Patent Issued for Strong authentication via distributed stations (USPTO 11328799): Imprivata Inc.
2022 JUN 01 (NewsRx) -- By a
The patent’s assignee for patent number 11328799 is
News editors obtained the following quote from the background information supplied by the inventors: “In a busy healthcare environment, such as a hospital, clinicians roam frequently among patients, floors and buildings. Each time a clinician reaches a new location, she may require access to patient information or other medical data maintained by the facility (or elsewhere). That data may be accessed via a local, typically shared workstation, or via a handheld wireless device, such as a “smart phone” or tablet capable of hosting applications and establishing telecommunications, Internet and/or local intranet connections.
“In particular, medical institutions from hospitals to physician practice groups to testing centers maintain diverse electronic medical records (EMR) systems, which collectively form the healthcare information backbone. EMR systems allow clinicians access to medical information maintained in various back-end systems. The typical workflow when a physician interacts with a patient involves first logging onto the computer system, then launching and logging into one or more EMR applications, selecting the right patient record, verifying that the record matches the patient, reviewing results (often from different sources), checking up on medical references, entering orders or prescriptions (e.g., using computerized physician order entry (CPOE) applications and ePrescribing), and/or charting patient progress. All of these activities may involve the same patient but different applications, and in some cases multiple separate applications for a single patient-specific activity.
“Moreover, healthcare records are protected by strict privacy laws (such as the Health Insurance Portability and Accountability Act, or HIPAA), regulatory regimes, and institutional access policies. Accordingly, when a clinician moves from place to place, he may be required to log on to a new terminal or device, and because of data-access restrictions, the log-on procedure may involve cumbersome and/or multiple authentication modalities.
“Indeed, for some highly sensitive transactions, a properly authenticated and logged-in user may be asked to re-authenticate using a stronger form of authentication. For example, the user may be asked to provide a fingerprint to a reader complying with Federal Information Processing Standard (FIPS) Publication 201-2, a one-time token or a smart card in order to satisfy an institutional policy or regulatory requirement. Particularly in an environment where nodes can be moved, and where users may access system resources using a personal wireless phone or tablet lacking sophisticated authentication modalities, the user may confront the need to search quickly, in stressful circumstances, for an available workstation with the appropriate authentication capability.”
As a supplement to the background information on this patent, NewsRx correspondents also obtained the inventors’ summary information for this patent: “In various embodiments, authentication stations are distributed within a facility, particularly in spaces where mobile devices are predominantly used-e.g., in a hospital’s emergency department. Each such station includes a series of authentication devices, ideally spanning the range of possible modalities required of users, e.g., a FIPS-compliant fingerprint reader, a proximity-card reader, a smart-card reader, a vein reader, an iris scanner, a soft token application, etc. The mobile device may run an application (“app”) for locating the nearest such station and, in some embodiments, pair wirelessly with the station so that authentication thereon will accord the user access to the desired resource via her mobile device. The authentication stations may be dedicated, stand-alone devices (e.g., deployed as kiosks). But in some embodiments, if a nearby workstation or other network node is not presently in use and has the needed authentication modality, the user may be guided to that node.
“Accordingly, in a first aspect, the invention relates to a method of authentication and log-on to access a secure resource via a computer network. In various embodiments, the method comprises the steps of sending, via a computational device, an access request to a secure resource via a network; receiving, from the secure resource, a user authentication requirement involving an authentication modality; locating, via a mobile device, a nearest authentication station supporting the authentication modality; establishing wireless communication between the mobile device and the authentication station; obtaining, by the authentication station using the authentication modality, authentication credentials from a user; causing transmission of the authentication credentials to the authentication server; receiving, by the authentication station, an authentication confirmation from the authentication server and, via multiple-party communication among the mobile device, the authentication station, the computational device, and the secure resource, according access to the secure resource via the computational device.
“The mobile device may be the computational device or may be different from, but in wireless communication with, the computational device. In various embodiments, the step of establishing wireless communication between the mobile device and the authentication station comprises claiming, by the mobile device, the authentication station until the authentication credentials have been received by the authentication station.
“The multiple-party communication may comprise wirelessly communicating, by the authentication station via a secure link, the obtained authentication credentials to the wireless device, and wirelessly communicating, by the wireless device via a secure link, the authentication credentials to the authentication server. In one example of this flow the computational device is different from the wireless device, and the method further comprises wirelessly communicating, by the authentication station to the wireless device via a secure link, a token indicating acceptance of the obtained authentication credentials, and wirelessly communicating, by the wireless device via a secure link, the token to the computational device, whereby access to the secure resource is accorded to the computational device.
“In some embodiments, the multiple-party communication comprises wirelessly communicating, by the wireless device via a secure link to the authentication server, the authentication credentials and session data identifying a session between an application running on the wireless device and the secure resource; and causing, by the authentication server, the computational device to be accorded access to the secure resource over the session.”
The claims supplied by the inventors are:
“1. A method of authentication and log-on to access a secure resource via a computer network, the method comprising the steps of: sending, via a computational device, an access request to a secure resource from a user via a network; receiving, from the secure resource, a user authentication requirement involving an authentication modality, wherein the computational device does not support the authentication modality and cannot be solely utilized to satisfy the user authentication requirement; locating, via a mobile device, a nearest authentication station supporting the authentication modality; obtaining, by the authentication station using the authentication modality, authentication credentials from the user; causing transmission of the authentication credentials to an authentication server different from the authentication station; and thereafter, according access to the secure resource via the computational device.
“2. The method of claim 1, wherein the user travels to the authentication station before the authentication credentials are obtained from the user.
“3. The method of claim 1, wherein the nearest authentication station and the computational device are located at different locations.
“4. The method of claim 1, further comprising establishing wireless communication between the mobile device and the authentication station after the authentication station is located via the mobile device.
“5. The method of claim 4, wherein establishing wireless communication between the mobile device and the authentication station comprises claiming, by the mobile device, the authentication station at least until the authentication credentials have been received by the authentication station.
“6. The method of claim 1, wherein the mobile device is the computational device.
“7. The method of claim 1, wherein the mobile device is different from, but in wireless communication with, the computational device.
“8. The method of claim 1, further comprising displaying, by the mobile device, a map showing a current location of the mobile device and a location of the authentication station.
“9. The method of claim 1, wherein causing transmission of the authentication credentials to the authentication server comprises: wirelessly communicating, by the authentication station via a secure link, the obtained authentication credentials to the wireless device; and wirelessly communicating, by the wireless device via a secure link, the authentication credentials to the authentication server.
“10. The method of claim 9, wherein the computational device is different from the wireless device, and further comprising: wirelessly communicating, by the authentication station to the wireless device via a secure link, a token indicating acceptance of the obtained authentication credentials; and wirelessly communicating, by the wireless device via a secure link, the token to the computational device.
“11. The method of claim 1, wherein according access to the secure resource comprises: wirelessly communicating, by the wireless device via a secure link to the authentication server, the authentication credentials and session data identifying a session between an application running on the wireless device and the secure resource; and causing, by the authentication server, the computational device to be accorded access to the secure resource over the session.
“12. The method of claim 1, further comprising, after transmission of the authentication credentials to the authentication server, receiving an authentication confirmation from the authentication server.
“13. The method of claim 12, wherein the authentication confirmation is received by the authentication station.”
For additional information on this patent, see: Ullrich,
(Our reports deliver fact-based news of research and discoveries from around the world.)
Patent Issued for Intelligent touch care corresponding to a clinician documented change in condition or order (USPTO 11328827): Cerner Innovation Inc.
Artery stiffness may predict Type 2 diabetes risk better than BP and standard risk factors: American Heart Association
Advisor News
- EDITORIAL: Home insurance, tax increases harm county’s housing options
- Nationwide Financial Services President John Carter to retire at year end
- FINRA, FBI warn about generative AI and finances
- Prudential study: Babies born today will likely need nearly $2M to retire
- Economy performing better than expected, Morningstar says
More Advisor NewsAnnuity News
- Perspectives: Should I trust my retirement to an insurance company?
- Prudential Financial to Reinsure $7B Japanese Whole Life Block with Prismic Life
- Nationwide Financial Services President John Carter to retire at year end
- Pension Rights Center: PRT deals could lead to ‘nationwide catastrophe’ regulated
- Allianz Life Retirement Solutions Now Available Through Morgan Stanley
More Annuity NewsHealth/Employee Benefits News
- New administration puts Medicaid on chopping block
- UnitedHealthcare names new CEO after Brian Thompson's killing
- Reform or ban? Prior authorization for health insurance is under negotiation in NC
- State says agreement reached in contract dispute between Anthem, St. Joseph Hospital
- WA diverts benefits meant for foster youth. That practice may end
More Health/Employee Benefits NewsLife Insurance News
- Legals for January, 24 2025
- U-Haul Holding Company Schedules Third Quarter Fiscal 2025 Financial Results Release and Investor Webcast
- BetterLife, CSA merger brings organizations with Czech-Slovak roots together
- AM Best Affirms Credit Ratings of Nippon Life Insurance Company and Its Subsidiary
- Prudential Financial and Dai-ichi Life to Pursue Strategic Partnership
More Life Insurance News