System And Method For Implementing A Two-Person Access Rule Using Mobile Devices
First Claim
Patent Images
1. A method for granting access to a resource, comprising:
- by a central access authorization system, receiving from an access control broker agent a request to grant authorization for a requestor to access a resource;
by the central access authorization system, establishing a real-time person-to person communications connection between a mobile device of the requestor and a mobile device of an authorizing user, permitting the requestor and the authorizing user to verbally converse in real-time;
by the central access authorization system, subsequent to the real-time person-to-person communications, receiving an authorization message from an authorizer mobile app running on the mobile device of the authorizing user; and
by the central access authorization system, based on the authorization message and based on rules associated with the resource, transmitting to the access control broker a message granting access to the resource by the requestor.
1 Assignment
0 Petitions
Accused Products
Abstract
A system using mobile devices and a network provides access authentication, authorization and accounting to computing resources using a two-person access rule solution approach. A central access control server coordinates a rule-based authorization process in which a requesting user and one or more authorizing users are engaged in real-time communications to facilitate approved access to a sensitive resource. The technique utilizes mobile cellular interfaces and location service technologies, while also providing traditional security control measures of voice and visual verification of user identities.
-
Citations
20 Claims
-
1. A method for granting access to a resource, comprising:
-
by a central access authorization system, receiving from an access control broker agent a request to grant authorization for a requestor to access a resource; by the central access authorization system, establishing a real-time person-to person communications connection between a mobile device of the requestor and a mobile device of an authorizing user, permitting the requestor and the authorizing user to verbally converse in real-time; by the central access authorization system, subsequent to the real-time person-to-person communications, receiving an authorization message from an authorizer mobile app running on the mobile device of the authorizing user; and by the central access authorization system, based on the authorization message and based on rules associated with the resource, transmitting to the access control broker a message granting access to the resource by the requestor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A central access authorization system comprising:
-
a processor; a wide area network interface connected to the processor; and a computer readable storage device having stored thereon computer readable instructions that, when executed by the processor, cause the processor to perform operations comprising; receiving from an access control broker agent a request to grant authorization for a requestor to access a resource; retrieving authorization rules associated with the resource; establishing a real-time person-to person communications connection between a mobile device of the requestor and a mobile device of an authorizing user, permitting the requestor and the authorizing user to verbally converse in real-time; subsequent to the real-time person-to-person communications, receiving an authorization message from an authorizer mobile app running on the mobile device of the authorizing user; and based on the authorization message and based on the authorization rules associated with the resource, transmitting to the access control broker a message granting access to the resource by the requestor. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A tangible computer-readable medium having stored thereon computer readable instructions for granting access to a resource, wherein execution of the computer readable instructions by a processor causes the processor to perform operations comprising:
-
receiving from an access control broker agent a request to grant authorization for a requestor to access a resource; establishing a real-time person-to person communications connection between a mobile device of the requestor and a mobile device of an authorizing user, permitting the requestor and the authorizing user to verbally converse in real-time; subsequent to the real-time person-to-person communications, receiving via a secure connection an authorization message from an authorizer mobile app running on the mobile device of the authorizing user; and based on the authorization message and based on rules associated with the resource, transmitting to the access control broker a message granting access to the resource by the requestor. - View Dependent Claims (18, 19, 20)
-
Specification