Strong authentication via distributed stations

US 10,642,452 B2
Filed: 08/22/2018
Issued: 05/05/2020
Est. Priority Date: 11/19/2014
Status: Active Grant

First Claim

Patent Images

1. A mobile device for facilitating authentication for a user to access a secure resource via a computer network using an authentication modality, wherein connected to the computer network are a plurality of authentication stations, an authentication server different from the authentication stations, and a computational device (i) configured for requesting access to the secure resource via the computer network, (ii) lacking the authentication modality, and (iii) located at a location different from locations of the authentication stations, the mobile device comprising:

a processor; and

a memory storing an application, the application, when executed by the processor as a running process after the computational device requests access to the secure resource, causing the mobile device to;

identify a nearest one of the authentication stations supporting the authentication modality, wherein the identified authentication station is configured to (i) receive, using the authentication modality, authentication credentials from the user, (ii) transmit the authentication credentials to the authentication server, and (iii) receive an authentication confirmation from the authentication server,establish wireless communication with the identified authentication station,wirelessly receive from the identified authentication station a first token evidencing the authentication confirmation, andwirelessly transmit the first token to the computational device to thereby facilitate access by the user to the secure resource via the computational device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In various embodiments, authentication stations are distributed within a facility, particularly in spaces where mobile devices are predominantly used—e.g., a hospital'"'"'s emergency department. Each such station includes a series of authentication devices. Mobile device may run applications for locating the nearest such station and, in some embodiments, pair wirelessly with the station so that authentication thereon will accord a user access to the desired resource via a mobile device.

15 Citations

View as Search Results

20 Claims

1. A mobile device for facilitating authentication for a user to access a secure resource via a computer network using an authentication modality, wherein connected to the computer network are a plurality of authentication stations, an authentication server different from the authentication stations, and a computational device (i) configured for requesting access to the secure resource via the computer network, (ii) lacking the authentication modality, and (iii) located at a location different from locations of the authentication stations, the mobile device comprising:
- a processor; and
  
  a memory storing an application, the application, when executed by the processor as a running process after the computational device requests access to the secure resource, causing the mobile device to;
  
  identify a nearest one of the authentication stations supporting the authentication modality, wherein the identified authentication station is configured to (i) receive, using the authentication modality, authentication credentials from the user, (ii) transmit the authentication credentials to the authentication server, and (iii) receive an authentication confirmation from the authentication server,establish wireless communication with the identified authentication station,wirelessly receive from the identified authentication station a first token evidencing the authentication confirmation, andwirelessly transmit the first token to the computational device to thereby facilitate access by the user to the secure resource via the computational device.
- View Dependent Claims (2, 3, 4)
- - 2. The mobile device of claim 1, wherein the application further causes the mobile device to receive, from the computational device before the first token is wirelessly transmitted to the computational device, a second token establishing, at least in part, status of the computational device as a trusted source.
  - 3. The mobile device of claim 1, wherein the mobile device is configured to wirelessly claim the identified authentication station until the authentication credentials have been received by the authentication station.
  - 4. The mobile device of claim 1, further comprising:
    - a display; and
      
      a mapping application which, when executed by the processor as a running process, causes a map showing a current location of the mobile device and a location of the identified authentication station to appear on the display.

5. A mobile device for facilitating authentication for a user to access a secure resource via a computer network using an authentication modality, wherein connected to the computer network are a plurality of authentication stations, an authentication server different from the authentication stations, and a computational device (i) configured for requesting access to the secure resource via the computer network, (ii) lacking the authentication modality, and (iii) located at a location different from locations of the authentication stations, the mobile device comprising:
- a processor; and
  
  a memory storing an application, the application, when executed by the processor as a running process after the computational device requests access to the secure resource, causing the mobile device to;
  
  identify a nearest one of the authentication stations supporting the authentication modality, wherein the identified authentication station is configured to receive authentication credentials from the user using the authentication modality,establish wireless communication with the identified authentication station,wirelessly receive the authentication credentials from the identified authentication station after the identified authentication station receives the authentication credentials form the user, andwirelessly transmit the authentication credentials to the authentication server to thereby facilitate access by the user to the secure resource via the computational device.
- View Dependent Claims (6, 7, 8, 9, 10, 11)
- - 6. The mobile device of claim 5, wherein the wireless communication with the identified authentication station is established via a short-range wireless protocol.
  - 7. The mobile device of claim 6, wherein the application causes the mobile device to establish an internet protocol (IP) connection with the identified authentication station after wireless communication with the identified authentication station is established via the short-range wireless protocol, wherein the authentication credentials are wirelessly received from the identified authentication station over the IP connection.
  - 8. The mobile device of claim 5, wherein the application causes the mobile device to:
    - wirelessly receive, from the computational device, session information related to a session comprising the access request of the computational device to the secure resource, andwirelessly transmit the session information to the authentication server, whereby the authentication server accords access to the secure resource via the computational device within the session.
  - 9. The mobile device of claim 5, wherein the application causes the mobile device to:
    - wirelessly receive from the authentication server a token evidencing an authentication confirmation based on the authentication credentials, andwirelessly transmit the token to the computational device, whereby access to the secure resource via the computational device is granted based at least in part on the token.
  - 10. The mobile device of claim 5, wherein the mobile device is configured to wirelessly claim the identified authentication station until the authentication credentials have been received by the authentication station.
  - 11. The mobile device of claim 5, further comprising:
    - a display; and
      
      a mapping application which, when executed by the processor as a running process, causes a map showing a current location of the mobile device and a location of the identified authentication station to appear on the display.

12. A mobile device for facilitating authentication for a user to access a secure resource, using an authentication modality, via a computer network connected a plurality of authentication stations and an authentication server different from the authentication stations, wherein the mobile device lacks the authentication modality and is configured for requesting access to the secure resource via the computer network, the mobile device comprising:
- a processor; and
  
  a memory storing an application, the application, when executed by the processor as a running process after the user requests access to the secure resource, causing the mobile device to;
  
  identify a nearest one of the authentication stations supporting the authentication modality, wherein the identified authentication station is configured to receive authentication credentials from the user using the authentication modality,establish wireless communication with the identified authentication station,wirelessly receive the authentication credentials from the identified authentication station after the identified authentication station receives the authentication credentials form the user,wirelessly transmit the authentication credentials to the authentication server, andaccord access by the user to the secure resource, via the mobile device, after acceptance of the authentication credentials by the authentication server.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The mobile device of claim 12, wherein the wireless communication with the identified authentication station is established via a short-range wireless protocol.
  - 14. The mobile device of claim 13, wherein the application causes the mobile device to establish an internet protocol (IP) connection with the identified authentication station after wireless communication with the identified authentication station is established via the short-range wireless protocol, wherein the authentication credentials are wirelessly received from the identified authentication station over the IP connection.
  - 15. The mobile device of claim 12, wherein the application causes the mobile device to receive an authentication confirmation from the authentication server before according access by the user to the secure resource.
  - 16. The mobile device of claim 12, wherein the mobile device is configured to wirelessly claim the identified authentication station until the authentication credentials have been received by the authentication station.
  - 17. The mobile device of claim 12, further comprising:
    - a display; and
      
      a mapping application which, when executed by the processor as a running process, causes a map showing a current location of the mobile device and a location of the identified authentication station to appear on the display.

18. A mobile device for facilitating authentication for a user to access a secure resource, using an authentication modality, via a computer network connected a plurality of authentication stations and an authentication server different from the authentication stations, wherein the mobile device lacks the authentication modality and is configured for requesting access to the secure resource via the computer network, the mobile device comprising:
- a processor; and
  
  a memory storing an application, the application, when executed by the processor as a running process after the user requests access to the secure resource, causing the mobile device to;
  
  identify a nearest one of the authentication stations supporting the authentication modality, wherein the identified authentication station is configured to receive authentication credentials from the user using the authentication modality and transmit the authentication credentials to the authentication server,establish wireless communication with the identified authentication station,wirelessly transmit, to the identified authentication station, session information related to a session comprising the access request to the secure resource, wherein the identified authentication station is configured to transmit the session information to the authentication server, andaccord access by the user to the secure resource, via the mobile device and within the session, after acceptance of the authentication credentials by the authentication server.
- View Dependent Claims (19, 20)
- - 19. The mobile device of claim 18, wherein the mobile device is configured to wirelessly claim the identified authentication station until the authentication credentials have been received by the authentication station.
  - 20. The mobile device of claim 18, further comprising:
    - a display; and
      
      a mapping application which, when executed by the processor as a running process, causes a map showing a current location of the mobile device and a location of the identified authentication station to appear on the display.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imprivata Incorporated
Original Assignee
Imprivata Incorporated
Inventors
Ullrich, Meinhard Dieter
Primary Examiner(s)
Siddiqi, Mohammad A

Application Number

US16/108,736
Publication Number

US 20190056842A1
Time in Patent Office

622 Days
Field of Search
US Class Current
CPC Class Codes

G06F 3/0482   Interaction with lists of s...

G16H 10/60   for patient-specific data, ...

G16H 40/20   for the management or admin...

G16H 40/67   for remote operation

G16Z 99/00   Subject matter not provided...

H04L 63/08   for authentication of entit...

H04L 67/12   specially adapted for propr...

H04L 67/52   specially adapted for the l...

H04L 67/535   Tracking the activity of th...

H04W 12/06   Authentication

H04W 12/63   Location-dependent; Proximi...

H04W 4/023   using mutual or relative lo...

H04W 4/029   Location-based management o...

H04W 4/33   for indoor environments, e....

H04W 60/04   using triggered events

H04W 64/00   Locating users or terminals...

Strong authentication via distributed stations

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Strong authentication via distributed stations

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links