Strong authentication via distributed stations

US 10,078,425 B2
Filed: 11/19/2015
Issued: 09/18/2018
Est. Priority Date: 11/19/2014
Status: Active Grant

First Claim

Patent Images

1. A method of authentication and log-on to access a secure resource via a computer network, the method comprising the steps of:

sending, via a computational device, an access request to a secure resource from a user via a network;

receiving, from the secure resource, a user authentication requirement involving an authentication modality, wherein the computational device does not support the authentication modality and cannot be solely utilized to satisfy the user authentication requirement;

locating, via a mobile device, a nearest authentication station supporting the authentication modality, wherein the nearest authentication station and the computational device are located at different locations;

establishing wireless communication between the mobile device and the authentication station;

obtaining, by the authentication station using the authentication modality, authentication credentials from the user, the user having traveled to the authentication station;

causing transmission of the authentication credentials to an authentication server different from the authentication station;

receiving, by the authentication station, an authentication confirmation from the authentication server and, via multiple-party communication among the mobile device, the authentication station, the computational device, and the secure resource, according access to the secure resource via the computational device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In various embodiments, authentication stations are distributed within a facility, particularly in spaces where mobile devices are predominantly used—e.g., a hospital'"'"'s emergency department. Each such station includes a series of authentication devices. Mobile device may run applications for locating the nearest such station and, in some embodiments, pair wirelessly with the station so that authentication thereon will accord a user access to the desired resource via a mobile device.

16 Citations

View as Search Results

16 Claims

1. A method of authentication and log-on to access a secure resource via a computer network, the method comprising the steps of:
- sending, via a computational device, an access request to a secure resource from a user via a network;
  
  receiving, from the secure resource, a user authentication requirement involving an authentication modality, wherein the computational device does not support the authentication modality and cannot be solely utilized to satisfy the user authentication requirement;
  
  locating, via a mobile device, a nearest authentication station supporting the authentication modality, wherein the nearest authentication station and the computational device are located at different locations;
  
  establishing wireless communication between the mobile device and the authentication station;
  
  obtaining, by the authentication station using the authentication modality, authentication credentials from the user, the user having traveled to the authentication station;
  
  causing transmission of the authentication credentials to an authentication server different from the authentication station;
  
  receiving, by the authentication station, an authentication confirmation from the authentication server and, via multiple-party communication among the mobile device, the authentication station, the computational device, and the secure resource, according access to the secure resource via the computational device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the mobile device is the computational device.
  - 3. The method of claim 1, wherein the mobile device is different from, but in wireless communication with, the computational device.
  - 4. The method of claim 1, wherein the step of establishing wireless communication between the mobile device and the authentication station comprises claiming, by the mobile device, the authentication station until the authentication credentials have been received by the authentication station.
  - 5. The method of claim 1, wherein the multiple-party communication comprises:
    - wirelessly communicating, by the authentication station via a secure link, the obtained authentication credentials to the wireless device; and
      
      wirelessly communicating, by the wireless device via a secure link, the authentication credentials to the authentication server.
  - 6. The method of claim 5, wherein the computational device is different from the wireless device, and further comprising the steps of:
    - wirelessly communicating, by the authentication station to the wireless device via a secure link, a token indicating acceptance of the obtained authentication credentials; and
      
      wirelessly communicating, by the wireless device via a secure link, the token to the computational device, whereby access to the secure resource is accorded to the computational device.
  - 7. The method of claim 1, wherein the multiple-party communication comprises:
    - wirelessly communicating, by the wireless device via a secure link to the authentication server, the authentication credentials and session data identifying a session between an application running on the wireless device and the secure resource; and
      
      causing, by the authentication server, the computational device to be accorded access to the secure resource over the session.
  - 8. The method of claim 1, further comprising displaying, by the mobile device, a map showing a current location of the mobile device and a location of the authentication station.

9. A system for facilitating authentication and log-on to access a secure resource via a computer network using an authentication modality, the system comprising:
- a network;
  
  a plurality of authentication stations;
  
  an authentication server different from the authentication stations;
  
  a computational device configured for requesting access to a secure resource via the network but lacking the authentication modality, wherein the computational device is located at a location different from locations of the authentication stations; and
  
  a mobile device comprising a processor and a memory storing an application, the application, when executed by the processor as a running process, causing the mobile device to identify a nearest one of the authentication stations supporting the authentication modality and establish wireless communication therewith,wherein the identified authentication station is configured to (i) receive, using the authentication modality, authentication credentials from a user located at the authentication station, (ii) transmit the authentication credentials to the authentication server, and (iii) receive an authentication confirmation from the authentication server,and further wherein the mobile device, the authentication station, the computational device, and the secure resource, are configured for multiple-party communication whereby access is accorded to the secure resource via the computational device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the mobile device further comprises a display and a mapping application which, when executed by the processor as a running process, causes a map showing a current location of the mobile device and a location of the authentication station to appear on the display.
  - 11. The system of claim 10, wherein the mobile device is the computational device.
  - 12. The system of claim 10, wherein the mobile device is different from, but in wireless communication with, the computational device.
  - 13. The system of claim 10, wherein the mobile device is configured to wirelessly claim the identified authentication station until the authentication credentials have been received by the authentication station.
  - 14. The system of claim 10, wherein the multiple-party communication comprises:
    - wireless communication by the authentication station of the obtained authentication credentials to the wireless device via a secure link, andwireless communication by the wireless device of the authentication credentials to the authentication server via a secure link.
  - 15. The system of claim 14, wherein (i) the computational device is different from the wireless device and (ii) the multiple-party communication further comprises wireless communication by the authentication station to the wireless device via a secure link of a token indicating acceptance of the obtained authentication credentials, the wireless device being configured to use the token to obtain access to the secure resource.
  - 16. The system of claim 10, wherein (i) the multiple-party communication comprises wireless communication, by the wireless device via a secure link to the authentication server, of the authentication credentials and session data identifying a session between an application running on the wireless device and the secure resource, and (ii) the authentication server is configured to accord the computational device access to the secure resource over the session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imprivata Incorporated
Original Assignee
Imprivata Incorporated
Inventors
Ullrich, Meinhard Dieter
Primary Examiner(s)
Siddiqi, Mohammad A

Application Number

US14/945,671
Publication Number

US 20160142394A1
Time in Patent Office

1,034 Days
Field of Search
US Class Current
CPC Class Codes

G06F 3/0482   Interaction with lists of s...

G16H 10/60   for patient-specific data, ...

G16H 40/20   for the management or admin...

G16H 40/67   for remote operation

G16Z 99/00   Subject matter not provided...

H04L 63/08   for authentication of entit...

H04L 67/12   specially adapted for propr...

H04L 67/52   specially adapted for the l...

H04L 67/535   Tracking the activity of th...

H04W 12/06   Authentication

H04W 12/63   Location-dependent; Proximi...

H04W 4/023   using mutual or relative lo...

H04W 4/029   Location-based management o...

H04W 4/33   for indoor environments, e....

H04W 60/04   using triggered events

H04W 64/00   Locating users or terminals...

Strong authentication via distributed stations

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Strong authentication via distributed stations

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links