Dynamic increase in the authorization of user, for a controlled duration of time based on trust bits
Publication Date: 2016-Oct-06
The IP.com Prior Art Database
This article describes a method by which temporary privileges can be bestowed on a trusted person in the situations where the primary privileged/authorized responder might not be available. This article also describes the method to identify such a trusted person whose privileges can be boosted temporarily.
Page 01 of 3
Dynamic increase in the authorization of user , for a controlled duration of time based on trust bits
Described is a method by which a trusted person is identified whose privileges can be boosted temporarily in the absence of the primary authorized personnel. Many access control systems restrict access to a resource. But these systems do not take emergency situations into account. Often, situations in real life are not as easy to foresee or handle in the virtual world. They are not easy to foresee nor handle as there can be innumerable reasons that can lead to an emergency situation. And the system in place might not be designed to handle all (unforeseen) emergency situations.
Examples of such situations in the Information technology world is when the secondary administrator does not have enough privileges as the primary administrator, to issue backup of a degrading system, onto a remote server. Such a need for the secondary user to initiate a backup might arise when the primary authorized user is not able to connect to the system to take the required backup of the system.
Examples of such situations in real life is when a doctor is unavailable to prescribe the required medicine/dosage or to perform a procedure on the patient and the on duty intern or nurse lacks the required privileges to do so. In Industries when the coolers/coolants need to be increased due to a sudden rise in the equipment temperatures and the primary authorized user is not readily available.
There are many more examples that can be cited both in real life and in the virtual where such emergency or urgent situations might occur. There might be counter measures present which try to mitigate the impact. But counter measures are only effective when the problems are foreseen. And as described earlier not all problems can be foreseen.
The idea brought about in this paper, is to temporarily elevate the privileges of a candidate user. The candidate user is chosen based on certain "trust" criteria.
The core idea of the method is as follows:
1. Identify the authorized personnel hierarchy in the system.
2. Over a period of time, assign trust values for each member in this hierarchy (upon satisfying some criteria)
3. Identify the lack of authorized personnel to do the job.
4. Identify the secondary personnel present in the system to do the job.
5. Elevate privileges of the secondary personnel for a specific period of time (until the required action is complete).
The main advantage of the idea is to do away with a dedicated backup person and let a subordinate take charge of matters for a limited duration of time. The temporary elevation of privileges of a user is done being within the purview of the access control system in place.
The first step involves, the system creating an authorized user/role hierarchy. To elaborate, consider a hospital system which consists of the financial section, and the core medical sections. Then the hierarchy structure will contain a structur...