IDENTIFICATION, AUTHENTICATION, AND AUTHORIZATION METHOD IN A LABORATORY SYSTEM

US 20160065590A1
Filed: 08/17/2015
Published: 03/03/2016
Est. Priority Date: 08/27/2014
Status: Active Grant

First Claim

Patent Images

1. An identification, authentication and authorization method in a laboratory system comprising at least one laboratory device, the method comprising:

receiving identification data from an identification tag by an identification and authentication unit, the identification data identifies a user;

receiving identity confirmation data by the identification and authentication unit to authenticate the user;

generating authentication data corresponding to the identification data upon successful authentication of the user, the authentication data comprising a validity time period, wherein the authentication data is configured to enable authentication of the user based on the identification data during the validity time period without repeated receipt of the identity confirmation data;

receiving the identification data by an identification unit from the identification tag;

validating the authentication data corresponding to the identification data comprising the step of verifying non-expiry of the validity time period; and

granting authorization to the user for the laboratory device upon successful validation of the authentication data.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An identification, authentication and authorization method in a laboratory system is presented. The system comprises at least one laboratory device. The method comprises receiving identification data identifying a user; receiving identity confirmation data to authenticate the user; and generating authentication data upon successful authentication of the user. The authentication data is configured to enable authentication of the user based on only the identification data during a validity time period without repeated receipt of the identity confirmation data. The method further comprises receiving the identification data by an identification unit; validating the authentication data corresponding to the identification data comprising the step of verifying non-expiry of the validity time period; and granting authorization to the user for the laboratory device upon successful validation of the authentication data.

11 Citations

View as Search Results

22 Claims

1. An identification, authentication and authorization method in a laboratory system comprising at least one laboratory device, the method comprising:
- receiving identification data from an identification tag by an identification and authentication unit, the identification data identifies a user;
  
  receiving identity confirmation data by the identification and authentication unit to authenticate the user;
  
  generating authentication data corresponding to the identification data upon successful authentication of the user, the authentication data comprising a validity time period, wherein the authentication data is configured to enable authentication of the user based on the identification data during the validity time period without repeated receipt of the identity confirmation data;
  
  receiving the identification data by an identification unit from the identification tag;
  
  validating the authentication data corresponding to the identification data comprising the step of verifying non-expiry of the validity time period; and
  
  granting authorization to the user for the laboratory device upon successful validation of the authentication data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The identification, authentication and authorization method according to claim 1, wherein the identification data is provided to the identification and authentication unit by causing the identification data to be transmitted from the identification tag to an identification tag reader or by a human interface device operatively connected to the identification and authentication unit.
  - 3. The identification, authentication and authorization method according to claim 1, further comprising,operatively connecting the identification and authentication unit with the identification unit such as to make the authentication data generated by the identification and authentication unit available to the identification unit;
    - orstoring the authentication data by the identification and authentication unit in an authentication data repository accessible by the identification unit.
  - 4. The identification, authentication and authorization method according to claim 1, wherein the identification and authentication unit functionally and/or structurally comprises the identification unit.
  - 5. The identification, authentication and authorization method according to claim 1, further comprising,the identification and authentication unit encrypting and/or digitally signing the authentication data;
    - andthe identification unit decrypting and/or verifying a digital signature of the authentication data.
  - 6. The identification, authentication and authorization method according to claim 5, wherein the identification and authentication unit encrypts and/or digitally signs the authentication data using a preconfigured private encryption key.
  - 7. The identification, authentication and authorization method according to claim 6, wherein the identification unit decrypts and/or verifies a digital signature of the authentication data using a preconfigured public key corresponding to the private key of the identification and authentication unit.
  - 8. The identification, authentication and authorization method according to claim 1, further comprising,the identification and authentication unit causes the authentication data to be stored on the identification tag, wherein the identification tag is a writable identification tag;
    - andafter identification of the user and before validation of the authentication data, the identification unit retrieves the authentication data from the identification tag.
  - 9. The identification, authentication and authorization method according to claim 8, wherein the identification and authentication unit causes the authentication data to be stored on the identification tag by an identification tag writer.
  - 10. The identification, authentication and authorization method according to claim 1, further comprising,storing the identity confirmation data within the authentication data upon successful authentication of the user by the identification and authentication unit;
    - providing a credential cache device functionally and/or structurally connected between a human interface device and a credential input interface operatively connected to and/or part of the laboratory device; and
      
      authenticating the user by the credential cache device for the laboratory device by transmitting the identification data and the identity confirmation data to the credential input interface upon identifying the user with the identification unit comprised by and/or operatively to the credential cache device.
  - 11. The identification, authentication and authorization method according to claim 10, wherein human interface device is a keyboard or keypad.
  - 12. The identification, authentication and authorization method according to claim 10, wherein the credential cache device comprises and/or is operatively connected to the identification and authentication unit.
  - 13. The identification, authentication and authorization method according to claim 1, wherein the laboratory system comprises a plurality of laboratory devices and a plurality of identification units, wherein any one or more of the plurality of identification units is configured to authenticate a user with any one or more of the plurality of laboratory devices.
  - 14. The identification, authentication and authorization method according claim 1, further comprising,storing device usage data corresponding to the granting of authorization to the user for the laboratory device, the device usage data being retrievably accessible to a device usage monitoring unit.
  - 15. The identification, authentication and authorization method according claim 14, wherein the device usage data is stored on the identification tag by the identification unit.

16. A laboratory system, the laboratory system comprising:
- at least one laboratory device;
  
  an identification and authentication unit configured to;
  
  receive identification data from an identification tag, the identification data identifying a user;
  
  receive identity confirmation data to authenticate the user; and
  
  generate authentication data corresponding to the identification data, the authentication data comprising a validity time period upon successful authentication of the user, wherein the authentication data is configured to enable authentication of the user based on only the identification data during the validity time period without repeated receipt of the identity confirmation data;
  
  an identification unit configured to;
  
  receive identification data from the identification tag;
  
  validate the authentication data corresponding to the identification data comprising the step of verifying non-expiry of the validity time period; and
  
  grant authorization to the user for the laboratory device upon successful validation of the authentication data.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The laboratory system according to claim 16, wherein the identification and authentication unit further comprises an identification tag writer configured to store the authentication data on the identification tag and wherein the identification unit is configured to retrieve the authentication data from the identification tag.
  - 18. The laboratory system according to claim 16, wherein the identification and authentication unit is configured to store the identity confirmation data within the authentication data, the laboratory system further comprising a credential cache device functionally and/or structurally connected between a human interface device and a credential input interface operatively connected to and/or part of the laboratory device, the credential cache device being configured to authenticate the user for the laboratory device by transmitting the identification data and the identity confirmation data to the credential input interface upon identification of the user with the identification unit comprised by and/or operatively to the credential cache device.
  - 19. The laboratory system according to claim 16, wherein the laboratory system comprises a plurality of laboratory devices and a plurality of identification units, wherein any one or more of the plurality of identification units is configured to authenticate the user with any one or more of the plurality of laboratory devices.
  - 20. The laboratory system according to claim 16, wherein the identification and authentication unit and/or the identification unit is/are stand-alone devices of the laboratory system or functionally and/or structurally integrated into one or more laboratory device(s).
  - 21. The laboratory system according to claim 16, wherein the identification tag is a RFID tag.
  - 22. The laboratory system according to claim 16, wherein the identification and authentication unit is comprised within authentication and authorization system (AAS).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Roche Diagnostics Operations Incorporated (Roche Holding AG)
Original Assignee
Roche Diagnostics Operations Incorporated (Roche Holding AG)
Inventors
Knafel, Andrzej, Steimle, Anton, Gramelspacher, Lothar

Granted Patent

US 10,491,604 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/34   involving the use of extern...

G16H 10/40   for data related to laborat...

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/72   Signcrypting, i.e. digital ...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2463/082   applying multi-factor authe...

H04L 63/0428   wherein the data content is...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0853   using an additional device,...

H04L 63/108   when the policy decisions a...

H04L 63/123   received data contents, e.g...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

IDENTIFICATION, AUTHENTICATION, AND AUTHORIZATION METHOD IN A LABORATORY SYSTEM

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

IDENTIFICATION, AUTHENTICATION, AND AUTHORIZATION METHOD IN A LABORATORY SYSTEM

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links