Secure authentication using mobile device

US 8,973,091 B2
Filed: 10/03/2012
Issued: 03/03/2015
Est. Priority Date: 10/03/2011
Status: Active Grant

First Claim

Patent Images

1. A method of secure authentication comprising:

receiving, by a server, information from a mobile device (i) identifying the mobile device and (ii) obtained by the mobile device from an identifying tag physically associated with a secure device different from the mobile device;

accessing, by the server, a database to identify (i) a user associated with the mobile device, (ii) a secure device associated with the identifying tag, and (iii) the security policy associated with the secure device; and

based at least in part on the mobile-device identifying information and the information obtained from the tag determining if the policy permits access by the identified user to the identified secure device, and if so, causing access to the secure device to be accorded to the user.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Representative embodiments of secure authentication include receiving, by a server, information from a mobile device identifying (i) the mobile device and (ii) an identifying tag read by the mobile device; accessing, by the server, a database to identify (i) a user associated with the mobile device, (ii) a secure device associated with the identifying tag, and (iii) a security policy associated with the secure device; and if the policy permits access by the identified user to the identified secure device, causing access to the secure device to be accorded to the user.

23 Citations

View as Search Results

36 Claims

1. A method of secure authentication comprising:
- receiving, by a server, information from a mobile device (i) identifying the mobile device and (ii) obtained by the mobile device from an identifying tag physically associated with a secure device different from the mobile device;
  
  accessing, by the server, a database to identify (i) a user associated with the mobile device, (ii) a secure device associated with the identifying tag, and (iii) the security policy associated with the secure device; and
  
  based at least in part on the mobile-device identifying information and the information obtained from the tag determining if the policy permits access by the identified user to the identified secure device, and if so, causing access to the secure device to be accorded to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, further comprising challenging the user for an authentication factor before causing access to the secure device to be accorded to the user.
  - 3. The method of claim 1, wherein the step of causing access comprises wirelessly communicating, via wireless cell phone communication, an authentication token to the mobile device for wireless presentation by the mobile device to the secure device.
  - 4. The method of claim 3, wherein the wireless presentation of the token by the mobile device to the secure device occurs via near-field communication.
  - 5. The method of claim 3, wherein the wireless presentation of the token by the mobile device to the secure device occurs via point-to-point Bluetooth.
  - 6. The method of claim 1, wherein the step of causing access comprises wirelessly communicating, from the server, an authorization directly to the secure device.
  - 7. The method of claim 1, wherein the step of causing access comprises wirelessly communicating, via wireless cell phone communication, a secure device identifier to the mobile device for enabling the mobile device to directly communicate with the secure device.
  - 8. The method of claim 7, wherein the secure device identifier is a Bluetooth MAC address of the secure device.
  - 9. The method of claim 1, wherein the step of causing access comprises wirelessly communicating, by the server to the secure device, information about the user of the mobile device for enabling the secure device to authenticate the user without further communication with the server.
  - 10. The method of claim 1, wherein the information is received from the mobile device via wireless cell phone communication.
  - 11. The method of claim 1, wherein the identifying tag is an RFID tag, a bar code, or a quick response code.
  - 12. The method of claim 1, wherein the secure device is located within a room in which a second secure device is located, access to the second secure device being automatically accorded upon access to the first secure device being accorded.
  - 13. The method of claim 1, further comprising:
    - receiving, by the server, information from the mobile device identifying a second identifying tag read by the mobile device;
      
      accessing, by the server, a second database to identify (i) a person associated with the second identifying tag, and (ii) a second security policy associated with the person; and
      
      if the second policy permits access by the user to a third database associated with the identified person, causing access to the third database to be accorded to the user.
  - 14. The method of claim 13, wherein the third database stores patient medical histories.
  - 15. The method of claim 1, further comprising challenging the user for a second authentication factor after according the user access to the secure device.
  - 16. The method of claim 1, further comprising terminating access to the secure device.
  - 17. The method of claim 16, wherein the termination of access is triggered by receiving, by a server, information from the mobile device identifying (i) the mobile device and (ii) the identifying tag associated with the secure device.
  - 18. The method of claim 16, wherein the termination of access is triggered by receiving, by a server, information from a second mobile device identifying (i) the second mobile device and (ii) the identifying tag associated with the secure device.
  - 19. The method of claim 16, wherein the termination of access is triggered by a lack of response from the mobile device after the secure device has requested communication therewith.
  - 20. The method of claim 1 wherein access to the secure device is accorded only following sequential or simultaneous communications involving a plurality of mobile devices.
  - 21. The method of claim 1, further comprising:
    - obtaining, by the mobile device, vitals information from at least one monitor associated with a patient; and
      
      transmitting, to the server, data identifying the monitor and the obtained vitals information obtained from the monitor.
  - 22. The method of claim 1, further comprising:
    - receiving, by the server, information from the mobile device identifying a printer; and
      
      transmitting, from the server, a list of queued print jobs to the secure device,wherein at least one of the queued print jobs is printed using the printer.

23. A method of secure authentication comprising:
- receiving, by a server, information from a mobile device (i) identifying the mobile device and (ii) obtained by the mobile device from first and second identifying tags not associated with the mobile device;
  
  accessing, by the server, a database to identify (i) a user associated with the mobile device, (ii) first and second secure devices associated, respectively, with the first and second identifying tags, and (iii) a security policy associated with the secure devices; and
  
  based at least in part on the mobile-device identifying information and the information obtained from the tag, determining if the policy permits access by the identified user to the identified secure devices, and if so, causing access to the secure devices to be accorded to the user.

24. A method of secure authentication comprising:
- causing communications among a server and a plurality of mobile devices;
  
  determining, by the server, whether the communications satisfy a policy; and
  
  if so, according access to a secure resource different from the mobile devices to at least one individual associated with at least one of the mobile devices based on the policy and the communications.
- View Dependent Claims (25, 26)
- - 25. The method of claim 24, wherein the plurality of mobile devices simultaneously communicate with the server.
  - 26. The method of claim 24, wherein the wherein the plurality of mobile devices sequentially communicate with the server.

27. An authentication system comprising:
- a server for receiving information from a mobile device identifying (i) the mobile device and (ii) an identifying tag read by the mobile device, the identifying tag being physically associated with a secure device different from the mobile device; and
  
  a database comprising records (i) associating users with mobile devices, (ii) associating secure devices with tag identifiers, and (iii) defining a security policy associated with the secure devices,wherein the server comprises a processor for (i) accessing the database upon receipt of the information from the mobile device, (ii) determining based thereon whether a security policy applicable to the user associated with the mobile device is entitled to access the secure device associated with the identifying tag, and if so, (iii) facilitating access to the secure device by the user.
- View Dependent Claims (28, 29, 30)
- - 28. The authentication system of claim 27, wherein the server is configured to wirelessly communicate with the mobile device via cell phone communication.
  - 29. The authentication system of claim 27, wherein the server is configured to communicate with the secure device via a computer network.
  - 30. The authentication system of claim 27, wherein the identifying tag is an RFID tag, a bar code, or a quick response code.

31. An authentication system comprising:
- a server for receiving information from a mobile device identifying (i) the mobile device and (ii) an identifying tag read by the mobile device, the identifying tag being physically associated with a secure device different from the mobile device;
  
  a secure device configured for local wireless communication with the mobile device; and
  
  a database comprising records (i) associating users with mobile devices, (ii) associating the secure device with at least one tag identifier, and (iii) defining a security policy associated with the secure device,wherein the server comprises a processor for (i) accessing the database upon receipt of the information from the mobile device, (ii) determining based on the information whether a security policy applicable to the user associated with the mobile device is entitled to access the secure device associated with the identifying tag, and if so, (iii) facilitating access to the secure device by the user.
- View Dependent Claims (32, 33, 34)
- - 32. The authentication system of claim 31, wherein the mobile device communicates with the secure device via point-to-point Bluetooth.
  - 33. The authentication system of claim 31, wherein the mobile device communicates with the secure device via near-field communication.
  - 34. The authentication system of claim 31, wherein the identifying tag is an RFID tag, a bar code, or a quick response code.

35. A wireless mobile device comprising a processor for:
- executing a first procedure for reading an identifying tag physically associated with a secure device different from the mobile device;
  
  executing a second procedure for transmitting information from the identifying tag and information identifying the wireless mobile device to a server, the information including (i) data identifying the mobile device and (ii) data read from the tag by the mobile device;
  
  executing a third procedure for receiving an authentication token from the server; and
  
  executing a fourth procedure for according access to the secure device using the token if, based at least in part on the transmitted information, a security policy associated with the secure device permits access thereto by a user of the identified mobile device.
- View Dependent Claims (36)
- - 36. The wireless mobile device of claim 35, wherein the identifying tag is read using near-field communication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imprivata Incorporated
Original Assignee
Imprivata Incorporated
Inventors
Ting, David M. T., Bilancieri, Michael C., Gaudet, Edward J., Mafera, Jason
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Sanders, Stephen

Application Number

US13/644,143
Publication Number

US 20130145420A1
Time in Patent Office

881 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

H04L 63/0492 by using a location-limited...

H04L 63/08 for authentication of entit...

Secure authentication using mobile device

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Secure authentication using mobile device

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links