US 12,137,032 B2
Systems and methods for identifying and determining third party compliance
Jeffrey Glasco, Jr., Fort Mill, SC (US); Benjamin Daniel Hardman, Harrisburg, NC (US); and Robert Brice, Richardson, TX (US)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on Oct. 12, 2023, as Appl. No. 18/379,267.
Application 18/379,267 is a continuation of application No. 17/406,167, filed on Aug. 19, 2021, granted, now 11,805,017.
Prior Publication US 2024/0048446 A1, Feb. 8, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 41/0893 (2022.01); G06F 11/34 (2006.01); H04L 41/069 (2022.01)
CPC H04L 41/0893 (2013.01) [G06F 11/3476 (2013.01); H04L 41/069 (2013.01)] 9 Claims
OG exemplary drawing
 
1. A third-party network compliance system executed by a host entity network, the third-party network compliance system comprising:
the host entity network configured to:
construct a scanning file that includes host entity network compliance standards stored on the host entity network, the host entity network compliance standards comprising:
security assessment standards;
data movement controls;
hardware requirements;
software requirements; and
configuration settings; and
transmit the scanning file to an intermediary entity network;
the intermediary entity network configured to:
receive the scanning file from the host entity network;
generate an executable file that, when executed, runs a plug-in scanning file, the plug-in scanning file for being run at a third-party network, the plug-in scanning file, when run, being configured to scan hardware and software resident at the third-party network for compliance with the host entity network compliance standards; and
transmit the executable file to the third party network;
the third-party network configured to:
receive the executable file;
the third-party network compliance system configured to perform periodically a series of actions, the series of actions comprising:
at the third-party network:
execute the plug-in executable file, the executing testing the third party network for a level of compliance with the host entity network compliance standards;
based, on the executing, generate a log file at the plug-in executable file;
digitally sign the log file using the executable file, wherein the digitally signing converts the log file to an immutable log file; and
in response to the signing, transmit the executable file and the immutable log file to the intermediary entity network; and
at the intermediary entity network:
decipher the immutable log file;
based on the deciphering, generate a readable report;
in response to the deciphering, identifying one or more failures;
when the one or more failures can be repaired automatically in real-time, automatically repairing the one or more failures; and
when the one or more failures require immediate action and cannot be repaired automatically, transmitting a second log file to the host entity network and to the third-party network, the second log file being separate from the log file enabling immediate identification of the failures;
at each subsequent performing of the series of actions, determining whether the one or more failures has been corrected;
identifying that the third-party network is a first third party network and the first third party network is a host to a second third party network; and
following the identifying, performing the series of actions at the second third party network;
wherein each of the host entity network, intermediary entity network and third-party network are computing machines including hardware.