Secure communication between infusion pump and server

US 10,432,403 B2
Filed: 10/21/2016
Issued: 10/01/2019
Est. Priority Date: 11/25/2015
Status: Active Grant

First Claim

Patent Images

1. An infusion pump having improved network access security, comprising:

a network interface circuit configured to provide communications over a network; and

a processing circuit configured to;

generate infusion pump data for transmission to a remote server computer;

generate a header portion of a request message having at least one field;

hash the infusion pump data using a first cryptographic function to provide a first hashed code;

insert the first hashed code into the header portion of the request message;

hash the header portion but not payload data using a second cryptographic hash function and a cryptographic key to provide a second hashed code, wherein the second cryptographic function may be the same function or a different function than the first cryptographic hash function;

insert the second hashed code into the header portion of the request message;

insert the infusion pump data into a body portion of the request message; and

transmit the request message to the remote server computer over the communications network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An infusion pump and server computer have improved network access security. The infusion pump has a network interface circuit to provide communications over a network and a processing circuit that generates infusion pump data for transmission to a remote server computer. The processing circuit generates a header portion of a request message having at least one field, hashes the header portion but not payload data using a cryptographic hash function and a cryptographic key to provide a hashed code, and inserts the hashed code into the header portion of the request message. The processing circuit inserts the infusion pump data into a body portion of the request message and transmits the request message to the remote server computer over the communications network.

37 Citations

View as Search Results

18 Claims

1. An infusion pump having improved network access security, comprising:
- a network interface circuit configured to provide communications over a network; and
  
  a processing circuit configured to;
  
  generate infusion pump data for transmission to a remote server computer;
  
  generate a header portion of a request message having at least one field;
  
  hash the infusion pump data using a first cryptographic function to provide a first hashed code;
  
  insert the first hashed code into the header portion of the request message;
  
  hash the header portion but not payload data using a second cryptographic hash function and a cryptographic key to provide a second hashed code, wherein the second cryptographic function may be the same function or a different function than the first cryptographic hash function;
  
  insert the second hashed code into the header portion of the request message;
  
  insert the infusion pump data into a body portion of the request message; and
  
  transmit the request message to the remote server computer over the communications network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The infusion pump of claim 1 wherein the second cryptographic function is the same function as the first cryptographic hash function.
  - 3. The infusion pump of claim 1, wherein the second hashed code is inserted into an Authorization header field defined by Internet Engineering Task Force (IETF) Request for Comments 7235.
  - 4. The infusion pump of claim 1, wherein the infusion pump data is hashed without using any cryptographic key.
  - 5. The infusion pump of claim 4, wherein the second cryptographic hash function is a keyed-hash message authentication code SHA-1 algorithm, wherein the first cryptographic function is an MD5 algorithm.
  - 6. The infusion pump of claim 1, wherein the processing circuit is configured to:
    - insert a time stamp into the header portion of the request message.
  - 7. The infusion pump of claim 6, wherein the time stamp is hashed using the second cryptographic hash function and the cryptographic key to provide the first hashed code.
  - 8. The infusion pump of claim 1, wherein the cryptographic key is a shared cryptographic key which is shared between the infusion pump and the remote server computer out of band.
  - 9. The infusion pump of claim 1, wherein the request message is a hypertext transfer protocol request message comprising a request line, the header portion and a body comprising the infusion pump data.
  - 10. The infusion pump of claim 9, wherein the infusion pump data comprises an indication that an infusion has been started and a flow rate of the infusion.
  - 11. The infusion pump of claim 1, wherein the request message is transmitted using a protocol which is not a transport layer security protocol or secure sockets layer protocol.

12. A server computer for responding to a request message from an infusion pump, comprising:
- a network interface circuit configured to provide communications over a network; and
  
  a processing circuit configured to;
  
  store an infusion pump dataset for transmission to the infusion pump;
  
  receive a request message from the infusion pump;
  
  generate a header portion of a response message having at least one field;
  
  hash the infusion pump dataset using a first cryptographic hash function to provide a first hashed code;
  
  insert the first hashed code into the header portion of the message;
  
  hash the header portion but not payload data using a second cryptographic hash function and a cryptographic key to provide a second hashed code, wherein the second cryptographic hash function may be the same function or a different function than the first cryptographic hash function;
  
  insert the second hashed code into the header portion of the response message;
  
  insert the infusion pump dataset into a body portion of the response message; and
  
  transmit the response message to the infusion pump over the network.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The server computer of claim 12, wherein the first hashed code is hashed using the second cryptographic hash function to provide the hashed code.
  - 14. The server computer of claim 12, wherein the second hashed code is inserted into an Authorization header field defined by Internet Engineering Task Force (IETF) Request for Comments 7235.
  - 15. The server computer of claim 13, wherein the second cryptographic hash function is a keyed-hash message authentication code SHA-1 algorithm, wherein the first cryptographic function is an MD5 algorithm.
  - 16. The server computer of claim 12, wherein the processing circuit is configured to:
    - insert a time stamp into the header portion of the request message, wherein the time stamp is hashed using the cryptographic hash function and cryptographic key to provide the hashed code.
  - 17. The server computer of claim 12, wherein the response message is transmitted using a protocol which is not a transport layer security protocol or secure sockets layer protocol.

18. An infusion pump having improved network access security, comprising:
- a memory configured to store infusion pump data;
  
  a pump configured to pump a medicament to a human patient;
  
  a network interface circuit configured to provide communications over a network; and
  
  a processing circuit configured to control the pump and to;
  
  retrieve infusion pump data from the infusion pump memory for transmission to a remote server computer;
  
  hash the infusion pump data using a first cryptographic function to provide a first hashed code,generate header data for a header portion of a Hypertext Transfer Protocol request message,generate a time stamp;
  
  hash the header data, the time stamp and the first hashed code using a second cryptographic hash function and a cryptographic key to provide a second hashed code for the header portion, wherein the first cryptographic function is the same as or different than the second cryptographic hash function, wherein the cryptographic key is a shared cryptographic key which is shared between the infusion pump and the remote server computer out of band;
  
  insert the second hashed code into the header portion of the Hypertext Transfer Protocol request message;
  
  insert the infusion pump data into a body portion of the Hypertext Transfer Protocol request message;
  
  generate a request line for the Hypertext Transfer Protocol request message; and
  
  transmit the Hypertext Transfer Protocol request message to the remote server computer over the communications network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fenwal Incorporated (Fresenius SE & Co. KGaA)
Original Assignee
Fenwal Incorporated (Fresenius SE & Co. KGaA)
Inventors
Moskal, Witold
Primary Examiner(s)
King, John B

Application Number

US15/331,373
Publication Number

US 20170149567A1
Time in Patent Office

1,075 Days
Field of Search
US Class Current
CPC Class Codes

A61M 2205/3584   using modem, internet or bl...

A61M 2205/50   with microprocessors or com...

A61M 5/142   Pressure infusion, e.g. usi...

G06F 21/64   Protecting data integrity, ...

G16H 20/17   delivered via infusion or i...

G16H 40/67   for remote operation

H04L 63/123   received data contents, e.g...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3242   involving keyed hash functi...

H04W 12/106   Packet or message integrity

Secure communication between infusion pump and server

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Secure communication between infusion pump and server

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links