Secure long-range telemetry for implantable medical device
First Claim
1. A method for implementing communications between an implantable medical device (IMD) and an external device (ED) over a telemetry channel, comprising:
- limiting data communications between the IMD and ED over a long range telemetry channel not requiring physical proximity to the IMD until a telemetry interlock has been released, wherein the telemetry interlock is released when the IMD receives an enable command via a short-range communications channel requiring physical proximity to the IMD;
authenticating the long range telemetry channel by transmitting a first encrypted communication from the IMD via the long range telemetry channel and receiving a second encrypted communication with the IMD via the long range telemetry channel, wherein the second message evidences that the sending device encrypted the second message using an expected encryption key; and
allowing data communications over the long range telemetry channel between the IMD and the ED but preventing programming of the IMD over the long range telemetry channel until the telemetry interlock is released and the long range telemetry channel is authenticated.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for enabling secure communications between an implantable medical device (IMD) and an external device (ED) over a telemetry channel. A telemetry interlock may be implemented which limits any communications between the ED and the IMD over the telemetry channel, where the telemetry interlock is released when the ED transmits an enable command to the IMD via a short-range communications channel requiring physical proximity to the IMD. As either an alternative or addition to the telemetry interlock, a data communications session between the IMD and ED over the telemetry channel may be allowed to occur only after the IMD and ED have been cryptographically authenticated to one other.
90 Citations
20 Claims
-
1. A method for implementing communications between an implantable medical device (IMD) and an external device (ED) over a telemetry channel, comprising:
-
limiting data communications between the IMD and ED over a long range telemetry channel not requiring physical proximity to the IMD until a telemetry interlock has been released, wherein the telemetry interlock is released when the IMD receives an enable command via a short-range communications channel requiring physical proximity to the IMD; authenticating the long range telemetry channel by transmitting a first encrypted communication from the IMD via the long range telemetry channel and receiving a second encrypted communication with the IMD via the long range telemetry channel, wherein the second message evidences that the sending device encrypted the second message using an expected encryption key; and allowing data communications over the long range telemetry channel between the IMD and the ED but preventing programming of the IMD over the long range telemetry channel until the telemetry interlock is released and the long range telemetry channel is authenticated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for implementing communications between an implantable medical device (IMD) and an external device (ED) over a telemetry channel, comprising:
-
means for limiting data communications between the IMD and ED over a long range telemetry channel not requiring physical proximity to the IMD until a telemetry interlock has been released, wherein the telemetry interlock is released when the IMD receives an enable command via a short-range communications channel requiring physical proximity to the IMD; means for authenticating the long range telemetry channel by transmitting a first encrypted communication from the IMD via the long range telemetry channel and receiving a second encrypted communication with the IMD via the long range telemetry channel, wherein the second message evidences that the sending device encrypted the second message using an expected encryption key; and means for allowing data communications over the long range telemetry channel between the IMD and the ED but preventing programming of the IMD over the long range telemetry channel until the telemetry interlock is released and the long range telemetry channel is authenticated. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification