Multi-party authorization
   HOME

TheInfoList



Click Here for Items Related To - Multi-party authorization
OR:
Multi-party authorization on:   [Wikipedia]   [Google]   [Amazon]

Multi-party authorization (MPA) is a process to protect a telecommunications network,
data center A data center (American English) or data centre (British English)See spelling differences. is a building, a dedicated space within a building, or a group of buildings used to house computer systems and associated components, such as telecommunic ...
or industrial control system from undesirable acts by a malicious insider or inexperienced technician acting alone. MPA requires that a second authorized user approve an action before it is allowed to take place. This pro-actively protects data or systems from an undesirable act.


Architecture

Existing methods to protect data and systems from the malicious insider include
auditing An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon.” Auditing ...
,
job rotation Job rotation is a technique used by some employers to rotate their employees' assigned jobs throughout their employment. Employers practice this technique for a number of reasons. It was designed to promote flexibility of employees and to keep em ...
and separation of duties. Auditing is a reactive method meant to discover who did what after the fact. Job rotation and separation of duties are limiting techniques meant to minimize prolonged access to sensitive data or systems in order to limit undesirable acts. In contrast, MPA is a pro-active solution. An advantage MPA has over other methods to protect from undesirable acts by a malicious insider or inexperienced operator is that MPA is pro-active and prevents data or systems from compromise by a single entity acting alone. MPA prevents the initial undesirable act rather than dealing with a breach or compromise after the fact.


Application

Multi-party authorization technology can secure the most vulnerable and sensitive activities and data sources from attack by a compromised insider acting alone. It is somewhat analogous to weapons systems that require two individuals to turn two different keys in order to enable the system. One person cannot do it alone. Another example is to consider access to a lock box in a bank. That access requires multiple parties, one the lock box owner and another a bank official. Both individuals act together to access the lock box, while neither could do so alone. MPA, in like manner, ensures that a second set of eyes reviews and approves of activity involving critical or sensitive data or systems before the action takes place. Multi-party authorization is suitable for a wide variety of applications. MPA can be implemented to protect any type of sensitive data in electronic form or any activity within a network infrastructure or computerized control system. An
electronic health record An electronic health record (EHR) is the systematized collection of patient and population electronically stored health information in a digital format. These records can be shared across different health care settings. Records are shared throu ...
is an example of a data record that could be protected by MPA. Multi-party authorization provides pro-active protection from undesirable acts by the inexperienced technician or malicious insider.


References

US Patent 7,519,826, issued: April 14, 2009 for
"Near Real Time Multi-Party Task Authorization Access Control"


Further reading

IT BusinessEdge, Nov 25, 200
"Protecting From the Malicious Insider: Multi Party Authorization"
Data security