System and method for implementing a two-person access rule using mobile devices
First Claim
Patent Images
1. A method for granting access to a resource, comprising:
- by an access control broker agent, transmitting to a central access authorization system a request to grant authorization for a requesting user to access a resource, the request causing the central access authorization system to transmit via a secure data connection to an authorizer mobile app running on an authorizing user mobile device, an identity of the requesting user and an identity of the resource, the request further causing the central access authorization system to establish a real-time person-to person communications connection between a mobile device of the requestor and the authorizing user mobile device, permitting the requesting user and the authorizing user to verbally converse in real-time;
by the access control broker agent, receiving from the central access authorization system a message granting access to the resource by the requesting user, the message being based on based on rules associated with the resource and further based on an authorization message received by the central access authorization system via the secure data connection from the authorizer mobile app subsequent to the real-time person-to-person communications.
1 Assignment
0 Petitions
Accused Products
Abstract
A system using mobile devices and a network provides access authentication, authorization and accounting to computing resources using a two-person access rule solution approach. A central access control server coordinates a rule-based authorization process in which a requesting user and one or more authorizing users are engaged in real-time communications to facilitate approved access to a sensitive resource. The technique utilizes mobile cellular interfaces and location service technologies, while also providing traditional security control measures of voice and visual verification of user identities.
-
Citations
20 Claims
-
1. A method for granting access to a resource, comprising:
-
by an access control broker agent, transmitting to a central access authorization system a request to grant authorization for a requesting user to access a resource, the request causing the central access authorization system to transmit via a secure data connection to an authorizer mobile app running on an authorizing user mobile device, an identity of the requesting user and an identity of the resource, the request further causing the central access authorization system to establish a real-time person-to person communications connection between a mobile device of the requestor and the authorizing user mobile device, permitting the requesting user and the authorizing user to verbally converse in real-time; by the access control broker agent, receiving from the central access authorization system a message granting access to the resource by the requesting user, the message being based on based on rules associated with the resource and further based on an authorization message received by the central access authorization system via the secure data connection from the authorizer mobile app subsequent to the real-time person-to-person communications. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An access control broker agent comprising:
-
a processor; a network interface connected to the processor; and a computer readable storage device having stored thereon computer readable instructions that, when executed by the processor, cause the processor to perform operations comprising; transmitting via the network interface to a central access authorization system a request to grant authorization for a requesting user to access a resource, the request causing the central access authorization system to transmit via a secure data connection to an authorizer mobile app running on an authorizing user mobile device, an identity of the requesting user and an identity of the resource, the request further causing the central access authorization system to establish a real-time person-to person communications connection between a mobile device of the requestor and the authorizing user mobile device, permitting the requesting user and the authorizing user to verbally converse in real-time; receiving via the network interface from the central access authorization system a message granting access to the resource by the requesting user, the message being based on based on rules associated with the resource and further based on an authorization message received by the central access authorization system via the secure data connection from the authorizer mobile app subsequent to the real-time person-to-person communications. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer readable storage device having stored thereon computer readable instructions for granting access to a resource, wherein execution of the computer readable instructions by a processor causes the processor to perform operations comprising:
-
by an access control broker agent, transmitting to a central access authorization system a request to grant authorization for a requesting user to access a resource, the request causing the central access authorization system to establish a secure data connection to an authorizer mobile app running on an authorizing user mobile device, and to transmit via the secure data connection an identity of the requesting user and an identity of the resource, the request further causing the central access authorization system to establish a real-time person-to person communications connection between a mobile device of the requestor and the authorizing user mobile device, permitting the requesting user and the authorizing user to verbally converse in real-time; by the access control broker agent, receiving from the central access authorization system a message granting access to the resource by the requesting user, the message being based on based on rules associated with the resource and further based on an authorization message received by the central access authorization system via the secure data connection from the authorizer mobile app subsequent to the real-time person-to-person communications. - View Dependent Claims (18, 19, 20)
-
Specification