Methods and systems for managing, controlling and monitoring medical devices via one or more software applications functioning in a secure environment

US 9,656,092 B2
Filed: 05/12/2010
Issued: 05/23/2017
Est. Priority Date: 05/12/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of interacting with a medical device in wireless communication with a user device, comprising:

receiving, at the user device, a certified medical application wherein the user device is physically separated from the medical device and includes;

a secure environment processor included within a secure environment of the user device wherein the secure environment is provided with guaranteed processor and memory resources in the event of at least one of a denial of service attack and an attempt to overload processing or memory usage in the secure environment,a nonsecure environment processor wherein the secure environment processor is physically isolated from the nonsecure environment processor,a secure environment memory coupled to the secure processor and accessible only to the secure environment processor, the secure environment memory being included within the secure environment and including a security monitor executed by the secure environment processor wherein the security monitor is configured to;

identify secure traffic on the user device wherein the secure traffic is associated with a function of the certified medical application requiring security,identify a security requirement associated with the function,manage execution of the certified medical application within the secure environment in accordance with the security requirement,identify other traffic on the user device wherein the other traffic is associated with a nonsecure function of a noncertified application,determine that the nonsecure function does not require security,allow the noncertified application to run in the nonsecure environment,a nonsecure environment memory coupled to the nonsecure environment processor;

at least one of a Bluetooth radio, a Bluetooth Low Energy radio and a WiFi radio for communicating with the medical device, wherein the at least one of the Bluetooth radio, the Bluetooth Low Energy radio and the WiFi radio is exclusively controlled by the secure environment processor when communicating with the medical device;

a wide area network radio wherein the wide area network radio receives the certified medical application from a service platform;

storing code for at least a portion of the certified medical application and code for a first operating system in the secure environment memory wherein the secure environment memory segment is isolated from the nonsecure environment memory and wherein the nonsecure environment memory is configured to store code for a second operating system and the noncertified applications, wherein;

the first operating system supports execution of the certified medical application by the secure environment processor,the second operating system supports execution of the one or more noncertified applications,the first operating system operates independently of the second operating system wherein the first operating system remains operational when the second operating system is turned off or becomes non-operational or corrupted, andthe non-certified applications do not interact with the secure environment memory; and

initiating establishment of a communication link from the user device to the medical device via at least one of the Bluetooth radio, the Bluetooth Low Energy radio and the WiFi radio, wherein the communication link is configured to facilitate execution of the certified medical application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods that include configurations of a medical device, user device and service platform are described. Embodiments may include a secure network to run medical applications that control and/or monitor the medical device. An online store may be provided for storing and distributing medical applications to the user device and medical device. A secure environment may be provided within the user device and medical device that protects the integrity of medical applications running on those devices. A service platform may provide a service that enables a medical authority to certify and monitor the medical applications. In some implementations, various third parties and the user of the user device may be allowed to manage and monitor the medical device.

197 Citations

31 Claims

1. A computer-implemented method of interacting with a medical device in wireless communication with a user device, comprising:
- receiving, at the user device, a certified medical application wherein the user device is physically separated from the medical device and includes;
  
  a secure environment processor included within a secure environment of the user device wherein the secure environment is provided with guaranteed processor and memory resources in the event of at least one of a denial of service attack and an attempt to overload processing or memory usage in the secure environment,a nonsecure environment processor wherein the secure environment processor is physically isolated from the nonsecure environment processor,a secure environment memory coupled to the secure processor and accessible only to the secure environment processor, the secure environment memory being included within the secure environment and including a security monitor executed by the secure environment processor wherein the security monitor is configured to;
  
  identify secure traffic on the user device wherein the secure traffic is associated with a function of the certified medical application requiring security,identify a security requirement associated with the function,manage execution of the certified medical application within the secure environment in accordance with the security requirement,identify other traffic on the user device wherein the other traffic is associated with a nonsecure function of a noncertified application,determine that the nonsecure function does not require security,allow the noncertified application to run in the nonsecure environment,a nonsecure environment memory coupled to the nonsecure environment processor;
  
  at least one of a Bluetooth radio, a Bluetooth Low Energy radio and a WiFi radio for communicating with the medical device, wherein the at least one of the Bluetooth radio, the Bluetooth Low Energy radio and the WiFi radio is exclusively controlled by the secure environment processor when communicating with the medical device;
  
  a wide area network radio wherein the wide area network radio receives the certified medical application from a service platform;
  
  storing code for at least a portion of the certified medical application and code for a first operating system in the secure environment memory wherein the secure environment memory segment is isolated from the nonsecure environment memory and wherein the nonsecure environment memory is configured to store code for a second operating system and the noncertified applications, wherein;
  
  the first operating system supports execution of the certified medical application by the secure environment processor,the second operating system supports execution of the one or more noncertified applications,the first operating system operates independently of the second operating system wherein the first operating system remains operational when the second operating system is turned off or becomes non-operational or corrupted, andthe non-certified applications do not interact with the secure environment memory; and
  
  initiating establishment of a communication link from the user device to the medical device via at least one of the Bluetooth radio, the Bluetooth Low Energy radio and the WiFi radio, wherein the communication link is configured to facilitate execution of the certified medical application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 23, 24, 25, 26, 27, 30, 31)
- - 2. The method of claim 1 further comprising sending, to the medical device, one or more instructions for execution on the medical device to implement a medical control or monitoring function.
  - 3. The method of claim 1 further comprising receiving, from the medical device, a set of data associated with a control or monitoring function implemented on the medical device.
  - 4. The method of claim 3 further comprising storing, in the secure memory segment, the set of data.
  - 5. The method of claim 4 wherein the set of data is encrypted prior to storing.
  - 6. The method of claim 4 further comprising sending, from the user device to a service platform, the set of data.
  - 7. The method of claim 6 further comprising encrypting the set of data prior to the sending the set of data.
  - 8. The method of claim 1 further comprising verifying that the certified medical application conforms to one or more regulatory requirements.
  - 9. The method of claim 8 wherein the verifying including validating that the certified medical application conforms to a Food and Drug Administration (FDA) medical device compliance regulation.
  - 23. The method of claim 1 wherein the nonsecure environment memory includes first data and the secure environment memory includes second data, the first data being securely partitioned from the second data.
  - 24. The method of claim 1 wherein the secure environment memory is configured to support a first secure environment and a second secure environment, the first secure environment being securely partitioned from the second secure environment and including the certified medical application.
  - 25. The method of claim 24 wherein the second secure environment includes another certified medical application.
  - 26. The method of claim 1 further including booting the first operating system prior to booting the second operating system.
  - 27. The method of claim 1, further comprising setting priority to execute the certified medical application over one or more of the non-certified applications.
  - 30. The method of claim 1 wherein the security monitor identifies the secure traffic by looking for traffic on the user device that is flagged as requiring security.
  - 31. The method of claim 30 wherein a predefined bit is set in packets of the secure traffic and the predefined bit is not set in packets of the other traffic.

10. A computer implemented method of operating a medical device, comprising:
- initiating establishment of a communications connection between a user device and the medical device wherein the user device includes;
  
  a secure environment processor included within a secure environment of the user device wherein the secure environment is provided with guaranteed processor and memory resources in the event of at least one of a denial of service attack and an attempt to overload processing or memory usage in the secure environment,a nonsecure environment processor wherein the secure environment processor is physically isolated from the nonsecure environment processor,a secure environment memory coupled to the secure processor and accessible only to the secure environment processor, the secure environment memory being included within the secure environment and including a security monitor executed by the secure environment processor wherein the security monitor is configured to;
  
  identify secure traffic on the user device wherein the secure traffic is associated with a function of the certified medical application requiring security,identify a security requirement associated with the function,manage execution of the certified medical application within the secure environment in accordance with the security requirement,identify other traffic on the user device wherein the other traffic is associated with a nonsecure function of a noncertified application,determine that the nonsecure function does not require security,allow the noncertified application to run in the nonsecure environment,a nonsecure environment memory coupled to the nonsecure environment processor;
  
  at least one of a short range wireless radio and a wired connector for facilitating the communications connection;
  
  at least one of an LTE radio and a WiFi radio configured to receive a certified medical application from a service platform;
  
  sending, from the certified medical application and via the communications connection, instructions for controlling or monitoring an operational function of the medical device, wherein;
  
  the secure environment memory is configured to store code for a first operating system and the certified medical application,the nonsecure environment memory is configured to store one or more nonsecure applications and code for a second operating system,the first operating system supporting execution of the certified medical application,the second operating system supporting execution of the one or more noncertified applications,the first operating system operates independently of the second operating system, andthe non-certified applications do not interact with the secure memory segment;
  
  receiving, from the medical device and using the certified medical application, data associated with operation of the medical device; and
  
  storing the data associated with operation of the medical device in the secure environment memory.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10 further including sending, from the user device, the data associated with operation of the medical device to a service platform.
  - 12. The method of claim 10 wherein the sending further includes sending another certified medical application to the medical device.

13. An apparatus for a user device, comprising:
- a secure environment processor included within a secure environment of the user device wherein the secure environment is provided with guaranteed processor and memory resources in the event of at least one of a denial of service attack and an attempt to overload processing or memory usage in the secure environment;
  
  a nonsecure environment processor wherein the secure environment processor is physically isolated from the nonsecure environment processor;
  
  a nonsecure environment memory coupled to the nonsecure environment processor wherein the nonsecure environment memory is configured to store code for a first operating system and one or more non-certified applications;
  
  a secure environment memory coupled to the secure processor and accessible only to the secure environment processor wherein the secure environment memory is configured to securely store code for a second operating system and a certified medical application disposed for execution on the secure environment processor to facilitate control and/or monitoring of a medical device;
  
  at least one of a Bluetooth radio, a Bluetooth Low Energy radio and a WiFi radio for communicating with the medical device, wherein the at least one of the Bluetooth radio, the Bluetooth Low Energy radio and the WiFi radio is exclusively controlled by the secure environment processor when communicating with the medical device;
  
  at least one of a wide area network radio and a wired connector wherein the at least one of a wide area network radio and the wired connector receives the certified medical application from a service platform;
  
  wherein the second operating system supports execution of the certified medical application and the first operating system supports execution of one or more noncertified applications, and further wherein;
  
  the first operating system operates independently of the second operating system,the second operating system boots prior to booting the first operating system, andthe non-certified applications do not interact with the secure environment memory.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The apparatus of claim 13 wherein the secure environment memory—
    - is further configured to securely store a set of data provided from the medical device.
  - 15. The apparatus of claim 13 wherein the secure environment memory further includes a secure communication application configured to receive, from the service platform, the certified medical application and store the certified medical application in the secure environment memory.
  - 16. The apparatus of claim 15 wherein the secure communication application is further configured to verify, in response to receipt of the medical application, that the received medical application has been approved for operation with the medical device by a regulatory authority.
  - 17. The apparatus of claim 16 wherein the regulatory authority is the FDA.

18. A medical device, comprising:
- a sensor configured to monitor at least one physiological characteristic of a patient;
  
  a secure environment processor coupled to the sensor, wherein the secure environment processor is included within a secure environment of the user device and wherein the secure environment is provided with guaranteed processor and memory resources in the event of at least one of a denial of service attack and an attempt to overload processing or memory usage in the secure environment;
  
  a nonsecure environment processor wherein the secure environment processor is physically isolated from the nonsecure environment processor;
  
  a nonsecure environment memory coupled to the nonsecure environment processor wherein the nonsecure environment memory is configured to store code for a first operating system and one or more noncertified applications;
  
  a secure environment memory being included within the secure environment and being coupled to the secure processor and accessible only to the secure environment processor wherein the secure environment memory is configured to securely store code for a second operating system and a certified medical application disposed for execution on the secure environment processor to facilitate monitoring of the physiological characteristic and wherein the secure environment memory includes a security monitor executed by the secure environment processor wherein the security monitor is configured to;
  
  identify secure traffic on the medical device wherein the secure traffic is associated with a function of the certified medical application requiring security,identify a security requirement associated with the function,manage execution of the certified medical application within the secure environment in accordance with the security requirement;
  
  at least one of a Bluetooth radio, a Bluetooth Low Energy radio and a WiFi radio for communicating with a user device, wherein the at least one of the Bluetooth radio, the Bluetooth Low Energy radio and the WiFi radio is exclusively controlled by the secure environment processor when communicating with the user device;
  
  wherein;
  
  the second operating system supports execution of the certified medical application and boots before booting of the first operating system,the first operating system supports execution of the one or more noncertified applications,the first operating system operates independently of the second operating system, andthe non-certified applications do not interact with the secure environment memory.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The device of claim 18 wherein the secure environment memory is further configured to securely store a set of data provided from the sensor.
  - 20. The device of claim 19 wherein the memory further includes a secure communication application configured to receive, from a service platform, a certified medical application and store the certified medical application in the secure environment memory.
  - 21. The device of claim 20 wherein the secure communication application is further configured to verify, in response to receipt of the medical application, that the received certified medical application has been approved for operation with the medical device by a regulatory authority.
  - 22. The device of claim 21 wherein the regulatory authority is the FDA and the certified medical application has been certified by the FDA.

28. An apparatus for a user device configured to interact with a medical device and a service platform, the apparatus comprising:
- a secure environment processor wherein the secure environment processor is included within a secure environment and comprises one of an ARM core and an x86 processor core wherein the secure environment is provided with guaranteed processor and memory resources in the event of at least one of a denial of service attack and an attempt to overload processing or memory usage in the secure environment;
  
  a nonsecure environment processor wherein the secure environment processor is at least one of physically and virtually isolated from the nonsecure environment processor;
  
  a nonsecure environment memory coupled to the nonsecure environment processor wherein the nonsecure environment memory is configured to store code for a first operating system and one or more non-certified applications;
  
  a secure environment memory coupled to the secure processor and accessible only to the secure environment processor wherein the secure environment memory is configured to securely store code for a second operating system and a certified medical application disposed for execution on the secure environment processor to facilitate control and/or monitoring of a medical device and wherein the secure environment memory includes a security monitor executed by the secure environment processor wherein the security monitor is configured to;
  
  identify secure traffic wherein the secure traffic is associated with a function of the certified medical application requiring security,identify a security requirement associated with the function,manage execution of the certified medical application within the secure environment in accordance with the security requirement;
  
  at least one of a short range radio and a wired connector for communicating with the medical device;
  
  at least one of a wide area network radio and a wired connector wherein the at least one of a wide area network radio and the wired connector receives the certified medical application from the service platform;
  
  wherein the second operating system supports execution of the certified medical application and the first operating system supports execution of one or more noncertified applications, and further wherein;
  
  the first operating system operates independently of the second operating system wherein the secure environment is configured such that the second operating system continues to run when the first operating system becomes corrupted or is turned off, andthe non-certified applications do not interact with the secure environment memory.

29. An apparatus for a user device configured to interact with a medical device and a service platform, the apparatus comprising:
- a first processor element;
  
  a second processor element;
  
  a hardware-enabled security monitor configured to isolate secure traffic processed by the second processor element from the first processor element;
  
  a first memory coupled to the first processor element wherein the first memory is configured to store code for a first operating system and one or more non-certified applications;
  
  a second memory coupled to the second processor element and accessible only to the second processor element wherein the second memory is configured to securely store code for a second operating system and a certified medical application disposed for execution on the second processor to facilitate control and/or monitoring of a medical device and wherein the second memory includes a security monitor executed by the second processor element wherein the security monitor is configured to;
  
  identify secure traffic wherein the secure traffic is associated with a function of the certified medical application requiring security,identify a security requirement associated with the function,manage execution of the certified medical application within the secure environment in accordance with the security requirement;
  
  at least one of a short range radio and a wired connector for communicating with the medical device;
  
  at least one of a wide area network radio and a wired connector wherein the at least one of a wide area network radio and the wired connector receives the certified medical application from the service platform;
  
  wherein the second operating system supports execution of the certified medical application and the first operating system supports execution of one or more noncertified applications, and further wherein;
  
  the first operating system operates independently of the second operating system such that the second operating system continues to run when the first operating system becomes corrupted or is turned off, andthe non-certified applications do not interact with the second memory;
  
  wherein the second memory and the second operating system are included within a secure environment and the secure environment is provided with guaranteed processor and memory resources in the event of at least one of a denial of service attack and an attempt to overload processing or memory usage in the secure environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Chronicmobile Incorporated
Original Assignee
Chronicmobile Incorporated
Inventors
Golden, Michael
Primary Examiner(s)
Long, Fonya
Assistant Examiner(s)
RAJ, RAJIV J

Application Number

US12/779,025
Publication Number

US 20100292556A1
Time in Patent Office

2,568 Days
Field of Search

705 2- 3, 600300
US Class Current
CPC Class Codes

A61B 5/0002   Remote monitoring of patien...

A61B 5/7465   Arrangements for interactiv...

A61N 1/37235   Aspects of the external pro...

A61N 1/37282   characterised by communicat...

G06Q 10/06   Resources, workflows, human...

G06Q 50/22   Social work or social welfa...

G16H 10/60   for patient-specific data, ...

G16H 40/40   for the management of medic...

G16H 40/67   for remote operation

Methods and systems for managing, controlling and monitoring medical devices via one or more software applications functioning in a secure environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

197 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for managing, controlling and monitoring medical devices via one or more software applications functioning in a secure environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

197 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links