Patent Application Titled “Strong Authentication Via Distributed Stations” Published Online (USPTO 20220230717): Patent Application
2022 AUG 10 (NewsRx) -- By a
No assignee for this patent application has been made.
Reporters obtained the following quote from the background information supplied by the inventors: “In a busy healthcare environment, such as a hospital, clinicians roam frequently among patients, floors and buildings. Each time a clinician reaches a new location, she may require access to patient information or other medical data maintained by the facility (or elsewhere). That data may be accessed via a local, typically shared workstation, or via a handheld wireless device, such as a “smart phone” or tablet capable of hosting applications and establishing telecommunications, Internet and/or local intranet connections.
“In particular, medical institutions from hospitals to physician practice groups to testing centers maintain diverse electronic medical records (EMR) systems, which collectively form the healthcare information backbone. EMR systems allow clinicians access to medical information maintained in various back-end systems. The typical workflow when a physician interacts with a patient involves first logging onto the computer system, then launching and logging into one or more EMR applications, selecting the right patient record, verifying that the record matches the patient, reviewing results (often from different sources), checking up on medical references, entering orders or prescriptions (e.g., using computerized physician order entry (CPOE) applications and ePrescribing), and/or charting patient progress. All of these activities may involve the same patient but different applications, and in some cases multiple separate applications for a single patient-specific activity.
“Moreover, healthcare records are protected by strict privacy laws (such as the Health Insurance Portability and Accountability Act, or HIPAA), regulatory regimes, and institutional access policies. Accordingly, when a clinician moves from place to place, he may be required to log on to a new terminal or device, and because of data-access restrictions, the log-on procedure may involve cumbersome and/or multiple authentication modalities.
“Indeed, for some highly sensitive transactions, a properly authenticated and logged-in user may be asked to re-authenticate using a stronger form of authentication. For example, the user may be asked to provide a fingerprint to a reader complying with Federal Information Processing Standard (FIPS) Publication 201-2, a one-time token or a smart card in order to satisfy an institutional policy or regulatory requirement. Particularly in an environment where nodes can be moved, and where users may access system resources using a personal wireless phone or tablet lacking sophisticated authentication modalities, the user may confront the need to search quickly, in stressful circumstances, for an available workstation with the appropriate authentication capability.”
In addition to obtaining background information on this patent application, NewsRx editors also obtained the inventor’s summary information for this patent application: “In various embodiments, authentication stations are distributed within a facility, particularly in spaces where mobile devices are predominantly used-e.g., in a hospital’s emergency department. Each such station includes a series of authentication devices, ideally spanning the range of possible modalities required of users, e.g., a FIPS-compliant fingerprint reader, a proximity-card reader, a smart-card reader, a vein reader, an iris scanner, a soft token application, etc. The mobile device may run an application (“app”) for locating the nearest such station and, in some embodiments, pair wirelessly with the station so that authentication thereon will accord the user access to the desired resource via her mobile device. The authentication stations may be dedicated, stand-alone devices (e.g., deployed as kiosks). But in some embodiments, if a nearby workstation or other network node is not presently in use and has the needed authentication modality, the user may be guided to that node.
“Accordingly, in a first aspect, the invention relates to a method of authentication and log-on to access a secure resource via a computer network. In various embodiments, the method comprises the steps of sending, via a computational device, an access request to a secure resource via a network; receiving, from the secure resource, a user authentication requirement involving an authentication modality; locating, via a mobile device, a nearest authentication station supporting the authentication modality; establishing wireless communication between the mobile device and the authentication station; obtaining, by the authentication station using the authentication modality, authentication credentials from a user; causing transmission of the authentication credentials to the authentication server; receiving, by the authentication station, an authentication confirmation from the authentication server and, via multiple-party communication among the mobile device, the authentication station, the computational device, and the secure resource, according access to the secure resource via the computational device.
“The mobile device may be the computational device or may be different from, but in wireless communication with, the computational device. In various embodiments, the step of establishing wireless communication between the mobile device and the authentication station comprises claiming, by the mobile device, the authentication station until the authentication credentials have been received by the authentication station.
“The multiple-party communication may comprise wirelessly communicating, by the authentication station via a secure link, the obtained authentication credentials to the wireless device, and wirelessly communicating, by the wireless device via a secure link, the authentication credentials to the authentication server. In one example of this flow the computational device is different from the wireless device, and the method further comprises wirelessly communicating, by the authentication station to the wireless device via a secure link, a token indicating acceptance of the obtained authentication credentials, and wirelessly communicating, by the wireless device via a secure link, the token to the computational device, whereby access to the secure resource is accorded to the computational device.
“In some embodiments, the multiple-party communication comprises wirelessly communicating, by the wireless device via a secure link to the authentication server, the authentication credentials and session data identifying a session between an application running on the wireless device and the secure resource; and causing, by the authentication server, the computational device to be accorded access to the secure resource over the session.
“The method may further comprise displaying, by the mobile device, a map showing a current location of the mobile device and a location of the authentication station.
“In another aspect, the invention pertains to a system for facilitating authentication and log-on to access a secure resource via a computer network using an authentication modality. In various embodiments, the system comprises a network, a plurality of authentication stations, a computational device configured for requesting access to a secure resource via the network but lacking the authentication modality, and a mobile device comprising a processor and a memory storing an application. The application, when executed by the processor as a running process, causes the mobile device to identify a nearest one of the authentication stations supporting the authentication modality and establish wireless communication therewith. The identified authentication station is configured to (i) receive, using the authentication modality, authentication credentials from a user, (ii) transmit the authentication credentials to the authentication server, and (iii) receive an authentication confirmation from the authentication server. The mobile device, the authentication station, the computational device, and the secure resource, are configured for multiple-party communication whereby access is accorded to the secure resource via the computational device.
“The mobile device may be the computational device or may be different from, but in wireless communication with, the computational device. The mobile device may be configured to wirelessly claim the identified authentication station until the authentication credentials have been received by the authentication station.
“In some embodiments, the multiple-party communication comprises wireless communication by the authentication station of the obtained authentication credentials to the wireless device via a secure link, and wireless communication by the wireless device of the authentication credentials to the authentication server via a secure link. For example, the computational device may be different from the wireless device and the multiple-party communication may further comprise wireless communication by the authentication station to the wireless device via a secure link of a token indicating acceptance of the obtained authentication credentials. The wireless device is configured to use the token to obtain access to the secure resource.
“In some embodiments, the multiple-party communication comprises wireless communication, by the wireless device via a secure link to the authentication server, of the authentication credentials and session data identifying a session between an application running on the wireless device and the secure resource, and the authentication server is configured to accord the computational device access to the secure resource over the session.
“In some embodiments, the mobile device further comprises a display and a mapping application which, when executed by the processor as a running process, causes a map showing a current location of the mobile device and a location of the authentication station to appear on the display.
“These and other objects, along with advantages and features of the present invention herein disclosed, will become more apparent through reference to the following description, the accompanying drawings, and the claims. Furthermore, it is to be understood that the features of the various embodiments described herein are not mutually exclusive and may exist in various combinations and permutations. Reference throughout this specification to “one example,” “an example,” “one embodiment,” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with the example is included in at least one example of the present technology. Thus, the occurrences of the phrases “in one example,” “in an example,” “one embodiment,” or “an embodiment” in various places throughout this specification are not necessarily all referring to the same example. Furthermore, the particular features, routines, steps, or characteristics may be combined in any suitable manner in one or more examples of the technology. As used herein, the terms “approximately” and “substantially” mean ±10%, and in some embodiments, ±5%.”
The claims supplied by the inventors are:
“1.-16. (canceled)
“17. A system for facilitating user authentication and enabling access to secure resources via a computer network using an authentication modality, the system comprising: a computer network; a plurality of computational devices each configured to provide user access to one or more secure resources via the computer network but lacking the authentication modality; an authentication server; and a plurality of authentication stations each being different from the authentication server and each being configured to (i) receive, using the authentication modality, authentication credentials from a user located at the authentication station, (ii) transmit the authentication credentials to the authentication server, and (iii) receive an authentication confirmation from the authentication server; wherein user access to the one or more secure resources at one or more of the computational devices is enabled by the authentication confirmation.
“18. The system of claim 17, wherein at least one of the authentication stations comprises one or more of a fingerprint reader, a proximity-card reader, a smart-card reader, a vein reader, an iris scanner, or a soft token application.
“19. The system of claim 17, wherein at least one of the authentication stations comprises two or more of a fingerprint reader, a proximity-card reader, a smart-card reader, a vein reader, an iris scanner, or a soft token application.
“20. The system of claim 17, wherein at least some of the computational devices are mobile devices of users.
“21. The system of claim 17, wherein the authentication stations are not configured to provide user access to one or more secure resources via the computer network.
“22. The system of claim 17, further comprising one or more second computational devices each configured to provide user access to one or more secure resources via the computer network and each comprising the authentication modality, each second computational device being configured to function as an authentication station when not being otherwise utilized by a user.
“23. The system of claim 22, further comprising a location server maintaining a database relating the second computational devices to their physical locations;
“24. The system of claim 23, wherein the database relates the second computational devices to their use statuses.
“25. The system of claim 23, wherein the database relates the authentication stations to their physical locations.
“26. The system of claim 17, wherein one or more of the authentication stations is configured for wireless communication with mobile devices of users.
“27. The system of claim 17, further comprising a location server maintaining a database relating the authentication stations to their physical locations.
“28. A system enabling access to secure resources, on a mobile device of a user via a computer network using an authentication modality, wherein the mobile device lacks the authentication modality, the system comprising: a computer network; an authentication server; and a plurality of authentication stations each being different from the authentication server and each being configured to (i) receive, using the authentication modality, authentication credentials from a user located at the authentication station, and (ii) transmit the authentication credentials to the authentication server and/or to the mobile device of the user; wherein the authentication server is configured to issue an authentication confirmation based on the authentication credentials, the authentication confirmation enabling access to the secure resources to the user on the mobile device.
“29. The system of claim 28, wherein the authentication server is configured to receive the authentication credentials from an authentication station and transmit the authentication confirmation to said authentication station.
“30. The system of claim 28, wherein the authentication server is configured to receive the authentication credentials from an authentication station and transmit the authentication confirmation to the mobile device.
“31. The system of claim 28, wherein the authentication server is configured to receive the authentication credentials from the mobile device and transmit the authentication confirmation to the mobile device.
“32. The system of claim 28, wherein the mobile device comprises a display and a mapping application configured to cause a map showing a current location of the mobile device and a location of at least one said authentication station to appear on the display.
“33. The system of claim 28, wherein the mobile device is configured to wirelessly claim an identified authentication station until the authentication credentials have been received by the authentication station.
“34. The system of claim 28, wherein at least one authentication station is configured to be claimed, via wireless communication with the mobile device, until the authentication credentials have been received by the authentication station or until a predetermined time period has elapsed.
“35. The system of claim 28, wherein at least one of the authentication stations comprises one or more of a fingerprint reader, a proximity-card reader, a smart-card reader, a vein reader, an iris scanner, or a soft token application.
“36. The system of claim 28, wherein at least one of the authentication stations comprises two or more of a fingerprint reader, a proximity-card reader, a smart-card reader, a vein reader, an iris scanner, or a soft token application.”
For more information, see this patent application: ULLRICH,
(Our reports deliver fact-based news of research and discoveries from around the world.)
Generation of realistic synthetic data using multimodal neural ordinary differential equations (Updated July 26, 2022): Information Technology
Patent Issued for Health monitoring with ear-wearable devices and accessory devices (USPTO 11395076): Starkey Laboratories Inc.
Advisor News
- Advisors underestimate demand for steady, guaranteed income, survey shows
- D.C. Digest: 'One Big Beautiful Bill' rebranded 'Working Families Tax Cut'
- OBBBA and New Year’s resolutions
- Do strong financial habits lead to better health?
- Winona County approves 11% tax levy increase
More Advisor NewsAnnuity News
- An Application for the Trademark “EMPOWER PERSONAL WEALTH” Has Been Filed by Great-West Life & Annuity Insurance Company: Great-West Life & Annuity Insurance Company
- Talcott Financial Group Launches Three New Fixed Annuity Products to Meet Growing Retail Demand for Secure Retirement Income
- Judge denies new trial for Jeffrey Cutter on Advisors Act violation
- Great-West Life & Annuity Insurance Company Trademark Application for “EMPOWER BENEFIT CONSULTING SERVICES” Filed: Great-West Life & Annuity Insurance Company
- 2025 Top 5 Annuity Stories: Lawsuits, layoffs and Brighthouse sale rumors
More Annuity NewsHealth/Employee Benefits News
- Study Results from Kristi Martin and Colleagues Broaden Understanding of Managed Care and Specialty Pharmacy (Drugs anticipated to be selected for Medicare price negotiation in 2026 for implementation in 2028): Drugs and Therapies – Managed Care and Specialty Pharmacy
- Amid rising health care costs, Maryland officials to boost ‘Easy Enrollment’
- POLICY CHANGES BRING RENEWED FOCUS ON HIGH-DEDUCTIBLE HEALTH PLANS
- PAYMENT RATES FOR MEDICAID HOME CARE AHEAD OF THE 2025 RECONCILIATION LAW
- Are you choosing to go without health insurance in 2026?
More Health/Employee Benefits NewsLife Insurance News