HOME

TheInfoList



Click Here for Items Related To - Multi-party authorization
OR:
Multi-party authorization on:   [Wikipedia]   [Google]   [Amazon]

{{Short description, Software protection protocol Multi-party authorization (MPA) is a process to protect a
telecommunications network A telecommunications network is a group of Node (networking), nodes interconnected by telecommunications links that are used to exchange messages between the nodes. The links may use a variety of technologies based on the methodologies of circuit ...
,
data center A data center is a building, a dedicated space within a building, or a group of buildings used to house computer systems and associated components, such as telecommunications and storage systems. Since IT operations are crucial for busines ...
or
industrial control system An industrial control system (ICS) is an electronic control system and associated instrumentation used for industrial process control. Control systems can range in size from a few modular panel-mounted controllers to large interconnected and in ...
from undesirable acts by a malicious insider or inexperienced technician acting alone. MPA requires that a second authorized user approve an action before it is allowed to take place. This pro-actively protects data or systems from an undesirable act.


Architecture

Existing methods to protect data and systems from the malicious insider include
auditing An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon." Auditing al ...
,
job rotation Job rotation is the lateral transfer of employees between jobs in an organization without a change in their hierarchical rank or salary grade. Rotated employees usually do not remain in these jobs permanently and may also not return to former jobs. ...
and
separation of duties Separation of duties (SoD), also known as segregation of duties, is the concept of having more than one person required to complete a task. It is an administrative control used by organisations to prevent fraud, sabotage, theft, misuse of informa ...
. Auditing is a reactive method meant to discover who did what after the fact. Job rotation and separation of duties are limiting techniques meant to minimize prolonged access to sensitive data or systems in order to limit undesirable acts. In contrast, MPA is a pro-active solution. An advantage MPA has over other methods to protect from undesirable acts by a malicious insider or inexperienced operator is that MPA is pro-active and prevents data or systems from compromise by a single entity acting alone. MPA prevents the initial undesirable act rather than dealing with a breach or compromise after the fact.


Application

Multi-party authorization technology can secure the most vulnerable and sensitive activities and data sources from attack by a compromised insider acting alone. It is somewhat analogous to weapons systems that require two individuals to turn two different keys in order to enable the system. One person cannot do it alone. Another example is to consider access to a lock box in a bank. That access requires multiple parties, one the lock box owner and another a bank official. Both individuals act together to access the lock box, while neither could do so alone. MPA, in like manner, ensures that a second set of eyes reviews and approves of activity involving critical or sensitive data or systems before the action takes place. Multi-party authorization is suitable for a wide variety of applications. MPA can be implemented to protect any type of sensitive data in electronic form or any activity within a network infrastructure or computerized control system. An
electronic health record An electronic health record (EHR) is the systematized collection of electronically stored patient and population health information in a digital format. These records can be shared across different health care settings. Records are shared thro ...
is an example of a data record that could be protected by MPA. Multi-party authorization provides pro-active protection from undesirable acts by the inexperienced technician or malicious insider.


References

US Patent 7,519,826, issued: April 14, 2009 for
"Near Real Time Multi-Party Task Authorization Access Control"


Further reading

IT BusinessEdge, Nov 25, 200
"Protecting From the Malicious Insider: Multi Party Authorization"
Data security