System and method for implementing a two-person access rule using mobile devices

US 9,621,556 B2
Filed: 11/18/2015
Issued: 04/11/2017
Est. Priority Date: 11/21/2013
Status: Active Grant

First Claim

Patent Images

1. A method for granting access to a resource, comprising:

by an access control broker agent, transmitting to a central access authorization system a request to grant authorization for a requesting user to access a resource, the request causing the central access authorization system to transmit via a secure data connection to an authorizer mobile app running on an authorizing user mobile device, an identity of the requesting user and an identity of the resource, the request further causing the central access authorization system to establish a real-time person-to person communications connection between a mobile device of the requestor and the authorizing user mobile device, permitting the requesting user and the authorizing user to verbally converse in real-time;

by the access control broker agent, receiving from the central access authorization system a message granting access to the resource by the requesting user, the message being based on based on rules associated with the resource and further based on an authorization message received by the central access authorization system via the secure data connection from the authorizer mobile app subsequent to the real-time person-to-person communications.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system using mobile devices and a network provides access authentication, authorization and accounting to computing resources using a two-person access rule solution approach. A central access control server coordinates a rule-based authorization process in which a requesting user and one or more authorizing users are engaged in real-time communications to facilitate approved access to a sensitive resource. The technique utilizes mobile cellular interfaces and location service technologies, while also providing traditional security control measures of voice and visual verification of user identities.

Citations

20 Claims

1. A method for granting access to a resource, comprising:
- by an access control broker agent, transmitting to a central access authorization system a request to grant authorization for a requesting user to access a resource, the request causing the central access authorization system to transmit via a secure data connection to an authorizer mobile app running on an authorizing user mobile device, an identity of the requesting user and an identity of the resource, the request further causing the central access authorization system to establish a real-time person-to person communications connection between a mobile device of the requestor and the authorizing user mobile device, permitting the requesting user and the authorizing user to verbally converse in real-time;
  
  by the access control broker agent, receiving from the central access authorization system a message granting access to the resource by the requesting user, the message being based on based on rules associated with the resource and further based on an authorization message received by the central access authorization system via the secure data connection from the authorizer mobile app subsequent to the real-time person-to-person communications.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1,wherein the authorization message contains mobile app geolocation data pertaining to the authorizing user mobile device;
    - andwherein the rules associated with the resource include a rule pertaining to the geolocation data.
  - 3. The method of claim 1, wherein the real-time person-to-person communications connection between the mobile device of the requestor and the authorizing user mobile device is selected from a voice connection and a video connection based on the rules associated with the resource.
  - 4. The method of claim 1,wherein the authorization message contains mobile app geolocation data pertaining to the mobile device of the requestor;
    - andwherein the rules associated with the resource include a rule pertaining to the geolocation data.
  - 5. The method of claim 1, wherein the message granting access to the resource by the requesting user is further based on a determination by the central access authorization system of a biometric indicator from the real-time person-to-person communications connection between the mobile device of the requestor and the authorizing user mobile device.
  - 6. The method of claim 1, wherein the real-time person-to-person communications connection between the mobile device of the requestor and the authorizing user mobile device is a voice connection.
  - 7. The method of claim 1, wherein the real-time person-to-person communications connection between the mobile device of the requestor and the authorizing user mobile device is a video connection.
  - 8. The method of claim 1, wherein the request to grant authorization further causes the central access authorization system to transmit via the secure data connection to the authorizer mobile app running on the authorizing user mobile device a digitally signed contact message including an authorization request session identifier generated by the central access authorization system for processing the request.

9. An access control broker agent comprising:
- a processor;
  
  a network interface connected to the processor; and
  
  a computer readable storage device having stored thereon computer readable instructions that, when executed by the processor, cause the processor to perform operations comprising;
  
  transmitting via the network interface to a central access authorization system a request to grant authorization for a requesting user to access a resource, the request causing the central access authorization system to transmit via a secure data connection to an authorizer mobile app running on an authorizing user mobile device, an identity of the requesting user and an identity of the resource, the request further causing the central access authorization system to establish a real-time person-to person communications connection between a mobile device of the requestor and the authorizing user mobile device, permitting the requesting user and the authorizing user to verbally converse in real-time;
  
  receiving via the network interface from the central access authorization system a message granting access to the resource by the requesting user, the message being based on based on rules associated with the resource and further based on an authorization message received by the central access authorization system via the secure data connection from the authorizer mobile app subsequent to the real-time person-to-person communications.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The access control broker agent of claim 9,wherein the authorization message contains mobile app geolocation data pertaining to the authorizing user mobile device;
    - andwherein the rules associated with the resource include a rule pertaining to the geolocation data.
  - 11. The access control broker agent of claim 9, wherein the real-time person-to-person communications connection between the mobile device of the requestor and the authorizing user mobile device is selected from a voice connection and a video connection based on the rules associated with the resource.
  - 12. The access control broker agent of claim 9,wherein the authorization message contains mobile app geolocation data pertaining to the mobile device of the requestor;
    - andwherein the rules associated with the resource include a rule pertaining to the geolocation data.
  - 13. The access control broker agent of claim 9,wherein the message granting access to the resource by the requesting user is further based on a determination by the central access authorization system of a biometric indicator from the real-time person-to-person communications connection between the mobile device of the requestor and the authorizing user mobile device.
  - 14. The access control broker agent of claim 9, wherein the real-time person-to-person communications connection between the mobile device of the requestor and the authorizing user mobile device is a voice connection.
  - 15. The access control broker agent of claim 9, wherein the real-time person-to-person communications connection between the mobile device of the requestor and the authorizing user mobile device is a video connection.
  - 16. The access control broker agent of claim 9, wherein the request to grant authorization further causes the central access authorization system to transmit via the secure data connection to the authorizer mobile app running on the authorizing user mobile device a digitally signed contact message including an authorization request session identifier generated by the central access authorization system for processing the request.

17. A computer readable storage device having stored thereon computer readable instructions for granting access to a resource, wherein execution of the computer readable instructions by a processor causes the processor to perform operations comprising:
- by an access control broker agent, transmitting to a central access authorization system a request to grant authorization for a requesting user to access a resource, the request causing the central access authorization system to establish a secure data connection to an authorizer mobile app running on an authorizing user mobile device, and to transmit via the secure data connection an identity of the requesting user and an identity of the resource, the request further causing the central access authorization system to establish a real-time person-to person communications connection between a mobile device of the requestor and the authorizing user mobile device, permitting the requesting user and the authorizing user to verbally converse in real-time;
  
  by the access control broker agent, receiving from the central access authorization system a message granting access to the resource by the requesting user, the message being based on based on rules associated with the resource and further based on an authorization message received by the central access authorization system via the secure data connection from the authorizer mobile app subsequent to the real-time person-to-person communications.
- View Dependent Claims (18, 19, 20)
- - 18. The computer readable storage device of claim 17,wherein the authorization message contains mobile app geolocation data pertaining to the authorizing user mobile device;
    - andwherein the rules associated with the resource include a rule pertaining to the geolocation data.
  - 19. The computer readable storage device of claim 17, wherein the real-time person-to-person communications connection between the mobile device of the requestor and the authorizing user mobile device is selected from a voice connection and a video connection based on the rules associated with the resource.
  - 20. The computer readable storage device of claim 17,wherein the authorization message contains mobile app geolocation data pertaining to the mobile device of the requestor;
    - andwherein the rules associated with the resource include a rule pertaining to the geolocation data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Horton, Michael R.
Primary Examiner(s)
Magloire, Vladimir
Assistant Examiner(s)
TACSIK, ERNEST G

Application Number

US14/944,560
Publication Number

US 20160072812A1
Time in Patent Office

510 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0861   using biometrical features,...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

H04L 63/12   Applying verification of th...

H04L 63/20   for managing network securi...

H04L 65/1069   Session establishment or de...

H04W 12/088   using filters or firewalls

H04W 4/02   Services making use of loca...

System and method for implementing a two-person access rule using mobile devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for implementing a two-person access rule using mobile devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links