Patent Issued for System and method of authenticating devices for secure data exchange (USPTO 11831774): Humana Inc.

2023 DEC 14 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- According to news reporting originating from Alexandria, Virginia, by NewsRx journalists, a patent by the inventors Chun, Jaewook (San Diego, CA, US), Flores, Andrew (San Diego, CA, US), Nuziale, Salvatore (Playa Vista, CA, US), Persaud, Anthony (San Diego, CA, US), Ryder, Avery (San Diego, CA, US), Spindell, Henry (San Diego, CA, US), filed on June 9, 2021, was published online on November 28, 2023.

The assignee for this patent, patent number 11831774, is Humana Inc. (Louisville, Kentucky, United States).

Reporters obtained the following quote from the background information supplied by the inventors: “BACKGROUND OF THE TECHNOLOGY

“Digital data exchange between devices is everywhere, with data constantly being exchanged between phones, laptops, servers, and other devices. As data is transferred between many devices, it becomes a challenge to ensure that the data is being exchanged securely, particularly when sensitive data is exchanged. Various methods for authenticating data exist. For example, many systems use account registration and login systems to ensure a given user or device is authorized to receive certain data. In other examples, a link and/or password can be provided to a device to give the device access to a meeting room where data is exchanged. These systems come with flaws, including that they rely on authentication information which can potentially be compromised and used by an unauthorized device.

“In certain environments, additional challenges are presented to ensure data is exchanged securely, and in compliance with other requirements of the relevant environment. For example, the Health Insurance Portability and Accountability Act (HIPAA) includes a number of requirements that come into play when considering the exchange of data related to healthcare, including restrictions on how protected health information (PHI) can be stored. This makes it difficult to facilitate a telemedicine visit between a doctor and patient, since personal information about the patient cannot be stored and used to authenticate the patient as they join the meeting room.”

In addition to obtaining background information on this patent, NewsRx editors also obtained the inventors’ summary information for this patent: “SUMMARY OF THE TECHNOLOGY

“In at least one aspect, the subject technology relates to a method of authenticating devices for secure data exchange. The method starts, at step a), with receiving, by a system, a scheduling request, and in response to the scheduling request, generating a ledger of participants authorized to be admitted to a particular communication session during a time window. The ledger includes, for each participant, a participant identifier, a participant key, and a meeting identifier corresponding to the particular communication session. The participant key and meeting identifier are encoded into a short-code for the corresponding participant. The participants include a host and at least one client. At step b) the host redeems, from the system, a short-code corresponding to an access token authorizing the host to connect to the particular communication session during the time window and defining privileges for the host. At step c), the short-code corresponding to each client is provided to that client. At step d), each client requests redemption of the short-code corresponding to said client for an access token corresponding to said short-code. At step e), in response to a client requesting redemption of a short-code, the system de-codes the short-code into separate parts including the participant key and the meeting identifier, and if a match is found with the ledger, the system provides an access token to said client. The access token provides information for, and authorizes entering, a meeting room based on the meeting identifier, the meeting room allowing for a peer-to-peer connection between devices within the meeting room during the particular communication session.

“In some embodiments, during step e), the short-code is redeemable during the time window. In some cases, if the client redeems the short-code prior to the start of the time window, no access token will be granted. In some embodiments, if the short-code is redeemed after the time window, no access token will be granted and the short code will be rendered non-functional.

“In some embodiments, the time window includes a first time period representing the time parameters for the particular communication session and a second time period outside of the first time period. The short-codes can then be redeemable during the first time period, with the access tokens authorizing a connection to the particular communication session during the first time period. At least one short-code can be redeemable during the second time period.

“In some embodiments, the system wraps each short-code in a vendor specific payload based on a device type associated with the client corresponding to short-code. In some cases, each client includes an application associated with the method of authenticating devices. The system can then send a push notification to each client and launch the application on said client, the launch of the application causing each client to connect to the system and execute steps d)-e). In some embodiments, the access tokens do not include information related to the user of the corresponding device.”

The claims supplied by the inventors are:

“1. A method of authenticating devices for secure data exchange comprising: a) receiving, by a system, a scheduling request, and in response to the scheduling request, generating a ledger of participants authorized to be admitted to a particular communication session during a time window, wherein the ledger includes, for each participant of the ledger of participants, a respective participant identifier, a respective participant key, and a common meeting identifier corresponding to the particular communication session, wherein the respective participant key of a participant and the common meeting identifier is encoded into a respective short-code for the participant, wherein the participants include a host and at least one client; b) receiving from the host a short-code of the host and redeeming, by the system, the short-code of the host for an access token of the host, authorizing the host to connect to the particular communication session during the time window and defining privileges for the host; c) providing, to each client of the at least one client, the respective short-code; d) requesting, by each client of the at least one client, redemption of the respective short-code for an access token corresponding to the respective short-code; and e) in response to a client requesting redemption of the respective short-code, de-coding, by the system, the respective short-code received from the client, wherein the decoding includes: converting the respective short code into a string of valid format; splitting the string of valid format into plurality of segments; passing each segment of the plurality of segments into cryptographic decoding function unique to each segment to generate an output; extracting the respective participant key and the common meeting identifier from the output; retrieving the respective participant identifier and the time window responsive to match of the respective participant key and the common meeting identifier within the ledger; utilizing a signing secret along with the common meeting identifier, the respective participant identifier and the time window to generate the access token corresponding to the respective short code; and providing the access token corresponding to the respective short code to said client, wherein the access token corresponding to the respective short code provides information for, and authorizes entering, a meeting room based on the common meeting identifier, wherein the meeting room allowing for a peer-to-peer connection between devices within the meeting room during the particular communication session.

“2. The method of claim 1, wherein, during step e), the respective short-code is redeemable only during the time window.

“3. The method of claim 2, further comprising: during step e) denying grant of the access token corresponding to the respective short code to one of the at least one client attempting to redeem one of the respective short-code prior to start of the time window.

“4. The method of claim 2, further comprising: during step e), denying grant of the access token corresponding to the respective short code to one of the at least one client attempting to redeem one of the respective short-code after the time window, and rendering the respective short-code non-functional.

“5. The method of claim 1, wherein: the time window includes a first time period representing time parameters for the particular communication session and a second time period outside of the first time period; short-codes are redeemable only during the first time period; the access token corresponding to the respective short code authorizes a connection to the particular communication session only during the first time period; and at least one short-code is redeemable only during the second time period.

“6. The method of claim 1, further comprising: wrapping, by the system, the respective short-code in a vendor specific payload based on a device type associated with the client of the at least one client providing the respective short-code.

“7. The method of claim 1: wherein each of the at least one client includes an application associated with the method of authenticating devices; and further comprising sending, by way of the system, a push notification to each of the at least one client and launching the application on each of said at least one client following interaction with said push notification, wherein launch of the application causes each of the at least one client to connect to the system and execute steps d)-e).

“8. The method of claim 1, wherein the access token corresponding to the respective short code does not include information related to a user of a corresponding device.

“9. The method of claim 1, wherein: the system is a telemedicine system; the peer-to-peer connection enables transmission of video streams; the host is a device operated by a healthcare provider; and each of the at least one client is a device operated by a patient, wherein, after step e), the healthcare provider provides telemedicine care to at least one patient through the particular communication session.

“10. The method of claim 1, wherein, during the particular communication session, the system provides the host with an option to revoke access for any of the at least one client within the meeting room.

“11. The method of claim 1, wherein the ledger includes a numeric tuple generated for each participant of the ledger of participants based on the particular communication session and the time window, each numeric tuple including the respective participant identifier and the respective participant key for said participant.

“12. The method of claim 11, wherein the numeric tuples further include the signing secret kept by the system, wherein the signing secret is common to all numeric tuples and changing the signing secret invalidates all access tokens.”

For more information, see this patent: Chun, Jaewook. System and method of authenticating devices for secure data exchange. U.S. Patent Number 11831774, filed June 9, 2021, and published online on November 28, 2023. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(11831774)&db=USPAT&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)