Access to laboratory instruments must be closely controlled to ensure that the tests performed using such instruments satisfy strict quality standards and comply with legal and organizational requirements. For example, Title 21, Part 11 of the Code of Federal Regulations (referred to hereinafter as 21 CFR Part 11) allows certain electronic records and electronic signatures to be submitted to the Food and Drug Administration (FDA) in lieu of paper records, provided that such electronic records and signatures comply with certain specified requirements.
In particular, 21 CFR Part 11 requires that the methods by which such electronic records and signatures are produced ensure that persons who develop, maintain, or use electronic records and signature systems have the education, training, and experience to perform their assigned tasks. Furthermore, access to laboratory instruments must be limited to authorized individuals, operational system checks must be used to enforce permitted sequencing of steps and events as appropriate, and authority checks must be used to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform operations. Electronic signatures not based on biometrics must employ at least two distinct identification components such as an identification code and password. The requirements of 21 CFR Part 11 are being enforced with increasing strictness.
It is desirable to automate enforcement of at least some of the requirements of 21 CFR Part 11 by requiring user authentication prior to using a particular laboratory instrument. In existing authentication systems, each laboratory instrument is typically connected directly to a distinct personal computer or other authentication device. The authentication device connected to a particular laboratory instrument is configured with access control information related to the laboratory instrument, such as the usernames and passwords of users who are authorized to use the instrument. To gain access to the instrument, a user must provide his username and password or other identifying information. The authentication device only grants the user access to the instrument if the authentication succeeds.
One problem with such a system is that a distinct-authentication device must be programmed with access control information for each laboratory instrument in the system. Performing such programming can be tedious and time-consuming because the same access control information for some or all users of the system must be redundantly programmed into some or all of the authentication devices. If the access rights of a particular user change, the access control information at each access control device must be updated. Similarly, to remove a user from the system or add a new user to the system, it is necessary to reprogram some or all of the access control devices. This can be a tedious, time-consuming, and error-prone process.
In some systems, the instruments and/or the authentication devices to which they are connected are further connected to a communications network, such as a Local Area Network (LAN). An example of such a system is the Cerity Networked Data System (NDS), available from Agilent Technologies of Palo Alto, Calif. The Cerity NDS reuses the user authentication scheme of the Microsoft Windows® operating system to authenticate users, thereby eliminating the need to replicate user authentication information at each access control device. The Windows® user authentication scheme, however, is designed for authenticating users of a generic networked operating system rather than users of a networked system having the unique and stringent requirements associated with research, development, and production laboratories. As a result, the user authentication features provided by the Windows® user authentication scheme are sub-optimal for use in such a system.
What is needed, therefore, is an automated user authentication system suitable for authenticating users of laboratory instruments.