Multi-party authentication and authorization
First Claim
1. A non-transitory computer-readable medium embodying a program executable in a first client computing device, the program, when executed by the first client computing device, being configured to cause the first client computing device to at least:
- receive an access request from a first user to access secured data stored on the first client computing device, wherein the first client computing device has a display, the first user is using the first client computing device by interacting with a user interface rendered on the display, and the first user has access to other data stored on the first client computing device when the access request is received;
determine that an authorization from a second user is required to grant the access request;
send an authorization request to a second client computing device associated with the second user;
receive the authorization by the second user from the second client computing device; and
facilitate access by the first user to the secured data in response to the authorization.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are various examples for multi-party authentication and authentication. In one example, a user who forgets a password can gain access to secured data stored by a managed device by way of an authorization by one or more other users. This access can be granted even if the managed device is in an off-line mode or if a management server cannot be reached. In another example, access to secured data can depend upon authorization by a minimum quantity of other users. The authorization can involve an explicit approval or disapproval. Alternatively, the authorization can correspond to the presence of the minimum quantity of other users within a threshold proximity of the user who desires access.
8 Citations
20 Claims
-
1. A non-transitory computer-readable medium embodying a program executable in a first client computing device, the program, when executed by the first client computing device, being configured to cause the first client computing device to at least:
-
receive an access request from a first user to access secured data stored on the first client computing device, wherein the first client computing device has a display, the first user is using the first client computing device by interacting with a user interface rendered on the display, and the first user has access to other data stored on the first client computing device when the access request is received; determine that an authorization from a second user is required to grant the access request; send an authorization request to a second client computing device associated with the second user; receive the authorization by the second user from the second client computing device; and facilitate access by the first user to the secured data in response to the authorization. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system, comprising:
-
a client computing device; and a management agent executable by the client computing device, the management agent configured to cause the client computing device to at least; receive an access request from a first user to access secured data stored on the client computing device, wherein the client computing device has a display, the first user is using the client computing device by interacting with a user interface rendered on the display, and the first user has access to other data stored on the client computing device when the access request is received; determine that access by the first user to the secured data requires a respective authorization from each of a minimum quantity of a set of second users; send a respective authorization request to at least one of the set of second users; determine that the respective authorizations have been received from the minimum quantity of the set of second users; and facilitate access by the first user to the secured data in response to determining that the respective authorizations have been received from the minimum quantity of the set of second users. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method, comprising:
-
receiving an access request from a first user to access secured data stored on a first client computing device, wherein the first client computing device has a display, the first user is using the first client computing device by interacting with a user interface rendered on the display, and the first user has access to other data stored on the first client computing device when the access request is received; determining that an authorization from a second user is required to grant the access request; sending an authorization request to a second client computing device associated with the second user; receiving the authorization by the second user from the second client computing device; and facilitating access by the first user to the secured data in response to the authorization. - View Dependent Claims (17, 18, 19, 20)
-
Specification