System and method for providing communications between a physically secure programmer and an external device using a cellular network

US 7,801,611 B2
Filed: 06/03/2004
Issued: 09/21/2010
Est. Priority Date: 06/03/2004
Status: Active Grant

First Claim

Patent Images

1. A physically secure programmer with atomic power up credentialing using a cellular network, comprising:

a security certificate uniquely assigned by a security server and maintained in an internal memory;

a cellular transceiver programmed to perform data exchange over a cellular network;

boot sequence circuitry programmed to perform transparent and atomic power up credentialing with the security server, comprising;

a security module programmed to provide the security certificate to the security server over a transient connection via the cellular transceiver, wherein the security server registers the security certificate against a roster of security certificates stored on the security server;

a registration module programmed to await registration by the security server only if the transient connection was established; and

one of an enabled status and a disabled status automatically assigned respectively following successful and unsuccessful registration of the security certificate;

power up circuitry programmed to complete the atomic power up only if the enabled status is assigned and to terminate operation if the disabled status is assigned;

a data exchange transceiver programmed to establish a data connection over the cellular network with at least one external device other than the security server subsequent to completion of the atomic power up;

telemetry circuitry programmed to initiate and conduct a data exchange session via the cellular transceiver with at least one external device other than the security server subsequent to the completion of the atomic power up; and

power down circuitry programmed to perform deregistration of the security certificate with the security server and to power down upon deregistration of the security certificate.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing communications between a physically secure programmer and an external device using a cellular network is described. A set of uniquely identifying credentials is securely maintained on a programmer configured to interface with an implantable medical device. A transient connection is automatically established between the programmer and a security server over a cellular network. The credentials are registered with the security server and an operational status is assigned to the programmer following examination of the credentials against a security roster maintained on the security server. The operational status of the programmer is confirmed and a data exchange session is conducted over the cellular network between the programmer and at least one external system subsequent to the confirmation.

77 Citations

View as Search Results

37 Claims

1. A physically secure programmer with atomic power up credentialing using a cellular network, comprising:
- a security certificate uniquely assigned by a security server and maintained in an internal memory;
  
  a cellular transceiver programmed to perform data exchange over a cellular network;
  
  boot sequence circuitry programmed to perform transparent and atomic power up credentialing with the security server, comprising;
  
  a security module programmed to provide the security certificate to the security server over a transient connection via the cellular transceiver, wherein the security server registers the security certificate against a roster of security certificates stored on the security server;
  
  a registration module programmed to await registration by the security server only if the transient connection was established; and
  
  one of an enabled status and a disabled status automatically assigned respectively following successful and unsuccessful registration of the security certificate;
  
  power up circuitry programmed to complete the atomic power up only if the enabled status is assigned and to terminate operation if the disabled status is assigned;
  
  a data exchange transceiver programmed to establish a data connection over the cellular network with at least one external device other than the security server subsequent to completion of the atomic power up;
  
  telemetry circuitry programmed to initiate and conduct a data exchange session via the cellular transceiver with at least one external device other than the security server subsequent to the completion of the atomic power up; and
  
  power down circuitry programmed to perform deregistration of the security certificate with the security server and to power down upon deregistration of the security certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. A programmer according to claim 1, further comprising:
    - a transient wireless connection to interface to an implantable medical device, wherein a telemetric data exchange session is conducted with the implantable medical device.
  - 3. A programmer according to claim 2, wherein the telemetric data exchange session comprises at least one of parametric values retrieval from the implantable medical device, patient history data retrieval from the implantable medical device and parametric values storage onto the implantable medical device.
  - 4. A programmer according to claim 2, wherein the telemetric data exchange is conducted using at least one of induction and radio frequency telemetry.
  - 5. A programmer according to claim 2, wherein the implantable medical device comprises at least one of an implantable cardiac device, neural stimulation device, and drug therapy dispensing device.
  - 6. A programmer according to claim 1, wherein the security certificate is supplemented with credentials comprising at least one of a serial number and an asymmetric crypto key.
  - 7. A programmer according to claim 1, wherein the security server maintains a set of programmer identifiers that each uniquely identify a programmer in association with a security credential, which is compared to register the programmer identifier matching the security certificate.
  - 8. A programmer according to claim 7, wherein the programmer identifiers set signifies legitimate programmers, and a flag to signal the registration to confirm the operational status.
  - 9. A programmer according to claim 7, wherein the programmer identifiers set signifies untrusted programmers, and a flag to signal a failure of the registration to deny the operational status.
  - 10. A programmer according to claim 1, wherein the telemetry circuitry is further configured to interface to the at least one external device other than the security server, further comprising:
    - an external device interface to initiate the data exchange session with the at least one interfaced external device other than the security server and to collaboratively exchange data with the at least one interfaced external device other than the security server.
  - 11. A programmer according to claim 10, wherein the data exchange session comprises at least one of:
    - at least one of parametric values, patient history data, control data, and general data downloaded from the at least one interfaced external device other than the security server; and
      
      at least one of parametric values, patient history data, control data, and general data stored onto the at least one interfaced external device other than the security server.
  - 12. A programmer according to claim 10, wherein the at least one interfaced external device other than the security server further comprises a programmer and the external device interface is further configured to cooperatively exchange data relative to at least one implantable medical device having been interfaced to the programmer.
  - 13. A programmer according to claim 10, wherein the at least one interfaced external device other than the security server further comprises a server, and analyzes data provided to the server by diagnosing a patient health status and prognosticating a clinical trajectory relative to the therapy to be delivered through an implantable medical device.
  - 14. A programmer according to claim 1, further comprising:
    - implementing at least one of a programmer recorder monitor, repeater, interrogator, recorder, monitor, and transceiver.
  - 15. A programmer according to claim 1, wherein the at least one external device other than the security server comprises at least one of a server, client, programmer, printer, and repeater.

16. A method for providing atomic power up credentialing of a physically secure programmer using a cellular network, comprising:
- maintaining a security certificate uniquely assigned by a security server in an internal memory;
  
  performing data exchange over a cellular network;
  
  performing transparent and automatic power up credentialing with the security server, comprising;
  
  providing the security certificate to the security server over a transient connection via the cellular network, wherein the security server registers the security certificate against a roster of security certificates stored on the security server;
  
  awaiting registration by the security server only if the transient connection was established; and
  
  receiving one of an enabled status and a disabled status automatically assigned respectively following successful and unsuccessful registration of the security certificate;
  
  completing the atomic power up only if the enabled status is assigned and terminating operation if the disabled status is assigned;
  
  initiating and conducting a data exchange session via the cellular network with at least one external device other than the security server subsequent to the completion of the atomic power up; and
  
  performing deregistration of the security certificate with the security server and powering down upon deregistration of the security certificate.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 17. A method according to claim 16, further comprising:
    - interfacing to an implantable medical device over a transient wireless connection; and
      
      conducting a telemetric data exchange session with the implantable medical device.
  - 18. A method according to claim 17, wherein the telemetric data exchange session comprises at least one of:
    - retrieving parametric values from the implantable medical device;
      
      retrieving patient history data from the implantable medical device; and
      
      storing parametric values onto the implantable medical device.
  - 19. A method according to claim 17, wherein the telemetric data exchange is conducted using at least one of induction and radio frequency telemetry.
  - 20. A method according to claim 17, wherein implantable medical device comprises at least one of an implantable cardiac device, neural stimulation device, and drug therapy dispensing device.
  - 21. A method according to claim 16, wherein the security certificate is supplemented with credentials comprising at least one of a serial number and an asymmetric crypto key.
  - 22. A method according to claim 16, further comprising:
    - maintaining a set of programmer identifiers on the security server that each uniquely identify a programmer in association with a security credential with is compared to register the programmer identifier matching the security certificate.
  - 23. A method according to claim 22, wherein the programmer identifiers set signifies legitimate programmers, further comprising:
    - signaling the registration to confirm the operational status.
  - 24. A method according to claim 22, wherein the programmer identifiers set signifies untrusted programmers, further comprising:
    - signaling the a failure of the registration to deny the operational status.
  - 25. A method according to claim 16, further comprising:
    - interfacing to the at least one external device other than the security server;
      
      initiating the data exchange session with the at least one interfaced external device other than the security server; and
      
      collaboratively exchanging data with the at least one interfaced external device other than the security server.
  - 26. A method according to claim 25, wherein the data exchange session comprises at least one of:
    - downloading at least one of parametric values, patient history data, control data, and general data from the at least one interfaced external device other than the security server; and
      
      storing at least one of parametric values, patient history data, control data, and general data onto the at least one interfaced external device other than the security server.
  - 27. A method according to claim 25, wherein the at least one interfaced external device other than the security server further comprises a programmer, further comprising:
    - cooperatively exchanging data relative to at least one implantable medical device having been interfaced to the programmer.
  - 28. A method according to claim 25, wherein the at least one interfaced external device other than the security server further comprises a server, further comprising:
    - analyzing data provided to the server by diagnosing a patient health status and prognosticating a clinical trajectory relative to the therapy to be delivered through an implantable medical device.
  - 29. A method according to claim 16, further comprising:
    - implementing at least one of a programmer recorder monitor, repeater, interrogator, recorder, monitor, and transceiver.
  - 30. A method according to claim 16, wherein the at least one external device other than the security server comprises at least one of a server, client, programmer, printer, and repeater.

31. An apparatus for providing atomic power up credentialing of a physically secure programmer using a cellular network, comprising:
- means for maintaining a security certificate uniquely assigned by a security server in an internal memory;
  
  means for performing data exchange over a cellular network;
  
  means for performing transparent and automatic power up credentialing with the security server, comprising;
  
  means for providing the security certificate to the security server over a transient connection via the cellular network, wherein the security server registers the security certificate against a roster of security certificates stored on the security server;
  
  means for awaiting registration by the security server only if the transient connection was established; and
  
  means for receiving one of an enabled status and a disabled status automatically assigned respectively following successful and unsuccessful registration of the security certificate;
  
  means for completing the atomic power up only if the enabled status is assigned and terminating operation if the disabled status is assigned; and
  
  means for initiating and conducting a data exchange session via the cellular network with at least one external device other than the security server subsequent to the completion of the atomic power up; and
  
  means for performing deregistration of the security certificate with the security server and powering down upon deregistration of the security certificate.

32. A physically secure programmer with atomic power up credentialing using a cellular network, comprising:
- a security certificate uniquely assigned by a security server and maintained in an internal memory;
  
  a cellular transceiver programmed to automatically establish first and second transient connections to the security server over a cellular network;
  
  boot sequence circuitry programmed to perform transparent and atomic power up credentialing during the first transient connection, comprising;
  
  a security module programmed to provide the security certificate to the security server via the cellular transceiver, wherein the security server registers the security certificate against a roster of security certificates stored on the security server that are uniquely assigned to only legitimate programmers;
  
  a registration module programmed to await registration by the security server only if the first transient connection was established; and
  
  one of an enabled status and a disabled status automatically assigned respectively following successful and unsuccessful registration of the security certificate; and
  
  power up circuitry programmed to complete the atomic power up only after the enabled status is received;
  
  a data exchange transceiver programmed to establish a data connection over the cellular network with at least one external device other than the security server subsequent to the completion of the atomic power up;
  
  telemetry circuitry programmed to initiate and conduct a data exchange during the data connection; and
  
  power down circuitry programmed to perform deregistration with the security server during the second transient connection, comprising;
  
  an initialization module programmed to initiate power down;
  
  a deregistration module programmed to send a request to deregister the security certificate, wherein the security server deregisters the security certificate; and
  
  a finalization module programmed to complete power down.
- View Dependent Claims (33, 34)
- - 33. A programmer according to claim 32, further comprising:
    - a transient wireless connection to interface to an implantable medical device, wherein a telemetric data exchange session is conducted with the implantable medical device.
  - 34. A programmer according to claim 32, wherein the telemetry circuitry is further configured to interface to the at least one external device other than the security server, further comprising:
    - an external device interface to initiate the data exchange session with the at least one interfaced external device other than the security server and to collaboratively exchange data with the at least one interfaced external device other than the security server.

35. A method for providing atomic power up credentialing of a physically secure programmer using a cellular network, comprising:
- maintaining a security certificate uniquely assigned by a security server in an internal memory;
  
  automatically establishing first and second transient connections to the security server over a cellular network;
  
  performing transparent and automatic power up credentialing with the security server during the first transient connection, comprising;
  
  providing the security certificate to the security server via the cellular network, wherein the security server registers the security certificate against a roster of security certificates stored on the security server that are uniquely assigned to only legitimate programmers;
  
  awaiting registration by the security server only if the first transient connection was established; and
  
  receiving one of an enabled status and a disabled status automatically assigned respectively following successful and unsuccessful registration of the security certificate;
  
  completing the atomic power up only if the enabled status is received;
  
  establishing a data connection with at least one external device other than the security server subsequent to the completion of the atomic power up over the cellular network;
  
  initiating and conducting a data exchange session during the data connection;
  
  performing deregistration with the security server during the second transient connection, comprising;
  
  initiating power down;
  
  sending a request to deregister the security certificate, wherein the security server deregisters the security certificate; and
  
  completing power down.
- View Dependent Claims (36, 37)
- - 36. A method according to claim 35, further comprising:
    - interfacing to an implantable medical device over a transient wireless connection; and
      
      conducting a telemetric data exchange session with the implantable medical device.
  - 37. A method according to claim 35, further comprising:
    - interfacing to the at least one external device other than the security server;
      
      initiating the data exchange session with the at least one interfaced external device other than the security server; and
      
      collaboratively exchanging data with the at least one interfaced external device other than the security server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
FUJIFILM Healthcare Corp. (Fujifilm Holdings Corporation)
Original Assignee
Cardiac Pacemakers Incorporated (Boston Scientific Corporation)
Inventors
Persen, Kenneth H., Vallapureddy, Vineel
Primary Examiner(s)
MANUEL, GEORGE C

Application Number

US10/859,649
Publication Number

US 20050288736A1
Time in Patent Office

2,301 Days
Field of Search

607/31, 370/328, 370/332, 370/334, 370/915
US Class Current

607/31
CPC Class Codes

A61N 1/37282 characterised by communicat...

System and method for providing communications between a physically secure programmer and an external device using a cellular network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

77 Citations

37 Claims

Specification

Use Cases

Quick Links

Others

System and method for providing communications between a physically secure programmer and an external device using a cellular network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

77 Citations

37 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others