Multi-party authorization

This article does not cite any sources. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Multi-party authorization" – news · newspapers · books · scholar · JSTOR (November 2009) (Learn how and when to remove this message)

Template:Wikify is deprecated. Please use a more specific cleanup template as listed in the documentation.

Multi Party Authorization

Multi-Party Authorization (MPA) is a process to protect networks, data centers and industrial control systems from undesirable acts by a malicious insider or inexperienced technician acting alone. MPA requires that a second authorized user approve an action before it is allowed to take place. This pro-actively protects data or systems from an undesirable act.

An advantage MPA has over other methods to protect from undesireable acts by a malicious insider or inexperienced operator is that MPA is pro-active and prevents data or systems from compromise by a single entity acting alone. MPA prevents the initial undesirable act rather than dealing with a breach or compromise after the fact.

Existing methods to protect data and systems from the malicious insider include auditing, job rotation and separation of duties. Auditing is a reactive method meant to discover who did what after the fact. Job rotation and separation of duties are limiting techniques meant to minimize prolonged access to sensitive data or systems in order to limit undesirable acts. In contrast, MPA is a pro-active solution.

Multi-Party Authorization technology can secure the most vulnerable and sensitive activities and data sources from attack by a compromised insider acting alone. It is somewhat analogous to weapons systems that require two individuals to turn two different keys in order to enable the system. One person cannot do it alone. Another example is to consider access to a lock box in a bank. That access requires multiple parties, one the lock box owner and another a bank official. Both individuals act together to access the lock box, while,neither could do so alone. MPA, in like manner, ensures that a second set of eyes reviews and approves critical or sensitive activity before any action takes place.

MPA is suitable for a wide variety applications. MPA can be implemented to protect any type of sensitive data in electronic form or any activity within a network infrastructure or control system. Multi-Party Authorization enables secure proactive protection from undesirable acts by the inexperienced technician or malicious insider

REFERENCES

US Patent 7,519,826, issued: April 14, 2009 for Near Real Time Multi-Party Task Authorization Access Control [1]