System and method for implementing a two-person access rule using mobile devices
First Claim
Patent Images
1. A method for granting access to a resource, comprising:
- by a central access authorization system, receiving from an access control broker agent a request for a grant of authorization for a requestor to access a resource, the request including request information about the requestor and the resource;
by the central access authorization system, in response to the receiving the request for the grant of authorization, applying a set of stored authorization rules covering the request information;
wherein the set of stored authorization rules being based at least in part on a sensitivity of the resource;
wherein applying the set of stored authorization rules being to select a type of person-to-person communication session between a mobile device of the requestor and a mobile device of an authorizing user required for the grant of authorization;
wherein the type of person-to-person communication session required for the grant of authorization is selected from a group including a texting communication session used for resources of routine sensitivity, a real-time audio communication session used for resources of intermediate sensitivity, and a real-time video communication session used for resources of critical sensitivity;
by the central authorization system, establishing a person-to-person communication session for the grant of authorization between the mobile devices of the requestor and the authorizing user;
providing to the authorizing user additional information not covered by the set of stored authorization rules;
by the central access authorization system, after the providing the additional information to the authorizing user, receiving from an authorizer mobile app running on the mobile device of the authorizing user, a manual request to establish a real-time video person-to-person communications session between the mobile device of the requestor and the mobile device of the authorizing user;
by the central access authorization system, in response to the manual request, establishing the real-time video person-to person communications connection between the mobile device of the requestor and the mobile device of the authorizing user, permitting the requestor and the authorizing user to communicate in real-time;
by the central access authorization system, subsequent to the establishing the real-time video person-to-person communications session, receiving an authorization message from the authorizer mobile app; and
by the central access authorization system, based on the authorization message and based on the set of stored authorization rules, transmitting to the access control broker agent a message granting access to the resource by the requestor.
1 Assignment
0 Petitions
Accused Products
Abstract
A system using mobile devices and a network provides access authentication, authorization and accounting to computing resources using a two-person access rule solution approach. A central access control server coordinates a rule-based authorization process in which a requesting user and one or more authorizing users are engaged in real-time communications to facilitate approved access to a sensitive resource. The technique utilizes mobile cellular interfaces and location service technologies, while also providing traditional security control measures of voice and visual verification of user identities.
28 Citations
13 Claims
-
1. A method for granting access to a resource, comprising:
-
by a central access authorization system, receiving from an access control broker agent a request for a grant of authorization for a requestor to access a resource, the request including request information about the requestor and the resource; by the central access authorization system, in response to the receiving the request for the grant of authorization, applying a set of stored authorization rules covering the request information; wherein the set of stored authorization rules being based at least in part on a sensitivity of the resource; wherein applying the set of stored authorization rules being to select a type of person-to-person communication session between a mobile device of the requestor and a mobile device of an authorizing user required for the grant of authorization; wherein the type of person-to-person communication session required for the grant of authorization is selected from a group including a texting communication session used for resources of routine sensitivity, a real-time audio communication session used for resources of intermediate sensitivity, and a real-time video communication session used for resources of critical sensitivity; by the central authorization system, establishing a person-to-person communication session for the grant of authorization between the mobile devices of the requestor and the authorizing user; providing to the authorizing user additional information not covered by the set of stored authorization rules; by the central access authorization system, after the providing the additional information to the authorizing user, receiving from an authorizer mobile app running on the mobile device of the authorizing user, a manual request to establish a real-time video person-to-person communications session between the mobile device of the requestor and the mobile device of the authorizing user; by the central access authorization system, in response to the manual request, establishing the real-time video person-to person communications connection between the mobile device of the requestor and the mobile device of the authorizing user, permitting the requestor and the authorizing user to communicate in real-time; by the central access authorization system, subsequent to the establishing the real-time video person-to-person communications session, receiving an authorization message from the authorizer mobile app; and by the central access authorization system, based on the authorization message and based on the set of stored authorization rules, transmitting to the access control broker agent a message granting access to the resource by the requestor. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A central access authorization system comprising:
-
a processor; a wide area network interface connected to the processor; and a computer readable storage device having stored thereon computer readable instructions that, when executed by the processor, cause the processor to perform operations comprising; receiving from an access control broker agent a request for a grant of authorization for a requestor to access a resource, the request including request information about the requestor and the resource; retrieving a set of stored authorization rules covering the request information; in response to the receiving the request for the grant of authorization, applying a set of stored authorization rules covering the request information; wherein the set of stored authorization rules being based at least in part on a sensitivity of the resource; wherein applying the set of stored authorization rules being to select a type of person-to-person communication session between a mobile device of the requestor and a mobile device of an authorizing user required for the grant of authorization; wherein the type of person-to-person communication session required for the grant of authorization is selected from a croup including a texting communication session used for resources of routine sensitivity, a real-time audio communication session used for resources of intermediate sensitivity, and a real-time video communication session used for resources of critical sensitivity; establishing a person-to-person communication session for the grant of authorization between the mobile devices of the requestor and the authorizing user; providing to the authorizing user additional information not covered by the set of stored authorization rules; after the providing the additional information to the authorizing user, receiving from an authorizer mobile app running on the mobile device of the authorizing user, a manual request to establish a real-time video person-to person communications session between the mobile device of the requestor and the mobile device of the authorizing user; in response to the manual request, establishing the real-time video person-to person communications connection between the mobile device of the requestor and the mobile device of the authorizing user, permitting the requestor and the authorizing user to communicate in real-time; subsequent to the establishing the real-time video person-to-person communications session, receiving an authorization message from the authorizer mobile app; and based on the authorization message and based on the set of stored authorization rules, transmitting to the access control broker agent a message granting access to the resource by the requestor. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A tangible computer-readable medium having stored thereon computer readable instructions for granting access to a resource, wherein execution of the computer readable instructions by a processor causes the processor to perform operations comprising:
-
receiving from an access control broker agent a request for a grant of authorization for a requestor to access a resource, the request including request information about the requestor and the resource; in response to the receiving the request for the grant of authorization, applying a set of stored authorization rules covering the request information; wherein the set of stored authorization rules being based at least in part on a sensitivity of the resource; wherein applying the set of stored authorization rules being to select a type of person-to-person communication session between a mobile device of the requestor and a mobile device of an authorizing user required for the grant of authorization; wherein the type of person-to-person communication session required for the grant of authorization is selected from a group including a texting communication session used for resources of routine sensitivity, a real-time audio communication session used for resources of intermediate sensitivity, and a real-time video communication session used for resources of critical sensitivity; establishing a person-to-person communication session for the grant of authorization between the mobile devices of the requestor and the authorizing user; providing to the authorizing user additional information not covered by the set of stored authorization rules; after the providing the additional information to the authorizing user, receiving from an authorizer mobile app running on the mobile device of the authorizing user, a manual request to establish a real-time video person-to person communications session between the mobile device of the requestor and the mobile device of the authorizing user; in response to the manual request, establishing the real-time video person-to person communications connection between the mobile device of the requestor and the mobile device of the authorizing user, permitting the requestor and the authorizing user to communicate in real-time; subsequent to the establishing the real-time video person-to-person communications session, receiving via a secure connection an authorization message from the authorizer mobile app; and based on the authorization message and based on the set of stored authorization rules, transmitting to the access control broker agent a message granting access to the resource by the requestor. - View Dependent Claims (12, 13)
-
Specification