Researchers Submit Patent Application, “Inference-Based Detection Of Proximity Changes”, for Approval (USPTO 20190313252)

2019 OCT 30 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- From Washington, D.C., NewsRx journalists report that a patent application by the inventors TING, David (Sudbury, MA); MALEZIS, Gus (Stouffville, CA); MAFERA, Jason (Francestown, NH); SLAK, Alain (Bedford, MA); MIRI, Aaron (Natick, MA); ORAMASIONWU, Paul (Somerville, MA), filed on April 26, 2019, was made available online on October 10, 2019.

No assignee for this patent application has been made.

News editors obtained the following quote from the background information supplied by the inventors: “In a busy healthcare environment, such as a hospital, clinicians roam frequently among patients, floors and buildings. Each time a clinician reaches a new location, she may require access to patient information or other medical data maintained by the facility (or elsewhere). That data may be accessed via a local, typically shared workstation; a handheld wireless device, such as a ‘smart phone’ or tablet capable of hosting applications and establishing telecommunications, Internet and/or local intranet connections; or a piece of medical equipment. Such devices are often called ‘endpoints.’

“In particular, medical institutions from hospitals to physician practice groups to testing centers maintain diverse electronic medical records (EMR) systems, which collectively form the healthcare information backbone. EMR systems allow clinicians access to medical information maintained in various back-end systems. The typical workflow when a physician interacts with a patient involves first logging onto the computer system, then launching and logging into one or more EMR applications, selecting the right patient record, verifying that the record matches the patient, reviewing results (often from different sources), checking up on medical references, entering orders or prescriptions (e.g., using computerized physician order entry (CPOE) applications and ePrescribing), and/or charting patient progress. All of these activities may involve the same patient but different applications, and in some cases multiple separate applications for a single patient-specific activity.

“Moreover, healthcare records are protected by strict privacy laws (such as the Health Insurance Portability and Accountability Act, or HIPAA), regulatory regimes, and institutional access policies. Accordingly, when a clinician moves from place to place, he may be required to log on to a new terminal or device, and because of data-access restrictions, the log-on procedure may involve cumbersome and/or multiple authentication modalities.

“Granting initial access is only half the story, however. Once a user has presented the necessary credentials to gain entry to a secure computer system, he may depart from the authenticated session without terminating the session, leaving sensitive data exposed to access by unauthorized individuals. It is therefore important to ensure that endpoints are secured while they are not in use to protect sensitive data.

“Many currently available commercial solutions for detecting user presence and departure suffer from significant practical limitations. For example, when ‘timeouts’ are used to terminate system access if keyboard or mouse activity is not detected during a pre-set period of time, the operator’s physical presence is insufficient to retain access, and erroneous termination may result in cases of extended passive interaction (e.g., when the user reads materials on the screen). For this reason, inactivity timers are generally set to be long periods of time to avoid inconveniencing users, particularly in clinical environments. But that compromises their effectiveness.

“Further, such systems cannot discriminate between different users, and a timeout period introduces the potential for unauthorized use during such period. Approaches that use radio-frequency (RF) or similar token objects to detect user departure based on an increase in distance between the token object and a base transceiver suffer from an inability to reliably resolve the distance between the token and receiver, which can result in a restricted or unstable detection zone. Furthermore, the token objects can be readily swapped or shared.

“Similarly, Bluetooth Low Energy (BLE) has recently been used to secure endpoints. The endpoint senses a BLE device (such as a smart phone) associated with the user and monitors the device signal strength using the Received Signal Strength Index (RSSI) metric. When the RSSI indicates a weak signal, implying that the user has moved away from the endpoint, the endpoint is secured by, for example, terminating the session. A shortcoming of this approach is the limited signal information available using RSSI from a single pair of BLE transceivers to reliably discriminate between a genuine ‘walkaway event’ (i.e., the user’s departure) and continued user presence. For example, the user might have her phone in the line of sight of the endpoint’s BLE radio when she approaches and begins using the endpoint, but the phone can be moved where the line of sight is obstructed, which may significantly reduce the RSSI of the phone as detected by the endpoint. This is difficult to distinguish from someone who has actually moved away from the endpoint.

“Yet another solution involves detecting and tracking an operator visually. For example, operator detection and/or identification may be achieved using one or more video cameras mounted to the computer terminal in conjunction with object-recognition techniques (e.g., based on analysis of one or a sequence of images) to detect and locate a single operator, which generally involves differentiating the operator from non-operators and the background scene. Once an operator is identified, her movements within a predefined detection zone, such as a pyramidal volume extending radially outward from the secure computer terminal, are tracked to determine when and whether she interacts with the secure system. In certain implementations, this is done without having to continually re-identify the operator, instead relying on following the motion of the operator with the help of computer-vision motion analysis and other techniques. The position and size of the operator may be tracked to detect a walkaway event. The reappearance of the operator after an absence from the detection zone may also be detected. For example, a stored exemplar of previously identified operators may be used to detect and authenticate the operator upon reappearance and within a pre-defined time window.

“One problem associated with visual presence-detection systems is their reliance on relative face sizes to identify the operator among multiple people detected in the field of view of the camera. While, on average, the operator’s face (due to his proximity to the camera) appears largest in the image, variations in people’s head sizes as well as different hair styles and head covers that occlude the face to varying degrees can result in the misidentification of the operator. An even greater problem of conventional systems is the high rate of false alarms signaling walk-away events. This issue arises from the use of color, intensity, and/or gradient information (or similar two-dimensional cues) in the images to compare tracked foreground patches in previous image frames to query patches in the current frame. If background objects have cues similar to those of the tracked foreground object, which is generally true for faces, false matches are frequently generated--e.g., the face of a person in the background may be incorrectly matched to the face of the operator in a previous image. Thus, when the person in the background subsequently leaves the scene, a walk-away event is falsely declared, and, conversely, when the person in the background remains in the scene, the operator’s departure goes unnoticed by the system.

“Accordingly, there is a need for improved ways of sensing walkaway events that minimize the number of false positives (where the user in fact remains at the secure resource) without sacrificing accuracy, i.e., excessive false negatives (undetected walkaway events).”

As a supplement to the background information on this patent application, NewsRx correspondents also obtained the inventors’ summary information for this patent application: “Embodiments of the present invention analyze multiple factors--such as user input events, device motion data, other data from the endpoint, or data from an external system (such as a real-time location system)--to make a probabilistic determination whether a walkaway event has occurred.

“Accordingly, in a first aspect, the invention relates to a method of detecting departure of a previously authenticated user from proximity to a secure resource. In various embodiments, the method comprises the steps of establishing a wireless communication link between the secure resource and a device proximate thereto; verifying, by the secure resource, an association between the authenticated user and the device; monitoring over time, by the secure resource, a signal strength of the wireless communication link and periodically storing, in a computer memory, values indicative of the monitored signal strength; periodically analyzing, by the secure resource, the stored values for patterns indicative of a walkaway event and, when a pattern indicative of a walkaway event is detected, assigning a probability thereto; and if the probability exceeds a threshold specified by a security policy, registering a walkaway event and terminating the authenticated user’s access to the secure resource.

“In some embodiments, the secure resource verifies the association by communication with a location server having access to a user database. The authenticated user’s access to the secure resource may be terminated by, for example, ending a session hosted by the secure resource or launching a privacy screen removable only by a new authentication. The wireless communication link may be a short-range wireless protocol such as Bluetooth Low Energy.

“In various embodiments, the threshold is a first threshold and, if the probability does not exceed the first threshold but does exceed a second threshold lower than the first threshold, the method further comprises the step of obtaining, by the secure resource, corroborating data indicative of the probability of a walkaway event. Such corroborating data may be a GPS location obtained from the device and/or pedestrian dead reckoning.

“In some embodiments, the analyzing step is performed with a neural network, e.g., a recurrent neural network. The method may, in some embodiments, further include the step of subscribing, by the secure resource following the user’s authentication, to location events of the user with a location server configured to broadcast location events to subscribers thereto.

“In another aspect, the invention pertains to a system comprising a plurality of secure resources. In various embodiments, each of the secure resources itself comprises a processor, a computer memory including stored instructions executable by the processor for implementing (i) an authentication module and (ii) an event-monitoring module, a wireless interface for establishing wireless communication links with user devices proximate to the secure resource, and RSSI circuitry configured to (i) monitor a signal strength of a wireless communication link between the wireless interface and a user device, and (ii) periodically store, in the computer memory, values indicative of the monitored signal strength. The authentication module may be configured to authenticate a user and verify an association between the authenticated user and the linked user device, and the event-monitoring module may be configured to (i) periodically analyze the stored values for patterns indicative of a walkaway event and, when a pattern indicative of a walkaway event is detected, assign a probability thereto; and (ii) if the probability exceeds a threshold specified by a security policy, terminating the authenticated user’s access to the secure resource.

“In various embodiments, the system further comprises a user database storing associations between users and the user devices. The event-monitoring module may be configured to terminate the authenticated user’s access to the secure resource by ending a session hosted by the secure resource or by launching a privacy screen removable only by a new authentication by the authentication module. The wireless communication link may be a short-range wireless protocol such as Bluetooth Low Energy.

“In some embodiments, the threshold is a first threshold and the event-monitoring module is configured to obtain, if the probability does not exceed the first threshold but does exceed a second threshold lower than the first threshold, corroborating data indicative of the probability of a walkaway event. For example, the corroborating data may be a GPS location obtained from the user device via the wireless interface.

“In various embodiments, the system further comprises a plurality of tracking sensors at different locations in an institutional space, each of the tracking sensors being configured to detect a proximate presence of an individual or a device and to produce signals indicative thereof, and a location server in operative communication with the tracking sensors and the secure resources via a network. The location server may further include computer storage defining (i) a user location database that stores records for a plurality of users, each of the records including a current location of the user based on signals from the tracking sensors; (ii) a device location database that stores records for a plurality of devices, each of the records including a current location of the device; and (iii) a subscription database that stores records for a plurality of applications each running on a different device, where each of the records specifies an application and one or more location events to which the application has subscribed. The secure resources may be configured to subscribe to location events of the user with the location server, and the location server may be configured to receive signals from the tracking sensors, interpret the received signals as events, and notify secure resources upon occurrence of events to which they subscribe.

“In some embodiments, the event-monitoring module implements a neural network, e.g., a recurrent neural network.

“These and other objects, along with advantages and features of the present invention herein disclosed, will become more apparent through reference to the following description, the accompanying drawings, and the claims. Furthermore, it is to be understood that the features of the various embodiments described herein are not mutually exclusive and may exist in various combinations and permutations. Reference throughout this specification to ‘one example,’ ‘an example,’ ‘one embodiment,’ or ‘an embodiment’ means that a particular feature, structure, or characteristic described in connection with the example is included in at least one example of the present technology. Thus, the occurrences of the phrases ‘in one example,’ ‘in an example,’ ‘one embodiment,’ or ‘an embodiment’ in various places throughout this specification are not necessarily all referring to the same example. Furthermore, the particular features, routines, steps, or characteristics may be combined in any suitable manner in one or more examples of the technology. As used herein, the terms ‘approximately’ and ‘substantially’ mean .+-.10%, and in some embodiments, .+-.5%.”

The claims supplied by the inventors are:

“1. A method of detecting departure of a previously authenticated user from proximity to a secure resource, the method comprising the steps of: establishing a wireless communication link between the secure resource and a device proximate thereto; verifying, by the secure resource, an association between the authenticated user and the device; monitoring over time, by the secure resource, a signal strength of the wireless communication link and periodically storing, in a computer memory, values indicative of the monitored signal strength; periodically analyzing, by the secure resource, the stored values for patterns indicative of a walkaway event and, when a pattern indicative of a walkaway event is detected, assigning a probability thereto; and if the probability exceeds a threshold specified by a security policy, registering a walkaway event and terminating the authenticated user’s access to the secure resource.

“2. The method of claim 1, wherein the secure resource verifies the association by communication with a location server having access to a user database.

“3. The method of claim 1, wherein the authenticated user’s access to the secure resource is terminated by ending a session hosted by the secure resource.

“4. The method of claim 1, wherein the authenticated user’s access to the secure resource is terminated by launching a privacy screen removable only by a new authentication.

“5. The method of claim 1, wherein the wireless communication link is a short-range wireless protocol.

“6. The method of claim 5, wherein the short-range wireless protocol is Bluetooth Low Energy.

“7. The method of claim 1 wherein the threshold is a first threshold and, if the probability does not exceed the first threshold but does exceed a second threshold lower than the first threshold, further comprising the step of obtaining, by the secure resource, corroborating data indicative of the probability of a walkaway event.

“8. The method of claim 7, wherein the corroborating data is a GPS location obtained from the device.

“9. The method of claim 7, wherein the corroborating data is pedestrian dead reckoning.

“10. The method of claim 1, wherein the analyzing step is performed with a recurrent neural network.

“11. The method of claim 1, further comprising, by the secure resource following the user’s authentication, subscribing to location events of the user with a location server configured to broadcast location events to subscribers thereto.

“12. A system comprising a plurality of secure resources, each of the secure resources comprising: a processor; a computer memory including stored instructions executable by the processor for implementing (i) an authentication module and (ii) an event-monitoring module; a wireless interface for establishing wireless communication links with user devices proximate to the secure resource; RSSI circuitry configured to monitor a signal strength of a wireless communication link between the wireless interface and a user device, and periodically storing, in the computer memory, values indicative of the monitored signal strength, wherein: the authentication module is configured to authenticate a user and verify an association between the authenticated user and the linked user device; and the event-monitoring module is configured to (i) periodically analyze the stored values for patterns indicative of a walkaway event and, when a pattern indicative of a walkaway event is detected, assign a probability thereto; and (ii) if the probability exceeds a threshold specified by a security policy, terminating the authenticated user’s access to the secure resource.

“13. The system of claim 12, further comprising a user database storing associations between users and the user devices.

“14. The system of claim 12, wherein the event-monitoring module is configured to terminate the authenticated user’s access to the secure resource by ending a session hosted by the secure resource.

“15. The system of claim 12, wherein the event-monitoring module is configured to terminate the authenticated user’s access to the secure resource by launching a privacy screen removable only by a new authentication by the authentication module.

“16. The system of claim 12, wherein the wireless communication link is a short-range wireless protocol.

“17. The system of claim 16, wherein the short-range wireless protocol is Bluetooth Low Energy.

“18. The system of claim 12, wherein the threshold is a first threshold and the event-monitoring module is configured to obtain, if the probability does not exceed the first threshold but does exceed a second threshold lower than the first threshold, corroborating data indicative of the probability of a walkaway event.

“19. The system of claim 18, wherein the corroborating data is a GPS location obtained from the user device via the wireless interface.

“20. The system of claim 12, further comprising: a plurality of tracking sensors at different locations in an institutional space, each of the tracking sensors being configured to detect a proximate presence of an individual or a device and to produce signals indicative thereof; and a location server in operative communication with the tracking sensors and the secure resources via a network, the location server further including computer storage defining: (i) a user location database that stores records for a plurality of users, each of the records including a current location of the user based on signals from the tracking sensors; (ii) a device location database that stores records for a plurality of devices, each of the records including a current location of the device; and (iii) a subscription database that stores records for a plurality of applications each running on a different device, each of the records specifying an application and one or more location events to which the application has subscribed, wherein (i) the secure resources are configured to subscribe to location events of the user with the location server, and (ii) the location server is configured to receive signals from the tracking sensors, interpret the received signals as events, and notify secure resources upon occurrence of events to which they subscribe.

“21. The system of claim 12, wherein the event-monitoring module implements a recurrent neural network.”

For additional information on this patent application, see: TING, David; MALEZIS, Gus; MAFERA, Jason; SLAK, Alain; MIRI, Aaron; ORAMASIONWU, Paul. Inference-Based Detection Of Proximity Changes. Filed April 26, 2019 and posted October 10, 2019. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220190313252%22.PGNR.&OS=DN/20190313252&RS=DN/20190313252

(Our reports deliver fact-based news of research and discoveries from around the world.)