Method for pairing and authenticating one or more medical devices and one or more remote electronic devices
First Claim
Patent Images
1. A method for establishing secure wireless communications between a Bluetooth medical device and a Bluetooth remote electronic device using application layer security data packet message authentication, comprising:
- creating and exchanging a personal identification number (PIN) code between the Bluetooth medical device and the Bluetooth remote electronic device for pairing comprising;
generating the PIN code by the Bluetooth medical device;
displaying the PIN code generated by the Bluetooth medical device on the Bluetooth medical device; and
instructing via a display of the Bluetooth remote electronic device, manual input of the at least the portion of the generated PIN code displayed on the Bluetooth medical device into the Bluetooth remote electronic device for security;
sending by the Bluetooth remote electronic device the PIN Code from the Bluetooth remote electronic device to the Bluetooth medical device;
receiving and confirming receipt of the PIN code by the Bluetooth remote electronic device sent from the Bluetooth medical device;
authenticating the PIN code, without using a link key, comprising;
generating first signature by the Bluetooth medical device from the PIN code using a symmetric encryption technique;
generating second signature by the Bluetooth remote electronic device from the entered PIN code using the symmetric encryption technique;
attaching the first signature to first data packet by the Bluetooth medical device;
sending the first data packet with the first signature by the Bluetooth medical device to the Bluetooth remote electronic device using a transport layer;
authenticating the PIN code when the first signature attached to the first data packet sent by the Bluetooth medical device is the same as the second signature generated by the Bluetooth remote electronic device;
generating a strong key, that is not derived from the link key, by the Bluetooth medical device for the purpose of secure key exchange comprising;
encrypting the strong key by the Bluetooth medical device that generated the strong key by applying the PIN code as an encryption key to a symmetric encryption technique;
sending the strong key encrypted by the Bluetooth medical device to the Bluetooth remote electronic device;
decrypting the strong key by the Bluetooth remote electronic device that had been encrypted and sent by the Bluetooth medical device;
authenticating application layer signatures from a data packet comprising;
generating third signature by the Bluetooth medical device from the strong key using the symmetric encryption technique;
generating fourth signature by the Bluetooth remote electronic device from the strong key using the symmetric encryption technique;
attaching the third signature to the data packet by the Bluetooth medical device;
sending the data packet with the third signature by the Bluetooth medical device to the Bluetooth remote electronic device using a application layer;
authenticating the application layer signature when the third signature attached to the data packet sent by the Bluetooth medical device is the same as the fourth signature generated by the Bluetooth remote electronic device; and
refusing the data packet when the third signature attached to the data packet sent by the Bluetooth medical device is not the same as the fourth signature generated by the Bluetooth remote electronic device;
performing a binding phase comprising;
sending service versions of all operating modes of the Bluetooth remote electronic device by the Bluetooth medical device to the Bluetooth remote electronic device;
upon a determination by the Bluetooth medical device that the sent service versions are compatible with corresponding service versions stored in the memory of the Bluetooth remote electronic device, storing a pass lag in a memory of the Bluetooth medical device and in a memory of the Bluetooth remote electronic device, andupon a determination by the Bluetooth medical device that at least one of the sent service versions is not compatible with a corresponding one of the service versions stored in the memory of the Bluetooth remote electronic device, removing the at least one strong key from the memory of the Bluetooth medical device and from the memory of the Bluetooth remote electronic device.
5 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating a medical device and a remote electronic device may include generating a PIN code by one device, capturing the generated PIN code with the other device, checking authentication of the PIN code, which is based at least in part on the captured PIN code, by the one device, generating a strong key by the one device, sending the strong key encrypted to the other device, checking authentication of the sent strong key by the one device, and upon successful authentication, storing the strong key in a memory of the one device and the other device. The roles of the medical device and the remote electronic device may be reversed in the authenticating method. The authenticating method may be preceded by a pairing process and/or followed by a binding process.
88 Citations
1 Claim
-
1. A method for establishing secure wireless communications between a Bluetooth medical device and a Bluetooth remote electronic device using application layer security data packet message authentication, comprising:
-
creating and exchanging a personal identification number (PIN) code between the Bluetooth medical device and the Bluetooth remote electronic device for pairing comprising; generating the PIN code by the Bluetooth medical device; displaying the PIN code generated by the Bluetooth medical device on the Bluetooth medical device; and instructing via a display of the Bluetooth remote electronic device, manual input of the at least the portion of the generated PIN code displayed on the Bluetooth medical device into the Bluetooth remote electronic device for security; sending by the Bluetooth remote electronic device the PIN Code from the Bluetooth remote electronic device to the Bluetooth medical device; receiving and confirming receipt of the PIN code by the Bluetooth remote electronic device sent from the Bluetooth medical device; authenticating the PIN code, without using a link key, comprising; generating first signature by the Bluetooth medical device from the PIN code using a symmetric encryption technique; generating second signature by the Bluetooth remote electronic device from the entered PIN code using the symmetric encryption technique; attaching the first signature to first data packet by the Bluetooth medical device; sending the first data packet with the first signature by the Bluetooth medical device to the Bluetooth remote electronic device using a transport layer; authenticating the PIN code when the first signature attached to the first data packet sent by the Bluetooth medical device is the same as the second signature generated by the Bluetooth remote electronic device; generating a strong key, that is not derived from the link key, by the Bluetooth medical device for the purpose of secure key exchange comprising; encrypting the strong key by the Bluetooth medical device that generated the strong key by applying the PIN code as an encryption key to a symmetric encryption technique; sending the strong key encrypted by the Bluetooth medical device to the Bluetooth remote electronic device; decrypting the strong key by the Bluetooth remote electronic device that had been encrypted and sent by the Bluetooth medical device; authenticating application layer signatures from a data packet comprising; generating third signature by the Bluetooth medical device from the strong key using the symmetric encryption technique; generating fourth signature by the Bluetooth remote electronic device from the strong key using the symmetric encryption technique; attaching the third signature to the data packet by the Bluetooth medical device; sending the data packet with the third signature by the Bluetooth medical device to the Bluetooth remote electronic device using a application layer; authenticating the application layer signature when the third signature attached to the data packet sent by the Bluetooth medical device is the same as the fourth signature generated by the Bluetooth remote electronic device; and refusing the data packet when the third signature attached to the data packet sent by the Bluetooth medical device is not the same as the fourth signature generated by the Bluetooth remote electronic device; performing a binding phase comprising; sending service versions of all operating modes of the Bluetooth remote electronic device by the Bluetooth medical device to the Bluetooth remote electronic device; upon a determination by the Bluetooth medical device that the sent service versions are compatible with corresponding service versions stored in the memory of the Bluetooth remote electronic device, storing a pass lag in a memory of the Bluetooth medical device and in a memory of the Bluetooth remote electronic device, and upon a determination by the Bluetooth medical device that at least one of the sent service versions is not compatible with a corresponding one of the service versions stored in the memory of the Bluetooth remote electronic device, removing the at least one strong key from the memory of the Bluetooth medical device and from the memory of the Bluetooth remote electronic device.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeRoche Diabetes Care Inc. (Roche Holding AG)
-
Original AssigneeRoche Diagnostics International AG (Roche Holding AG), Roche Diagnostics Operations Incorporated (Roche Holding AG)
-
InventorsFrikart, Marcel, Oberli, Markus, Frikart, Philippe, Strickland, Raymond, Jungen, Markus, Ehrsam, Matthias, Frey, Christian, Lindner, Felix
-
Primary Examiner(s)Rashid, Harunur
-
Application NumberUS12/632,601Publication NumberTime in Patent Office1,373 DaysField of Search713169-172, 455/41.2US Class Current713/171CPC Class CodesG16H 40/63 for local operationG16H 40/67 for remote operationH04L 63/061 for key exchange, e.g. in p...H04L 63/0869 for achieving mutual authen...H04W 12/06 AuthenticationH04W 12/50 Secure pairing of devicesH04W 84/18 Self-organising networks, e...
