Patent Application
20150164323
This invention relates to secure wireless communication and in particular embodiments, methods and devices to enable secure communications between commercially available mobile devices and Federal Drug Administration (FDA) regulated devices including but not limited to; drug or hormone infusion devices, and sensors to determine a characteristic of a body.
Over the years, bodily characteristics have been determined by obtaining a sample of bodily fluid. For example, diabetics often test for blood glucose levels. Traditional blood glucose determinations have utilized a painful finger prick using a lancet to withdraw a small blood sample. This results in discomfort from the lancet as it contacts nerves in the subcutaneous tissue. The pain of lancing and the cumulative discomfort from multiple needle pricks is a strong reason why patients fail to comply with a medical testing regimen used to determine a change in characteristic over a period of time. Although non-invasive systems have been proposed, or are in development, none to date have been commercialized that are effective and provide accurate results. In addition, all of these systems are designed to provide data at discrete points and do not provide continuous data to show the variations in the characteristic between testing times.
A variety of implantable electrochemical sensors have been developed for detecting and/or quantifying specific agents or compositions in a patient's blood. For instance, glucose sensors have been developed for use in obtaining an indication of blood glucose levels in a diabetic patient. Such readings are useful in monitoring and/or adjusting a treatment regimen which typically includes the regular administration of insulin to the patient. Thus, blood glucose readings improve medical therapies with semi-automated medication infusion pumps of the external type, as generally described in U.S. Pat. Nos. 4,562,751; 4,678,408; and 4,685,903; or automated implantable medication infusion pumps, as generally described in U.S. Pat. No. 4,573,994, which are herein incorporated by reference. Typical thin film sensors are described in commonly assigned U.S. Pat. Nos. 5,390,671; 5,391,250; 5,482,473; and 5,586,553 which are incorporated by reference herein, also see U.S. Pat. No. 5,299,571. However, the wireless controllers or monitors for these continuous sensors provide alarms, updates, trend information and often use sophisticated combination of software and hardware to allow the user to program the controller and/or infusion pump, calibrate the sensor, enter data and view data in the monitor and to provide real-time feedback to the user.
Additionally, the wireless communication between the infusion pump, the controller, and sensor can make the system susceptible to eavesdropping of confidential patient data and potentially hacking attacks to introduce or execute malicious code or commands. Accordingly, security of the wireless communications between the respective system elements is of upmost importance and secondary methods of pairing in addition to commercially available secure pairing methods may be necessary.
A monitor system to monitor a characteristic of a user is disclosed. The monitor system includes a medical device having a first machine parsable code, the medical device further having a medical device transmitter, the medical device transmitter configured to broadcast encrypted data indicative of a characteristic of the user. The monitor system further includes a mobile device having a plurality of sensors capable of capturing the first machine parsable code. The mobile device further includes a receiver defined to receive encrypted data broadcast by the medical device. Wherein at least one of the plurality of sensors enables out-of-band pairing between the mobile device and the medical device via the first machine parsable code.
A method to secure wireless communications between a medical device and a controller, is also disclosed. The method includes an operation that initiates at least one of a plurality of sensors associated with the controller. The method further includes an operation that captures a machine parsable code from the medical devices using the initiated sensor. The method then executes program instructions stored on the controller to parse the captured machine parsable code and returns a unique identifier associated with the medical device. The method then executes program instructions stored on the controller to securely pair the controller and the medical device using the unique identifier.
Further disclosed is a method to secure wireless transmission between a wireless device having a machine parsable code and a controller having a plurality of sensors. The method includes an operation that emits the machine parsable code from the wireless device and captures the machine parsable code via one of the plurality of sensors. Also included in the method is an operation that parses the machine parsable code to determine a unique identifier associated with the wireless device. The method also includes an operation that inputs the unique identifier into a pairing application being executed by the controller to securely pair the wireless device and the controller.
Other features and advantages of the invention will become apparent from the following detailed description, taken in conjunction with the accompanying drawings which illustrate, by way of example, various features of embodiments of the invention.
A detailed description of embodiments of the invention will be made with reference to the accompanying drawings, wherein like numerals designate corresponding parts in the several figures.
As shown in the drawings for purposes of illustration, the invention is embodied in a monitor system coupled to a subcutaneous implantable analyte sensor set to provide real-time or continuous data recording of the sensor readings for a period of time. In some embodiments the analyte sensor data is transmitted in real-time to a medical device, a mobile device, or both to determine body characteristic data. In another embodiment the analyte sensor data is recorded into memory to be downloaded or transferred to a medical device or mobile device to determine body characteristic data based on the analyte sensor data recorded over the period of time.
In embodiments of the present invention, the analyte sensor set and monitor system are for determining glucose levels in the blood and/or bodily fluids of the user without the use of, or necessity of, complicated monitoring systems that require user training and interaction. However, it will be recognized that further embodiments of the invention may be used to determine the levels of other analytes or agents, characteristics or compositions, such as hormones, cholesterol, medications concentrations, viral loads (e.g., HIV), or the like. In other embodiments, the monitor system may also include the capability to be programmed to record data at specified time intervals. The monitor system and analyte sensor are primarily adapted for use in subcutaneous human tissue. However, still further embodiments may be placed in other types of tissue, such as muscle, lymph, organ tissue, veins, arteries or the like, and used in animal tissue. The analyte sensors may be subcutaneous sensors, transcutaneous sensors, percutaneous sensors, sub-dermal sensors, skin surface sensors, or the like. Furthermore, various embodiments may record sensor readings on an intermittent or continuous basis.
In embodiments that include real-time determination of body characteristic data various types of analysis can be performed by the medical device, mobile device or both on the real-time data. The medical device, being regulated by the Federal Drug Administration, includes various safeguards regarding device security, patient data security, traceability and reporting requirements (e.g., adverse events). As the mobile device may be a mobile smart phone or a customized wireless controller in many embodiments of present invention, safeguarding patient data and data from the sensor during transmission and data manipulation within the mobile device can present a challenge. Establishing trusted secure data transfer between the various elements within the monitor system in conjunction with encryption techniques can provide enhanced data security of sensitive patient data stored on the mobile device.
While the specific embodiments described may be directed toward a mobile device other electronic devices having displays or being connected to displays should also be considered within the scope of this disclosure. For example, televisions capable of running online applications along with networked home gaming consoles while arguably not “mobile,” should be considered within the scope of the disclosure as functioning as the claimed “mobile device”. Additionally, portable gaming devices that are configurable to go online should be considered within the scope of the disclosure.
In accordance with some embodiment, the medical device 102 is carried on the person of a user 106 in the manner of an external infusion pump like those commercially available from Medtronic under the trademarked name MINIMED 530G. However, in other embodiments, the medical device 102 can be a different style of infusion pump such as what is commonly referred to as a patch pump attached directly to the user 106. Similarly, in some embodiments the analyte sensor set 104 is attached directly to the skin of the user 106. In one particular embodiment, the analyte sensor set 104 includes two components, the sensor 104a and the transmitter 104b. In such an embodiment the sensor 104a may be attached directly to the user 106 while the transmitter 104b is simply connected to the sensor 104a. This can result in increased comfort and wearability over having both the sensor 104a and transmitter 104b adhered to the skin of the user 106.
In some embodiments the analyte sensor set 104 is a continuous glucose monitoring sensor like those commercially available from Medtronic under the trademarked name ENLITE. However, in other embodiments the analyte sensor set 104 can be configured to measure and broadcast data indicative of a characteristic of the user 106. Similarly, in other embodiments the medical device 102 can be any variety of medical device and form factor as previously discussed. Both the transmitter 104b and the medical device 102 include a machine parsable code 105. Although illustrated on the front of both the medical device 102 and the transmitter 104b in most embodiments the machine parsable code 105 will be discretely placed so as not to be generally visible to passersby. Furthermore, the machine parsable code 105 on the transmitter 104b and the medical device 102 share the same designator for simplicity, in many embodiments every machine parsable code may be parsed into a unique secure code. The specific embodiments discussed above are not intended to be exemplary and should not be construed as limiting the scope of this disclosure.
The processor 200 draws power from the power unit 202 and executes program instructions that enable functionality as a smart phone capable of, for example, wireless communications and downloading/executing program instructions for applications or apps. The program instructions executed by the processor 200 can be embedded within the processor 200 (e.g. an on-chip memory cache) while in other embodiments memory 204 stores program instructions along with application data. In still other embodiments program instructions can be stored in both the memory 204 and the processor 200.
The I/O controller 206 being powered by the power unit 202 is coupled to both the processor 200 and the memory 204. In some embodiments the I/O controller monitors a plurality of sensors associated with the mobile device 100. While not a definitive list of potential sensors on the mobile device 100, the mobile device 100 can include, but is not limited to, accelerometers and gyroscopes 208, ambient light sensors 210, digital camera(s) 212 (front facing and/or rear facing), and microphone(s) 214. Also associated with the I/O controller 206 are various radios to enable wireless Wi-Fi (802.11x) 216 communication, various mobile phone radios 218 (EDGE, HSPA, HSPA+, CMDA, CDMA2000, and LTE), Bluetooth radios 220, and IR emitters 222. Other inputs to the mobile device 100 that can be handled via the I/O controller 206 include keyboards 220 (physical or virtual), sound processing 222, and sound output via speakers 223, and graphics 224 that are rendered on a display 226.
The I/O interface 404 can also control optional status indicators on the sensors 104a and/or the transmitter 104b. In one embodiment an LED is used as the status indicator while in other embodiments a small piezo electric sound emitter is the status indicator. In such embodiments, patterns or sequences of LED flashes or audible tones can be used to report on the status if either the sensor 104a or the transmitter 104b. In still other embodiments, the light or sound patterns can assist in secure pairing between the mobile device 100, the medical device 102 and the analyte sensor set 104.
Referring back to
Other embodiments may only include visual pairing, while still others include only audio pairing. In yet additional embodiments, combinations of visual and audio pairing can be used to establish secure communication. In still other embodiments, other types of pairing can be used such as near field communication (NFC). Further embodiments may include magnetic pulses that can be generated by the medical device that can be detected by a magnetometer within the mobile device. Still other embodiments may utilize other sensors within the mobile phone, such as, but not limited to an accelerometer, ambient light sensors, fingerprint scanners and proximity sensors.
Operation 802 installs the application downloaded in operation 800 onto the mobile device and operation 804 runs the application installed in operation 802. In some embodiments the running of the application results in operation 806 where a user selects how to pair a device with the mobile device. Operation 808 captures the machine parsable code on the medical device using sensors integrated into the mobile device. To securely pair the device sensors integrated with the mobile device are used to capture machine parsable code on the medical device. Although various sensors of the mobile device can be used for pairing one exemplary method is visual pairing using a camera integrated into the mobile device and another exemplary method is audio pairing using a microphone integrated into the mobile device. In instances of visual pairing the medical device would include a machine parsable code that can be captured by the camera. Examples of such machine parsable codes include, but are not limited to pictures, barcodes, and sequences of flashing lights. In instances of audio pairing, the medical device would include a sound emitting device that would be placed in functional proximity to a microphone integrated into the mobile device. The audio machine parsable code could include, but is not limited to multi tonal sound sequences and tonal pulses.
Operation 810 executes program instructions within the application to process the machine parsable code captured in operation 808 into a secure code. In one embodiment the entirety of the processing is performed on the mobile device. In this embodiment, the application downloaded and install on the mobile device includes the ability to parse values for captured machine parsable code. In other embodiments, the mobile device requires an internet connection or internet access to query a secure database and have the secure database return a secure code. In operation 812 the secure code generated in operation 810 is used to complete the secure pairing process.
While the description above refers to particular embodiments of the present invention, it will be understood that many modifications may be made without departing from the spirit thereof. The accompanying claims are intended to cover such modifications as would fall within the true scope and spirit of the present invention. For example, specific embodiments were disclosed regarding secure communication within a personal area network (PAN) that includes a medical device such as an infusion pump, a mobile device such as a smart phone or custom controller, and analyte sensor set. However, a personal area network that includes only two devices such as a medical device and mobile device, or medical device and analyte sensor set, or mobile device and analyte sensor set should be considered within the scope of this disclosure if appropriate hardware and software is included in each respective device to enable secure pairing. Similarly, the scope of this disclosure should not be construed to be restricted to personal area networks within the medical device industry. The embodiments and techniques disclosed should be construed to be adaptable to any environments that can benefit from secure wireless communication within a wide area network, local area network or personal area network should the appropriate hardware and software is included with the devices to be securely paired.
The presently disclosed embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims, rather than the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.
