US 11,658,832 B2
Information security using data control ledgers
Christopher Papernik, New York, NY (US); John H. Kling, Alexandria, VA (US); Nathaniel B. Clark, Wheaton, IL (US); Brian Russell Iverson, Buda, TX (US); Charles Dudley, Charlotte, NC (US); and Paul Joseph Harding, Langdon Hills (GB)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on Sep. 22, 2020, as Appl. No. 17/28,904.
Prior Publication US 2022/0094752 A1, Mar. 24, 2022
Int. Cl. H04L 9/00 (2022.01); H04L 67/306 (2022.01); G06F 11/34 (2006.01); G06F 16/27 (2019.01); G06F 16/23 (2019.01); G06F 16/22 (2019.01); G06F 16/18 (2019.01); H04L 67/50 (2022.01); H04L 41/0806 (2022.01); H04L 67/51 (2022.01)
CPC H04L 9/50 (2022.05) [G06F 11/3476 (2013.01); G06F 16/1865 (2019.01); G06F 16/221 (2019.01); G06F 16/2358 (2019.01); G06F 16/27 (2019.01); H04L 67/306 (2013.01); H04L 67/535 (2022.05); H04L 41/0806 (2013.01); H04L 67/51 (2022.05)] 20 Claims
OG exemplary drawing
 
1. A data control device, comprising:
a network interface configured to communicate with a provisioning service device, wherein:
the provisioning service device is configured to modify a user account; and
the provisioning service device is associated with a group within an enterprise;
a memory operable to store:
a service request log configured to store information associated with received service requests for modifying user accounts, wherein each entry in the service request log comprises a first number of fields;
an event log configured to store processing status information for service requests, wherein each entry in the event log comprises a second number of fields different from the first number of fields, and wherein each entry of the event log comprises respective processing status information and a respective received service request; and
a status log configured to store current status information for user accounts, wherein the current status information comprises a plurality of account identifiers that are each linked to a current status for a user account, and wherein each entry in the status log comprises a third number of fields different from the first number of fields and the second number of fields; and
a processor operably coupled to the network interface and the memory, configured to:
receive a service request for a user account from a network device, wherein the network device is different from the provisioning service device, wherein the network device does not directly interact with the provisioning service device, wherein the network device interacts with the provisioning service device through the data control device, and wherein the service request comprises:
information identifying the provisioning service device;
information identifying the network device;
an account identifier for the user account; and
modification instructions for modifying the user account;
add an entry in the service request log in response to receiving the service request, wherein the entry in the service request log comprises information from the service request;
add a first entry in the event log in response to receiving the service request, wherein the first entry in the event log indicates that the service request was received;
query the status log using the account identifier to determine a current status of the user account;
apply the modification instructions from the service request to the current status of the user account to update the current status of the user account;
modify the current status of the user account in the status log based on the updated current status of the user account;
identify the provisioning service device that is associated with the user account based on the information identifying the provisioning service device;
determine a device type for the provisioning service device;
determine service instructions for the provisioning service device based on the updated current status of the user account, wherein the service instructions identify actions for the provisioning service device to perform on the user account;
format the service instructions based on the device type of the provisioning service device;
send the formatted service instructions to the provisioning service device;
add a second entry in the event log in response to sending the formatted service instructions to the provisioning service device, wherein the second entry in the event log indicates that the formatted service instructions have been sent to the provisioning service device for further processing;
receive a confirmation message from the provisioning service device, wherein the confirmation message indicates that the provisioning service device has completed updating the user account based on the formatted service instructions; and
add a third entry in the event log in response to receiving the confirmation message, wherein the third entry in the event log indicates that servicing of the user account is complete.