| CPC H04L 9/3226 (2013.01) [H04L 9/088 (2013.01); H04L 9/3242 (2013.01)] | 8 Claims |
|
1. A method for secure medical device interoperability comprising:
executing, with a processor in an electronic device controlled by a user, a control application configured to communicate with a medical device operated by the user;
receiving, with the electronic device, user authentication data generated in response to a user authentication process, the user authentication process further comprising:
receiving, with the electronic device, authentication input data from the user, the authentication input data not being provided to the control application;
transmitting, with the electronic device, an authentication request corresponding to the authentication input data to an authentication service; and
receiving, with the control application, the user authentication data as a user authentication token from the authentication service, the user authentication token being received in response to a successful authentication of the user based on the authentication request;
establishing an untrusted connection between the electronic device and the medical device;
receiving, with the electronic device, a key identifier from the medical device through the untrusted connection;
transmitting, with the electronic device, a message containing data corresponding to an identifier of the user, the user authentication data, the key identifier, an identifier of the control application, and a cryptographic signature of the message to an authorization service, the cryptographic signature being generated using a secret key stored in a memory of the electronic device;
receiving, with the electronic device, a medical device cryptographic key from the authorization service only in response to successful verification of the message that authorizes the user and the control application; and
establishing a trusted connection between the electronic device and the medical device using the medical device cryptographic key to enable at least one of control communication and data communication between the control application and the medical device.
|