CLIAMS:What is claimed is:
1. A method for providing secure access to a medical device, the method comprising:
a. receiving a plurality of access request messages from a plurality of users, wherein each access request message from the plurality of access request messages comprises a mobile identity associated with each user from the plurality of users;
b. generating a plurality of one time session keys, wherein each one time session key of the plurality of one time session keys is associated with each access request message of the plurality of access request messages;
c. transmitting each one time session key of the plurality of one time session keys associated with each access request message of the plurality of access request messages to a third party entity;
d. receiving a verification code from a user of the plurality of users, wherein the user of the plurality of users is selected by the third party entity and the user receives the verification code from the third party entity; and
e. verifying the received verification code for secure access to the medical device.
2. The method of claim 1, wherein generating the plurality of one time session keys is according to a variance technique.
3. The method of claim 1, wherein the variance technique is selected from a set of variance techniques.
4. The method of claim 1, wherein the mobile identity is at least one of an International Mobile Subscriber Identity (IMSI), a Mobile Station International Subscriber Directory Number (MSISDN), a mobile digital signature of a mobile device associated with the user.
5. A medical device comprising:
a. a receiver, wherein the receiver is configured to receive a plurality of access request messages from a plurality of users and a verification code;
b. an OTP generation module, wherein the OTP generation module is configured to generate a plurality of one time session keys, wherein each one time session key of the plurality of one time session keys is associated with each access request message of the plurality of access request messages;
c. a transmitter, wherein the transmitter is configured to transmit each one time session key of the plurality of one time session keys associated with each access request message of the plurality of access request messages to a third party entity; and
d. a verification module, wherein the verification module is configured to verify the verification code.
6. The system of claim 5, further comprises a storage module configured to store each of the one time session key of the generated plurality of one time session keys.
7. The system of claim 5, wherein the OTP generation module generates the plurality of one time session keys on receiving the plurality of access request messages.
8. The system of claim 5, wherein the verification module compares the received verification code with the stored plurality of one time session keys.
,TagSPECI:METHOD AND SYSTEM FOR SECURE ACCESS OF MEDICAL DEVICES.
FIELD OF THE INVENTION
[001] The present invention relates to medical devices and in particular, it relates to secure access of medical devices.
BACKGROUND OF THE INVENTION
[002] Medical devices are used in health care centers, hospitals, and nursing homes to monitor and treat patients. Only authorized medical personnel should be allowed to operate these medical devices. Thousands of people move in and out of these health care centers in a day and they can easily access these medical devices without authorization. Sometimes an unauthorized person can change the parameters or settings in the medical device, which affects the condition of the patient. Hence, it is necessary for the health care centers to provide secure access control mechanisms to the medical devices.
[003] The secure access control mechanism to the medical device plays a vital role in preventing an unauthorized person from mishandling of medical devices. Secure access control ensures that authorized medical personnel alone have access to the medical device. Thus, it prevents an unauthorized person from tampering with the settings on the medical device.
[004] In US8474029B2, the access to medical device is restricted through the use of passwords. In this approach, each user is given a unique username and password, which is entered in the medical device to gain access. However, this approach is vulnerable to attacks where the software of the system can be hacked.
[005] In US8315367B2, the access is restricted using identification devices, which are carried by authorized medical personnel. The medical device wirelessly connects to identification device when carried into the radio range of the medical device. However, this approach does not allow discrimination between multiple persons present in the vicinity of the medical device. For example, the medical device is accessible to anyone in the vicinity regardless of whether or not the person is authorized to use the medical device.
[006] In light of the above discussion, there is a need for a method and system, which overcomes all the above stated problems.
BRIEF DESCRIPTION OF THE INVENTION
[007] The above-mentioned shortcomings, disadvantages and problems are addressed herein which will be understood by reading and understanding the following specification.
[008] In embodiments, the present invention provides a method for providing secure access to a medical device. The method includes receiving a plurality of access request messages from a plurality of users, generating a plurality of one time session keys, transmitting the generated plurality of one time session keys to a third party entity, receiving a verification code from a user, verifying the received verification code. Each access request message from a plurality of access request messages includes a mobile identity associated with each user of the plurality of users. The user is selected by the third party entity and the user receives the verification code from the third party entity.
[009] In an embodiment, the mobile identity of the payee includes at least one of an International Mobile Subscriber Identity (IMSI), a Mobile Subscriber Integrated Services Digital Network (MSISDN) number, and a mobile digital signature of a mobile device of the payee.
[0010] In an embodiment, generating the one time session key according to a variance technique.
[0011] In another aspect, the present invention provides a medical device. The medical device includes a receiver, an OTP generation module, a transmitter and a verification module. The receiver is configured to receive the plurality of access request messages and the verification code. The OTP generation module configured to generate the plurality of one time session keys. The transmitter is configured to transmit the generated plurality of one time session keys. The verification module is configured to verify the received verification code.
[0012] In an embodiment, the medical device includes a storage module configured to store the generated plurality of one time session keys.
[0013] Systems and methods of varying scope are described herein. In addition to the aspects and advantages described in this summary, further aspects and advantages will become apparent by reference to the drawings and with reference to the detailed description that follows.
BRIEF DESCRIPTION OF THE DRAWINGS
[0014] Figure 1 illustrates a system for providing secure access to a medical device, in accordance with various embodiments of the present invention;
[0015] Figure 2 illustrates a flowchart for providing secure access to the medical device, in accordance with various embodiments of the present invention;
[0016] Figure 3 illustrates a detailed flowchart for providing secure access to the medical device, in accordance with various embodiments of the present invention;
[0017] Figure 4 illustrates a block diagram of the medical device, in accordance with various embodiments of the present invention;
[0018] Figure 5 is a sequence diagram of a method for providing secure access to the medical device, in accordance with various embodiments of the present invention;
[0019] Figure 6 illustrates a mobile device of a user requesting the user to enter pin to send a mobile identity to the medical device, in accordance with various embodiments of the present invention;
[0020] Figure 7 illustrates the mobile device of the user on receiving a verification code, in accordance with various embodiments of the present invention; and
[0021] Figure 8is a block diagram of a subscriber identification module (SIM) card, in accordance with various embodiments of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
[0022] In the following detailed description, reference is made to the accompanying drawings that form a part hereof, and in which is shown by way of illustration specific embodiments, which may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the embodiments, and it is to be understood that other embodiments may be utilized and that logical, mechanical, electrical and other changes may be made without departing from the scope of the embodiments. The following detailed description is, therefore, not to be taken in a limiting sense.
[0023] Figure 1 illustrates a system 100 for providing secure access to a medical device 150. The system 100 includes a user 110 associated with a mobile device 120, a user 130 associated with a mobile device 140 and a third party entity 160.
[0024] In context of the present invention, the medical device 150 refers to an electronic device used for treating a patient by the user 110.The medical device 150 is used for various purposes, such as, in diagnosis, monitoring, therapy, treatment, surgery, and the like. Examples of the medical device 150 include, but may not be limited to a pacemaker, a coronary graft, a defibrillator (implantable or external), a drug pump and a non-mechanical drug delivery system, an artificial valve, a replacement joint, a monitor, a neuro-stimulator, a prosthetic.
[0025] In an embodiment, the medical device 150 receives a plurality of access request messages from the mobile device 120 and the mobile device 140 (collectively hereinafter referred as the plurality of mobile devices 120 and 140) associated with the user 110 and the user 130 (collectively hereinafter referred as the plurality of users 110 and 130).
[0026] In context of the present invention, the plurality of mobile devices 120 and 140 refer to a handheld electronic device that can be used to communicate over a communication network. Examples of the communication network include, but may not be limited to a local area network, a wide area network, a wireless network, a telecommunication network. Types of the telecommunication network include, but may not be limited to a global system for mobile communication (GSM) network, a general packet radio service (GPRS) network, a code division multiple access (CDMA) system, an enhanced data GSM environment (EDGE), a wideband CDMA (WCDMA).
[0027] The medical device 150 provides access to the user 110 of the plurality of users 110 and 130 on verifying the authenticity of the user 110. In context of the present invention, the plurality of users 110 and 130 refer to individuals who provide treatment services and general patient care. Examples of the plurality of users 110 and 130 include, but may not to be limited to a physician (such as, a medical doctor, including a surgeon, a generalist, a specialist, and the like.), an assistant of the physician, a nurse, a nurse practitioner, a therapist, a paramedic, a technician, a pharmacist.
[0028] Further, the medical device 150 communicates with the third party entity 160 via the communication network. In context of the present invention, the third party entity 160 refers to any organization or entity which designs, manufactures, fabricates, builds, assembles, sells, distributes, repairs, and/or performs similar services for the medical device 150. In addition, the third party entity 160 includes a server 170. The server 170 of the third party entity 160 stores personal identification data of the plurality of users 110 and 130 and medical device information. The personal identification data of the plurality of users 110 and 130include, but may not be limited to names of the plurality of users 110 and 130, mobile identities associated with the plurality of users110 and 130, mobile numbers of the plurality of mobile devices 120 and 140. The medical device information includes, but may not be limited to a device name, model number, serial number.
[0029] Figure 2 illustrates a flowchart 200 for providing secure access to the medical device 150, in accordance with various embodiments of the present invention. At step 210, the flowchart 200 initiates. At step 220, the medical device 150 receives a plurality of access request messages from a plurality of users 110 and 130. Each access request message from the plurality of access request messages includes the mobile identity associated with each user from the plurality of users 110 and 130.
[0030] In context of the present invention, mobile identity relates to a digital identity provided via mobile devices and communication networks. In an embodiment, the mobile identity relates to a digital signature. In an embodiment, a subscriber identification module (hereinafter SIM) card holds digital certificates of the user 110. In order to use the digital certificates, the user 110 has to enter a personal secret code. The mobile device 120 then verifies the entered personal security code and allows access to the digital certificates of the user 110, stored on the SIM card. In yet another embodiment, a mobile digital signature application is present on the mobile device 120. The mobile digital signature application on the mobile device 120 receives the digital signature from a security server on the registration of the mobile device 120 for creation of the mobile identity.
[0031] In another embodiment, the mobile identity is an identity code unique to the mobile device 120. The mobile identity includes, but is not limited to an International Mobile Subscriber Identity (IMSI), a Mobile Subscriber Integrated Services Digital Network (MSISDN), a mobile digital signature of the mobile device 120. In another example, a key generator, present on the mobile device 120,generates the identity code. The identity code is used to identify the mobile device 120.
[0032] In yet another embodiment, the mobile identity relates to biometric signatures and digital signatures. The user 110 scans user 110’s thumbprint on the mobile device 120. The mobile device 120 generates and transmits a response including a digital signature of the user 110 and the scanned thumbprint. The digital signature is stored on the SIM card and/or on the mobile device 120.
[0033] In an embodiment, the mobile identity associated with the user 110 and the mobile identity associated with the user 130 are entered by the user 110 and the user 130 respectively on the medical device 150 at different time intervals. In another embodiment, the mobile device 120 of the user 110 and the mobile device 140 of the user 130 transmit the mobile identity associated with the user110 and the user 130 respectively to the medical device 150 via a communication network.
[0034] At step 230,the medical device 150 generates a plurality of one time session keys. Each one time session key of the plurality of one time session keys is associated with each access request message of the plurality of access request messages. The medical device 150 generates the plurality of one time session keys according to a variance technique.
[0035] In an embodiment, the variance technique corresponds to generating the each one time session key of the plurality of one time session keys using a sequence of random characters. In another embodiment, the variance technique is given by a function: OTP=F(H(input set)), where H is a hash and the input set includes the received mobile identity of the mobile device 120 and the time duration the each one time session key is valid for.
[0036] At step 240, the medical device 150 transmits each of the one time session key of the plurality of one time session keys associated with each of the access request message of the plurality of access request messages to the server 170 of the third party entity 160. In an embodiment, the medical device 150 transmits each of the one time session key of the plurality of one time session keys associated with each of the access request message of the plurality of access request messages in a single message to the server 170 of the third party entity 160. In another embodiment, the medical device 150 transmits each of the one time session key of the plurality of one time session keys associated with each of the access request message of the plurality of access request messages as two separate messages to the server 170 of the third party entity 160.
[0037] On receiving the plurality of access request messages the server 170 of the third party entity 160 selects an access request message from the plurality of access request messages and the user 110 associated with the selected access request message. The server 170 of the third party entity 160 selects the access request message based on a pre-defined condition. In an embodiment, the pre-defined condition is based on a time stamp associated with each access request message from the plurality of access request messages. In another embodiment, the pre-defined condition is based on a priority level associated with each user of the plurality of users 110 and 130.
[0038] In addition, the server 170 of the third party entity 160 identifies the mobile number based on the selected access request message. The server 170 of the third party entity 160 retrieves the mobile number of the mobile device 120 associated with the user 130 from the stored personal identification data of the user 110 based on the received mobile identity of the user 110. For example, the server 170 of the third party entity 160 selects the access request message associated with the user 110, then the server retrieves the mobile number of the mobile device 120 associated with the user 110 by matching the mobile identity associated with the user 110 to the personal identification data of the plurality of users 110 and 130 stored in the server 170. Once a match is found the server 170 of the third party entity 160 identifies the mobile number of the mobile device 120 associated with the user 110.
[0039] Further, the user 110 receives the verification code from the server 170 of the third party entity 160. In an embodiment, the verification code is same as the one time session key associated with the selected access request message received from the medical device 150 by the third party entity 160.
[0040] In another embodiment, the server 170 of the third party entity 160 generates the verification code based on the one time session key associated with the selected access request message received from the medical device 150. In an embodiment, the server 170 of the third party entity 160 generates the verification code by encrypting the one time session key associated with the selected access request message to provide an encrypted one time session key. The server 170 of the third party entity 160 transmits the encrypted one time session key to the user 110. The mobile device 120 of the user 110 decrypts the received encrypted one time session key to retrieve the one time session key.
[0041] In yet another embodiment, the server 170 of the third party entity 160 generates the verification code by encoding the encrypted one time session key in a two-dimensional barcode to provide a two-dimensional barcode of the encrypted one time session key. The server 170 of the third party entity 160 transmits the two dimensional barcode of the encrypted one time session key to the user 110. The mobile device 120 of the user 110 decrypts the received two-dimensional barcode of the encrypted one time session key to retrieve the one time session key.
[0042] At step 250, the medical device 150 receives the verification code from the user 110. In an embodiment, the user 110 receives the verification code from the server 170 of the third party entity 160 via the communication network.
[0043] At step 260, the medical device 150 verifies the received verification code from the user 110. In an embodiment, the medical device 150 verifies the received verification code by comparing the received verification code from the user 110 with an one time session key associated with the selected access request message. If the received verification code from the user 110 is same as the one time session key associated with the selected access request message, then the user 110 is allowed to access the medical device 150. If the received verification code is different from the generated one time session key, then the user 110 is denied access to the medical device150. At step 270, the flowchart 200 terminates.
[0044] Figure 3 illustrates a flowchart 300 for providing secure access to the medical device 150, in accordance with various embodiments of the present invention. At step 310, the flowchart 300 initiate to provide secure access to the medical device 150. The steps 320-350 of the flowchart 300 are repeated as per steps 220-260 of the flowchart 200 described in the detailed description of Figure 2. At step 360, the medical device 150 verifies the received verification code by comparing the received verification code from the user 110 with the one time session key associated with the selected access request message. At step 370, if the received verification code from the user 110 is same as the one time session key associated with the selected access request message, then the user 110 is allowed to access the medical device 150. At step 380, the flowchart 300 terminates if the received verification code is different from the generated one time session key, then the user 110 is denied access to the medical device 150.
[0045] Figure 4 illustrates a block diagram 400 of the medical device 410, in accordance with various embodiments of the present invention. The block diagram 400 of the medical device 410 includes a receiver 420, an OTP generation module 430, a transmitter 440, and a verification module 450.
[0046] As explained above, the medical device 410 receives the plurality of access request messages and the verification code. In an embodiment, the receiver 420 of the medical device 410 receives the plurality of access request messages and the verification code.
[0047] As explained above, the medical device 410 generates the plurality of one time session keys. In an embodiment, the OTP generation module 430 of the medical device 410 generates the plurality of one time session keys. Further, the medical device 150 includes a storage module that stores the generated plurality of one time session keys.
[0048] As explained above, the medical device 410 transmits the generated plurality of one time session key associated with the plurality of access request messages to the server 170 of the third party entity 160. Further, the transmitter 440 of the medical device 410 transmits the generated plurality of one time session keys associated with the plurality of access request messages to the server 170 of the third party entity 160.
[0049] As explained above, the medical device 410 verifies the received verification code. In an embodiment, the verification module 450 of the medical device 410 verifies the received verification code. In another embodiment, the verification module 450 compares the received verification code with the one time session key associated with the selected access request message.
[0050] Figure 5 is a sequence diagram 500 of a method for providing secure access to the medical device 150, in accordance with various embodiments of the present invention. The sequence diagram 500 includes three participants: the user 110, the medical device 150 and the third party entity 160. The actions 510-570, displayed in the sequence diagram 500 are same as the steps 220-260 of the flowchart 200.
[0051] Figure 6 illustrates the mobile device 120 of the user 110 requesting the user 110 to enter pin to send the mobile identity to the medical device 150, in accordance with various embodiments of the present invention. As explained above, the user 110 has to enter the personal secret code to send the mobile identity. Button 620 is for sending the mobile identity of the mobile device 120 to the medical device 150 after entering the personal secret code. Button 630 is to exit and deny sending the mobile identity of the mobile device 120 to the medical device 150.
[0052] Figure 7 illustrates the mobile device 120 of the user 110 on receiving the verification code, in accordance with various embodiments of the present invention. As explained above, the mobile device 120 displays the verification code received from the server 170 of the third party entity 160. Button 720 exits from the display window after the user 110 views the received verification code.
[0053] Figure 8 is a block diagram 800 of a subscriber identification module (SIM) card 810, in accordance with various embodiments of the present invention. In an embodiment, as explained above, the subscriber identification module (SIM) card 810is for storing the digital signature of the user 110. The subscriber identification module (SIM) card 810 follows Java Card specifications. Java-based applets and applications can be run on the subscriber identification module (SIM) card 810.
[0054] The subscriber identification module (SIM) card 810 includes a hardware crypto processor 820, a SIM application 830, a symmetric encryption key 840, a secure key storage module 850 and an Integrated Circuit Card Identifier (ICCID) storage module 860. The hardware crypto processor 820 is a true random number generator. The hardware crypto processor 820 generates random numbers for cryptography.
[0055] The SIM application 830 refers to a SIM Application Toolkit (STK) installed on the subscriber identification module (SIM) card 810. The SIM application 830 is responsible for overall control of the subscriber identification module (SIM) card 810 with regards to the digital signature. For example, the SIM application 830 generates the digital signature using the hardware crypto processor 820. In another example, as explained above, the SIM application 830 requires the user 110 to enter a security pin to access the digital signature.
[0056] The symmetric encryption key 840 refers to an encryption key unique to the subscriber identification module (SIM) card 810. The symmetric encryption key 840 is stored in subscriber identification module (SIM) card 810 during the generation of the subscriber identification module (SIM) card 810. The symmetric encryption key 840 is used for secure communication. All incoming and outgoing communication arising from the SIM application 830 is encrypted with the symmetric encryption key 840. In an embodiment, the symmetric encryption key 840 is shared with a messaging server. The messaging server receives communication from the mobile device 120, decrypts the communication using the symmetric encryption key 840 and then forwards the decrypted communication in a secure manner.
[0057] The secure key storage module 850 stores public key-private key pairs associated with the mobile device 120. In an embodiment, the secure key storage module 850 includes sixteen key slots. The key slots store two types of keys: a weaker key type for authentication purpose and a stronger key type for non-repudiation purpose.
[0058] The ICCID storage module 860 stores the Integrated Circuit Card Identifier (ICCID). ICCID uniquely identifies Subscriber Identification Module (SIM) card internationally. In an embodiment, the public key is associated with a combination of the ICCID and the MSISDN.
[0059] The present invention makes only an authorized user to access and/or operate the medical device. Additionally, the present invention provides better security by preventing an unauthorized person from mishandling of the medical device and/or tampering with the settings on the medical device.
[0060] This written description uses examples to describe the subject matter herein, including the best mode, and also to enable any person skilled in the art to make and use the subject matter. The patentable scope of the subject matter is defined by the claims, and may include other examples that occur to those skilled in the art. Such other examples are intended to be within the scope of the claims if they have structural elements that do not differ from the literal language of the claims, or if they include equivalent structural elements with insubstantial differences from the literal language of the claims.