BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] The present invention relates to access and usage tracking systems and, more specifically, to a system that employs a one-time pin in controlling access.

[0003] 2. Description of the Related Art

[0004] Tracking usage of items such as laboratory instruments is often necessary for sponsored research grant compliance and funds allocation. It can also be useful for such activities as making new equipment purchasing decisions and planning preventative maintenance. Typical usage tracking systems require a user to enter a username and a password on a keyboard to gain access to the item. However, authentication at the level of the instrument can be difficult for several reasons, such as:

• Computers controlling instruments can be used to control access but may not have network access - especially after XP 2014 end of life (EOL). This was amplified by Windows 7 EOL in January 2020. (context: lots of instrument are running older operating systems;

• Proxy servers can be used, but there are some infrastructure overheads for such a setup. Also, one cannot proxy easily the required LDAP/ AD connections and such proxying can cause several security issues to arise;

• SAML authentication can be proxied, but it requires a browser. However, running supporting browser-based authentication may not be possible, especially given security issues relating to EOL/older operating systems;

• Interlock based access control usually requires a kiosk or dedicated computer with a browser to log in and turn on/off the interlock. Such a kiosk can be expensive, heavy and difficult to deploy (which prevents from scaling to lOOs/lOOOs of instruments). Also, user experience can be convoluted; and • A smart phone cannot be used easily because typing a password on a touchscreen is not user friendly and many labs will lack network connectivity due to the interference generated by wireless signals.

[0005] A time-based one-time password (TOTP) is a temporary passcode generated by an algorithm that uses the current time as an authentication factor. In existing systems, TOTPs are commonly used for two-factor authentication, in which the user initially enters a username and password, and is then sent a TOTP via email or telephone. Once the user enters the TOTP, then access is granted to the user.

[0006] Therefore, there is a need for system for access control and quick authentication in laboratory environments.

SUMMARY OF THE INVENTION

[0007] In one aspect, the invention is a method for controlling access to an instrument that is coupled to an interlock device that controls access to the instrument, in which a user time-based one-time password that is unique to each user or project is periodically generated. A set of instrument time-based one-time passwords that correspond to each user time-based one-time password for the instrument is periodically generated. The set of instrument time-based one-time passwords is stored in the interlock device. The user time- based one-time password is received from a user. Only when the user time-based one-time password received from the user corresponds to one of the set of instrument time-based one-time passwords that is stored by the interlock device then the interlock device is instructed to allow access to the instrument by the user. Parameters relating to use of the instrument by the user are recorded.

BRIEF DESCRIPTION OF THE FIGURES OF THE DRAWINGS

[0008] FIG. l is a schematic diagram showing one embodiment of a password-less instrument usage tracking system.

[0009] FIG. 2 is a schematic diagram showing one embodiment of a user’s device for generating a TOTP. [0010] FIGS. 3A and 3B are flow charts showing one method of embodying a password-less instrument usage tracking system.

DETAILED DESCRIPTION OF THE INVENTION

[0011] A preferred embodiment of the invention is now described in detail. Referring to the drawings, like numbers indicate like parts throughout the views. Unless otherwise specifically indicated in the disclosure that follows, the drawings are not necessarily drawn to scale. The present disclosure should in no way be limited to the exemplary implementations and techniques illustrated in the drawings and described below. As used in the description herein and throughout the claims, the following terms take the meanings explicitly associated herein, unless the context clearly dictates otherwise: the meaning of “a,” “an,” and “the” includes plural reference, the meaning of “in” includes “in” and “on.” Also, as used herein, “global computer network” includes the Internet.

[0012] As shown in FIG. 1, in one representative embodiment, a system for controlling access to items (such as laboratory instruments 110) includes an interlock device 112 that is used to control access to each item and to track usage of the item. Controlling access can be done by hardwiring the item to the interlock 112 so that the item cannot receive power unless the interlock 112 couples the item to a power supply. The interlock 112 also has the ability to track usage of the item. For example, the interlock 112 can include a digital ammeter and an internal clock to measure and report the time that a user had access to the item and how much power was consumed by the item during that time. The interlock 112 can be in communication with a central server 122 via a network (which in some embodiments is the global computer network) to report access time and other information about the item.

[0013] The central server 122 runs a Time-based One-Time Password (TOTP) algorithm (e.g., the RFC 6238 TOTP algorithm) so as to generate periodically (e.g., every 15 seconds) a TOTP for each user or project. Each user or project has a unique key associated with it. Independently of the central server 122, as shown in FIG. 2, a user’s device 210 (such as a smart phone) is running the TOTP algorithm on a app. The app generates the TOTP based on the user’s key or a key corresponding to a project to which the user has access. The TOTP can be displayed as a number 212 or as a visual code 214 (such as a QR code, as shown).

[0014] Returning to FIG. 1, the interlock 112 includes a data entry device, such as a keypad or optical code reader, through which the user enters the TOTP showing on the user’s device 210. The interlock 112 transmits the TOTP to the server 122, which compares it to a table of TOTPs that have been generated from keys that have access to the item connected to that interlock 112. If the key from the interlock 112 is found, then the server transmits an authorization for access to the interlock 112 and the user is granted access to the item.

[0015] As shown in FIG. 3 A, the user’s device initially sets up a key that is unique for the user or the project 310 and the key is stored by the server. This is a one-time set-up. When the user desires access to an item, then the user will run the TOTP app 312, which will generate the TOTP as a function of the key and the current time. If a predetermined amount of time has expired 312, then the app will regenerate the key to reflect the current time frame. (Typically, the TOTP app will be updated every 15 seconds.) The user then enters the displayed TOTP into the interlock 316.

[0016] The server generates the TOTPs for each key 320 as a function of time and the key and will regenerate the TOTPs at the expiration of each time period 322. The server will wait to receive a TOTP entered by the user on an interlock 324. If a TOTP is recognized as valid by the server 326, then the server will determine the user’ s (or the project’s) identification based on the TOTP - essentially by reversing the TOTP -generating algorithm based on the time of receipt - and will grant access to the device 328. The server will also record the user’s identification, the time access began, the time access ended and any other relevant usage parameters (e.g., the amount of electricity consumed by the device, etc.) received from the interlock.

[0017] Although specific advantages have been enumerated above, various embodiments may include some, none, or all of the enumerated advantages. Other technical advantages may become readily apparent to one of ordinary skill in the art after review of the following figures and description. It is understood that, although exemplary embodiments are illustrated in the figures and described below, the principles of the present disclosure may be implemented using any number of techniques, whether currently known or not. Modifications, additions, or omissions may be made to the systems, apparatuses, and methods described herein without departing from the scope of the invention. The components of the systems and apparatuses may be integrated or separated. The operations of the systems and apparatuses disclosed herein may be performed by more, fewer, or other components and the methods described may include more, fewer, or other steps. Additionally, steps may be performed in any suitable order. As used in this document, “each” refers to each member of a set or each member of a subset of a set. It is intended that the claims and claim elements recited below do not invoke 35 U.S.C. §112(f) unless the words “means for” or “step for” are explicitly used in the particular claim. The above described embodiments, while including the preferred embodiment and the best mode of the invention known to the inventor at the time of filing, are given as illustrative examples only. It will be readily appreciated that many deviations may be made from the specific embodiments disclosed in this specification without departing from the spirit and scope of the invention. Accordingly, the scope of the invention is to be determined by the claims below rather than being limited to the specifically described embodiments above.