Hardware/software lock secure linkage between algorithmic decision process and critical system function execution
First Claim
1. A system, comprising:
- at least one electrode disposed around a heart to sense cardiac signals and to deliver a high-energy electrical therapy to the heart;
a signal sensing circuit coupled to the at least one electrode to receive and amplify the sensed cardiac signals;
a therapy circuit coupled to the at least one electrode to deliver the high-energy electrical therapy to the heart;
a controller coupled to the signal sensing and the therapy circuits, the controller further comprises;
an analyzer coupled to the sensing circuit to receive sensed cardiac signals and analyze the cardiac signals for the presence of a cardiac arrhythmia, and issue a request to start delivering the high-energy electrical therapy based on an outcome of the analysis;
a first processor coupled to the analyzer, the first processor to receive the request to start delivering the high-energy electrical therapy from the analyzer;
an interprocess token coupled to the first processor, wherein the first processor sets an interprocess token upon receiving the request to start delivering the high-energy electrical therapy;
a second processor coupled to the first processor, the second processor to receive a first message from the first processor about running an algorithm to verify a legitimacy of the received request to start delivering the high-energy electrical therapy, wherein the second processor stores the first message, wherein the first processor starts the algorithm to verify the legitimacy of the request to start delivering the high-energy electrical therapy and sends a second message comprising an outcome of the verification to the second processor, and wherein the second processor enables the start of delivering the high-energy electrical therapy by the first processor based on the outcome of the verification; and
a hardware/software lock coupled to the first processor, wherein the first processor unlocks the hardware/software lock to start delivering the high-energy electrical therapy upon enabling by the second processor and further based on the status of the setting of the interprocess token.
1 Assignment
0 Petitions
Accused Products
Abstract
An improved protection mechanism to protect from unintended execution of critical tasks operates, in one example embodiment, by receiving a request to start a task by a first process. The first process informs a second process of running an algorithm to verify the legitimacy of the received request to determine the need to start the task. The second process stores the information regarding the starting the algorithm by the first process. The first process runs the algorithm to verify the legitimacy of the received request, and conveys an outcome of the verification to the second process. The second process enables the start of the task by the first process based on the outcome of the verification and a checking of the stored information and the first process starts the task.
-
Citations
28 Claims
-
1. A system, comprising:
-
at least one electrode disposed around a heart to sense cardiac signals and to deliver a high-energy electrical therapy to the heart;
a signal sensing circuit coupled to the at least one electrode to receive and amplify the sensed cardiac signals;
a therapy circuit coupled to the at least one electrode to deliver the high-energy electrical therapy to the heart;
a controller coupled to the signal sensing and the therapy circuits, the controller further comprises;
an analyzer coupled to the sensing circuit to receive sensed cardiac signals and analyze the cardiac signals for the presence of a cardiac arrhythmia, and issue a request to start delivering the high-energy electrical therapy based on an outcome of the analysis;
a first processor coupled to the analyzer, the first processor to receive the request to start delivering the high-energy electrical therapy from the analyzer;
an interprocess token coupled to the first processor, wherein the first processor sets an interprocess token upon receiving the request to start delivering the high-energy electrical therapy;
a second processor coupled to the first processor, the second processor to receive a first message from the first processor about running an algorithm to verify a legitimacy of the received request to start delivering the high-energy electrical therapy, wherein the second processor stores the first message, wherein the first processor starts the algorithm to verify the legitimacy of the request to start delivering the high-energy electrical therapy and sends a second message comprising an outcome of the verification to the second processor, and wherein the second processor enables the start of delivering the high-energy electrical therapy by the first processor based on the outcome of the verification; and
a hardware/software lock coupled to the first processor, wherein the first processor unlocks the hardware/software lock to start delivering the high-energy electrical therapy upon enabling by the second processor and further based on the status of the setting of the interprocess token.
-
-
2. A method of preventing an inadvertent actuation of a critical task due to a hardware/software failure, comprising:
-
receiving a request by a first process to start a critical task;
setting an interprocess token by the first process;
informing a second process by the first process of the starting of an algorithm to verify the legitimacy of the request to start the critical task;
storing information regarding starting an algorithm by the second process;
running the algorithm to verify legitimacy of the request to start the critical task;
the first process informing an outcome of the verification to the second process;
when the outcome of the verification is that the request to start the critical task is not legitimate, running an error checking routine;
when the outcome of the verification is that the request to start the critical task is legitimate, enabling the first process to start the critical task;
when the interprocess token is not set, running the error checking routine and clearing the interprocess token by the first process;
when the interprocess token is set, unlocking a hardware/software lock to start the critical task by the first process;
starting the critical task upon unlocking the hardware/software lock; and
clearing the interprocess token after completion of the critical task.
-
-
3. A system to prevent inadvertent actuation of a task in the event of a system failure, comprising:
-
a first processor to receive a request to start a task;
an interprocess token coupled to the first processor, wherein the first processor sets the interprocess token upon receiving the request to start the task;
a second processor coupled to the first processor, the second processor to receive a first message from the first processor about running an algorithm to verify a legitimacy of the received request to start the task, wherein the second processor stores the first message, wherein the first processor starts the algorithm to verify the legitimacy of the request to start the task and sends a second message comprising an outcome of the verification to the second processor, and wherein the second processor enables the start of the task by the first processor based on the outcome of the verification; and
a hardware/software lock, coupled to the first processor, wherein the first processor unlocks the hardware/software lock to start the task upon enabling by the second processor and based on the setting of the interprocess token. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
receiving a request by a first process to start a task;
sending a first message regarding running an algorithm to verify legitimacy of the received request to start the task, the first message sent from the first process to a second process;
recording the first message by the second process;
running the algorithm to verify legitimacy of the request to start the task after sending the first message to the second process;
sending a second message indicating a need to start the task based on an outcome of the verification, the second message sent from the second process to the first process; and
enabling the first process to start the task based on an outcome of checking the receiving of the first message from the first process. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
when the second message indicates the request to start the task is not legitimate, running an error checking routine and clearing the interprocess token;
when the second process does not enable the start of the task by the first process upon checking the status of the interprocess token, running the error checking routine and clearing the interprocess token; and
when the hardware/software lock cannot be unlocked because the interprocess token is not set, running the error checking routine.
-
-
28. The method of claim 27, wherein the running the error checking routine comprises running the error checking routine by the first process.
Specification