The present invention relates to access and usage tracking systems and, more specifically, to a system that employs a one-time pin in controlling access.
Tracking usage of items such as laboratory instruments is often necessary for sponsored research grant compliance and funds allocation. It can also be useful for such activities as making new equipment purchasing decisions and planning preventative maintenance. Typical usage tracking systems require a user to enter a username and a password on a keyboard to gain access to the item. However, authentication at the level of the instrument can be difficult for several reasons, such as:
A time-based one-time password (TOTP) is a temporary passcode generated by an algorithm that uses the current time as an authentication factor. In existing systems, TOTPs are commonly used for two-factor authentication, in which the user initially enters a username and password, and is then sent a TOTP via email or telephone. Once the user enters the TOTP, then access is granted to the user.
Therefore, there is a need for system for access control and quick authentication in laboratory environments.
In one aspect, the invention is a method for controlling access to an instrument that is coupled to an interlock device that controls access to the instrument, in which a user time-based one-time password that is unique to each user or project is periodically generated. A set of instrument time-based one-time passwords that correspond to each user time-based one-time password for the instrument is periodically generated. The set of instrument time-based one-time passwords is stored in the interlock device. The user time-based one-time password is received from a user. Only when the user time-based one-time password received from the user corresponds to one of the set of instrument time-based one-time passwords that is stored by the interlock device then the interlock device is instructed to allow access to the instrument by the user. Parameters relating to use of the instrument by the user are recorded.
A preferred embodiment of the invention is now described in detail. Referring to the drawings, like numbers indicate like parts throughout the views. Unless otherwise specifically indicated in the disclosure that follows, the drawings are not necessarily drawn to scale. The present disclosure should in no way be limited to the exemplary implementations and techniques illustrated in the drawings and described below. As used in the description herein and throughout the claims, the following terms take the meanings explicitly associated herein, unless the context clearly dictates otherwise: the meaning of “a,” “an,” and “the” includes plural reference, the meaning of “in” includes “in” and “on.” Also, as used herein, “global computer network” includes the Internet.
As shown in
The central server 122 runs a Time-based One-Time Password (TOTP) algorithm (e.g., the RFC 6238 TOTP algorithm) so as to generate periodically (e.g., every 15 seconds) a TOTP for each user or project. Each user or project has a unique key associated with it. Independently of the central server 122, as shown in
Returning to
As shown in
The server generates the TOTPs for each key 320 as a function of time and the key and will regenerate the TOTPs at the expiration of each time period 322. The server will wait to receive a TOTP entered by the user on an interlock 324. If a TOTP is recognized as valid by the server 326, then the server will determine the user's (or the project's) identification based on the TOTP—essentially by reversing the TOTP-generating algorithm based on the time of receipt—and will grant access to the device 328. The server will also record the user's identification, the time access began, the time access ended and any other relevant usage parameters (e.g., the amount of electricity consumed by the device, etc.) received from the interlock.
Although specific advantages have been enumerated above, various embodiments may include some, none, or all of the enumerated advantages. Other technical advantages may become readily apparent to one of ordinary skill in the art after review of the following figures and description. It is understood that, although exemplary embodiments are illustrated in the figures and described below, the principles of the present disclosure may be implemented using any number of techniques, whether currently known or not. Modifications, additions, or omissions may be made to the systems, apparatuses, and methods described herein without departing from the scope of the invention. The components of the systems and apparatuses may be integrated or separated. The operations of the systems and apparatuses disclosed herein may be performed by more, fewer, or other components and the methods described may include more, fewer, or other steps. Additionally, steps may be performed in any suitable order. As used in this document, “each” refers to each member of a set or each member of a subset of a set. It is intended that the claims and claim elements recited below do not invoke 35 U.S.C. § 112(f) unless the words “means for” or “step for” are explicitly used in the particular claim. The above described embodiments, while including the preferred embodiment and the best mode of the invention known to the inventor at the time of filing, are given as illustrative examples only. It will be readily appreciated that many deviations may be made from the specific embodiments disclosed in this specification without departing from the spirit and scope of the invention. Accordingly, the scope of the invention is to be determined by the claims below rather than being limited to the specifically described embodiments above.
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/US21/18288 | 2/17/2021 | WO |
Number | Date | Country | |
---|---|---|---|
62977602 | Feb 2020 | US |