From Surf Wiki (app.surf) — the open knowledge base
Multi-party authorization
Software protection protocol
Software protection protocol
Multi-party authorization (MPA) is a process to protect a telecommunications network, data center or industrial control system from undesirable acts by a malicious insider or inexperienced technician acting alone. MPA requires that a second authorized user approve an action before it is allowed to take place. This pro-actively protects data or systems from an undesirable act.
Architecture
Existing methods to protect data and systems from the malicious insider include auditing, job rotation and separation of duties. Auditing is a reactive method meant to discover who did what after the fact. Job rotation and separation of duties are limiting techniques meant to minimize prolonged access to sensitive data or systems in order to limit undesirable acts. In contrast, MPA is a pro-active solution.
An advantage MPA has over other methods to protect from undesirable acts by a malicious insider or inexperienced operator is that MPA is pro-active and prevents data or systems from compromise by a single entity acting alone. MPA prevents the initial undesirable act rather than dealing with a breach or compromise after the fact.
Application
Multi-party authorization technology can secure the most vulnerable and sensitive activities and data sources from attack by a compromised insider acting alone. It is somewhat analogous to weapons systems that require two individuals to turn two different keys in order to enable the system. One person cannot do it alone. Another example is to consider access to a lock box in a bank. That access requires multiple parties, one the lock box owner and another a bank official. Both individuals act together to access the lock box, while neither could do so alone. MPA, in like manner, ensures that a second set of eyes reviews and approves of activity involving critical or sensitive data or systems before the action takes place.
Multi-party authorization is suitable for a wide variety of applications. MPA can be implemented to protect any type of sensitive data in electronic form or any activity within a network infrastructure or computerized control system. An electronic health record is an example of a data record that could be protected by MPA. Multi-party authorization provides pro-active protection from undesirable acts by the inexperienced technician or malicious insider.
References
US Patent 7,519,826, issued: April 14, 2009 for "Near Real Time Multi-Party Task Authorization Access Control"
This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page.
Ask Mako anything about Multi-party authorization — get instant answers, deeper analysis, and related topics.
Research with MakoFree with your Surf account
Create a free account to save articles, ask Mako questions, and organize your research.
Sign up freeThis content may have been generated or modified by AI. CloudSurf Software LLC is not responsible for the accuracy, completeness, or reliability of AI-generated content. Always verify important information from primary sources.
Report