Authentication of external devices to implantable medical devices using biometric measurements

US 8,886,316 B1
Filed: 12/18/2012
Issued: 11/11/2014
Est. Priority Date: 12/18/2012
Status: Active Grant

First Claim

Patent Images

1. A method performed by a medical device, comprising:

storing information used to derive a first probability distribution of obtaining a physiological value without physical contact with the living organism yielding designated errors and information used to derive a second probability distribution of a valid monitoring device obtaining the physiological value yielding the designated errors;

receiving from a monitoring device a request for access to the medical device configured for implantation into a living organism from a monitoring device;

measuring a physiological value of the living organism;

performing a pairing protocol with the monitoring device, the pairing protocol comprising a secure channel set-up phase followed by an authentication phase; and

permitting access by the monitoring device responsive to a successful pairing in accordance with the pairing protocol, the successful pairing being based at least in part on a determination that a physiological value supplied by the monitoring device substantially matches the measured physiological value;

wherein the medical device performs the secure channel set-up phase before sending the measured physiological value to the monitoring device;

wherein the measured physiological value sent to the monitoring device comprises a committed value, the committed value being bound to information determined based at least in part on the secure channel set-up phase;

wherein the supplied physiological value and the measured physiological value each comprise two or more portions;

wherein the determination that the supplied physiological value substantially matches the measured physiological value is based at least in part on;

determining differences between corresponding ones of the two or more portions of the respective physiological values; and

comparing said differences to an error threshold; and

wherein the error threshold comprises different error rates for respective ones of the two or more portions.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus comprises a medical device configured for implantation into a living organism. The medical device comprises processing circuitry, a memory and interface circuitry configured for communication with a monitoring device. The medical device is configured to receive a request for access from the monitoring device, to measure a physiological value of the living organism, to perform a pairing protocol with the monitoring device, the pairing protocol comprising a secure channel set-up phase followed by an authentication phase, and to permit access by the monitoring device responsive to a successful pairing in accordance with the pairing protocol, the successful pairing being based at least in part on a determination that a physiological value supplied by the monitoring device substantially matches the measured physiological value. The medical device performs the secure channel set-up phase before sending the measured physiological value to the monitoring device.

41 Citations

View as Search Results

25 Claims

1. A method performed by a medical device, comprising:
- storing information used to derive a first probability distribution of obtaining a physiological value without physical contact with the living organism yielding designated errors and information used to derive a second probability distribution of a valid monitoring device obtaining the physiological value yielding the designated errors;
  
  receiving from a monitoring device a request for access to the medical device configured for implantation into a living organism from a monitoring device;
  
  measuring a physiological value of the living organism;
  
  performing a pairing protocol with the monitoring device, the pairing protocol comprising a secure channel set-up phase followed by an authentication phase; and
  
  permitting access by the monitoring device responsive to a successful pairing in accordance with the pairing protocol, the successful pairing being based at least in part on a determination that a physiological value supplied by the monitoring device substantially matches the measured physiological value;
  
  wherein the medical device performs the secure channel set-up phase before sending the measured physiological value to the monitoring device;
  
  wherein the measured physiological value sent to the monitoring device comprises a committed value, the committed value being bound to information determined based at least in part on the secure channel set-up phase;
  
  wherein the supplied physiological value and the measured physiological value each comprise two or more portions;
  
  wherein the determination that the supplied physiological value substantially matches the measured physiological value is based at least in part on;
  
  determining differences between corresponding ones of the two or more portions of the respective physiological values; and
  
  comparing said differences to an error threshold; and
  
  wherein the error threshold comprises different error rates for respective ones of the two or more portions.
- View Dependent Claims (2)
- - 2. A non-transitory processor-readable storage medium having instruction code embodied therein which when executed by a processor implements the steps of the method of claim 1.

3. A method performed by a monitoring device, comprising:
- sending a request for access to a medical device configured for implantation into a living organism;
  
  supplying a physiological value to the medical device;
  
  performing a pairing protocol with the medical device, the pairing protocol comprising a secure channel set-up phase followed by an authentication phase; and
  
  obtaining access to the medical device responsive to a successful pairing in accordance with the pairing protocol, the successful pairing being based at least in part on a determination that the supplied physiological value substantially matches a physiological value measured by the medical device;
  
  wherein the monitoring device performs the secure channel set-up phase before supplying the physiological value to the medical device;
  
  wherein the physiological value supplied to the monitoring device comprises a committed value, the committed value being bound to information determined based at least in part on the secure channel set-up phase;
  
  wherein the supplied physiological value and the measured physiological value each comprise two or more portions;
  
  wherein the determination that the supplied physiological value substantially matches the measured physiological value is based at least in part on;
  
  determining differences between corresponding ones of the two or more portions of the respective physiological values; and
  
  comparing said differences to an error threshold; and
  
  wherein the error threshold comprises different error rates for respective ones of the two or more portions.
- View Dependent Claims (4)
- - 4. A non-transitory processor-readable storage medium having instruction code embodied therein which when executed by a processor implements the steps of the method of claim 3.

5. An apparatus comprising:
- a medical device configured for implantation into a living organism, the medical device comprising processing circuitry, a memory, and interface circuitry configured for communication with a monitoring device, the medical device being configured to;
  
  receive a request for access from the monitoring device;
  
  measure a physiological value of the living organism;
  
  perform a pairing protocol with the monitoring device, the pairing protocol comprising a secure channel set-up phase followed by an authentication phase; and
  
  permit access by the monitoring device responsive to a successful pairing in accordance with the pairing protocol, the successful pairing being based at least in part on a determination that a physiological value supplied by the monitoring device substantially matches the measured physiological value;
  
  wherein the medical device performs the secure channel set-up phase before sending the measured physiological value to the monitoring device;
  
  wherein the medical device is further configured to;
  
  store information used to derive a first probability distribution of obtaining a physiological value without physical contact with the living organism yielding designated errors; and
  
  store information used to derive a second probability distribution of a valid monitoring device obtaining the physiological value yielding the designated errors;
  
  wherein the determination that the supplied physiological value substantially matches the measured physiological value is based at least in part on an analysis of the supplied physiological value, the first probability distribution and the second probability distribution; and
  
  wherein the second probability distribution is modeled using a binomial distribution based on a pre-computed statistical error rate for each bit position in the measured physiological value, wherein two or more bit positions in the measured physiological value have different error rates.

6. An apparatus comprising:
- a medical device configured for implantation into a living organism, the medical device comprising processing circuitry, a memory, and interface circuitry configured for communication with a monitoring device, the medical device being configured to;
  
  receive a request for access from the monitoring device;
  
  measure a physiological value of the living organism;
  
  perform a pairing protocol with the monitoring device, the pairing protocol comprising a secure channel set-up phase followed by an authentication phase; and
  
  permit access by the monitoring device responsive to a successful pairing in accordance with the pairing protocol, the successful pairing being based at least in part on a determination that a physiological value supplied by the monitoring device substantially matches the measured physiological value;
  
  wherein the medical device performs the secure channel set-up phase before sending the measured physiological value to the monitoring device;
  
  wherein the measured physiological value sent to the monitoring device comprises a committed value, the committed value being bound to information determined based at least in part on the secure channel set-up phase;
  
  wherein the supplied physiological value and the measured physiological value each comprise two or more portions;
  
  wherein the determination that the supplied physiological value substantially matches the measured physiological value is based at least in part on;
  
  determining differences between corresponding ones of the two or more portions of the respective physiological values; and
  
  comparing said differences to an error threshold; and
  
  wherein the error threshold comprises different error rates for respective ones of the two or more portions.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 7. The apparatus of claim 6, wherein the measured physiological value is based at least in part a plurality of time-sensitive random values taken over a given time interval.
  - 8. The apparatus of claim 7, wherein the plurality of time-sensitive random values are derived from electrocardiography measurements taken over the given time interval.
  - 9. The apparatus of claim 8, wherein an inter-pulse interval of the living organism has a set of physiologically significant features, the plurality of time-sensitive random values being derived from sets of physiologically significant features for one or more inter-pulse intervals in the given time interval.
  - 10. The apparatus of claim 6, wherein the medical device is further configured to:
    - store information used to derive a first probability distribution of obtaining a physiological value without physical contact with the living organism yielding designated errors; and
      
      store information used to derive a second probability distribution of a valid monitoring device obtaining the physiological value yielding the designated errors;
      
      wherein the determination that the supplied physiological value substantially matches the measured physiological value is based at least in part on an analysis of the supplied physiological value, the first probability distribution and the second probability distribution.
  - 11. The apparatus of claim 10, wherein the medical device is further configured to:
    - compute an error value of the supplied physiological value, the error value being based at least in part on a total number of mismatches between corresponding bits in the supplied physiological value and the measured physiological value; and
      
      determine whether the supplied physiological value substantially matches the measured physiological value based at least in part on the results of a Neyman-Pearson hypothesis test using the error value, the first probability distribution and the second probability distribution.
  - 12. The apparatus of claim 11, wherein the medical device determines that the supplied physiological value substantially matches the measured physiological value when
  - 13. The apparatus of claim 12, wherein the fixed threshold value Th is pre-computed based on a target false negative rate.
  - 14. The apparatus of claim 10, wherein the first probability distribution is modeled using a binomial distribution having a designated Bernoulli trial probability.
  - 15. The apparatus of claim 6, wherein the information determined based at least in part on the secure channel set-up phase comprises an output of the secure channel set-up phase.
  - 16. The apparatus of claim 6, wherein the secure channel set-up phase is based at least in part on public-key cryptography and comprises establishing a secure channel via transport layer security (TLS), wherein the medical device acts as a TLS client and the monitoring device acts as a TLS server.
  - 17. The apparatus of claim 6, wherein the authentication phase comprises:
    - committing, in the medical device, to the measured physiological value to determine the committed value;
      
      binding, in the medical device, the committed value to a label of a secure channel determined in the secure channel set-up phase to determine a first bound value;
      
      sending, from the medical device to the monitoring device, the first bound value;
      
      receiving, in the medical device, a second bound value from the monitoring device;
      
      decommitting, in the medical device, the first bound value to determine a first decommittment value;
      
      sending, from the medical device to the monitoring device, the first decommittment value;
      
      receiving, in the medical device, a second decommittment value;
      
      determining the supplied physiological value using the second bound value and the second decommittment value; and
      
      granting the request for access if the supplied physiological value substantially matches the measured physiological value.
  - 18. The apparatus of claim 6, wherein the successful pairing comprises a transient pairing.
  - 19. The apparatus of claim 6, wherein the measured physiological value is valid for a given time interval, and wherein when a first instance of the pairing protocol in the given time interval is unsuccessful, subsequent requests for access during the given time interval are rejected.
  - 20. The apparatus of claim 6, wherein the measured physiological value comprises a first number of independent and identically distributed random bits, and wherein the supplied physiological value substantially matches the measured physiological value when a second number of bits in the supplied physiological value are equal to corresponding bits in the measured physiological value.
  - 21. The apparatus of claim 6, wherein the medical device is further configured to permit access to the medical device by the monitoring device when respective bits of the measured physiological value corresponds to bits in one or more identified patterns, at least one of the one or more identified patterns corresponding to a life-threatening medical event in the living organism.
  - 22. The apparatus of claim 6, wherein the medical device comprises an implantable cardioverter defibrillator.
  - 23. The apparatus of claim 6, wherein access to the medical device permits the monitoring device to read data corresponding to the living organism from the memory of the medical device.
  - 24. The apparatus of claim 6, wherein access to the medical device permits the monitoring device to reprogram the medical device.

25. An apparatus comprising:
- a monitoring device comprising processing circuitry and interface circuitry configured for communication with one or more medical devices configured for implantation into a living organism, the monitoring device being configured to;
  
  send a request for access to a given one of the medical devices;
  
  supply a physiological value to the given medical device;
  
  perform a pairing protocol with the given medical device the pairing protocol comprising a secure channel set-up phase followed by an authentication phase; and
  
  obtain access to the given medical device responsive to a successful pairing in accordance with the pairing protocol, the successful pairing being based at least in part on a determination that the supplied physiological value substantially matches a physiological value of the living organism measured by the given medical device;
  
  wherein the monitoring device performs the secure channel set-up phase before supplying the physiological value to the medical device;
  
  wherein the physiological value supplied to the monitoring device comprises a committed value, the committed value being bound to information determined based at least in part on the secure channel set-up phase;
  
  wherein the supplied physiological value and the measured physiological value each comprise two or more portions;
  
  wherein the determination that the supplied physiological value substantially matches the measured physiological value is based at least in part on;
  
  determining differences between corresponding ones of the two or more portions of the respective physiological values; and
  
  comparing said differences to an error threshold; and
  
  wherein the error threshold comprises different error rates for respective ones of the two or more portions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Juels, Ari
Primary Examiner(s)
Layno, Carl H
Assistant Examiner(s)
Wu, Eugene

Application Number

US13/718,171
Time in Patent Office

693 Days
Field of Search

607 30- 32, 607/59, 607/60
US Class Current

607/31
CPC Class Codes

A61B 5/0031   Implanted circuitry

A61B 5/318   Heart-related electrical mo...

A61B 5/33   specially adapted for coope...

A61B 90/98   using electromagnetic means...

A61N 1/37254   Pacemaker or defibrillator ...

A61N 1/37282   characterised by communicat...

A61N 1/3937   Monitoring output parameters

G06F 21/32   using biometric data, e.g. ...

G06F 21/44   Program or device authentic...

G16H 40/67   for remote operation

H04L 67/125   involving control of end-de...

H04W 12/06   Authentication

H04W 12/50   Secure pairing of devices

Authentication of external devices to implantable medical devices using biometric measurements

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication of external devices to implantable medical devices using biometric measurements

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links