The present invention relates generally to authentication systems and methods and, in particular, to a system and method for implementing an authentication function using authentication pools.
Authentication includes using systems and methods to perform an identification that is verified in some manner. The identification may be an identification of a user, identification of a patient, identification of a medication, etc. Authentication is generally used in any situation where establishing a correct identity is important. For example, when a patient enters a healthcare provider location, it is important that the healthcare provider be able to take steps to verify the true identity of the patient. According to another example, a healthcare provider administering a medication to a patient must be able to verify both the identification of the patient being administered and that the medication to be administered is correct.
A large number and variety of authentication methods are known in the art. For example, authentication methods may include direct authentication, passive authentication, and search authentication. An example of direct authentication is a process where the system requests identification of a specific patient and waits until this identification is provided or cancelled to proceed. An example of passive authentication is a process where the system indicates that identification may be provided identifying a specific patient, but that such authentication is not required to proceed, and that the identification data will be processed when received. An example of search authentication is a process where the system does not receive identification information for the patient, and therefore requests identification data from one or more devices to make an identification. For example, using the example of the patient entering a healthcare provider location, the healthcare provider may verify the identity of the patient using one or more authentication methods, such as requesting that the patient provides an identifying document, requesting that the patient provide identifying information, requesting that the patient provide biometric information, etc.
In some instances, authentication systems and/or methods may be prescribed or mandated based on an external requirement, such as legislation. For example, in order to maintain patient confidentiality, legislation may exist that requires the use of specific authentication methods prior to allowing a user to access protected patient health information.
Computer systems implementing authentication are typically programmed to implement specific authentication systems and methods. Programming individual systems to use specific authentication methods reduces system flexibility and may tie a system to a particular authentication system, method, or provider. Hardcoded and system specific authentication systems and methods may be difficult and expensive to reconfigure as necessitated by changing technologies, requirements, legislation, etc.
What is needed is a system and method for providing authentication in a configurable system using a variable number and type of authentication systems and methods. What is further needed is such a system and method configured to implement one or more authentication pools, each pool including at least one authentication method implementation.