	US 12,080,409 B2
	Secure software updates and architectures
Dennis M. Skelton, Woodinville, WA (US); Steven Barry Duke, Bothell, WA (US); Richard Mackie, Bellevue, WA (US); Mark Rutzer, Seattle, WA (US); James Wootten, Kirkland, WA (US); Alexander Frolov, Bothell, WA (US); Mark G. Killebrew, San Clemente, CA (US); Seshadri K. Padmanabha, Redmond, WA (US); David B. Stewart, Carnation, WA (US); Robert Bales, Mountlake Terrace, WA (US); and Dale R. Beuning, Seattle, WA (US)
Assigned to Stryker Corporation, Kalamazoo, MI (US)
Filed by Stryker Corporation, Kalamazoo, MI (US)
Filed on Dec. 6, 2021, as Appl. No. 17/543,674.
Claims priority of provisional application 63/122,337, filed on Dec. 7, 2020.
Prior Publication US 2022/0181012 A1, Jun. 9, 2022
Int. Cl. G06F 9/44 (2018.01); G06F 8/654 (2018.01); G06F 21/57 (2013.01); G16H 40/40 (2018.01)

CPC G16H 40/40 (2018.01) [G06F 8/654 (2018.02); G06F 21/572 (2013.01); G06F 2221/033 (2013.01)]

20 Claims

1. A device comprising:

a processor;

first memory; and

second memory storing computer-executable instructions that, when executed by the processor, cause performance of operations comprising:

downloading software from an external device to the first memory as downloaded software, the downloaded software associated with a software update for the device;

performing a first integrity check on the downloaded software;

determining that the downloaded software passed the first integrity check;

based on the downloaded software having passed the first integrity check, installing the downloaded software in the second memory as installed software;

performing a second integrity check on the installed software;

determining that the installed software did not pass the second integrity check; and

disabling the device so that the device is inoperable in association with a patient based on the installed software having not passed the second integrity check.