| CPC G06F 21/45 (2013.01) [G06F 21/604 (2013.01)] | 20 Claims |
|
1. A system comprising:
one or more processors; and
logic encoded in one or more non-transitory computer-readable storage media for execution by the one or more processors and when executed operable to cause the one or more processors to perform operations comprising:
implementing a real-time decision engine comprising a location-aware privileged account access module and a privileged session module operating in conjunction with a conditional access proxy and a distributed event streaming platform;
receiving, at the real-time decision engine from a mobile device via the conditional access proxy, an access request for privileged credentials;
accessing one or more predetermined conditional access policies at the real-time decision engine;
receiving location data associated with the mobile device as transmitted to the real-time decision engine;
performing, by the real-time decision engine, a plurality of location-aware verification checks comprising a client-side verification and a server-side verification based on a continuous evaluation of the one or more predetermined conditional access policies with the location data comprising location events derived from a mobile application feed and from an indoor positioning feed via the distributed event streaming platform; and
determining, by the real-time decision engine, whether to grant or to deny the access request based on results from the performing the plurality of location-aware verification checks.
|