Method for controlling the access to a data network

US 8,438,657 B2
Filed: 02/07/2007
Issued: 05/07/2013
Est. Priority Date: 02/07/2006
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to a data network with a medical data source and a plurality of end points engaged in data exchange with the data source, comprising:

interfacing with a user at an end point of the data network including receiving a user log-in at the end point from which the end point is able to determine an end point user identification of the user at the end point and log the user into the end point;

receiving a request at the end point from the user for data exchange of medical data with the data source which is arranged for granting authorization for medical data exchange based on a data source user identification;

transmitting the request for medical data exchange from the end point to the data source including transmitting an end point identifier of the end point and without transmitting the end point user identification;

assigning properties of a non-interactive data source user identification to the end point identifier;

treating the end point identifier as data source user identification by the data source; and

granting authorizations for medical data exchange between the end point and the data source corresponding to the end point identifier.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for controlling access to a data network uses an end point identifier associated with an end point for control of the access to the data network. When a user X is logged in at the end point and a data query is directed from the end point to a data server, the data server uses the end point identifier of the end point in order to grant the user authorizations for data access.

Citations

13 Claims

1. A method for controlling access to a data network with a medical data source and a plurality of end points engaged in data exchange with the data source, comprising:
- interfacing with a user at an end point of the data network including receiving a user log-in at the end point from which the end point is able to determine an end point user identification of the user at the end point and log the user into the end point;
  
  receiving a request at the end point from the user for data exchange of medical data with the data source which is arranged for granting authorization for medical data exchange based on a data source user identification;
  
  transmitting the request for medical data exchange from the end point to the data source including transmitting an end point identifier of the end point and without transmitting the end point user identification;
  
  assigning properties of a non-interactive data source user identification to the end point identifier;
  
  treating the end point identifier as data source user identification by the data source; and
  
  granting authorizations for medical data exchange between the end point and the data source corresponding to the end point identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, wherein the authorization for access to data of the data source is granted corresponding to an association of the end point identifier with a user group.
  - 3. The method according to claim 2, wherein the end point identifier is associated with a plurality of user groups.
  - 4. The method according to claim 1, further comprising the step of:
    - granting an authorization for processing data stored in the data source according to an association of the end point identifier with a role.
  - 5. The method according to claim 4, wherein the end point identifier is associated with a plurality of roles.
  - 6. The method according to claim 1, further comprising the steps of:
    - controlling the access to a medical data network by exchanging data according to the DICOM standard and by using a logical address as data source user identification on the medical data network after the logical address has been transmitted to a data server serving as a data source, the logical address being associated with an application entity and being used as the end point identifier.
  - 7. The method according to claim 6, wherein the step of granting the authorizations comprises:
    - granting the authorizations corresponding to a hierarchical authorization system with a plurality of authorization levels, wherein the authorizations of a superordinate level include the authorizations of a subordinate level.
  - 8. The method according to claim 7, wherein authorizations for partial data access to data of a higher authorization level are granted to the association of an end point identifier with a subordinate authorization level.
  - 9. A method as claimed in claim 7, wherein said plurality of authorization levels include a patient level, an assignment level and an examination level.

10. A data network including a medical data source and an end point computer connected on the data network, comprising:
- a process for checking an end point user identification of a user working at the end point computer including a user log-in at the end point computer, the process using the user log-in at the end point computer to determine the end point user identification of the user and to log the user into the end point computer;
  
  a process for granting, to the user, authorizations for medical data exchange between the user and the data source via the end point computer, the authorizations for medical data exchange being dependent on the user being logged in to the end point computer and being determined to have an end point user identification; and
  
  assigning properties of a non-interactive data source user identification to the end point identifier without receiving the end point user identification at the data source, wherein the end point identifier is treated as a data source user identification, and wherein the authorization is granted corresponding to the end point identifier.

11. An end point computer on a data network, comprising a processor configured to exchange medical data with a data source, the exchange of medical data being based on an authorization granted based on a data source user identification that corresponds with an end point identifier, wherein the processor operates to perform the steps of:
- receiving a user log-in on the end point computer from which the end point computer is able to log in the user and determine an end point user identification of the user at the end point computer,receiving a request for medical data exchange with the data source from the logged-in user having the end point user identification,sending the request for medical data exchange with the data source by the end point computer without transmitting the end point user identification from the end point computer over the data network, the request including an end point identifier of the end point computer,wherein properties of a non-interactive data server user identification are assigned by the data server to an end point identifier; and
  
  exchanging the medical data between the end point computer and the data source based on the data source treating the end point identifier as a data source user identifier.

12. A computer program product including tangible non-transitory computer readable media on which is stored a program for execution on a data server connected via a data network to an end point,the computer program product comprising code that when executed performs the steps of granting, to the user working at the end point, authorizations for data processing, which authorizations are associated with the user having an end point user identification and being logged-in to the end point,wherein properties of a non-interactive data server user identification are assigned by the data server to an end point identifier that is received from an end point at which the user is logged-in with an end point user identification without the end point transmitting the end point user identification from the end point to the data server,wherein the end point identifier is treated as a data server user identification by the data server, andwherein authorization for medical data exchange between the end point and the data server as requested by the user is granted based on the end point identifier received by the data server.

13. A computer program product including tangible non-transitory computer readable media on which is stored a program for execution on an end point computer connected via a data network to a data server, the computer program product comprising code that when executed on the end point computer performs the steps of exchanging data with a data source, based on an authorization granted based on an end point identifier,wherein the user logs in to the end point to determine the end point user identification of the user,wherein a request for medical data exchange from the end point to the data source by a logged-in user having the end point user identification includes the end point transmitting the end point identifier of the end point to the data source with the request for medical data exchange without transmitting the end point user identification to the data source so that the data is exchanged between the end point and the data source as a result of the data source treating the end point identifier as a data source user identifier,wherein properties of a non-interactive data server user identification are assigned by the data server to an end point identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens Healthineers AG (Siemens AG)
Original Assignee
Siemens AG
Inventors
Kaleja, Stefan
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
Vaughan, Michael R

Application Number

US11/672,116
Publication Number

US 20070199048A1
Time in Patent Office

2,281 Days
Field of Search

None
US Class Current

726/29
CPC Class Codes

H04L 63/0876 based on the identity of th...

H04L 63/105 Multiple levels of security

Method for controlling the access to a data network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method for controlling the access to a data network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links