System And Method For Implementing A Two-Person Access Rule Using Mobile Devices

US 20170163656A1
Filed: 02/24/2017
Published: 06/08/2017
Est. Priority Date: 11/21/2013
Status: Active Grant

First Claim

Patent Images

1. A method for granting access to a resource, comprising:

by a central access authorization system, receiving from an access control broker agent a request to grant authorization for a requestor to access a resource;

by the central access authorization system, establishing a real-time person-to person communications connection between a mobile device of the requestor and a mobile device of an authorizing user, permitting the requestor and the authorizing user to verbally converse in real-time;

by the central access authorization system, subsequent to the real-time person-to-person communications, receiving an authorization message from an authorizer mobile app running on the mobile device of the authorizing user; and

by the central access authorization system, based on the authorization message and based on rules associated with the resource, transmitting to the access control broker a message granting access to the resource by the requestor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system using mobile devices and a network provides access authentication, authorization and accounting to computing resources using a two-person access rule solution approach. A central access control server coordinates a rule-based authorization process in which a requesting user and one or more authorizing users are engaged in real-time communications to facilitate approved access to a sensitive resource. The technique utilizes mobile cellular interfaces and location service technologies, while also providing traditional security control measures of voice and visual verification of user identities.

Citations

20 Claims

1. A method for granting access to a resource, comprising:
- by a central access authorization system, receiving from an access control broker agent a request to grant authorization for a requestor to access a resource;
  
  by the central access authorization system, establishing a real-time person-to person communications connection between a mobile device of the requestor and a mobile device of an authorizing user, permitting the requestor and the authorizing user to verbally converse in real-time;
  
  by the central access authorization system, subsequent to the real-time person-to-person communications, receiving an authorization message from an authorizer mobile app running on the mobile device of the authorizing user; and
  
  by the central access authorization system, based on the authorization message and based on rules associated with the resource, transmitting to the access control broker a message granting access to the resource by the requestor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - receiving from the authorizer mobile app geolocation data pertaining to the mobile device of the authorizing user; and
      
      wherein the rules associated with the resource include a rule requiring the geolocation data to indicate an expected location of the authorizing user before the access to the resource is granted.
  - 3. The method of claim 1 wherein the real-time person-to-person communications connection between the mobile device of the requestor and the mobile device of the authorizing user is selected from a voice connection and a video connection based on the rules associated with the resource.
  - 4. The method of claim 1 wherein the method further comprises:
    - receiving geolocation data pertaining to the mobile device of the requestor; and
      
      wherein the rules associated with the resource include a rule requiring the geolocation data to indicate an expected location of the requestor before the access to the resource is granted.
  - 5. The method of claim 1 further comprising:
    - by the central access authorization system, determining a biometric indicator from the real-time person-to-person communications connection between the mobile device of the requestor and the mobile device of the authorizing user; and
      
      wherein the rules associated with the resource include a rule requiring the biometric indicator to identify one of the requestor and the authorizing user before the access to the resource is granted.
  - 6. The method of claim 1 wherein the real-time person-to-person communications connection is a voice connection.
  - 7. The method of claim 1 wherein the real-time person-to-person communications connection is a video connection.
  - 8. The method of claim 1, further comprising:
    - by the central access authorization system, generating an authorization request session identifier for processing the request to grant authorization for a requestor to access a resource;
      
      transmitting to the authorizer mobile app a digitally signed contact message including the authorization request session identifier.

9. A central access authorization system comprising:
- a processor;
  
  a wide area network interface connected to the processor; and
  
  a computer readable storage device having stored thereon computer readable instructions that, when executed by the processor, cause the processor to perform operations comprising;
  
  receiving from an access control broker agent a request to grant authorization for a requestor to access a resource;
  
  retrieving authorization rules associated with the resource;
  
  establishing a real-time person-to person communications connection between a mobile device of the requestor and a mobile device of an authorizing user, permitting the requestor and the authorizing user to verbally converse in real-time;
  
  subsequent to the real-time person-to-person communications, receiving an authorization message from an authorizer mobile app running on the mobile device of the authorizing user; and
  
  based on the authorization message and based on the authorization rules associated with the resource, transmitting to the access control broker a message granting access to the resource by the requestor.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The central access authorization system of claim 9, wherein the operations further comprise:
    - receiving from the authorizer mobile app geolocation data pertaining to the mobile device of the authorizing user; and
      
      wherein the rules associated with the resource include a rule requiring the geolocation data to indicate an expected location of the authorizing user before the access to the resource is granted.
  - 11. The central access authorization system of claim 9 wherein the real-time person-to-person communications connection between the mobile device of the requestor and the mobile device of the authorizing user is selected from a voice connection and a video connection based on the rules associated with the resource.
  - 12. The central access authorization system of claim 9 wherein the operations further comprise:
    - receiving geolocation data pertaining to the mobile device of the requestor; and
      
      wherein the rules associated with the resource include a rule requiring the geolocation data to indicate an expected location of the requestor before the access to the resource is granted.
  - 13. The central access authorization system of claim 9 wherein the operations further comprise:
    - by the central access authorization system, determining a biometric indicator from the real-time person-to-person communications connection between the mobile device of the requestor and the mobile device of the authorizing user; and
      
      wherein the rules associated with the resource include a rule requiring the biometric indicator to identify one of the requestor and the authorizing user before the access to the resource is granted.
  - 14. The central access authorization system of claim 9 wherein the real-time person-to-person communications connection is a voice connection.
  - 15. The central access authorization system of claim 9 wherein the real-time person-to-person communications connection is a video connection.
  - 16. The central access authorization system of claim 9, wherein the operations further comprise:
    - generating an authorization request session identifier for processing the request to grant authorization for a requestor to access a resource; and
      
      transmitting to the authorizer mobile app a digitally signed contact message including the authorization request session identifier.

17. A tangible computer-readable medium having stored thereon computer readable instructions for granting access to a resource, wherein execution of the computer readable instructions by a processor causes the processor to perform operations comprising:
- receiving from an access control broker agent a request to grant authorization for a requestor to access a resource;
  
  establishing a real-time person-to person communications connection between a mobile device of the requestor and a mobile device of an authorizing user, permitting the requestor and the authorizing user to verbally converse in real-time;
  
  subsequent to the real-time person-to-person communications, receiving via a secure connection an authorization message from an authorizer mobile app running on the mobile device of the authorizing user; and
  
  based on the authorization message and based on rules associated with the resource, transmitting to the access control broker a message granting access to the resource by the requestor.
- View Dependent Claims (18, 19, 20)
- - 18. The tangible computer-readable medium of claim 17, wherein the operations further comprise:
    - receiving from the authorizer mobile app geolocation data pertaining to the mobile device of the authorizing user; and
      
      wherein the rules associated with the resource include a rule requiring the geolocation data to indicate an expected location of the authorizing user before the access to the resource is granted.
  - 19. The tangible computer-readable medium of claim 17 wherein the real-time person-to-person communications connection between the mobile device of the requestor and the mobile device of the authorizing user is selected from a voice connection and a video connection based on the rules associated with the resource.
  - 20. The tangible computer-readable medium of claim 17 wherein the operations further comprise:
    - receiving geolocation data pertaining to the mobile device of the requestor; and
      
      wherein the rules associated with the resource include a rule requiring the geolocation data to indicate an expected location of the requestor before the access to the resource is granted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Horton, Michael R.

Granted Patent

US 10,419,435 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0861   using biometrical features,...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

H04L 63/12   Applying verification of th...

H04L 63/20   for managing network securi...

H04L 65/1069   Session establishment or de...

H04W 12/088   using filters or firewalls

H04W 4/02   Services making use of loca...

System And Method For Implementing A Two-Person Access Rule Using Mobile Devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System And Method For Implementing A Two-Person Access Rule Using Mobile Devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links