System and method for confirming identity and authority by a patient medical device

US 8,347,365 B2
Filed: 03/27/2008
Issued: 01/01/2013
Est. Priority Date: 03/29/2007
Status: Active Grant

First Claim

Patent Images

1. A system for confirming identity and authority by a patient medical device, comprising:

master credentials issued to a requesting device and an implantable medical device from an authorizing agent comprising a public key of the authorizing agent, a public key of a verification agent, and a digital signature of a root certification authority;

device credentials issued to the requesting device from the authorizing agent comprising a public key of the requesting device and a digital signature of the authorizing agent;

short-term authorization credentials issued to the requesting device from the verification agent comprising a digital signature of the verification agent, the short-term authorization credentials including an expiration date;

access credentials provided to the implantable medical device, the access credentials comprising the device credentials, the short-term authorization credentials, and a digital signature of the requesting device; and

an authentication module configured to authenticate the requesting device, comprising;

a device credential module configured to check the digital signature of the authorizing agent in the device credentials using the public key of the authorizing agent in the master credentials of the implantable medical device; and

an identification credential module configured to check the digital signature of the requesting device in the access credentials using the public key of the requesting device in the device credentials; and

an authorization credentials module configured to check the digital signature of the verification agent in the short term authorization credentials using the public key of the verification agent in the master credentials of the implantable medical device and verify that the expiration date has not passed; and

a reauthorization module to get updated short term authorization credentials from the verification agent with an updated expiration date.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for confirming identity and authority by a patient medical device is provided. Master credentials are issued to a requesting device and a receiving device from an authorizing agent. The master credentials include the authorizing agent'"'"'s public key and a digital signature of a root certification authority. Device credentials are issued to the requesting device from the authorizing agent. The device credentials include the requesting device'"'"'s public key and the authorizing agent'"'"'s digital, signature. Identification credentials are provided to the receiving device and include the device credentials and the requesting device'"'"'s digital signature. The requesting device is authenticated. The authorizing agent'"'"'s digital signature in the device credentials is checked using the authorizing agent'"'"'s public key in the master credentials of the receiving device. The requesting device'"'"'s digital signature in the identification credentials is checked using the requesting device'"'"'s public key in the device credentials.

18 Citations

View as Search Results

20 Claims

1. A system for confirming identity and authority by a patient medical device, comprising:
- master credentials issued to a requesting device and an implantable medical device from an authorizing agent comprising a public key of the authorizing agent, a public key of a verification agent, and a digital signature of a root certification authority;
  
  device credentials issued to the requesting device from the authorizing agent comprising a public key of the requesting device and a digital signature of the authorizing agent;
  
  short-term authorization credentials issued to the requesting device from the verification agent comprising a digital signature of the verification agent, the short-term authorization credentials including an expiration date;
  
  access credentials provided to the implantable medical device, the access credentials comprising the device credentials, the short-term authorization credentials, and a digital signature of the requesting device; and
  
  an authentication module configured to authenticate the requesting device, comprising;
  
  a device credential module configured to check the digital signature of the authorizing agent in the device credentials using the public key of the authorizing agent in the master credentials of the implantable medical device; and
  
  an identification credential module configured to check the digital signature of the requesting device in the access credentials using the public key of the requesting device in the device credentials; and
  
  an authorization credentials module configured to check the digital signature of the verification agent in the short term authorization credentials using the public key of the verification agent in the master credentials of the implantable medical device and verify that the expiration date has not passed; and
  
  a reauthorization module to get updated short term authorization credentials from the verification agent with an updated expiration date.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A system according to claim 1, wherein one of interrogation and programming of the implantable medical device are permitted upon successful authentication of the requesting device.
  - 3. A system according to claim 1, further comprising:
    - at least one of permissions, limits, and restrictions on the requesting device included in the authorization credentials, wherein the at least one permission, limit, and restriction in the access credentials are checked.
  - 4. A system according to claim 3, wherein the at least one permission, limit, and restriction is selected from the group comprising a limit on a number of sessions, set of permitted operations, and set of prohibited operations.
  - 5. A system according to claim 3, wherein one of interrogation and programming of the implantable medical device within the at least one permission, limit, and restriction are permitted upon successful authentication of the requesting device.
  - 6. A system according to claim 1, wherein the master credentials, further master credentials, device credentials, and authorization credentials comprise digital asymmetric public and private key pairs.
  - 7. A system according to claim 1, further comprising:
    - a chain of trust, comprising a root certification authority, wherein the trust is delegated to one or more further certification authorities from the root certification authority.
  - 8. A system according to claim 7, wherein the chain of trust is structured as a hierarchy and the further certification authorities inherit the trust from the root certification authority.
  - 9. A system according to claim 1, wherein the requesting device is selected from the group comprising a programmer and a personal communicator, each of which can interrogate or program, the implantable medical device using long range telemetry.
  - 10. A system according to claim 1, wherein the implantable medical device comprises a device selected from the group comprising a pacemaker, implantable cardioverter-defibrillator, and cardiac synchronization therapy device.

11. A method for confirming identity and authority by a patient medical device, comprising:
- issuing master credentials to a requesting device and a implantable medical device from an authorizing agent comprising a public key of the authorizing agent, a public key of a verification agent, and a digital signature of a root certification authority;
  
  issuing device credentials to the requesting device from the authorizing agent comprising a public key of the requesting device and a digital signature of the authorizing agent;
  
  issuing short-term authorization credentials to the requesting device from the verification agent comprising a digital signature of the verification agent, the short-term authorization credentials including an expiration date;
  
  providing access credentials to the implantable medical device, the access credentials comprising the device credentials, the short-term authorization credentials, and a digital signature of the requesting device; and
  
  authenticating the requesting device, comprising;
  
  checking the digital signature of the authorizing agent in the device credentials using the public key of the authorizing agent in the master credentials of the implantable medical devicechecking the digital signature of the requesting device in the access credentials using the public key of the requesting device in the device credentials;
  
  checking the digital signature of the verification agent in the short-term authorization credentials using the public key of the verification agent in the master credentials of the implantable medical device and verifying that the expiration date has not passed; and
  
  getting updated short-term authorization credentials from the verification agent with an updated expiration date.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. A method according to claim 11, further comprising:
    - permitting one of interrogation and programming of the implantable medical device upon successful authentication of the requesting device.
  - 13. A method according to claim 11, further comprising:
    - including at least one of permissions, limits, and restrictions on the requesting device in the authorization credentials; and
      
      checking the at least one permission, limit, and restriction in the access credentials.
  - 14. A method according to claim 13, wherein the at least one permission, limit, and restriction is selected from the group comprising a limit on a number of sessions, set of permitted operations, and set of prohibited operations.
  - 15. A method according to claim 13, further comprising:
    - permitting one of interrogation and programming of the implantable medical device within the at least one permission, limit, and restriction upon successful authentication of the requesting device.
  - 16. A method according to claim 11, wherein the master credentials, further master credentials, device credentials, and authorization credentials comprise digital asymmetric public and private key pairs.
  - 17. A method according to claim 11, further comprising:
    - defining a chain of trust, comprising a root certification authority; and
      
      delegating the trust to one or more further certification authorities from the root certification authority.
  - 18. A method according to claim 17, further comprising:
    - structuring the chain of trust as a hierarchy, wherein the further certification authorities inherit the trust from the root certification authority.
  - 19. A method according to claim 11, wherein the requesting device is selected from the group comprising a programmer and a personal communicator, each of which can interrogate or program the receiving device using long range telemetry.
  - 20. A method according to claim 11, wherein the implantable medical device comprises a device selected from the group comprising a pacemaker, implantable cardioverter-defibrillator, and cardiac resynchronization therapy device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cardiac Pacemakers Incorporated (Boston Scientific Corporation)
Original Assignee
Cardiac Pacemakers Incorporated (Boston Scientific Corporation)
Inventors
Jelatis, George D., Healy, Scott J.
Primary Examiner(s)
Zee, Edward
Assistant Examiner(s)
Debnath, Suman

Application Number

US12/057,272
Publication Number

US 20080244717A1
Time in Patent Office

1,741 Days
Field of Search

713/156, 713/168, 713/176, 713/177, 726 2- 5, 607/31, 607/32
US Class Current

726/5
CPC Class Codes

A61N 1/37252   Details of algorithms or da...

A61N 1/37254   Pacemaker or defibrillator ...

G06F 21/34   involving the use of extern...

G16H 40/63   for local operation

G16Z 99/00   Subject matter not provided...

H04L 2209/80   Wireless network architectu...

H04L 2209/88   Medical equipments

H04L 63/08   for authentication of entit...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

System and method for confirming identity and authority by a patient medical device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and method for confirming identity and authority by a patient medical device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others