Instrument access control system
First Claim
1. A user authenticating access-control and management system for a network-connected shared laboratory instrument comprising:
- (A) a network connected shared laboratory instrument;
(B) a network connected domain controller (180) for receiving logon credentials from a user in an attempt to access the shared laboratory instrument, and authenticating the user as an authorized user of the system based on logon credentials associated with the user prior; and
(C) a network connected role server (120) including a role database (130) for determining whether the logon credentials authorize the user to access the selected shared laboratory instrument by comparing the logon credentials to credential information stored in the role database by the following steps,(C)(1) identifying a role of the user;
(C)(2) identifying a set of default laboratory instrument access rights associated with the role;
(C)(3) identifying a set of user-specific laboratory instrument access rights associated with the user;
(C)(4) applying the user-specific laboratory test instrument access rights to the default laboratory test instrument access rights to obtain a set of final laboratory instrument access rights associated with the user;
(C)(5) determining whether the set of final laboratory instrument access rights associated with the user includes the right to access the selected shared laboratory instrument; and
(C)(6) determining that the logon credentials authorize the user to access the selected shared laboratory instruments if it is determined that the set of final laboratory instrument access rights associated with the user includes the right to access the selected shared laboratory instrument;
(C)(7) granting the user access to the selected shared laboratory test instrument only if it is determined that the user is an authorized user of the system and the logon credentials authorize the user to access the selected shared laboratory instrument;
(C)(8) identifying a set of operations that the user has the right to perform using the selected shared laboratory instrument for performing one or more laboratory tests; and
(C)(9) allowing the user to perform on the selected shared laboratory instrument only those operations in the identified set of operations for performing one or more laboratory tests.
2 Assignments
0 Petitions
Accused Products
Abstract
A system for centrally managing a set of network-connected laboratory instruments is disclosed. For example, the system includes a centralized database that includes information about the instruments in the system and about the authorized users of the system. In particular, the centralized database indicates which users are authorized to use each of the instruments in the system. The database may also include information about the operations that each user is authorized to perform using the instruments and information indicating whether tests performed by each instrument must be signed using one or more electronic signatures. The system may recognize a number of “roles,” each of which is associated with a particular set of rights, and may assign one or more roles to each user. Instruments and other elements of the system may access the centralized database over a network to enforce the user rights represented by the information in the database.
26 Citations
20 Claims
-
1. A user authenticating access-control and management system for a network-connected shared laboratory instrument comprising:
-
(A) a network connected shared laboratory instrument; (B) a network connected domain controller (180) for receiving logon credentials from a user in an attempt to access the shared laboratory instrument, and authenticating the user as an authorized user of the system based on logon credentials associated with the user prior; and (C) a network connected role server (120) including a role database (130) for determining whether the logon credentials authorize the user to access the selected shared laboratory instrument by comparing the logon credentials to credential information stored in the role database by the following steps, (C)(1) identifying a role of the user; (C)(2) identifying a set of default laboratory instrument access rights associated with the role; (C)(3) identifying a set of user-specific laboratory instrument access rights associated with the user; (C)(4) applying the user-specific laboratory test instrument access rights to the default laboratory test instrument access rights to obtain a set of final laboratory instrument access rights associated with the user; (C)(5) determining whether the set of final laboratory instrument access rights associated with the user includes the right to access the selected shared laboratory instrument; and (C)(6) determining that the logon credentials authorize the user to access the selected shared laboratory instruments if it is determined that the set of final laboratory instrument access rights associated with the user includes the right to access the selected shared laboratory instrument; (C)(7) granting the user access to the selected shared laboratory test instrument only if it is determined that the user is an authorized user of the system and the logon credentials authorize the user to access the selected shared laboratory instrument; (C)(8) identifying a set of operations that the user has the right to perform using the selected shared laboratory instrument for performing one or more laboratory tests; and (C)(9) allowing the user to perform on the selected shared laboratory instrument only those operations in the identified set of operations for performing one or more laboratory tests. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method for authenticating a user prior to accessing a network connected shared laboratory instrument comprising steps of:
-
(A) receiving a first electronic signature from a first user to sign results of a test performed by an instrument; (B) authenticating the user based on credentials associated with the user; (C) identifying a role of the user; (D) determining whether the role of the user satisfies a role criterion; and (E) accepting the first electronic signature only if the role of the user satisfies the role criterion. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A user authenticating access-control and management system for a plurality of network-connected shared laboratory instruments comprising:
-
(A) receiving means for receiving a first electronic signature from a first user to sign results of a test performed by an instrument; (B) authentication means for authenticating the user based on credentials associated with the user; (C) first identifying means for identifying a role of the user; (D) first determining means for determining whether the role of the user satisfies a role criterion, wherein first determining means includes first identifying means for identifying a role of the user; (E) second identifying means for identifying a set of instrument access rights associated with the role; (F) second determining means for determining whether the set of instrument access rights associated with the role includes the right to access the select one of the plurality of instruments; (G) third determining means for determining that the logon credentials authorize the user to access the select one of the plurality of instruments if it is determined that the set of instrument access rights associated with the role includes the right to access the select one of the plurality of instruments; and (H) acceptance means for accepting the first electronic signature only if the role of the user satisfies the role criterion. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification