SYSTEM AND METHOD ENABLING MULTIPARTY AND MULTI LEVEL AUTHORIZATIONS FOR ACCESSING CONFIDENTIAL INFORMATION

摘要

Disclosed is a method and system for enabling multi-party and multi level authorizations for accessing confidential information. A first set of access privilege levels, a first set of credentials, a second set of access privilege levels and a second set of credentials are configured corresponding to a plurality of services. A service consumer may be identified using an identifier and thereafter authorized to issue a request for a service based upon authentication of the service consumer using an access privilege level of the first set of access privilege levels and a credential of the first set of credentials. After the authentication, an OTAT is generated. A service provider may be authenticated using the OTAT, an access privilege level of the second set of access privilege levels and a credential of the second set of credentials. The service provider is then authorized to access the confidential information of the service consumer.

主权项

1. A method enabling multi-party and multi-level authorizations for accessing confidential information, the method comprising:
configuring, by a processor, a plurality of services, a first set of access privilege levels, a first set of credentials corresponding to the first set of access privilege levels, a second set of access privilege levels and a second set of credentials corresponding to the second set of access privilege levels, wherein the first set of access privilege levels and the second set of privilege levels are associated with the plurality of services, and wherein at least one access privilege level of the first set of access privilege levels and at least one credential of the first set of credentials are provided to one or more service consumers for requesting one or more services of the plurality of services, and wherein at least one access privilege level of the second set of access privilege levels and at least one credential of the second set of credentials are provided to a service provider to serve the one or more services requested by the one or more service consumers; identifying, by the processor, the one or more service consumers based upon a unique identifier associated with the one or more service consumers; receiving, by the processor, a service request from the one or more service consumers, after the identification, for facilitating one or more services of the plurality of services; authenticating, by the processor, the one or more service consumers based upon an access privilege level, of the first set of access privilege levels, configured for the service and a credential, of the first set of credentials, corresponding to the access privilege level of the first set of access privilege levels; generating, by the processor, a One Time Authorization Token (OTAT) corresponding to the one or more services requested by the one more service consumers after the authorization of the one or more service consumers; authenticating, by the processor, the service provider based on the OTAT, an access privilege level of the second set of access privilege levels and a credential, of the second set of credentials, corresponding to the access privilege level of the second set of access privilege levels; and authorizing, by the processor, the service provider to access confidential information, associated with the one or more service consumers, required for serving the service request from the one or more service consumers, wherein the access is provided to the service provider until the service request is served or a validity time associated with the OTAT is expired.