Instrument access control system

US 7,661,127 B2
Filed: 11/12/2002
Issued: 02/09/2010
Est. Priority Date: 11/12/2002
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a shared laboratory test instrument user prior to accessing the shared laboratory test instrument in order to perform one or more lab tests using the shared laboratory test instrument comprising the steps of:

(A) providing a user authenticating lab instrument access control and management system comprising a plurality of network connected shared laboratory test instruments;

(B) receiving logon credentials from a user in an attempt to access a select one of the plurality of shared laboratory test instruments;

(C) authenticating the user as an authorized user of the system based on the logon credentials associated with the user prior to accessing the shared laboratory test instrument;

(D) determining whether the logon credentials authorize the user to access the select one of the plurality of shared laboratory test instruments by comparing the credentials to credential information stored in a data store accessible over a network to the plurality of shared laboratory test instruments by the following steps,(D)(1) identifying a role of the user;

(D)(2) identifying a set of default laboratory test instrument access rights associated with the role;

(D)(3) identifying a set of user-specific laboratory test instrument access rights associated with the user;

(D)(4) applying the user-specific laboratory test instrument access rights to the default laboratory test instrument access rights to obtain a set of final laboratory test instrument access rights associated with the user;

(D)(5) determining whether the set of final laboratory test instrument access rights associated with the user includes the right to access the select one of the plurality of shared laboratory test instruments; and

(D)(6) determining that the logon credentials authorize the user to access the select one of the plurality of shared laboratory test instruments if it is determined that the set of final laboratory test instrument access rights associated with the user includes the right to access the select one of the plurality of shared laboratory test instruments;

(E) granting the user access to the select one of the plurality of shared laboratory test instruments only if it is determined that the user is an authorized user of the system and the logon credentials authorize the user to access the select one of the plurality of shared laboratory test instruments;

(F) identifying a set of operations that the user has the right to perform using the select one of the plurality of shared laboratory test instruments for performing one or more laboratory tests on the integrity of a membrane-based separation device;

(G) allowing the user to perform on the select one of the plurality of shared laboratory test instruments only those operations in the identified set of operations for performing one or more laboratory tests on the integrity of a membrane-based separation device; and

(H) performing one or more tests using the select one of the plurality of the shared laboratory test instruments.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for centrally managing a set of network-connected laboratory instruments is disclosed. For example, the system includes a centralized database that includes information about the instruments in the system and about the authorized users of the system. In particular, the centralized database indicates which users are authorized to use each of the instruments in the system. The database may also include information about the operations that each user is authorized to perform using the instruments and information indicating whether tests performed by each instrument must be signed using one or more electronic signatures. The system may recognize a number of “roles,” each of which is associated with a particular set of rights, and may assign one or more roles to each user. Instruments and other elements of the system may access the centralized database over a network to enforce the user rights represented by the information in the database.

19 Citations

View as Search Results

28 Claims

1. A method of authenticating a shared laboratory test instrument user prior to accessing the shared laboratory test instrument in order to perform one or more lab tests using the shared laboratory test instrument comprising the steps of:
- (A) providing a user authenticating lab instrument access control and management system comprising a plurality of network connected shared laboratory test instruments;
  
  (B) receiving logon credentials from a user in an attempt to access a select one of the plurality of shared laboratory test instruments;
  
  (C) authenticating the user as an authorized user of the system based on the logon credentials associated with the user prior to accessing the shared laboratory test instrument;
  
  (D) determining whether the logon credentials authorize the user to access the select one of the plurality of shared laboratory test instruments by comparing the credentials to credential information stored in a data store accessible over a network to the plurality of shared laboratory test instruments by the following steps,(D)(1) identifying a role of the user;
  
  (D)(2) identifying a set of default laboratory test instrument access rights associated with the role;
  
  (D)(3) identifying a set of user-specific laboratory test instrument access rights associated with the user;
  
  (D)(4) applying the user-specific laboratory test instrument access rights to the default laboratory test instrument access rights to obtain a set of final laboratory test instrument access rights associated with the user;
  
  (D)(5) determining whether the set of final laboratory test instrument access rights associated with the user includes the right to access the select one of the plurality of shared laboratory test instruments; and
  
  (D)(6) determining that the logon credentials authorize the user to access the select one of the plurality of shared laboratory test instruments if it is determined that the set of final laboratory test instrument access rights associated with the user includes the right to access the select one of the plurality of shared laboratory test instruments;
  
  (E) granting the user access to the select one of the plurality of shared laboratory test instruments only if it is determined that the user is an authorized user of the system and the logon credentials authorize the user to access the select one of the plurality of shared laboratory test instruments;
  
  (F) identifying a set of operations that the user has the right to perform using the select one of the plurality of shared laboratory test instruments for performing one or more laboratory tests on the integrity of a membrane-based separation device;
  
  (G) allowing the user to perform on the select one of the plurality of shared laboratory test instruments only those operations in the identified set of operations for performing one or more laboratory tests on the integrity of a membrane-based separation device; and
  
  (H) performing one or more tests using the select one of the plurality of the shared laboratory test instruments.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein step (C) is performed by an operating system authentication mechanism.
  - 3. The method of claim 2, wherein step (E) is performed by means distinct from the operating system authentication mechanism.
  - 4. The method of claim 3, wherein the means distinct from the operating system authentication mechanism comprises a server serving the data store.
  - 5. The method of claim 1, wherein step (D) is performed by a computer on which an operating system executes, wherein the operating system recognizes a first set of user roles, and wherein step (D)(1) comprises a step of selecting the role from among a second set of roles that is independent of the first set of roles.
  - 6. The method of claim 1, wherein step (D) is performed by a software program executed by a computer executing an operating system, wherein the operating system recognizes a first set of user roles, and wherein the first determining means comprises means for identifying the role from among a second set of roles that is independent of the first set of roles.
  - 7. The method of claim 1, wherein step (B) comprises a step of receiving the logon credentials from the user through an input device coupled locally to the select one of the plurality of shared laboratory test instruments.
  - 8. The method of claim 1, wherein the logon credentials comprise a username and a password.
  - 9. The method of claim 1, wherein step (D) comprises a step of determining whether the logon credentials authorize the user to access the select one of the plurality of shared laboratory test instruments by comparing the credentials to credential information stored in a local copy of the data store.

10. A method of authenticating a shared laboratory test instrument user prior to accessing the shared laboratory test instrument in order to perform one or more lab tests using the shared laboratory test instrument comprising the steps of:
- (A) providing a user authenticating lab instrument access control and management system comprising a plurality of network connected shared laboratory test instruments,(B) receiving logon credentials from a user in an attempt to access a select one of the plurality of shared laboratory test instruments;
  
  (C) authenticating the user as an authorized user of the system based on the logon credentials associated with the user prior to accessing a shared laboratory test instrument;
  
  (D) determining whether the logon credentials authorize the user to access the select one of the plurality of shared laboratory test instruments by comparing the credentials to credential information stored in a data store accessible over a network to the plurality of shared laboratory test instruments comprising the steps of comprises steps of;
  
  (D)(1) identifying a role of the user;
  
  (D)(2) identifying a set of default laboratory test instrument access rights associated with the role;
  
  (D)(3) identifying a set of user-specific laboratory test instrument access rights associated with the user;
  
  (D)(4) applying the user-specific laboratory test instrument access rights to the default laboratory test instrument access rights to obtain a set of final laboratory test instrument access rights associated with the user;
  
  (D)(5) determining whether the set of final laboratory test instrument access rights associated with the user includes the right to access the select one of the plurality of shared laboratory test instruments; and
  
  (D)(6) determining that the logon credentials authorize the user to access the select one of the plurality of shared laboratory test instruments if it is determined that the set of final laboratory test instrument access rights associated with the user includes the right to access the select one of the plurality of shared laboratory test instruments;
  
  (E) granting the user access to the select one of the plurality of shared laboratory test instruments only if it is determined that the user is an authenticated and authorized user of the system and the logon credentials authorize the user to access the select one of the plurality of shared laboratory test instruments; and
  
  (F) performing one or more tests using the shared laboratory test instrument.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein the step (C) is performed by an operating system authentication mechanism.
  - 12. The method of claim 11, wherein the step (E) is performed by means distinct from the operating system authentication mechanism.
  - 13. The method of claim 12, wherein the means distinct from the operating system authentication mechanism comprises a server serving the data store.
  - 14. The method of claim 10, wherein the step (D) is performed by a computer on which an operating system executes, wherein the operating system recognizes a first set of user roles.
  - 15. The method of claim 10, wherein the logon credentials comprise a username and a password.
  - 16. The method of claim 10, further comprising a step of:
    - (G) identifying a set of operations that the user has the right to perform using the select one of the plurality of shared laboratory test instruments for performing one or more laboratory tests on the integrity of a membrane-based separation device; and
      
      (H) allowing the user to perform on the select one of the plurality of shared laboratory test instruments only those operations in the identified set of operations for performing one or more laboratory tests on the integrity of a membrane-based separation device.
  - 17. The method of claim 10, wherein the step (B) comprises a step of receiving the logon credentials from the user through an input device coupled locally to the select one of the plurality of shared laboratory test instruments.
  - 18. The method of claim 10, wherein the step (D) further comprises steps of:
    - (D)(7) transmitting an authorization request over the network to a server;
      
      (D)(8) receiving an authorization response over the network from the server; and
      
      (D)(9) determining whether the authorization response indicates that the logon credentials authorize the user to access the select one of the plurality of shared test laboratory instruments.

19. A user authentication system for authenticating a user prior to accessing a plurality of network connected shared laboratory test instrument comprising:
- (a) a user authenticating lab instrument access control and management system comprising a plurality of network connected shared laboratory test instruments;
  
  (b) receiving means for receiving logon credentials from a user in an attempt to access a select one of the plurality of shared laboratory test instruments;
  
  (c) first determining means for determining whether the logon credentials authorize the user to access the select one of the plurality of shared laboratory test instruments by comparing the credentials to credential information stored in a data store accessible over a network to the plurality of shared laboratory test instruments, wherein the first determining means comprises,(i) first identifying means for identifying a role of the user;
  
  (ii) second identifying means for identifying a set of default laboratory test instrument access rights associated with the role;
  
  (iii) third identifying means for identifying a set of user-specific laboratory test instrument access rights associated with the user;
  
  (iv) application means for applying the user-specific laboratory test instrument access rights to the default laboratory test instrument access rights to obtain a set of final laboratory test instrument access rights associated with the user;
  
  (v) second determining means for determining whether the set of final laboratory test instrument access rights associated with the user includes the right to access the select one of the plurality of shared laboratory test instruments; and
  
  (vi) third determining means for determining that the logon credentials authorize the user to access the select one of the plurality of shared laboratory test instruments if it is determined that the set of final laboratory test instrument access rights associated with the user includes the right to access the select one of the plurality of shared laboratory test instruments;
  
  (d) authenticating means for determining whether the user is an authorized user of the system based on the logon credentials prior to accessing a network connected shared laboratory test instrument;
  
  (e) rights granting means for granting the user access to the select one of the plurality of shared laboratory test instruments only if it is determined that the user is an authorized user of the system and it is determined that the logon credentials authorize the user to access the select one of the plurality of shared laboratory test instruments, and(f) a shared laboratory test instrument management tool for instructing the plurality of shared laboratory instruments to perform one or more tests.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 20. The system of claim 19, wherein the authenticating means comprises a component of an operating system authentication mechanism.
  - 21. The system of claim 20, wherein the rights granting means comprises a component distinct from the operating system authentication mechanism.
  - 22. The system of claim 21, wherein the component distinct from the operating system authentication mechanism comprises a server serving the data store.
  - 23. The system of claim 19, wherein the first determining means comprises a software program executing on a computer on which an operating system executes, wherein the operating system recognizes a first set of user roles, and wherein the first identifying means comprises means for selecting the role from among a second set of roles that is independent of the first set of roles.
  - 24. The system of claim 19, wherein the receiving means comprises means for receiving the logon credentials from the user through an input device coupled locally to the select one of the plurality of laboratory test instruments.
  - 25. The system of claim 19, wherein the logon credentials comprise a username and a password.
  - 26. The system of claim 19, further comprising:
    - means for identifying a set of operations that the user has the right to perform using the select one of the plurality of shared laboratory test instruments; and
      
      means for allowing the user to perform on the select one of the plurality of shared laboratory test instruments only those operations in the identified set of operations.
  - 27. The system of claim 19, wherein the first determining means comprises means for determining whether the logon credentials authorize the user to access the select one of the plurality of shared laboratory test instruments by comparing the credentials to credential information stored in a local copy of the data store.
  - 28. The system of claim 19, wherein the first determining means comprises:
    - means for transmitting an authorization request over the network to a server;
      
      means for receiving an authorization response over the network from the server; and
      
      means for determining whether the authorization response indicates that the logon credentials authorize the user to access the select one of the plurality of shared laboratory test instruments.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EMD Millipore Corporation (Merck & Co., Inc.)
Original Assignee
Millipore Corporation
Inventors
Hirsch, Thomas Steven
Primary Examiner(s)
Dada; Beemnet W

Application Number

US10/292,666
Publication Number

US 20040093526A1
Time in Patent Office

2,646 Days
Field of Search

726 2- 5, 726 26- 29, 713/155, 713/168
US Class Current

726/5
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/629   to features or functions of...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/0823   using certificates cryptogr...

H04L 63/105   Multiple levels of security

H04L 63/12   Applying verification of th...

Instrument access control system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Instrument access control system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links