US 12,130,910 B2
Threshold signature based medical device management
S. Sree Vivek, Chennai (IN); Hrishikesh Anil Dandekar, Pune (IN); and Chaitanya Mattur Srinivasamurthy, Lake Forest, IL (US)
Assigned to ICU Medical, Inc., San Clemente, CA (US)
Filed by ICU Medical, Inc., San Clemente, CA (US)
Filed on May 7, 2020, as Appl. No. 16/869,404.
Application 16/869,404 is a continuation of application No. PCT/US2020/031664, filed on May 6, 2020.
Claims priority of provisional application 62/845,115, filed on May 8, 2019.
Prior Publication US 2020/0353167 A1, Nov. 12, 2020
Int. Cl. G06F 21/55 (2013.01); H04L 9/08 (2006.01); H04L 9/32 (2006.01)
CPC G06F 21/554 (2013.01) [H04L 9/085 (2013.01); H04L 9/0894 (2013.01); H04L 9/3247 (2013.01); H04L 2209/16 (2013.01); H04L 2209/88 (2013.01)] 18 Claims
OG exemplary drawing
 
1. An infusion pump comprising:
a security monitor;
a motor control unit configured to control infusion of medication, wherein the motor control unit is associated with a first component identifier;
a battery configured to power the infusion pump, wherein the battery is associated with a second component identifier;
a computer processor programmed with executable instructions, wherein the computer processor is associated with a third component identifier; and
a data store storing:
verification key data representing a verification key;
share data representing a plurality of secret shares for generating a digital signature, wherein a first secret share of the plurality of secret shares is associated with the first component identifier, wherein a second secret share of the plurality of secret shares is associated with the second component identifier, and wherein a third secret share of the plurality of secret shares is associated with the third component identifier; and
a plurality of weights, wherein individual weights of the plurality of weights are associated with individual secret shares of the plurality of secret shares;
wherein the computer processor is programmed by the executable instructions to at least:
determine that a command has been issued for execution of software that controls a function of the infusion pump;
determine a plurality of component identifiers, wherein individual component identifiers of the plurality of component identifiers correspond to individual components of the infusion pump present at a time the command is issued;
load at least a subset of the plurality of secret shares based at least partly on the plurality of component identifiers;
generate a plurality of signature shares using the subset of the plurality of secret shares, wherein a threshold number of weighted shares is required in order to generate a threshold number of signature shares;
generate the digital signature using the plurality of signature shares;
verify the digital signature using the verification key; and
authorize execution of the software; and
wherein the security monitor is configured to at least:
detect occurrence of a security event; and
reduce a value of a weight based at least partly on the security event,
wherein the weight is associated with a component of the infusion pump, and
wherein the security monitor is associated with the component of the infusion pump.