Search

US-12621228-B1 - Data transformation techniques for event data in multi-system computing environments

US12621228B1US 12621228 B1US12621228 B1US 12621228B1US-12621228-B1

Abstract

An event restraint-delivery computing system receives event data in a high-volume event stream from source computing systems. For each event data object in the high-volume event data stream, the event restraint-delivery computing system identifies at least one event data object subset associated with a respective recipient computing system. The event restraint-delivery computing system withholds the event data object subset from the respective recipient computing system based on restraint status data for the event data object subset. Based on a change in the respective restraint status data, such as a change indicating that the event data object subset is modified to fulfill a trigger criterion, the event restraint-delivery computing system provides the event data object subset to the respective recipient computing system. In addition, the respective recipient computing system performs a computing function based on event data in the event data object subset.

Inventors

  • Sukesh Kumar
  • Lalit Kataria

Assignees

  • EQUIFAX INC.

Dates

Publication Date
20260505
Application Date
20250610

Claims (17)

  1. 1 . A method of coordinating high-volume streams of event data, the method including operations executed by at least one processor, the operations comprising: monitoring a high-volume event data stream that includes multiple event data objects generated via multiple source computing systems, wherein each monitored event data object in the monitored high-volume event data stream is compared to multiple sets of criteria, wherein each particular set of criteria is associated with a respective recipient system in a group of multiple recipient computing systems, wherein each one of the multiple recipient computing systems is excluded from the multiple source computing systems, and wherein the multiple sets of criteria include a) a first set of criteria associated with a first recipient computing system and b) a second set of criteria associated with a second recipient computing system; identifying, from the monitored high-volume event data stream, an event data object subset (“EDO subset”) in which each event data object identified for inclusion in the EDO subset matches the first set of criteria; during an evaluation of restraint status data of the EDO subset, withholding the EDO subset from the first recipient computing system associated with the first set of criteria, wherein the first recipient computing system is excluded from the multiple source computing systems; responsive to identifying a change in the restraint status data of the EDO subset, providing the EDO subset to the first recipient computing system, wherein the first recipient computing system is configured to perform one or more computing functions based on the EDO subset; and responsive to determining that each event data object identified for inclusion in the EDO subset fails to match the second set of criteria, withholding the EDO subset from the second recipient computing system.
  2. 2 . The method of claim 1 , further comprising: performing the evaluation of the restraint status data of the EDO subset, wherein the evaluation includes one or more of: determining an elapsed time calculated from an identification of a first event data object included in the EDO subset, determining, in the EDO subset, a quantity of event data objects received from a particular group of source computing systems, or identifying from the monitored high-volume event data stream an additional event data object for inclusion in the EDO subset.
  3. 3 . The method of claim 1 , wherein the one or more computing functions that the first recipient computing system is configured to perform include at least one of: fraud detection, identity verification, restricting access to digital data by an additional computing device, or restricting access by the additional computing device to an online service.
  4. 4 . The method of claim 1 , further comprising: modifying a ledger data repository to include, for each monitored event data object in the monitored high-volume event data stream, an event-specific data record indicating an occurrence of each monitored event data object, wherein modifying the ledger data repository occurs during the monitoring of the high-volume event data stream.
  5. 5 . The method of claim 1 , further comprising: determining a first transformation technique associated with the first recipient computing system; and modifying the EDO subset based on the first transformation technique, wherein providing the EDO subset to the first recipient computing system includes providing the modified EDO subset to the first recipient computing system.
  6. 6 . The method of claim 5 , wherein the first transformation technique includes one or more of: an encryption technique, a communication channel selection technique, or a data value normalization technique.
  7. 7 . The method of claim 1 , further comprising: applying, to each monitored event data object in the monitored high-volume event data stream, a trained machine-learning model that is configured to: a) determine one or more characteristics of each monitored event data object, and b) based on the one or more characteristics, determine classification output data of each monitored event data object, wherein the first set of criteria includes at least one criterion indicating a particular classification outcome determined for each event data object identified for inclusion in the EDO subset.
  8. 8 . An event restraint-delivery computing system comprising: a processing device; and a memory device in which instructions executable by the processing device are stored for causing the processing device to perform operations comprising: monitoring a high-volume event data stream that includes multiple event data objects generated via multiple source computing systems, wherein each monitored event data object in the monitored high-volume event data stream is compared to multiple sets of criteria, wherein each particular set of criteria is associated with a respective recipient system in a group of multiple recipient computing systems, wherein each one of the multiple recipient computing systems is excluded from the multiple source computing systems, and wherein the multiple sets of criteria include a) a first set of criteria associated with a first recipient computing system and b) a second set of criteria associated with a second recipient computing system, identifying, from the monitored high-volume event data stream, an event data object subset (“EDO subset”) in which each event data object identified for inclusion in the EDO subset matches the first set of criteria; during an evaluation of restraint status data of the EDO subset, withholding the EDO subset from the first recipient computing system associated with the first set of criteria; responsive to identifying a change in the restraint status data of the EDO subset, providing the EDO subset to the first recipient computing system, wherein the first recipient computing system is configured to perform one or more computing functions based on the EDO subset; and responsive to determining that each event data object identified for inclusion in the EDO subset fails to match the second set of criteria, withholding the EDO subset from the second recipient computing system.
  9. 9 . The event restraint-delivery computing system of claim 8 , the operations further comprising: performing the evaluation of the restraint status data of the EDO subset, wherein the evaluation includes one or more of: determining an elapsed time calculated from an identification of a first event data object included in the EDO subset, determining, in the EDO subset, a quantity of event data objects received from a particular group of the multiple source computing systems, or identifying from the monitored high-volume event data stream an additional event data object for inclusion in the EDO subset.
  10. 10 . The event restraint-delivery computing system of claim 8 , the operations further comprising: modifying a ledger data repository to include, for each monitored event data object in the monitored high-volume event data stream, an event-specific data record indicating an occurrence of each monitored event data object, wherein modifying the ledger data repository occurs during the monitoring of the high-volume event data stream.
  11. 11 . The event restraint-delivery computing system of claim 8 , the operations further comprising: determining a first transformation technique associated with the first recipient computing system; and modifying the EDO subset based on the first transformation technique, wherein providing the EDO subset to the first recipient computing system includes providing the modified EDO subset to the first recipient computing system.
  12. 12 . The event restraint-delivery computing system of claim 8 , the operations further comprising: applying, to each monitored event data object in the monitored high-volume event data stream, a trained machine-learning model that is configured to: a) determine one or more characteristics of each monitored event data object, and b) based on the one or more characteristics, determine classification output data of each monitored event data object, wherein the first set of criteria includes at least one criterion indicating a particular classification outcome determined for each event data object identified for inclusion in the EDO subset.
  13. 13 . A non-transitory computer-readable storage medium having program code that is executable by a processor device to cause a computing device to perform operations, the operations comprising: monitoring a high-volume event data stream that includes multiple event data objects generated via multiple source computing systems, wherein each monitored event data object in the monitored high-volume event data stream is compared to multiple sets of criteria, wherein each particular set of criteria is associated with a respective recipient system in a group of multiple recipient computing systems, wherein each one of the multiple recipient computing systems is excluded from the multiple source computing systems, and wherein the multiple sets of criteria include a) a first set of criteria associated with a first recipient computing system and b) a second set of criteria associated with a second recipient computing system; identifying, from the monitored high-volume event data stream, an event data object subset (“EDO subset”) in which each event data object identified for inclusion in the EDO subset matches the first set of criteria; during an evaluation of restraint status data of the EDO subset, withholding the EDO subset from the first recipient computing system associated with the first set of criteria, wherein the first recipient computing system is excluded from the multiple source computing systems; responsive to identifying a change in the restraint status data of the EDO subset, providing the EDO subset to the first recipient computing system, wherein the first recipient computing system is configured to perform one or more computing functions based on the EDO subset; and responsive to determining that each event data object identified for inclusion in the EDO subset fails to match the second set of criteria, withholding the EDO subset from the second recipient computing system.
  14. 14 . The non-transitory computer-readable storage medium of claim 13 , the operations further comprising: performing the evaluation of the restraint status data of the EDO subset, wherein the evaluation includes one or more of: determining an elapsed time calculated from an identification of a first event data object included in the EDO subset, determining, in the EDO subset, a quantity of event data objects received from a particular group of the multiple source computing systems, or identifying from the monitored high-volume event data stream an additional event data object for inclusion in the EDO subset.
  15. 15 . The non-transitory computer-readable storage medium of claim 13 , the operations further comprising: modifying a ledger data repository to include, for each monitored event data object in the monitored high-volume event data stream, an event-specific data record indicating an occurrence of each monitored event data object, wherein modifying the ledger data repository occurs during the monitoring of the high-volume event data stream.
  16. 16 . The non-transitory computer-readable storage medium of claim 13 , the operations further comprising: determining a first transformation technique associated with the first recipient computing system; and modifying the EDO subset based on the first transformation technique, wherein the providing the EDO subset to the first recipient computing system includes providing the modified EDO subset to the first recipient computing system.
  17. 17 . The non-transitory computer-readable storage medium of claim 13 , the operations further comprising: applying, to each monitored event data object in the monitored high-volume event data stream, a trained machine-learning model that is configured to: a) determine one or more characteristics of each monitored event data object, and b) based on the one or more characteristics, determine classification output data of each monitored event data object, wherein the first set of criteria includes at least one criterion indicating a particular classification outcome determined for each event data object identified for inclusion in the EDO subset.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application is a continuation of U.S. application Ser. No. 19/191,573, filed Apr. 28, 2025, entitled “DATA TRANSFORMATION TECHNIQUES FOR EVENT DATA IN MULTI-SYSTEM COMPUTING ENVIRONMENTS”, the disclosure of which is hereby incorporated by reference. TECHNICAL FIELD This disclosure relates generally to the field of transformation and delivery of event data, and more specifically relates to techniques to withhold high-volume event data in a multi-system computing environment. BACKGROUND In a shared computing environment, multiple source computing systems can generate event data, such as event data describing requests that are handled by one or more applications that are implemented via the source computing systems. In some cases, the event data is provided to one or more recipient computing systems for performance of additional computing functions, such as recipient applications configured to utilize transformed event data for determining system usage statistics, potential fraud events, or other types of multi-system output data based on event data from large quantities of source computing systems (e.g., hundreds of systems, thousands of systems, etc.). In some contemporary approaches, each source computing system that generates event data is also configured to implement its own transformation techniques for event data, such as modifying event data to have a particular format or encryption type for a particular recipient computing system. In this type of contemporary approach, each particular source computing system maintains information about all transformation techniques for all recipient computing system that receive the event data from the particular source computing system. In some cases, this contemporary approach causes a high amount of inefficiency in a computing environment that includes large quantities of source computing systems (e.g., hundreds of systems or more), as each particular source computing system that generates event data is also configured to implement respective transformation techniques for each recipient computing system that receives the event data. Inefficiencies in the contemporary approach can include code duplication across multiple source computing systems, a relatively high error rate among duplicated code, or reduced security for recipient computing systems that receive event data that is inconsistently transformed among multiple source computing systems. SUMMARY Various aspects of the present disclosure involve coordinating, among multiple computing systems, multiple subsets of event data objects identified from a high-volume event data stream in a computing environment. According to certain embodiments, a method includes monitoring a high-volume event data stream. The high-volume event data stream includes multiple event data objects. Each event data object in the high-volume event data stream is compared to a first set of criteria. The method further includes identifying, from the monitored high-volume event data stream, a subset of event data objects. Each event data object identified for inclusion in the subset of event data objects matches the first set of criteria. The method further includes withholding the subset of event data objects from a first recipient computing system associated with the first set of criteria. The subset of event data objects is withheld during an evaluation of restraint status data of the subset of event data objects. The method further includes providing the subset of event data objects to the first recipient computing system, responsive to identifying a change in the restraint status data of the subset of event data objects. The first recipient computing system is configured to perform one or more computing functions based on the subset of event data objects. According to certain embodiments, an event restraint-delivery computing system comprises a processing device and a memory device in which instructions executable by the processing device are stored for causing the processing device to perform operations. The operations comprise monitoring a high-volume event data stream. The high-volume event data stream includes multiple event data objects. Each event data object in the high-volume event data stream is compared to a first set of criteria. The operations further comprise identifying, from the monitored high-volume event data stream, a subset of event data objects. Each event data object identified for inclusion in the subset of event data objects matches the first set of criteria. The operations further comprise withholding the subset of event data objects from a first recipient computing system associated with the first set of criteria. The subset of event data objects is withheld during an evaluation of restraint status data of the subset of event data objects. The operations further comprise providing the subset of event data objects to the first recipient computing system, responsive to