Researchers Submit Patent Application, “System And Method Of Authenticating Devices For Secure Data Exchange”, for Approval (USPTO 20230379162): Patent Application

2023 DEC 13 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- From Washington, D.C., NewsRx journalists report that a patent application by the inventors Chun, Jaewook (Louisville, KY, US); Flores, Andrew (Louisville, KY, US); Nuziale, Salvatore (Louisville, KY, US); Persaud, Anthony (Louisville, KY, US); Ryder, Avery (Louisville, KY, US); Spindell, Henry (Louisville, KY, US), filed on August 2, 2023, was made available online on November 23, 2023.

No assignee for this patent application has been made.

News editors obtained the following quote from the background information supplied by the inventors: “Digital data exchange between devices is everywhere, with data constantly being exchanged between phones, laptops, servers, and other devices. As data is transferred between many devices, it becomes a challenge to ensure that the data is being exchanged securely, particularly when sensitive data is exchanged. Various methods for authenticating data exist. For example, many systems use account registration and login systems to ensure a given user or device is authorized to receive certain data. In other examples, a link and/or password can be provided to a device to give the device access to a meeting room where data is exchanged. These systems come with flaws, including that they rely on authentication information which can potentially be compromised and used by an unauthorized device.

“In certain environments, additional challenges are presented to ensure data is exchanged securely, and in compliance with other requirements of the relevant environment. For example, the Health Insurance Portability and Accountability Act (HIPAA) includes a number of requirements that come into play when considering the exchange of data related to healthcare, including restrictions on how protected health information (PHI) can be stored. This makes it difficult to facilitate a telemedicine visit between a doctor and patient, since personal information about the patient cannot be stored and used to authenticate the patient as they join the meeting room.”

As a supplement to the background information on this patent application, NewsRx correspondents also obtained the inventors’ summary information for this patent application: “In at least one aspect, the subject technology relates to a method of authenticating devices for secure data exchange. The method starts, at step a), with receiving, by a system, a scheduling request, and in response to the scheduling request, generating a ledger of participants authorized to be admitted to a particular communication session during a time window. The ledger includes, for each participant, a participant identifier, a participant key, and a meeting identifier corresponding to the particular communication session. The participant key and meeting identifier are encoded into a short-code for the corresponding participant. The participants include a host and at least one client. At step b) the host redeems, from the system, a short-code corresponding to an access token authorizing the host to connect to the particular communication session during the time window and defining privileges for the host. At step c), the short-code corresponding to each client is provided to that client. At step d), each client requests redemption of the short-code corresponding to said client for an access token corresponding to said short-code. At step e), in response to a client requesting redemption of a short-code, the system de-codes the short-code into separate parts including the participant key and the meeting identifier, and if a match is found with the ledger, the system provides an access token to said client. The access token provides information for, and authorizes entering, a meeting room based on the meeting identifier, the meeting room allowing for a peer-to-peer connection between devices within the meeting room during the particular communication session.

“In some embodiments, during step e), the short-code is redeemable during the time window. In some cases, if the client redeems the short-code prior to the start of the time window, no access token will be granted. In some embodiments, if the short-code is redeemed after the time window, no access token will be granted and the short code will be rendered non-functional.

“In some embodiments, the time window includes a first time period representing the time parameters for the particular communication session and a second time period outside of the first time period. The short-codes can then be redeemable during the first time period, with the access tokens authorizing a connection to the particular communication session during the first time period. At least one short-code can be redeemable during the second time period.

“In some embodiments, the system wraps each short-code in a vendor specific payload based on a device type associated with the client corresponding to short-code. In some cases, each client includes an application associated with the method of authenticating devices. The system can then send a push notification to each client and launch the application on said client, the launch of the application causing each client to connect to the system and execute steps d)-e). In some embodiments, the access tokens do not include information related to the user of the corresponding device.

“In some embodiments, the system is a telemedicine system and the peer-to-peer connection enables the transmission of video streams. The host can also be a device operated by a healthcare provider, with each client being a device operated by a patient. After step e), the method can include healthcare provider provides telemedicine care to at least one patient through the particular communication session. In some cases, during the particular communication session, the host can revoke access for any client within the meeting room.

“In some embodiments, the ledger includes a numeric tuple generated for each participant based on the particular communication session and time window, each numeric tuple including the participant identifier and participant key for said participant. In some cases, the numeric tuples further include a signing secret kept by the system, wherein the signing secret is the same for all numeric tuples and changing the signing secret invalidates all access tokens.”

The claims supplied by the inventors are:

“1. A system of authenticating devices for secure data exchange, said system comprising: one or more non-transitory electronic storage devices comprising software instructions, which when executed, configure one or more processors to: receive a scheduling request; generate a ledger of participants authorized to be admitted to a particular communication session during a time window, wherein the ledger includes, for each participant, a respective participant identifier, a respective participant key, and a common meeting identifier for the particular communication session, wherein at least the respective participant key and the common meeting identifier are encoded into a respective short-code for the participant, wherein the participants include a host and one or more clients; receive, from the host, a short-code; redeem the short-code received of the host for an access token authorizing the host to connect to the particular communication session during the window and defining privileges for the host; provide, to each of the one or more clients, the respective short-code; request from each of the one or more clients, redemption of the respective short-code for an access token corresponding to the respective short-code; and de-code the short-codes received from the one or more clients.

“2. The system of claim 1 wherein: the software instructions, when executed, configure the one or more processors to in response to redeeming the access token corresponding to the respective short code, provide information for, and authorize entering, a meeting room based on the common meeting identifier; and the meeting room allows for a peer-to-peer connection between devices within the meeting room during the particular communication session.

“3. The system of claim 1 wherein: the software instructions, when executed, configure the one or more processors to perform the decoding by at least: converting the respective short code into a string of valid format; splitting the string of valid format into a plurality of segments; passing each segment of the plurality of segments into a cryptographic decoding function unique to each segment to generate an output; extracting the respective participant key and the common meeting identifier from the output; retrieving the respective participant identifier and the time window to match the respective participant key and the common meeting identifier within the ledger; utilizing a signing secret along with the common meeting identifier, the respective participant identifier and the time window to generate the access token corresponding to the respective short code; and providing the access token corresponding to the respective short code to the respective client.

“4. The system of claim 1 wherein: the respective short-code is redeemable only during the time window.

“5. The system of claim 4 wherein: the software instructions, when executed, configure the one or more processors to: deny grant of the access token corresponding to the respective short code to any of the one or more clients attempting to redeem one of the respective short-code prior to start of the time window.

“6. The system of claim 5 wherein: the software instructions, when executed, configure the one or more processors to deny grant of the access token corresponding to the respective short code to any of the one or more clients attempting to redeem one of the respective short-code after the time window and also render the respective short-code non-functional.

“7. The system of claim 1 wherein: the time window includes a first time period representing time parameters for the particular communication session and a second time period outside of the first time period; the software instructions, when executed, configure the one or more processors to: only permit redemption of the short-codes during the first time period; only authorize a connection to the particular communication session during the first time period; and only permit redemption of at least one of the short-codes during the second time period.

“8. The system of claim 1 wherein: the software instructions, when executed, configure the one or more processors to wrap the respective short-code in a vendor specific payload based on a device type associated with the client of the one or more clients providing the respective short-code.

“9. The system of claim 1 wherein: the software instructions, when executed, configure the one or more processors to send a push notification to each of the one or more clients, which when interacted with at a respective one of the one or more clients, causes an application installed at the respective client to be launched which is associated with, or executes at least a portion of, the software instructions.

“10. The system of claim 1 wherein: the access token corresponding to the respective short code consists of information unrelated to a user of a corresponding device.

“11. The system of claim 1 wherein: the peer-to-peer connection enables transmission of video streams for providing telemedicine care; the host comprises a device operated by a healthcare provider; and at least one of the one or more clients comprise a device operated by a patient of the healthcare provider.

“12. The system of claim 1 wherein: the privileges comprise an option to revoke access for any of the one or more clients within the particular communication session.

“13. The system of claim 1 wherein: the software instructions, when executed, configure the one or more processors to generate, for the ledger, a numeric tuple for each participant based on the particular communication session and the time window; and each numeric tuple includes the respective participant identifier and the respective participant key for said participant.

“14. The system of claim 13 wherein: the numeric tuples further include the signing secret kept by the system; and the signing secret is common to all numeric tuples such that changing the signing secret invalidates all access tokens.

“15. A system of authenticating devices for secure data exchange during a telemedicine consultation, said system comprising: a host device associated with a healthcare provider and having an application installed thereon; client devices, each associated with a potential participant and having the application installed thereon; one or more servers hosting the application, which when executed, configures one or more processors to: receive a scheduling request from a particular one of the client devices; generate a ledger of participants authorized to be admitted to a particular communication session during a time window for the telemedicine consultation, wherein the ledger includes, for each participant, a respective participant identifier, a respective participant key, and a common meeting identifier for the particular communication encoded into a respective short-code for the participant, wherein the participants include the host device and one or more of the client devices; receive, from the host device, a short-code; redeem the short-code received of the host for an access token authorizing the host to connect to the particular communication session during the time window and defining privileges for the host; provide, to each of the one or more clients, the respective short-code; request from each of the one or more clients, redemption of the respective short-code from a respective one of the one or more clients for an access token corresponding to the respective short-code; and de-code the short-codes received from the one or more clients.

“16. The system of claim 15 wherein: the software instructions, when executed, configure the one or more processors to: in response to redeeming the access token corresponding to the respective short code, provide information for, and authorize entering, a meeting room based on the common meeting identifier; and the meeting room allows for a peer-to-peer connection between devices within the meeting room during the particular communication session.

“17. The system of claim 16 wherein: the software instructions, when executed, configure the one or more processors to perform the decoding by at least: converting the respective short code into a string of valid format; splitting the string of valid format into a plurality of segments; passing each segment of the plurality of segments into a cryptographic decoding function unique to each segment to generate an output; extracting the respective participant key and the common meeting identifier from the output; retrieving the respective participant identifier and the time window to match of the respective participant key and the common meeting identifier within the ledger; utilizing a signing secret along with the common meeting identifier, the respective participant identifier, and the time window to generate the access token corresponding to the respective short code; and providing the access token corresponding to the respective short code to the respective client.

“18. The system of claim 17 wherein: the host device and each of the client devices comprise any one of: a tablet, a smartphone, and a personal computer.”

There are additional claims. Please visit full patent to read further.

For additional information on this patent application, see: Chun, Jaewook; Flores, Andrew; Nuziale, Salvatore; Persaud, Anthony; Ryder, Avery; Spindell, Henry. System And Method Of Authenticating Devices For Secure Data Exchange. U.S. Patent Application Number 20230379162, filed August 2, 2023 and posted November 23, 2023. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(20230379162)&db=US-PGPUB&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)