Layering in user authentication
Abstract
An asset is disclosed having a processing device and hardware with which to capture a biometric. The asset, with optional input from a remote server, may authenticate an identity of a medical staff member (MSM) with biometric recognition (and/or with other second factor authentication) upon the MSM attempting to access a medical database via the asset. The asset may receive a first location of the MSM from a real-time location system (RTLS) and retrieve a second location of a patient from the RTLS. The asset may further correlate the first location and the second location as being co-located, and thus grant the MSM access to identified data records of the patient within the medical database according to a security access level authorized the MSM. The correlation may include a location of the asset, which correlates to the location of the MSM before access is granted.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A system comprising:
a processing device to run a medical cart; computer-readable memory storing data and instructions for access to a medical database server, wherein the instructions are executable by the processing device to perform biometric recognition on medical staff members; wherein the processing device is to execute the instructions to:
authenticate an identity of a medical staff member with biometric recognition;
receive a location of the medical staff member from a real-time location system (RTLS);
correlate the location of the medical staff member with a location of a patient; and
grant access to data records of the patient on the medical database server according to a security access level authorized the medical staff member, as authenticated, in response to co-location of the medical staff member and the patient.
2 . The system of claim 1 , wherein the processing device is further to execute the instructions to receive a location of the medical cart, and wherein to correlate the location further includes to correlate the location of the medical cart with the location of the patient.
3 . The system of claim 1 , wherein the biometric recognition comprises facial recognition, further comprising:
a camera to capture a first image of the medical staff member; a database storing second images against which to match the first image using facial recognition software; and wherein the processing device is further to deny access to the data records of the patient when the first image does not sufficiently match any of the second images.
4 . The system of claim 3 , further comprising a networked device accessible over a network in which is stored the database and on which is executed the facial recognition software.
5 . The system of claim 1 , wherein the security access level authorized the medical staff member depends on a role of the medical staff member, and wherein a first role is granted access to more confidential data records than a second role.
6 . The system of claim 1 , wherein the location of the medical staff member or the patient is received as an indicator from a tracking device, wherein the indicator is at least one of a personal area network (PAN) indicator, a received signal strength indicator (RSSID), or a radio frequency identification (RFID) indicator.
7 . The system of claim 1 , wherein the processing device is further to execute the instructions to, in response to a failure to correlate the location of the medical staff member with the location of the patient, deny access to records of the patient by the medical staff member.
8 . The system of claim 1 , wherein the processing device is further to execute the instructions to require second factor authentication of the identity of the medical staff member comprising at least one of: a swipe card; a personal identification number or password; a biometric other than facial recognition; or a decryption key of a public-key cryptosystem.
9 . A method comprising:
authenticating, by a processing device incorporated within an asset, an identity of a medical staff member with biometric recognition upon the medical staff member attempting to access a medical database via the asset; receiving a first location of the medical staff member from a real-time location system; retrieving a second location of a patient from the real-time location system; correlating, using the processing device, the first location and the second location as being co-located; and granting the medical staff member memory access, by the processing device, to identified data records of the patient within the medical database according to a security access level authorized the medical staff member.
10 . The method of claim 9 , wherein the medical database is stored at a medical database server with which the asset communicates over a network, the method further comprising retrieving the security access level of the medical staff member from the medical database server before granting access.
11 . The method of claim 9 , wherein the security access level of a physician is higher than the security access level of a nurse, and wherein the security access level of a nurse is higher than the security access level of a specimen collector.
12 . The method of claim 9 , further comprising denying the medical staff member access to the medical database in response to failure to authenticate the identity of the medical staff member or failure to correlate the first location and the second location as being co-located.
13 . The method of claim 9 , wherein, to authenticate the identity of the medical staff member, the method further comprising requiring second factor authentication of the identity of the medical staff member comprising any or a combination of: a swipe card; a gesture; a secret shape; a personal identification number; a second biometric; and a decryption key of a public-key cryptosystem.
14 . The method of claim 9 , further comprising determining the first location from a location tracking device located on the medical staff member.
15 . The method of claim 9 , further comprising determining the second location from a location tracking device on the patient, on a bed of the patient, or based on a location of the asset.
16 . The method of claim 9 , wherein the correlation comprises a first correlation, the method further comprising:
determining a third location of the asset; correlating the first location with the third location to generate a second correlation; and wherein granting access by the medical staff member to the identified data records of the patient is dependent on the first correlation and the second correlation.
17 . A processing device to execute instructions stored in non-transitory computer readable storage medium to:
validate credentials received from a user through an asset to provide access to an authentication system used to authenticate access to a medical database comprising medical information; authenticate an identity of the user through a first type of user authentication; determine a level of accuracy of the first type of user authentication; perform additional authentication of the identity of the user through at least a second type of user authentication until an accuracy level of a combination of the first type and the at least the second type of user authentication exceeds a predetermined threshold level of accuracy; and grant a level of access to records of the medical database according to a security access level associated with the user responsive to reaching the predetermined threshold level of accuracy of user authentication.
18 . The processing device of claim 17 , wherein the first type or the at least the second type of user authentication comprises biometric recognition, and further to execute the instructions to:
capture a biometric of the user through a biometric capturing device; send, over a network, the biometric captured of the user to an authentication server in which is stored one or more biometrics for the user; and receive a validation from the authentication server authenticating the user based on the biometric meeting a threshold match with a stored biometric.
19 . The processing device of claim 18 , wherein, upon receipt of the validation from the authentication server, further to execute the instructions to provide the user single sign-on access to applications that access the medical database according to the security access level of the user.
20 . The processing device of claim 17 , wherein the user is a medical staff member, and further to execute the instructions to:
receive a first location of the medical staff member from a real-time location system; receive a second location of a patient from the real-time location system; determine a third location of the asset; correlate the first location with the second location and with the third location; and deny the user access to the records of the medical database when the first location fails to sufficiently correlate with the second location or with the third location.
21 . The processing device of claim 20 , further to execute the instructions to determine the location of the patient from a location tracking device on the patient or based on a location of the asset.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.