DESC:
FORM 2

THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENTS RULES, 2003

COMPLETE SPECIFICATION
(See section 10 and rule 13)
1. TITLE OF THE INVENTION
METHOD AND SYSTEM FOR SECURING ACCESS TO DATA IN NETWORK
2. APPLICANT(S)
NAME NATIONALITY ADDRESS
JIO PLATFORMS LIMITED INDIAN OFFICE-101, SAFFRON, NR. CENTRE POINT, PANCHWATI 5 RASTA, AMBAWADI, AHMEDABAD 380006, GUJARAT, INDIA
3.PREAMBLE TO THE DESCRIPTION

THE FOLLOWING SPECIFICATION PARTICULARLY DESCRIBES THE NATURE OF THIS INVENTION AND THE MANNER IN WHICH IT IS TO BE PERFORMED.

FIELD OF THE INVENTION
[0001] The present invention relates to the field of data management systems and, more specifically, to provisioning and assigning clear codes or call release reasons (CRR) and field mapping in a network environment.
BACKGROUND OF THE INVENTION
[0002] In modern data-intensive systems, such as telecommunications networks, there exists a vast amount of data that needs to be efficiently managed and accessed by multiple users. One of the challenges faced in such systems is the need to restrict access to specific data subsets for certain user groups while ensuring that the data remains accessible to authorized users.
[0003] Conventional approaches to data management often lack the ability to provide granular control over data access, leading to inefficiencies and security concerns. For instance, in large-scale networks with thousands of Clear Codes/CRRs, it becomes increasingly challenging to prevent unauthorized access to data pertaining to specific subscriber groups, such as very-very important person (VVIP) customers. Additionally, displaying irrelevant or insignificant data to users can result in information overload and hinder effective data analysis.
[0004] Therefore, there is a need for an improved solution that enables the provisioning and assignment of Clear Codes/CRRs and facilitates field mapping at the individual user level. Such a solution would allow for the assignment of different sets of Clear Codes/CRRs and fields to different user groups, ensuring that only relevant data is accessible to each user group. By restricting the visibility of raw data to the users belonging to specific groups, computational time can be reduced, and data analysis efforts can be more focused and efficient.
SUMMARY OF THE INVENTION
[0005] One or more embodiments of the present disclosure provide a system and a method of securing access to data in a network.
[0006] The method includes receiving, by one or more processors, a provisioning configuration applicable to a plurality of user groups of the network, from a user interface. Further, the method includes retrieving, by the one or more processors, provisioning metadata from the provisioning configuration. Further, the method includes storing, by the one or more processors, the provisioning metadata in a database wherein each user group is mapped to a corresponding set of the provisioning metadata.
[0007] In an embodiment, further, the method includes receiving, by the one or more processors, a user request for accessing the data on the network from a user. Further, the method includes retrieving, by the one or more processors, a set of the provisioning metadata from the database based on the user request. The set of the provisioning metadata is mapped with the user group to which the user sending the user request belongs. Further, the method includes determining, by the one or more processors, whether the user is permitted to access the data based on the set of the provisioning metadata. Further, the method includes providing, by the one or more processors, a filtered data to the user based on the set of the provisioning metadata.
[0008] In an embodiment, the provisioning metadata includes one or more call release reasons (CRR), user group information and one or more clear codes.
[0009] In an embodiment, the provisioning metadata indicates accessibility of at least one clear code provided by a user.
[0010] In an embodiment, the filtered data includes data permitted to be accessed by the user as per the relevant provisioning metadata.
[0011] In an embodiment, no data is accessible by an user because of the relevant provisioning metadata.
[0012] In an embodiment, each user group is associated with at least one clear code, and where the clear code indicates a set of data on the network to which the user group is authorized to access.
[0013] In one aspect of the present invention, a system for securing access to data in a network is disclosed. The system includes a user interface configured to receive a provisioning configuration applicable to a plurality of user groups of the network and a user request for accessing the data on the network from a user. Further, the system includes a workflow module configured to receive the provisioning configuration. Further, the workflow module is configured to retrieve provisioning metadata from the provisioning configuration. A database is configured to store the provisioning metadata, where each user group is mapped to a corresponding set of the provisioning metadata.
[0014] In an embodiment, the workflow module is configured to retrieve a set of the provisioning metadata from the database based on the user request. The set of the provisioning metadata is mapped with a user group to which the user sending the user request belongs. Further, the workflow module is configured to determine based on the set of the provisioning metadata whether the user is permitted to access the data. Further, the workflow module is configured to provide a filtered data to the user based on the set of the provisioning metadata.
[0015] In one aspect of the present invention, non-transitory computer-readable medium having stored thereon computer-readable instructions that, when executed by a processor, cause the processor to: retrieve provisioning metadata from the provisioning configuration; store provisioning metadata in a database wherein each user group is mapped to a corresponding set of the provisioning metadata; and receive a user request for accessing the data on the network from a user.
[0016] Other features and aspects of this invention will be apparent from the following description and the accompanying drawings. The features and advantages described in this summary and in the following detailed description are not all-inclusive, and particularly, many additional features and advantages will be apparent to one of ordinary skill in the relevant art, in view of the drawings, specification, and claims hereof. Moreover, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes and may not have been selected to delineate or circumscribe the inventive subject matter, resort to the claims being necessary to determine such inventive subject matter.

BRIEF DESCRIPTION OF THE DRAWINGS
[0017] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale, emphasis instead being placed upon clearly illustrating the principles of the present disclosure. Some drawings may indicate the components using block diagrams and may not represent the internal circuitry of each component. It will be appreciated by those skilled in the art that disclosure of such drawings includes disclosure of electrical components, electronic components or circuitry commonly used to implement such components.
[0018] FIG. 1 is an exemplary block diagram of an environment for securing access to data in a network, according to various embodiments of the present disclosure;
[0019] FIG. 2 is an exemplary schematic representation of a system for securing access to the data in the network, according to one or more embodiments of the present subject matter;
[0020] FIG. 3 is a block diagram of the system for securing access to the data in the network, according to various embodiments of the present disclosure;
[0021] FIG. 4 is an exemplary schematic representation of the environment of FIG. 1 in which various entities operations are explained, according to various embodiments of the present system;
[0022] FIG. 5 shows an exemplary method for securing access to the data in the network, in accordance with the present disclosure; and
[0023] FIG. 6 shows a method of securing access to the data in the network, according to one or more embodiments of the present subject matter.
[0024] Further, skilled artisans will appreciate that elements in the drawings are illustrated for simplicity and may not have necessarily been drawn to scale. For example, the flow charts illustrate the method in terms of the most prominent steps involved to help to improve understanding of aspects of the present invention. Furthermore, in terms of the construction of the device, one or more components of the device may have been represented in the drawings by conventional symbols, and the drawings may show only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the drawings with details that will be readily apparent to those of ordinary skill in the art having benefit of the description herein.
[0025] The foregoing shall be more apparent from the following detailed description of the invention.
DETAILED DESCRIPTION OF THE INVENTION
[0026] Some embodiments of the present disclosure, illustrating all its features, will now be discussed in detail. It must also be noted that as used herein and in the appended claims, the singular forms "a", "an" and "the" include plural references unless the context clearly dictates otherwise.
[0027] Various modifications to the embodiment will be readily apparent to those skilled in the art and the generic principles herein may be applied to other embodiments. However, one of ordinary skill in the art will readily recognize that the present disclosure including the definitions listed here below are not intended to be limited to the embodiments illustrated but is to be accorded the widest scope consistent with the principles and features described herein.
[0028] A person of ordinary skill in the art will readily ascertain that the illustrated steps detailed in the figures and here below are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.
[0029] The terms “user interface” and a “graphical user interface” are used interchangeably in the patent disclosure. The terms “probe workflow module” and “workflow module” are used interchangeably in the patent disclosure.
[0030] Various embodiments of the invention provide a method and a system of securing access to data in a network. The method includes receiving, by one or more processors, a provisioning configuration applicable to a plurality of user groups of the network, from a user interface. Further, the method includes retrieving, by the one or more processors, provisioning metadata from the provisioning configuration. Further, the method includes storing, by the one or more processors, the provisioning metadata in a database wherein each user group is mapped to a corresponding set of the provisioning metadata. Further, the method includes receiving, by the one or more processors, a user request for accessing the data on the network from a user. Further, the method includes retrieving, by the one or more processors, a set of the provisioning metadata from the database based on the user request. The set of the provisioning metadata is mapped with the user group to which the user sending the user request belongs. Further, the method includes determining, by the one or more processors, whether the user is permitted to access the data based on the set of the provisioning metadata. Further, the method includes providing, by the one or more processors, a filtered data to the user based on the set of the provisioning metadata.
[0031] The present invention discloses a system and method for securing access to data in a network, aimed at addressing the challenges associated with managing and controlling access to data in network environments.
[0032] The proposed method and system enables user-specific data provisioning by allowing the assignment of different sets of clear codes or call release reasons (CRR) and fields to different user groups. Thereby ensuring only relevant data is visible to each user group, so as to enhance the data access control and improve the data analysis efficiency. By customizing data access based on user requirements, the proposed method and system reduces information overload and streamlines data processing.
[0033] The system includes a Graphical User Interface (GUI) through which users submit provisioning and mapping requests. These requests are processed by a probe workflow module (aka “workflow module”), which stores the provisioning metadata in the database. The database serves as a repository for user-specific provisioning and mapping information.
[0034] When the user requests data for analysis or monitoring, the workflow module retrieves the relevant provisioning configuration data from the database. The workflow module applies specific checks and filters to the raw data stored in a data storage, furnishing the user with actionable data tailored to their specific user group. This targeted data provision reduces computational time and enhances data analysis capabilities.
[0035] In conclusion, the proposed method provides a novel solution for managing and controlling data access in the network environments. By enabling user-specific provisioning and mapping, the proposed method enhances data access control, reduces information overload, and improves data analysis efficiency.
[0036] FIG. 1 is an exemplary block diagram of an environment 100 for securing access to data in a network 104, according to various embodiments of the present disclosure.
[0037] The environment 100 comprises a plurality of user Equipment’s 102-1, 102-2,……102-n. At least one of the user Equipment 102-n from the plurality of the user Equipment’s 102-1, 102- 2,……102-n may be communicably connected to a system 108
[0038] In accordance with an aspect of the exemplary embodiment, the plurality of user Equipment’s 102-1, 102-2,……102-n may be a wireless device or a communication device that may be a part of the environment 100. The wireless device or the communication device may include, but are not limited to, a handheld wireless communication device (e.g., a mobile phone, a smart phone, a phablet device, and so on), a wearable computer device (e.g., a head-mounted display computer device, a head-mounted camera device, a wristwatch computer device, and so on), a laptop computer, a tablet computer, or another type of portable computer, a media playing device, a portable gaming system, and/or any other type of computer device with wireless communication or VoIP capabilities.
[0039] Further, the plurality of user Equipment’s 102-1, 102-2,……102-n, may be communicably connected with the system 108 over the network 104 through a server 106. The network 104 may use one or more wireless interfaces/protocols such as, for example, 802.11 (Wi-Fi), 802.15 (including Bluetooth™), 802.16 (Wi-Max), 802.22, Cellular standards such as CDMA, CDMA2000, WCDMA, Radio Frequency (e.g., RFID), Infrared, laser, Near Field Magnetics, etc. The network 104 may also include, by way of example but not limitation, at least a portion of one or more networks having one or more nodes that transmit, receive, forward, generate, buffer, store, route, switch, process, or a combination thereof, etc. one or more messages, packets, signals, waves, voltage or current levels, some combination thereof, or so forth. The network 104 may also include, by way of example but not limitation, one or more of a wireless network, a wired network, an internet, an intranet, a public network, a private network, a packet-switched network, a circuit-switched network, an ad hoc network, an infrastructure network, a Public-Switched Telephone Network (PSTN), a cable network, a cellular network, a satellite network, a fiber optic network, a VOIP or some combination thereof.
[0040] The network 104 may include, but is not limited to, a Third Generation (3G), a Fourth Generation (4G), a Fifth Generation (5G), a Sixth Generation (6G), a New Radio (NR), a Narrow Band Internet of Things (NB-IoT), an Open Radio Access Network (O-RAN), a Public Land Mobile Network (PLMN) network, and the like.
[0041] The server 106 can be, for example, but not limited to a standalone server, a server blade, a server rack, a bank of servers, a business telephony application server (BTAS), a server farm, a cloud server, an edge server, home server, a virtualized server, one or more processors executing code to function as a server, or the like. In an implementation, the server 106 may operate at various entities or a single entity (include, but is not limited to, a vendor side, service provider side, a network operator side, a company side, an organization side, a university side, a lab facility side, a business enterprise side, a defense facility side, or any other facility) that provides service.
[0042] The system 108 may comprise a first memory such as a volatile memory (e.g., RAM), non-volatile memory (e.g., disk memory, FLASH memory, EPROMs, etc.), unalterable memory, and/or other types of memory. In one implementation, the first memory might be configured or designed to store data, program instructions. The program instructions might control the operation of an operating system and/or one or more applications. In another implementation the SEPP may be embedded into the first memory. The system 108 may be further configured to enable the plurality of user Equipment’s 102 to request access to the network 104. In accordance with an aspect of the exemplary embodiment, the user equipment 102 and the system 108 may be a part of a first mobile service provider like Reliance-JIO™.
[0043] Operational and construction features of the system 108 will be explained in detail with respect to the following figures.
[0044] FIG. 2 is an exemplary schematic representation of the system 108 for securing access to the data in the network 104, according to one or more embodiments of the present subject matter.
[0045] The system 108 includes a user interface 202 through which users interact with the system 108. The user interface 202 allows the users to submit requests for Clear Codes/CRR provisioning and field mapping based on specific user groups and requirements. The users can input their preferences and configurations, specifying the desired Clear Codes/CRRs and fields relevant to their respective user groups. The call release reasons refer to the specific causes or conditions under which a call is terminated or released prematurely. These reasons can vary depending on the type of network and the circumstances surrounding the call. The call release reasons can be, for example, but not limited to network congestion, quality of service (QoS) issues, handover failure, authentication issues, policy enforcement, emergency service prioritization, maintenance activities, security measures or the like.
[0046] The provisioning and assignment requests from the user interface 202 are thereafter processed by a workflow module 204. The workflow module 204 acts as the core component responsible for managing and handling the provisioning configuration data. The workflow module 204 receives the requests from the user interface 202 and stores the provisioning metadata in a database 206.
[0047] The database 206 serves as the repository for storing user-specific provisioning and mapping information. The database 206 maintains a record of the assigned Clear Codes/CRRs, fields, and corresponding user groups. This data is utilized during subsequent data analysis and monitoring activities. The user groups can be, for example, but not limited to business customers, residential customers, enterprise users, postpaid customers, prepaid customers, international travellers or the like.
[0048] When the user requests data for analysis or monitoring, the request is again made through the user interface 202. The request then flows to the workflow module 204, which retrieves the relevant provisioning configuration data from the database 206. Example of relevant provisioning configuration data can include but is not limited to one or more call release reasons configuration information, user group information configuration data and one or more clear codes configuration data. The workflow module 204 applies specific checks and filters based on the assigned Clear Codes/CRRs and fields to the raw data stored in a data storage. Doing so, ensures that only the pertinent data is made available to the requesting user, streamlining data retrieval and analysis.
[0049] The resulting data, filtered and customized based on the relevant provisioning configuration data, is then furnished to the user through the user interface 202. The user can access the actionable data, troubleshoot issues, and perform necessary analysis within the provided scope, tailored to their specific user group.
[0050] Overall, the system 108 depicted in FIG. 2 effectively addresses the challenges associated with managing and controlling access to Clear Codes/CRRs and field data. By enabling user-specific provisioning and mapping, it provides users with customized and relevant data, enhancing data analysis capabilities and reducing computational time.
[0051] The proposed system 108 enables user-specific data provisioning by allowing the assignment of different sets of Clear Codes/CRRs and fields to different user groups. This ensures that only relevant data is visible to each user group, enhancing data access control and improving data analysis efficiency. By customizing data access based on user requirements, the proposed system 108 reduces information overload and streamlines data processing.
[0052] In conclusion, the Clear Codes/CRR Provisioning & Assignment and Field Mapping invention provides a novel solution for managing and controlling data access in network environments. By enabling user-specific provisioning and mapping, it enhances data access control, reduces information overload, and improves data analysis efficiency.
[0053] FIG. 3 is a block diagram of the system 108 for securing access to the data in the network (104), according to various embodiments of the present disclosure.
[0054] As per the illustrated embodiment, the system 108 includes one or more processors 208, a memory 210, the user interface 202, a display 212, and an input device 214. The one or more processors 208, hereinafter referred to as the processor 208, may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, single board computers, and/or any devices that manipulate signals based on operational instructions. As per the illustrated embodiment, the system 108 includes one processor 208. However, it is to be noted that the system 108 may include multiple processors as per the requirement and without deviating from the scope of the present disclosure.
[0055] The information related to the processor 208 may be provided or stored in the memory 210. Among other capabilities, the processor 208 is configured to fetch and execute computer-readable instructions stored in the memory 210. The memory 210 may be configured to store one or more computer-readable instructions or routines in a non-transitory computer-readable storage medium, which may be fetched and executed to create or share data packets over a network service. The memory 210 may include any non-transitory storage device including, for example, volatile memory such as RAM, or non-volatile memory such as disk memory, EPROMs, FLASH memory, unalterable memory, and the like.
[0056] The information related to the processor 208 may further be configured to render on the user interface 202. The user interface 202 may include functionality similar to at least a portion of functionality implemented by one or more computer system interfaces such as those described herein and/or generally known to one having ordinary skill in the art. The user interface 202 may be rendered on the display 212, implemented using LCD display technology, OLED display technology, and/or other types of conventional display technology. The display 212 may be integrated within the system 108 or connected externally. Further the input device(s) 214 may include, but not limited to, keyboard, buttons, scroll wheels, cursors, touchscreen sensors, audio command interfaces, magnetic strip reader, optical scanner, etc.
[0057] The system 108 further comprises the database 206. The database 206 may be communicably connected to the processor 208, and the memory 210. The database 206 may be configured to store and retrieve data pertaining to features, or services, access rights, attributes, approved list, and authentication data provided by an administrator or a network operator. Further, the system 200 updates/creates/deletes one or more parameters of their information related to the database 206. In another embodiment, the database may be outside the system 108 and communicated through a wired medium and/or a wireless medium.
[0058] Further, the processor 208, in an embodiment, may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processor 208. In the examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processor 208 may be processor-executable instructions stored on a non-transitory machine-readable storage medium and the hardware for the processor 208 may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the memory 210 may store instructions that, when executed by the processing resource, implement the processor 208. In such examples, the user equipment 102 may comprise the memory 210 storing the instructions and the processing resource to execute the instructions, or the memory 210 may be separate but accessible to the user equipment 102 and the processing resource. In other examples, the processor 208 may be implemented by electronic circuitry.
[0059] In order for securing access to data in the network 104, the processor 208 includes a provisioning configuration receiving unit 216, a user request accessing unit 218, a provisioning metadata receiving unit 220 and a filtering unit 222. The processor 208 is coupled with the workflow module 204. The operations and functions of the workflow module 204 are already explained in FIG. 2. Hence, for the sake of brevity, we are not repeating the same information in FIG. 3. In an embodiment, the provisioning configuration receiving unit 216, the user request accessing unit 218, the provisioning metadata receiving unit 220 and the filtered data providing unit 222 are implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processor 208. In the examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processor 208 may be processor-executable instructions stored on a non-transitory machine-readable storage medium and the hardware for the processor may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the memory 210 may store instructions that, when executed by the processing resource, implement the processor. In such examples, the user equipment 102 may comprise the memory 210 storing the instructions and the processing resource to execute the instructions, or the memory 210 may be separate but accessible to the system 200 and the processing resource. In other examples, the processor 208 may be implemented by electronic circuitry.
[0060] The provisioning configuration receiving unit 216 receives the provisioning configuration applicable to the plurality of user groups of the network 104 from the user interface 202. In another embodiment, the provisioning configuration receiving unit 216 receives the provisioning configuration applicable to the plurality of user groups of the network 104 from an Application programming interface (API) based that involved create, read, update, and delete (CRUD) operations on the database (DB) (206). Each user group is associated with at least one clear code, and where the clear code indicates the set of data on the network 104 to which the user group is authorized to access. The set of data is a customer sensitive data (e.g., e-mail address, login identifier, bank account number, PAN number, phone number, personal contact details or the like). For an example, in the view of 4G/5G technology, the clear code typically refers to a specific error correction coding scheme used in the physical layer of the 5G New Radio (NR) standard. The clear code can be, for example, but not limited to a network congestion code, a quality of service (QoS) issues code, a handover failure code, a authentication issues code, a policy enforcement code, an emergency service prioritization code, a maintenance activity code, a security measure code or the like. Further, the provisioning configuration receiving unit 216 retrieves the provisioning metadata from the provisioning configuration. The provisioning metadata includes one or more call release reasons, user group information and one or more clear codes. The provisioning metadata indicates accessibility of at least one clear code by a user, and the CRR is a type of the clear code. Further, the provisioning configuration receiving unit 216 stores the provisioning metadata in the database 206 where each user group is mapped to a corresponding set of the provisioning metadata.
[0061] Further, the user request accessing unit 218 receives the user request for accessing the data on the network from the user. Further, the provisioning metadata receiving unit 220 retrieves the set of the provisioning metadata from the database 206 based on the user request, where the set of the provisioning metadata is mapped with the user group to which the user sending the user request belongs. The user request accesses the data for monitoring purpose or dashboard. So, the request can include data requested, or KPI, or report, or dashboard. The user request might include a user ID and a user group ID. In an example, the user request may include a stored user group based metadata and a user level fields mapping. The stored user group based metadata means the user to user group mapping stored in the database (206). The user level fields mapping means each user mapping with CRR. The database 206 stores a Streaming data record (SDR) data or a Call detailed record (CDR) data that includes CRR/cause codes. The SDRs can be a transaction or procedure in a fifth generation (5G) core network (CN) or a call flow in a fourth generation (4G) network. The SDR can also be a CDR written in network nodes or a debugging record.
[0062] Further, the provisioning metadata receiving unit 220 determines whether the user is permitted to access the data based on the set of the provisioning metadata. Based on the determination, the filtered data providing unit 222 provides the filtered data to the user. The filtered data comprises data permitted to be accessed by the user as per the relevant provisioning metadata. The filtered data providing unit 222 allows for the assignment of different sets of Clear Codes/CRRs and fields to different user groups, ensuring that only pertinent data is visible to each group. This improves data access control and reduces information overload.
[0063] FIG. 4 is an exemplary schematic representation of the environment 400 of FIG. 1 in which various entities operations are explained, according to various embodiments of the present system. It is to be noted that the embodiment with respect to FIG. 4 will be explained with respect to the user equipment 102 and the system 108 for the purpose of description and illustration and should nowhere be construed as limited to the scope of the present disclosure. The same explanation shall apply to multiple user equipment’s 102-1 to 102-n and the system 108.
[0064] The first user equipment 102-1 includes one or more primary processors 405 communicably coupled to the one or more processors 208 of the system 108. The one or more primary processors 405 are coupled with a memory 410 storing instructions which are executed by the one or more primary processors 405. Execution of the stored instructions by the one or more primary processors 405 enables the user equipment to transmit the data via the user interface 202 to the user equipment 102-1 in order to register for a service related to the data.
[0065] As per the illustrated embodiment, the system 108 includes the one or more processors 208, the memory 210, the interface unit 202, the display 212, and the input device 214. The operations and functions of the one or more processors 208, the memory 210, the interface unit 202, the display 212, and the input device 214 are already explained in FIG. 3. For the sake of brevity, we are not explaining the same operations (or repeated information) in the patent disclosure.
[0066] The processor 208 including the provisioning configuration receiving unit 216 receives the provisioning configuration applicable to the plurality of user groups of the network 104 from the user interface 202. Each user group is associated with at least one clear code, and where the clear code indicates the set of data on the network 104 to which the user group is authorized to access. Further, the provisioning configuration receiving unit 216 retrieves the provisioning metadata from the provisioning configuration. The provisioning metadata includes one or more call release reasons , user group information and one or more clear codes. The provisioning metadata indicates accessibility of at least one clear code by a user, and wherein the CRR is a type of a clear code. Further, the provisioning configuration receiving unit 216 stores the provisioning metadata in the database 206 where each user group is mapped to a corresponding set of the provisioning metadata.
[0067] Further, the processor 208 including the user request accessing unit 218 receives the user request for accessing the data on the network from the user. Further, the provisioning metadata receiving unit 220 retrieves the set of the provisioning metadata from the database 206 based on the user request, where the set of the provisioning metadata is mapped with the user group to which the user sending the user request belongs. Further, the provisioning metadata receiving unit 220 determines whether the user is permitted to access the data based on the set of the provisioning metadata. Based on the determination, the filtered data providing unit 222 provides the filtered data to the user. The filtered data comprises data permitted to be accessed by the user as per the relevant provisioning metadata.
[0068] FIG. 5 shows an exemplary method 500 for securing access to data in the network 104, in accordance with the present disclosure.
[0069] At step S502, the method includes receiving the provisioning configuration applicable to the plurality of user groups of the network 104 from the user interface 202. In an embodiment, the method allows the processor 208 to receive the provisioning configuration applicable to the plurality of user groups of the network 104, from the user interface 202.
[0070] At step S504, the method includes retrieving provisioning metadata from the provisioning configuration. In an embodiment, the method allows the processor 208 to retrieve the provisioning metadata from the provisioning configuration.
[0071] At step S506, the method includes storing the provisioning metadata in the database 206 wherein each user group is mapped to the corresponding set of the provisioning metadata. In an embodiment, the method allows the processor 208 to store the provisioning metadata in the database 206 wherein each user group is mapped to a corresponding set of the provisioning metadata.
[0072] At step S508, the method includes receiving the user request for accessing the data on the network 104 from a user. In an embodiment, the method allows the processor 208 to receive the user request for accessing the data on the network 104 from the user.
[0073] At step S510, the method includes retrieving the set of the provisioning metadata from the database 206 based on the user request. The set of the provisioning metadata is mapped with the user group to which the user sending the user request belongs. In an embodiment, the method allows the processor 208 to retrieve the set of the provisioning metadata from the database 206 based on the user request.
[0074] At step S512, the method includes determining whether the user is permitted to access the data based on the set of the provisioning metadata. In an embodiment, the method allows the processor 208 to determine whether the user is permitted to access the data based on the set of the provisioning metadata.
[0075] At step S514, the method includes providing the filtered data to the user based on the set of the provisioning metadata. In an embodiment, the method allows the processors 208 to provide the filtered data to the user based on the set of the provisioning metadata.
[0076] FIG. 6 illustrates a method 600 of securing access to the data in the network 104, according to one or more embodiments of the present subject matter.
[0077] At step 602, the method allows the users for submitting provisioning and field mapping requests via the user interface 202. The users specify their desired Clear Codes/CRRs and fields relevant to their respective user groups. The requests are transmitted to the system's workflow module 204.
[0078] At step 604, the workflow module 204 receives the provisioning and mapping requests and stores the provisioning configuration data in the database 206. The database 206 serves as the repository for user-specific provisioning and mapping information, retaining the assigned Clear Codes/CRRs, fields, and corresponding user groups.
[0079] At step 606, when the user requests data for analysis or monitoring, the request is made through the user interface 202. The request flows to the workflow module 204 triggering the data retrieval process.
[0080] At step 608, the workflow module 204 retrieves the relevant provisioning configuration data from the database 206 based on the user's request. It applies specific checks and filters related to the assigned Clear Codes/CRRs and fields to the raw data stored in a Data Storage. This step ensures that only the data corresponding to the user's provisioned list is considered.
[0081] At step 610, the workflow module 204 furnishes the filtered and relevant data to the requesting user. The user can access the furnished data through the user interface 202, enabling troubleshooting, analysis, and monitoring activities within the assigned scope.
[0082] The proposed method allows for the assignment of different sets of Clear Codes/CRRs and fields to different user groups, ensuring that only pertinent data is visible to each group. This improves data access control and reduces information overload.
[0083] The method presented in FIG. 5 and FIG. 6 effectively address the challenges associated with managing and controlling data access in network environments. By enabling user-specific provisioning and mapping, the method provides users with customized and relevant data, improving data analysis efficiency and reducing computational time.
[0084] In an example, the above system and method may be implemented as a computer system or as a server in a network. Furthermore, the requests for data may be received using a wireless device or the user equipment 102.
[0085] In the above description, a wireless device or a user equipment (UE) may include, but are not limited to, a handheld wireless communication device (e.g., a mobile phone, a smart phone, a phablet device, and so on), a wearable computer device (e.g., a head-mounted display computer device, a head-mounted camera device, a wristwatch computer device, and so on), a Global Positioning System (GPS) device, a laptop computer, a tablet computer, or another type of portable computer, a media playing device, a portable gaming system, and/or any other type of computer device with wireless communication capabilities, and the like. In an embodiment, the UEs may communicate with the system via set of executable instructions residing on any operating system. In an embodiment, the UEs may include, but are not limited to, any electrical, electronic, electro-mechanical or an equipment or a combination of one or more of the above devices such as virtual reality (VR) devices, augmented reality (AR) devices, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, mainframe computer, or any other computing device, wherein the computing device may include one or more in-built or externally coupled accessories including, but not limited to, a visual aid device such as camera, audio aid, a microphone, a keyboard, input devices for receiving input from a user such as touch pad, touch enabled screen, electronic pen and the like. It may be appreciated that the UEs may not be restricted to the mentioned devices and various other devices may be used.
[0086] Furthermore, a system (for example, computing system) may include one or more processors coupled with a memory, wherein the memory may store instructions which when executed by the one or more processors may cause the system to perform offloading/onloading of broadcasting or multicasting content in networks. An exemplary representation of the system for such purpose, in accordance with embodiments of the present disclosure, is shown in FIG. 1. In an embodiment, the system may include one or more processor(s). The one or more processor(s) may be implemented as one or more microprocessors, microcomputers, microcontrollers, edge or fog microcontrollers, digital signal processors, central processing units, logic circuitries, and/or any devices that process data based on operational instructions. Among other capabilities, the one or more processor(s) may be configured to fetch and execute computer-readable instructions stored in a memory of the system. The memory may be configured to store one or more computer-readable instructions or routines in a non-transitory computer readable storage medium, which may be fetched and executed to create or share data packets over a network service. The memory may comprise any non-transitory storage device including, for example, volatile memory such as Random-Access Memory (RAM), or non-volatile memory such as Electrically Erasable Programmable Read-only Memory (EPROM), flash memory, and the like. In an embodiment, the system may include an interface(s). The interface(s) may comprise a variety of interfaces, for example, interfaces for data input and output devices, referred to as input/output (I/O) devices, storage devices, and the like. The interface(s) may facilitate communication for the system. The interface(s) may also provide a communication pathway for one or more components of the system. Examples of such components include, but are not limited to, processing unit/engine(s) and a database. The processing unit/engine(s) may be implemented as a combination of hardware and programming (for example, programmable instructions) to implement one or more functionalities of the processing engine(s). In examples described herein, such combinations of hardware and programming may be implemented in several different ways. For example, the programming for the processing engine(s) may be processor executable instructions stored on a non-transitory machine-readable storage medium and the hardware for the processing engine(s) may comprise a processing resource (for example, one or more processors), to execute such instructions. In the present examples, the machine-readable storage medium may store instructions that, when executed by the processing resource, implement the processing engine(s). In such examples, the system may include the machine-readable storage medium storing the instructions and the processing resource to execute the instructions, or the machine-readable storage medium may be separate but accessible to the system and the processing resource. In other examples, the processing engine(s) may be implemented by electronic circuitry. In an aspect, the database may comprise data that may be either stored or generated as a result of functionalities implemented by any of the components of the processor or the processing engines.
[0087] Yet further, a computer system may include an external storage device, a bus, a main memory, a read-only memory, a mass storage device, communication port(s), and a processor. A person skilled in the art will appreciate that the computer system may include more than one processor and communication ports. The communication port(s) may be any of an RS-232 port for use with a modem-based dialup connection, a 10/100 Ethernet port, a Gigabit or 10 Gigabit port using copper or fiber, a serial port, a parallel port, or other existing or future ports. The communication port(s) may be chosen depending on a network, such a Local Area Network (LAN), Wide Area Network (WAN), or any network to which the computer system connects. The main memory may be random access memory (RAM), or any other dynamic storage device commonly known in the art. The read-only memory may be any static storage device(s) including, but not limited to, a Programmable Read Only Memory (PROM) chips for storing static information e.g., start-up or basic input/output system (BIOS) instructions for the processor. The mass storage device may be any current or future mass storage solution, which may be used to store information and/or instructions. The bus communicatively couples the processor with the other memory, storage, and communication blocks. The bus can be, e.g. a Peripheral Component Interconnect (PCI) / PCI Extended (PCI-X) bus, Small Computer System Interface (SCSI), universal serial bus (USB), or the like, for connecting expansion cards, drives, and other subsystems as well as other buses, such a front side bus (FSB), which connects the processor to the computer system. Optionally, operator and administrative interfaces, e.g. a display, keyboard, and a cursor control device, may also be coupled to the bus to support direct operator interaction with the computer system. Other operator and administrative interfaces may be provided through network connections connected through the communication port(s). In no way should the aforementioned exemplary computer system limit the scope of the present disclosure.
[0088] A person of ordinary skill in the art will readily ascertain that the illustrated embodiments and steps in description and drawings (FIGS.1-6) are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments.
[0089] The present invention offers multiple advantages over the prior art and the above listed are a few examples to emphasize on some of the advantageous features. The listed advantages are to be read in a non-limiting manner.

REFERENCE NUMERALS
[0090] Environment - 100
[0091] User Equipment– 102, 102-1-102-n
[0092] Network - 104
[0093] Server - 106
[0094] System – 108
[0095] User interface – 202
[0096] Workflow module – 204
[0097] Database (DB) - 206
[0098] Processor – 208
[0099] Memory – 210
[00100] Display – 212
[00101] Input device – 214
[00102] Provisioning configuration receiving unit – 216
[00103] User request accessing unit – 218
[00104] Provisioning metadata receiving unit – 220
[00105] Filtered data providing unit – 222
[00106] Environment -400
[00107] Primary processors -405
[00108] Memory Unit– 410
[00109] Interface Module – 415

,CLAIMS:CLAIMS:
We Claim
1. A method of securing access to data in a network (104), the method comprising the steps of:
receiving, by one or more processors (208), a provisioning configuration applicable to a plurality of user groups of the network (104), from a user interface (202);
retrieving, by the one or more processors (208), provisioning metadata from the provisioning configuration; and
storing, by the one or more processors (208), the provisioning metadata in a database (206) wherein each user group is mapped to a corresponding set of the provisioning metadata.

2. The method as claimed in claim 1, wherein the method further comprising the steps of:
receiving, by the one or more processors (208), a user request for accessing the data on the network (104) from a user;
retrieving, by the one or more processors (208), a set of the provisioning metadata from the database (206) based on the user request, wherein the set of the provisioning metadata is mapped with the user group to which the user sending the user request belongs;
determining, by the one or more processors (208), based on the set of the provisioning metadata whether the user is permitted to access the data; and
providing, by the one or more processors (208), a filtered data to the user based on the set of the provisioning metadata.

3. The method as claimed in claim 1, wherein the provisioning metadata comprises one or more user group information and clear codes.

4. The method as claimed in claim 3, wherein the provisioning metadata indicates accessibility of at least one clear code by a user.

5. The method as claimed in claim 2, wherein the filtered data comprises data permitted to be accessed by the user as per the relevant provisioning metadata.

6. A system (108) for securing access to data in a network (104), wherein the system (108) comprises:
a user interface (202) configured to:
receive a provisioning configuration applicable to a plurality of user groups of the network (104); and
a user request for accessing the data on the network (104) from a user;
a workflow module (204) configured to:
receive the provisioning configuration; and
retrieve provisioning metadata from the provisioning configuration; and
a database (206) configured to:
store the provisioning metadata, wherein each user group is mapped to a corresponding set of the provisioning metadata.

7. The system (108) as claimed in claim 6, wherein the workflow module (204) is further configured to:
retrieve a set of the provisioning metadata from the database based on the user request, wherein the set of the provisioning metadata is mapped with a user group to which the user sending the user request belongs;
determine based on the set of the provisioning metadata whether the user is permitted to access the data; and
provide a filtered data to the user based on the set of the provisioning metadata.

8. The system (108) as claimed in claim 6, wherein the provisioning metadata comprises one or more call release reasons, user group information and one or more clear codes.

9. The system (108) as claimed in claim 6, wherein each user group is associated with at least one clear code, and wherein the clear code indicates a set of data on the network to which the user group is authorized to access.

10. The system (108) as claimed in claim 9, wherein the provisioning metadata indicates accessibility of at least one clear code by a user.

11. The system (108) as claimed in claim 6, wherein the filtered data comprises data permitted to be accessed by the user as per the relevant provisioning metadata.

12. A method of securing access to data in a network (104), the method comprising the steps of:
receiving, by one or more processors (208), a user request for accessing the data on the network (104) from a user;
retrieving, by the one or more processors (208), a set of the provisioning metadata from a database (206) based on the user request, wherein the set of the provisioning metadata is mapped with a user group to which the user sending the user request belongs;
determining, by the one or more processors (208), based on the set of the provisioning metadata whether the user is permitted to access the data; and
providing, by the one or more processors (208), a filtered data to the user based on the set of the provisioning metadata.

13. The method as claimed in claim 12, wherein the provisioning metadata is retrieved by:
receiving a provisioning configuration applicable to a plurality of user groups of the network (104), from a user interface (202);
retrieving provisioning metadata from the provisioning configuration; and
storing the provisioning metadata in a database (206) wherein each user group is mapped to a corresponding set of the provisioning metadata.

14. A user equipment (102), comprising:
one or more primary processors (405) communicatively coupled to one or more processors (208), the one or more primary processors (405) coupled with a memory (410), wherein said memory (410) stores instructions which when executed by the one or more primary processors (405) causes the user equipment to:
transmit, a provisioning configuration applicable to a plurality of user groups of the network (104), to the one or more processers (208),
wherein the one or more processors (208) is configured to perform the steps as claimed in claim 1.