Systems and methods for preventing an attack on healthcare data processing resources in a hospital information system

US 7,376,836 B2
Filed: 04/07/2004
Issued: 05/20/2008
Est. Priority Date: 09/19/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A system comprising;

healthcare data processing resources;

non-healthcare data processing resources;

a switching entity disposed between the healthcare data processing resources and the non-healthcare data processing resources;

a communication link connected to the switching entity and connectable to an end user device;

a healthcare authentication entity for authenticating users claiming to be healthcare users and a non-healthcare authentication entity for authenticating users claiming to be non-healthcare users;

the switching entity being operative to alternatively support, over the communication link, either a healthcare session between the end user device and the healthcare data processing resources, or a non-healthcare session between the end user device and the non-healthcare data processing resources;

the switching entity being configured to prevent the healthcare data processing resources and the non-healthcare data processing resources from communicating with each other via the switching entity.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system comprising a switching entity disposed between healthcare data processing resources and non-healthcare data processing resources. The switching entity is capable of operation in a first state in which an end user device is communicatively coupled to the healthcare data processing resources to support a healthcare session and a second state in which the end user device is communicatively coupled to the non-healthcare data processing resources to support a non-healthcare session. If the authentication request message is received while the switching entity is operating in the second state and a particular non-healthcare session is in progress, and the selected authentication entity is the healthcare authentication entity, initiating a memory purge at the end user device. Attacks on the healthcare data processing resources, both from the non-healthcare resources directly and via the end user device, are thus prevented.

66 Citations

View as Search Results

75 Claims

1. A system comprising;
- healthcare data processing resources;
  
  non-healthcare data processing resources;
  
  a switching entity disposed between the healthcare data processing resources and the non-healthcare data processing resources;
  
  a communication link connected to the switching entity and connectable to an end user device;
  
  a healthcare authentication entity for authenticating users claiming to be healthcare users and a non-healthcare authentication entity for authenticating users claiming to be non-healthcare users;
  
  the switching entity being operative to alternatively support, over the communication link, either a healthcare session between the end user device and the healthcare data processing resources, or a non-healthcare session between the end user device and the non-healthcare data processing resources;
  
  the switching entity being configured to prevent the healthcare data processing resources and the non-healthcare data processing resources from communicating with each other via the switching entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 42, 43, 44)
- - 2. The system defined in claim 1, wherein the switching entity is capable of operation in a first state in which the end user device is communicatively coupled to the healthcare data processing resources to support a healthcare session and a second state in which the end user device is communicatively coupled to the non-healthcare data processing resources to support a non-healthcare session.
  - 3. The system defined in claim 2, further comprising a control entity for controlling the state in which the switching entity operates.
  - 4. The system defined in claim 3, further comprising a session monitoring functional entity operative to:
    - receive an authentication request message from a user along the communication link;
      
      determine, from the authentication request message, whether the user is claiming to be a healthcare user or a non-healthcare user;
      
      send the authentication request message to a selected one of the healthcare authentication entity and the non-healthcare authentication entity in dependence upon whether it has been determined that the user is claiming to be a healthcare user or a non-healthcare user.
  - 5. The system defined in claim 4, the session monitoring functional entity being further operative to send to the control entity an indication of the selected authentication entity.
  - 6. The system defined in claim 5, each of the healthcare authentication entity and the non-healthcare authentication entity being operative to send to the control entity an indication of successful or unsuccessful authentication.
  - 7. The system defined in claim 6, the control entity having an operation defined by:
    - responsive to successful authentication by the healthcare authentication entity, causing the switching entity to operate in the first state.
  - 8. The system defined in claim 7, the control entity having an operation further defined by:
    - responsive to successful authentication by the non-healthcare authentication entity, causing the switching entity to operate in the second state.
  - 9. The system defined in claim 6, the control entity having an operation defined by:
    - if the authentication request message is received while the switching entity is operating in the first state, and the selected authentication entity is the non-healthcare authentication entity, then responsive to successful authentication by the non-healthcare authentication entity, causing the switching entity to operate in the second state.
  - 10. The system defined in claim 9, the control entity having an operation defined by:
    - if the authentication request message is received while the switching entity is operating in the second state, and the selected authentication entity is the healthcare authentication entity, then responsive to successful authentication by the healthcare authentication entity, causing the switching entity to operate in the first state.
  - 11. The system defined in claim 10, wherein the switching entity is implemented in hardware.
  - 12. The system defined in claim 10, wherein the switching entity is implemented in software.
  - 13. The system defined in claim 6, the control entity having an operation defined by:
    - if the authentication request message is received while the switching entity is operating in the second state and a particular non-healthcare session is in progress, and the selected authentication entity is the healthcare authentication entity, initiating a memory purge at the end user device.
  - 14. The system defined in claim 13, the control entity having an operation further defined by:
    - if the authentication request message is received while the switching entity is operating in the second state and a particular non-healthcare session is in progress, and the selected authentication entity is the healthcare authentication entity, initiating a context saving operation by the non-healthcare data processing resources.
  - 15. The system defined in claim 13, the control entity having an operation further defined by:
    - subsequent to initiating a memory purge at the end user device, and responsive to successful authentication by the healthcare authentication entity, causing the switching entity to operate in the first state.
  - 16. The system defined in claim 15, the control entity having an operation further defined by:
    - responsive to successful authentication by the non-healthcare authentication entity, causing the switching entity to operate in the second state.
  - 17. The system defined in claim 13, wherein initiating a memory purge at the end user device comprises:
    - releasing a command towards the end user device to cause the end user device to purge data loaded into the end user device during the particular non-healthcare session.
  - 18. The system defined in claim 13, wherein initiating a memory purge at the end user device comprises:
    - releasing a command towards the end user device to cause the end user device to purge all data loaded into the end user device during the particular non-healthcare session.
  - 19. The system defined in claim 6, the session monitoring functional entity being operative to:
    - receive a message indicative of termination of an ongoing session;
      
      send to the control entity a second message indicative of termination of the session.
  - 20. The system defined in claim 19, the control entity being operative to respond to receipt of the second message to initiate a memory purge at the end user device.
  - 21. The system defined in claim 20, wherein initiating a memory purge at the end user device comprises:
    - releasing a command towards the end user device to cause the end user device to purge data loaded into the end user device during the terminated session.
  - 22. The system defined in claim 4, the session monitoring functional entity being operative to:
    - receive a message indicative of termination of an ongoing session;
      
      send to the control entity a second message indicative of termination of the session.
  - 23. The system defined in claim 22, the control entity being operative to respond to receipt of the second message to initiate a memory purge at the end user device.
  - 24. The system defined in claim 23, wherein initiating a memory purge at the end user device comprises:
    - releasing a command towards the end user device to cause the end user device to purge data loaded into the end user device during the terminated session.
  - 25. The system defined in claim 3, further comprising a session monitoring functional entity operative to:
    - receive a message indicative of termination of an ongoing session;
      
      send to the control entity a second message indicative of termination of the session.
  - 26. The system defined in claim 25, the control entity being operative to respond to receipt of the second message to initiate a memory purge at the end user device.
  - 27. The system defined in claim 26, wherein initiating a memory purge at the end user device comprises:
    - releasing a command towards the end user device to cause the end user device to purge data loaded into the end user device during the terminated session.
  - 28. The system defined in claim 1, wherein the healthcare data processing resources comprise a plurality of healthcare application servers for running clinical software.
  - 29. The system defined in claim 1, wherein the healthcare session allows the delivery of a computerized physician order entry service.
  - 30. The system defined in claim 1, wherein the non-healthcare data processing resources comprise a digital entertainment head end for controlling delivery to the end user device of received digital entertainment services.
  - 31. The system defined in claim 30, wherein the non-healthcare session allows the delivery of patient entertainment services.
  - 32. The system defined in claim 30, wherein the non-healthcare session allows the delivery of personal video recorder services.
  - 33. The system defined in claim 1, wherein the non-healthcare data processing resources comprise an Internet gateway.
  - 34. The system defined in claim 1, wherein the non-healthcare data processing resources comprise a patient information server for allowing access to patient information services.
  - 35. The system defined in claim 1, wherein each healthcare session and each non-healthcare session is implemented as a virtual connection.
  - 42. The system defined in claim 1, wherein the communication link is at least partly wireless.
  - 43. The system defined in claim 1, wherein the communication link is at least partly fixed-wire.
  - 44. The system defined in claim 1, wherein the communication link comprises point-to-point telephony wiring.

36. A system comprising:
- healthcare data processing resources, the healthcare data processing resources comprising a plurality of healthcare application servers for running clinical software;
  
  non-healthcare data processing resources;
  
  a switching entity disposed between the healthcare data processing resources and the non-healthcare data processing resources;
  
  a communication link connected to the switching entity and connectable to an end user device;
  
  the switching entity being operative to alternatively support, over the communication link, either a healthcare session between the end user device and the healthcare data processing resources, or a non-healthcare session between the end user device and the non-healthcare data processing resources, wherein the healthcare session allows the delivery of a computerized physician order entry service;
  
  the switching entity being configured to prevent the healthcare data processing resources and the non-healthcare data processing resources from communicating with each other via the switching entity.
- View Dependent Claims (37, 38, 39, 40, 41, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75)
- - 37. The system defined in claim 36, wherein the non-healthcare data processing resources comprise a digital entertainment head end for controlling delivery to the end user device of received digital entertainment services.
  - 38. The system defined in claim 37, wherein the non-healthcare session allows the delivery of patient entertainment services.
  - 39. The system defined in claim 37, wherein the non-healthcare session allows the delivery of personal video recorder services.
  - 40. The system defined in claim 36, wherein the non-healthcare data processing resources comprise an Internet gateway.
  - 41. The system defined in claim 36, wherein the non-healthcare data processing resources comprise a patient information server for allowing access to patient information services.
  - 45. The system defined in claim 36, comprising a healthcare authentication entity for authenticating users claiming to be healthcare users and a non-healthcare authentication entity for authenticating users claiming to be non-healthcare users.
  - 46. The system defined in claim 45, wherein the switching entity is capable of operation in a first state in which the end user device is communicatively coupled to the healthcare data processing resources to support a healthcare session and a second state in which the end user device is communicatively coupled to the non-healthcare data processing resources to support a non-healthcare session.
  - 47. The system defined in claim 46, further comprising a control entity for controlling the state in which the switching entity operates.
  - 48. The system defined in claim 47, further comprising a session monitoring functional entity operative to:
    - receive an authentication request message from a user along the communication link;
      
      determine, from the authentication request message, whether the user is claiming to be a healthcare user or a non-healthcare user;
      
      send the authentication request message to a selected one of the healthcare authentication entity and the non-healthcare authentication entity in dependence upon whether it has been determined that the user is claiming to be a healthcare user or a non-healthcare user.
  - 49. The system defined in claim 48, the session monitoring functional entity being further operative to send to the control entity an indication of the selected authentication entity.
  - 50. The system defined in claim 49, each of the healthcare authentication entity and the non-healthcare authentication entity being operative to send to the control entity an indication of successful or unsuccessful authentication.
  - 51. The system defined in claim 50, the control entity having an operation defined by:
    - responsive to successful authentication by the healthcare authentication entity, causing the switching entity to operate in the first state.
  - 52. The system defined in claim 50, the control entity having an operation further defined by:
    - responsive to successful authentication by the non-healthcare authentication entity, causing the switching entity to operate in the second state.
  - 53. The system defined in claim 50, the control entity having an operation defined by:
    - if the authentication request message is received while the switching entity is operating in the first state, and the selected authentication entity is the non-healthcare authentication entity, then responsive to successful authentication by the non-healthcare authentication entity, causing the switching entity to operate in the second state.
  - 54. The system defined in claim 50, the control entity having an operation defined by:
    - if the authentication request message is received while the switching entity is operating in the second state, and the selected authentication entity is the healthcare authentication entity, then responsive to successful authentication by the healthcare authentication entity, causing the switching entity to operate in the first state.
  - 55. The system defined in claim 50, the control entity having an operation defined by:
    - if the authentication request message is received while the switching entity is operating in the second state and a particular non-healthcare session is in progress, and the selected authentication entity is the healthcare authentication entity, initiating a memory purge at the end user device.
  - 56. The system defined in claim 55, the control entity having an operation further defined by:
    - subsequent to initiating a memory purge at the end user device, and responsive to successful authentication by the healthcare authentication entity, causing the switching entity to operate in the first state.
  - 57. The system defined in claim 56, the control entity having an operation further defined by:
    - responsive to successful authentication by the non-healthcare authentication entity, causing the switching entity to operate in the second state.
  - 58. The system defined in claim 55, wherein initiating a memory purge at the end user device comprises:
    - releasing a command towards the end user device to cause the end user device to purge data loaded into the end user device during the particular non-healthcare session.
  - 59. The system defined in claim 55, wherein initiating a memory purge at the end user device comprises:
    - releasing a command towards the end user device to cause the end user device to purge all data loaded into the end user device during the particular non-healthcare session.
  - 60. The system defined in claim 50, the control entity having an operation further defined by:
    - if the authentication request message is received while the switching entity is operating in the second state and a particular non-healthcare session is in progress, and the selected authentication entity is the healthcare authentication entity, initiating a context saving operation by the non-healthcare data processing resources.
  - 61. The system defined in claim 50, the session monitoring functional entity being operative to:
    - receive a message indicative of termination of an ongoing session;
      
      send to the control entity a second message indicative of termination of the session.
  - 62. The system defined in claim 61, the control entity being operative to respond to receipt of the second message to initiate a memory purge at the end user device.
  - 63. The system defined in claim 62, wherein initiating a memory purge at the end user device comprises:
    - releasing a command towards the end user device to cause the end user device to purge data loaded into the end user device during the terminated session.
  - 64. The system defined in claim 48, the session monitoring functional entity being operative to:
    - receive a message indicative of termination of an ongoing session;
      
      send to the control entity a second message indicative of termination of the session.
  - 65. The system defined in claim 64, the control entity being operative to respond to receipt of the second message to initiate a memory purge at the end user device.
  - 66. The system defined in claim 65, wherein initiating a memory purge at the end user device comprises:
    - releasing a command towards the end user device to cause the end user device to purge data loaded into the end user device during the terminated session.
  - 67. The system defined in claim 47, further comprising a session monitoring functional entity operative to:
    - receive a message indicative of termination of an ongoing session;
      
      send to the control entity a second message indicative of termination of the session.
  - 68. The system defined in claim 67, the control entity being operative to respond to receipt of the second message to initiate a memory purge at the end user device.
  - 69. The system defined in claim 68, wherein initiating a memory purge at the end user device comprises:
    - releasing a command towards the end user device to cause the end user device to purge data loaded into the end user device during the terminated session.
  - 70. The system defined in claim 36, wherein the switching entity is implemented in hardware.
  - 71. The system defined in claim 36, wherein the switching entity is implemented in software.
  - 72. The system defined in claim 36, wherein the communication link is at least partly wireless.
  - 73. The system defined in claim 36, wherein the communication link is at least partly fixed-wire.
  - 74. The system defined in claim 36, wherein the communication link comprises point-to-point telephony wiring.
  - 75. The system defined in claim 36, wherein each healthcare session and each non-healthcare session is implemented as a virtual connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Clearinghouse LLC (RPX Corporation)
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Elliott, Stephen, Fitchett, Jeffrey, Graves, Alan Frank, Sylvain, Dany, Watkins, John
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Simitoski, Michael J

Application Number

US10/819,349
Publication Number

US 20050066061A1
Time in Patent Office

1,504 Days
Field of Search

713/153, 713/168, 726/12, 726/28, 726/3
US Class Current

713/168
CPC Class Codes

G06Q 90/00   Systems or methods speciall...

G06Q 99/00   Subject matter not provided...

G16H 10/60   for patient-specific data, ...

G16H 40/20   for the management or admin...

G16Z 99/00   Subject matter not provided...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/1441   Countermeasures against mal...

H04L 9/40   Network security protocols

H04M 11/066   Telephone sets adapted for ...

Systems and methods for preventing an attack on healthcare data processing resources in a hospital information system

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

66 Citations

75 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for preventing an attack on healthcare data processing resources in a hospital information system

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

75 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links