System and method for implementing a two-person access rule using mobile devices
First Claim
Patent Images
1. A method for granting access to a resource, comprising:
- by a central access authorization system, receiving from an access control broker agent a request for a grant of authorization for a requestor to access a resource, the request including request information about the requestor and the resource;
by the central access authorization system, in response to the receiving the request for the grant of authorization, applying a set of stored authorization rules covering the request information;
wherein the set of stored authorization rules being based at least in part on a sensitivity of the resource;
wherein applying the set of stored authorization rules being to select a type of person-to-person communication session between a mobile device of the requestor and a mobile device of an authorizing user required for the grant of authorization;
wherein the type of person-to-person communication session required for the grant of authorization is selected from a group including a texting communication session used for resources of routine sensitivity, a real-time audio communication session used for resources of intermediate sensitivity, and a real-time video communication session used for resources of critical sensitivity;
by the central authorization system, establishing a person-to-person communication session for the grant of authorization between the mobile devices of the requestor and the authorizing user;
providing to the authorizing user additional information not covered by the set of stored authorization rules;
by the central access authorization system, after the providing the additional information to the authorizing user, receiving from an authorizer mobile app running on the mobile device of the authorizing user, a manual request to establish a real-time video person-to-person communications session between the mobile device of the requestor and the mobile device of the authorizing user;
by the central access authorization system, in response to the manual request, establishing the real-time video person-to person communications connection between the mobile device of the requestor and the mobile device of the authorizing user, permitting the requestor and the authorizing user to communicate in real-time;
by the central access authorization system, subsequent to the establishing the real-time video person-to-person communications session, receiving an authorization message from the authorizer mobile app; and
by the central access authorization system, based on the authorization message and based on the set of stored authorization rules, transmitting to the access control broker agent a message granting access to the resource by the requestor.
1 Assignment
0 Petitions
Accused Products
Abstract
A system using mobile devices and a network provides access authentication, authorization and accounting to computing resources using a two-person access rule solution approach. A central access control server coordinates a rule-based authorization process in which a requesting user and one or more authorizing users are engaged in real-time communications to facilitate approved access to a sensitive resource. The technique utilizes mobile cellular interfaces and location service technologies, while also providing traditional security control measures of voice and visual verification of user identities.
-
Citations
13 Claims
-
1. A method for granting access to a resource, comprising:
-
by a central access authorization system, receiving from an access control broker agent a request for a grant of authorization for a requestor to access a resource, the request including request information about the requestor and the resource; by the central access authorization system, in response to the receiving the request for the grant of authorization, applying a set of stored authorization rules covering the request information; wherein the set of stored authorization rules being based at least in part on a sensitivity of the resource; wherein applying the set of stored authorization rules being to select a type of person-to-person communication session between a mobile device of the requestor and a mobile device of an authorizing user required for the grant of authorization; wherein the type of person-to-person communication session required for the grant of authorization is selected from a group including a texting communication session used for resources of routine sensitivity, a real-time audio communication session used for resources of intermediate sensitivity, and a real-time video communication session used for resources of critical sensitivity; by the central authorization system, establishing a person-to-person communication session for the grant of authorization between the mobile devices of the requestor and the authorizing user; providing to the authorizing user additional information not covered by the set of stored authorization rules; by the central access authorization system, after the providing the additional information to the authorizing user, receiving from an authorizer mobile app running on the mobile device of the authorizing user, a manual request to establish a real-time video person-to-person communications session between the mobile device of the requestor and the mobile device of the authorizing user; by the central access authorization system, in response to the manual request, establishing the real-time video person-to person communications connection between the mobile device of the requestor and the mobile device of the authorizing user, permitting the requestor and the authorizing user to communicate in real-time; by the central access authorization system, subsequent to the establishing the real-time video person-to-person communications session, receiving an authorization message from the authorizer mobile app; and by the central access authorization system, based on the authorization message and based on the set of stored authorization rules, transmitting to the access control broker agent a message granting access to the resource by the requestor. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A central access authorization system comprising:
-
a processor; a wide area network interface connected to the processor; and a computer readable storage device having stored thereon computer readable instructions that, when executed by the processor, cause the processor to perform operations comprising; receiving from an access control broker agent a request for a grant of authorization for a requestor to access a resource, the request including request information about the requestor and the resource; retrieving a set of stored authorization rules covering the request information; in response to the receiving the request for the grant of authorization, applying a set of stored authorization rules covering the request information; wherein the set of stored authorization rules being based at least in part on a sensitivity of the resource; wherein applying the set of stored authorization rules being to select a type of person-to-person communication session between a mobile device of the requestor and a mobile device of an authorizing user required for the grant of authorization; wherein the type of person-to-person communication session required for the grant of authorization is selected from a croup including a texting communication session used for resources of routine sensitivity, a real-time audio communication session used for resources of intermediate sensitivity, and a real-time video communication session used for resources of critical sensitivity; establishing a person-to-person communication session for the grant of authorization between the mobile devices of the requestor and the authorizing user; providing to the authorizing user additional information not covered by the set of stored authorization rules; after the providing the additional information to the authorizing user, receiving from an authorizer mobile app running on the mobile device of the authorizing user, a manual request to establish a real-time video person-to person communications session between the mobile device of the requestor and the mobile device of the authorizing user; in response to the manual request, establishing the real-time video person-to person communications connection between the mobile device of the requestor and the mobile device of the authorizing user, permitting the requestor and the authorizing user to communicate in real-time; subsequent to the establishing the real-time video person-to-person communications session, receiving an authorization message from the authorizer mobile app; and based on the authorization message and based on the set of stored authorization rules, transmitting to the access control broker agent a message granting access to the resource by the requestor. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A tangible computer-readable medium having stored thereon computer readable instructions for granting access to a resource, wherein execution of the computer readable instructions by a processor causes the processor to perform operations comprising:
-
receiving from an access control broker agent a request for a grant of authorization for a requestor to access a resource, the request including request information about the requestor and the resource; in response to the receiving the request for the grant of authorization, applying a set of stored authorization rules covering the request information; wherein the set of stored authorization rules being based at least in part on a sensitivity of the resource; wherein applying the set of stored authorization rules being to select a type of person-to-person communication session between a mobile device of the requestor and a mobile device of an authorizing user required for the grant of authorization; wherein the type of person-to-person communication session required for the grant of authorization is selected from a group including a texting communication session used for resources of routine sensitivity, a real-time audio communication session used for resources of intermediate sensitivity, and a real-time video communication session used for resources of critical sensitivity; establishing a person-to-person communication session for the grant of authorization between the mobile devices of the requestor and the authorizing user; providing to the authorizing user additional information not covered by the set of stored authorization rules; after the providing the additional information to the authorizing user, receiving from an authorizer mobile app running on the mobile device of the authorizing user, a manual request to establish a real-time video person-to person communications session between the mobile device of the requestor and the mobile device of the authorizing user; in response to the manual request, establishing the real-time video person-to person communications connection between the mobile device of the requestor and the mobile device of the authorizing user, permitting the requestor and the authorizing user to communicate in real-time; subsequent to the establishing the real-time video person-to-person communications session, receiving via a secure connection an authorization message from the authorizer mobile app; and based on the authorization message and based on the set of stored authorization rules, transmitting to the access control broker agent a message granting access to the resource by the requestor. - View Dependent Claims (12, 13)
-
Specification