “square”, “cylindrical,” and the like, should be construed as encompassing items that substantially embody the properties of the geometric construct, e.g., reference to “parallel” surfaces encompasses substantially parallel surfaces. The permitted range of deviation from Platonic ideals of these geometric constructs is to be determined with reference to ranges in the specification, and where such ranges are not stated, with reference to industry norms in the field of use, and where such ranges are not defined, with reference to industry norms in the field of manufacturing of the designated feature, and where such ranges are not defined, features substantially embodying a geometric construct should be construed to include those features within 15% of the defining attributes of that geometric construct. The terms “first”, “second”, “third,” “given” and so on, if used in the claims, are used to distinguish or otherwise identify, and not to show a sequential or numerical limitation. As is the case in ordinary usage in the field, data structures and formats described with reference to uses salient to a human need not be presented in a human-intelligible format to constitute the described data structure or format, e.g., text need not be rendered or even encoded in Unicode or ASCII to constitute text; images, maps, and data-visualizations need not be displayed or decoded to constitute images, maps, and data-visualizations, respectively; speech, music, and other audio need not be emitted through a speaker or decoded to constitute speech, music, or other audio, respectively. Computer implemented instructions, commands, and the like are not limited to executable code and can be implemented in the form of data that causes functionality to be invoked, e.g., in the form of arguments of a function or API call.
In this patent, to the extent any U.S. patents, U.S. patent applications, or other materials (e.g., articles) have been incorporated by reference, the text of such materials is only incorporated by reference to the extent that no conflict exists between such material and the statements and drawings set forth herein. In the event of such conflict, the text of the present document governs, and terms in this document should not be given a narrower reading in virtue of the way in which those terms are used in other materials incorporated by reference.
The present techniques will be better understood with reference to the following enumerated embodiments:
1. obtaining, with a computing system, via a network, a first web message from a client computing device; retrieving, with the computing system, values of a profile from a database, the retrieving being based on the first web message; obtaining, with the computing system, a first value of a first account and a second value of a second account, the obtaining being based on the values of the profile, wherein the first account is of a first account type, and wherein the second account is of a second account type that is different from the first type of account; determining, with the computing system, a boundary based on the first value; providing, with the computing system, a user interface (UI) to the client computing device via a response to the first web message, the UI comprising a UI element that is movable from a first configuration to a second configuration, wherein: positioning the UI element in the first configuration causes a first limit associated with the first configuration to be displayed in the UI, positioning the UI element in the second configuration causes a second limit associated with the second configuration to be displayed in the UI, and the second limit is determined based on the boundary; obtaining, with the computing system, a second web message comprising a third value determined from an updated configuration of the UI element, wherein the second message is provided by the client computing device; and adjusting, with the computing system, the second value based on the third value.
2. The medium of embodiment 1, wherein: providing the UI comprises providing a plurality of values between the first limit and the second limit; the UI element is manipulatable into one of a first plurality of configurations, wherein the updated configuration is one of the first plurality of configurations and corresponds to a fourth value of the plurality of values; setting the UI element to a respective configuration of the first plurality of configurations causes the UI to display a respective value of the plurality of values; the UI element is manipulatable into one of a second plurality of configurations, wherein the updated configuration is not one of the second plurality of configurations, and wherein the second plurality of configurations has a greater number of configurations than the first plurality of configurations; the UI element is configurable to be positioned at an intermediate configuration, wherein the intermediate configuration sets an interface-selected value to a value that is not equal to any value of the plurality of values; providing the UI comprises providing computer instructions that causes the client computing device to: select the fourth value of the plurality of values in response to a determination that the interface-selected value of the UI is not equal to any value of the plurality of values, wherein the fourth value is closest to the interface-selected value; update the interface-selected value based on the fourth value; and reconfigure the UI element to the updated configuration.
3. The medium of any of embodiments 1 to 2, further comprising: determining that a value associated with the second account is to be stored in persistent storage; encrypting the value as an encrypted value; transmitting the encrypted value to the persistent storage for storage in a database of encrypted values; and storing the encrypted value in the database of encrypted values.
4. The medium of embodiment 3, wherein encrypting the value comprising: obtaining a decryption key; wherein obtaining the second value comprises performing a block cipher decryption using the decryption key, wherein performing the block cipher decryption comprises: retrieving an encrypted block, the encrypted block comprising a first block section and a second block section; determining a first output based on the decryption key and the first block section; determining an intermediate block based on the first output, wherein the intermediate block comprises the first block section and a third block section; determining a second output based on the decryption key and the third block section; and determining an identifier of the second account based on the second output.
5. The medium of any of embodiments 1 to 4, further comprising: receiving a first update request to update a second variable of the second account, wherein the first update request comprises a first update value and is associated with a first timestamp; receiving a second update request for the second value, wherein the second update request comprises a second update value and is associated with a second timestamp; and determining whether the first timestamp and the second timestamp satisfy a time interval; in response to a determination that the first timestamp and the second timestamp satisfy the time interval, determine combined value by adding the first update value with the second update value; and updating the second variable based on the combined value.
6. The medium of any of embodiments 1 to 5, wherein the UI is a first UI, the operations further comprising: receiving a first request; transmitting a second set of values associated with the profile to an application program interface (API) via a second request in response to receiving the first request, wherein the second request causes a card identifier associated with a physical transaction card to be generated; receiving a web response to the second request, wherein the web response comprises an encrypted version of the card identifier; and in response to receiving the web response, storing the encrypted version of the card identifier in persistent storage in association with the second account.
7. The medium of any of embodiments 1 to 6, wherein: the first account type indicates a loan account, wherein the first value indicates a loan principle amount; the second account type indicates a credit account, wherein the second value of the second account indicates an available credit amount; the UI element comprises a slider or wheel; the third value is a credit limit value; and adjusting the second value comprises setting the available credit amount to the credit limit value.
8. The medium of any of embodiments 1 to 7, further comprising: receiving instructions to deactivate the second account; and in response to a receiving the instructions to deactivate the second account, transferring an amount from a first variable of the first account to a variable of the second account.
9. The medium of any of embodiments 1 to 8, further comprising: receiving a third web message comprising instructions to deactivate the second account; and transferring a stored sum associated with the first account to the second account in response to receiving the third web message.
10. The medium of any of embodiments 1 to 9, further comprising: receiving a web message indicating a value change associated with the first value; determining whether the first value has been updated; and sending a third web message to an application program interface (API) in response to a determination that the first value has been updated, wherein the third web message comprises the first value.
11. The medium of claim 10, wherein determining the boundary based on the first value further comprises determining the boundary based on a stored sum associated with the first value, wherein the stored sum is less than the first value.
12. The medium of any of embodiments 1 to 10, further comprising: receiving instructions to deactivate the first account; determining whether a stored variable of the second account satisfies an outstanding balance threshold; and transferring an amount associated with the first account to the second account in response to the stored variable satisfying the outstanding balance threshold.
13. The medium of any of embodiments 1 to 11, the operations further comprising setting an initial configuration of the UI element to the second configuration.
14. The medium of any of embodiments 1 to 12, wherein the first configuration is mapped to the second value, and wherein the second configuration is mapped to a sum of the second value and a range of the boundary.
15. The medium of any of embodiments 1 to 13, further comprising: determining whether a threshold number of updates were made to a stored variable associated with the first account; and in response to a determination that the threshold number of updates were received, updating a parameter of the profile to indicate that the second account is available for creation.
16. The medium of embodiment 15, wherein updating the parameter of the profile comprises updating the parameter of the profile without accessing a database of a server of a credit rating agency.
17. The medium of any of embodiments 1 to 16, wherein determining the boundary comprises determining three or more values, wherein a minimum value of the three or more values is associated with the first limit and a maximum value of the three or more values is associated with the second limit.
18. The medium of any of embodiments 1 to 17, the operations further comprising steps for encrypting a value associated with the profile.
19. The medium of any of embodiments 1 to 18, the operations further comprising steps for determining the UI.
20. The medium of any of embodiments 1 to 19, the operations further comprising, wherein the UI displays the second value.
21. A method to perform the operations of any of the embodiments 1 to 20.
22. A system, comprising: one or more processors; and memory storing instructions that when executed by the processors cause the processors to effectuate operations comprising: the operations of any one of embodiments 1 to 20.

Claims

1. A tangible, non-transitory, machine-readable medium storing program instructions that, when executed by a computing system, effectuate operations comprising:

obtaining, with a computing system, via a network, a first web message from a client computing device;

retrieving values of a profile from a database of profiles, the retrieving being based on the first web message;

obtaining a first value of a first account and a second value of a second account, the obtaining being based on the values of the profile, wherein the first account is of a first account type, and wherein the second account is of a second account type that is different from the first account type;

determining a numeric boundary based on the first value, the numeric boundary defining a limit to a range of values that the second value is permitted to assume;

providing a user interface (UI) to the client computing device via a response to the first web message, the UI comprising a UI element that is movable from a first configuration to a second configuration, wherein:

positioning the UI element in the first configuration causes a first limit associated with the first configuration to be displayed in the UI,

positioning the UI element in the second configuration causes a second limit associated with the second configuration to be displayed in the UI, and

the second limit is determined based on the numeric boundary;

obtaining a second web message comprising a third value determined from an updated configuration of the UI element, wherein the second web message is provided by the client computing device;

adjusting the second value based on the third value, wherein the adjusting is associated with a first timestamp;

encrypting the second value as an encrypted value;

transmitting the encrypted value from a first memory device to a persistent storage for storage in a database of encrypted values, wherein the database of encrypted values is isolated from the first memory device;

storing the encrypted value in the database of encrypted values;

receiving an update request to update the encrypted value stored in the database of encrypted values, wherein the update request comprises an update value and is associated with a second timestamp;

determining whether the first timestamp and the second timestamp satisfy a time interval;

in response to a determination that the first timestamp and the second timestamp satisfy the time interval, determining a combined value based on the third value and the update value; and

updating the encrypted value stored in the persistent storage based on the combined value.

2. The medium of claim 1, wherein:

providing the UI comprises providing, via a third web message encoded in a hypertext transport protocol, a first plurality of values between the first limit and the second limit and a second plurality of values between the first limit and the second limit, wherein a count of values of the first plurality of values is less than a count of values of the second plurality of values;

the UI element is a first UI element;

the first UI element is manipulatable into one of a first plurality of configurations, wherein the updated configuration is one of the first plurality of configurations and corresponds to a fourth value of the first plurality of values;

setting the first UI element to a respective configuration of the first plurality of configurations causes the UI to display a respective value of the first plurality of values;

the first UI element is manipulatable into one of a second plurality of configurations, wherein the updated configuration is not one of the second plurality of configurations, and wherein each configuration of the second plurality of configurations corresponds with a value of the second plurality of values;

the first UI element is configurable to be positioned at an intermediate configuration, wherein the intermediate configuration sets an interface-selected value to a value that is not equal to any value of the first plurality of values after a click or tap event of the UI;

providing the UI comprises providing program instructions that causes the client computing device to:

present the interface-selected value in a second UI element of the UI on the client computing device;

determine whether the interface-selected value of the UI is equal to any value of the first plurality of values;

in response to a determination that the interface-selected value of the UI is not equal to any value of the first plurality of values, search for the fourth value based on which value is closest to the interface-selected value, wherein the closest value is the fourth value;

update the interface-selected value based on the fourth value;

update the UI to the updated configuration based on the interface-selected value; and

reconfigure the first UI element to the updated configuration.

3. (canceled)

4. The medium of claim 1, wherein encrypting the second value comprising:

obtaining an encryption key;

performing a block cipher encryption using the encryption key, wherein performing the block cipher encryption comprises:

retrieving a block, the block comprising the second value;

dividing the block into a first block section and a second block section;

determining a first encrypted block section corresponding to the first block section based on the encryption key, the second block section, and the first block section;

determining a second encrypted block section corresponding to the second block section based on the encryption key, the second block section, and the first encrypted block section; and

determining the encrypted value based on the first encrypted block section and the second encrypted block section.

5. The medium of claim 1, wherein the update request is a first update request, and wherein the update value is a first update value, the operations further comprising:

receiving a second update request to update a second variable of the second account via a fourth web message encoded in a hypertext transport protocol, wherein the second update request comprises a second update value and is associated with a third timestamp;

receiving a third update request to update the second variable via a fifth web message encoded in the hypertext transport protocol, wherein the third update request comprises a third update value and is associated with a fourth timestamp;

determining whether the third timestamp and the fourth timestamp satisfy the time interval;

in response to a determination that the third timestamp and the fourth timestamp satisfy the time interval, determine a second combined value by adding the first update value with the second update value; and

updating the second variable based on the second combined value.

6. The medium of claim 1, wherein the UI is a first UI, the operations further comprising:

receiving a first request;

transmitting a second set of values associated with the profile to an application program interface (API) via a second request in response to receiving the first request, wherein the second request causes a card identifier associated with a physical transaction card to be generated;

receiving a web response to the second request, wherein the web response comprises an encrypted version of the card identifier; and

in response to receiving the web response, storing the encrypted version of the card identifier in persistent storage in association with the second account.

7. The medium of claim 1, wherein:

the first account type indicates a loan account, wherein the first value indicates a loan principle amount;

the second account type indicates a credit account, wherein the second value of the second account indicates an available credit amount;

the UI element comprises a slidable element or rotatable element;

the third value is a credit limit value; and

adjusting the second value comprises setting the available credit amount to the credit limit value.

8. The medium of claim 1, further comprising:

receiving program instructions to deactivate the second account; and

in response to a receiving the program instructions to deactivate the second account, transferring an amount from a first variable of the first account to a variable of the second account.

9. The medium of claim 1, further comprising:

receiving a third web message comprising program instructions to deactivate the second account; and

transferring a stored sum associated with the first account to the second account in response to receiving the third web message.

10. The medium of claim 1, further comprising:

receiving a web message indicating a value change associated with the first value;

determining whether the first value has been updated; and

sending a third web message to an application program interface (API) in response to a determination that the first value has been updated, wherein the third web message comprises the first value.

11. The medium of claim 10, wherein determining the numeric boundary based on the first value further comprises determining the numeric boundary based on a stored sum associated with the first value, wherein the stored sum is less than the first value.

12. The medium of claim 1, further comprising:

receiving program instructions to deactivate the first account;

determining whether a stored variable of the second account satisfies an outstanding balance threshold; and

transferring an amount associated with the first account to the second account in response to the stored variable satisfying the outstanding balance threshold.

13. The medium of claim 1, the operations further comprising setting an initial configuration of the UI element to the second configuration.

14. The medium of claim 1, wherein the first configuration is mapped to the second value, and wherein the second configuration is mapped to a sum of the second value and a range of the numeric boundary.

15. The medium of claim 1, further comprising:

determining whether a threshold number of updates were made to a stored variable associated with the first account; and

in response to a determination that the threshold number of updates were received, updating a parameter of the profile to indicate that the second account is available for creation.

16. The medium of claim 15, wherein updating the parameter of the profile comprises updating the parameter of the profile without accessing a database of a server of a credit rating agency.

17. The medium of claim 1, wherein determining the numeric boundary comprises determining three or more values, wherein a minimum value of the three or more values is associated with the first limit and a maximum value of the three or more values is associated with the second limit.

18. The medium of claim 1, the operations further comprising steps for encrypting a value associated with the profile.

19. The medium of claim 1, the operations further comprising steps for determining the UI.

20. A method comprising:

retrieving values of a profile from a database, the retrieving being based on the first web message;

the second limit is determined based on the numeric boundary;

adjusting the second value based on the third value;

encrypting the second value as an encrypted value;

storing the encrypted value in the database of encrypted values.

21. The method of claim 20, wherein:

the adjusting of the second value based on the third value is associated with a first timestamp,

providing the UI comprises providing, via a third web message encoded in a hypertext transport protocol, a first plurality of values between the first limit and the second limit and a second plurality of values between the first limit and the second limit, wherein a count of values of the first plurality of values is less than a count of values of the second plurality of values,

the UI element is a first UI element,

the first UI element is configurable to be positioned at an intermediate configuration, wherein the intermediate configuration sets an interface-selected value to a value that is not equal to any value of the first plurality of values after a click or tap event of the UI.

22. The medium of claim 2, the operations further comprising:

obtaining a set of scores from a server via an application program interface; and

updating the profile based on the set of scores, wherein providing the first plurality of values comprises determining the first plurality of values based the profile.

23. The medium of claim 2, wherein providing the UI to the client computing device comprises:

providing a first set of packets comprising program instructions that cause the client computing device to:

parse the program instructions into an abstract syntax tree;

transform the abstract syntax tree into a bytecode representation;

transform the bytecode representation into a native machine code of the client computing device, wherein execution of the native machine code causes the client computing device to present the UI; and

the operations further comprise:

receiving an update to the profile via an application program interface;

updating the first plurality of values based on the profile; and

providing a second set of packets comprising the updated first plurality of values to the client computing device.

24. A tangible, non-transitory, machine-readable medium storing first program instructions that, when executed by one or more processors, effectuate operations comprising:

obtaining, at a server system, from a network, a first web message from a client computing device;

selecting a record from among a plurality of records based on an identifier in the first web message, each of the records among the plurality of records having a respective first value of a first field and a respective second value of a second field, each of the records among the plurality of records corresponding to a different physical entity;

obtaining from the selected record, the first value of the selected record and the second value of the selected record;

determining a boundary of the selected record based on the first value of the selected record, the boundary of the selected record defining a limit to a range of values that the second field of the selected record is permitted to assume in the selected record, the boundary of the selected record being less than the first value of the selected record;

generating second program instructions interpretable by a virtual machine executing on the client computing device to form a user interface (UI) displayed by the client computing device, wherein:

the UI includes a slidable element in a slider, the slidable element being responsive to user input via a mouse drag or a touch to slide along the slider in the UI,

the UI is configured to send, to the server system, a second web message indicating a third value of the second field of the selected record based on a change in position of the slidable element in the slider from the user input, the third value being different from the second value of the selected record, and

a maximum or minimum position of the slidable element in the slider corresponds to the boundary of the selected record;

providing via the network, the second program instructions to the client computing device to be executed by the virtual machine;

obtaining via the network, from the client computing device, the second web message indicating the third value of the second field of the selected record;

adjusting the second field of the selected record to have the third value in memory of the server system.

25. The medium of claim 24, wherein:

the first field corresponds to a first account;

the second field corresponds to a second account.

26. The medium of claim 24, wherein:

the first field of the selected record corresponds to a first portion of a thermal budget of a semiconductor device consumed in first processing step in a semiconductor manufacturing process;

the second field of the selected record corresponds to a second portion of the thermal budget of the semiconductor device consumed in second processing step in the semiconductor manufacturing process; and

the third value of the second field of the selected record is used to determine target setpoint of the second processing step.

27. The medium of claim 24, wherein:

the first value of the selected record is a metric reported by a sensor at a first stage of a manufacturing process; and

a target setpoint for a second stage of the manufacturing process is adjusted based on the third value.

28. The medium of claim 24, wherein:

determining the boundary comprises steps for determining a set of confirmable values; and

the slidable element is configured to snap in the UI to positions corresponding to members of the set of confirmable values.

29. The medium of claim 24, wherein:

adjusting the second field of the selected record to have the third value comprises steps for lattice-based encryption.