US20160063221A1 - More External Storage of Medical Device Program Design Parameters - Google Patents
More External Storage of Medical Device Program Design Parameters Download PDFInfo
- Publication number
- US20160063221A1 US20160063221A1 US14/935,918 US201514935918A US2016063221A1 US 20160063221 A1 US20160063221 A1 US 20160063221A1 US 201514935918 A US201514935918 A US 201514935918A US 2016063221 A1 US2016063221 A1 US 2016063221A1
- Authority
- US
- United States
- Prior art keywords
- parameter
- time
- transmission
- features
- procedure
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 230000005540 biological transmission Effects 0.000 claims description 38
- 238000000034 method Methods 0.000 claims description 21
- 238000004891 communication Methods 0.000 claims description 8
- 230000001413 cellular effect Effects 0.000 claims description 6
- 239000000835 fiber Substances 0.000 claims description 6
- 238000000926 separation method Methods 0.000 claims description 6
- 238000013461 design Methods 0.000 abstract description 8
- 230000004888 barrier function Effects 0.000 description 7
- 230000000977 initiatory effect Effects 0.000 description 5
- 239000000872 buffer Substances 0.000 description 4
- 239000008280 blood Substances 0.000 description 2
- 210000004369 blood Anatomy 0.000 description 2
- 238000000502 dialysis Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000000047 product Substances 0.000 description 2
- 238000002661 proton therapy Methods 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 230000003444 anaesthetic effect Effects 0.000 description 1
- 230000036772 blood pressure Effects 0.000 description 1
- 235000021443 coca cola Nutrition 0.000 description 1
- 230000006735 deficit Effects 0.000 description 1
- 238000000835 electrochemical detection Methods 0.000 description 1
- 238000001962 electrophoresis Methods 0.000 description 1
- 238000002618 extracorporeal membrane oxygenation Methods 0.000 description 1
- 239000007789 gas Substances 0.000 description 1
- 238000001802 infusion Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000004226 microchip electrophoresis Methods 0.000 description 1
- 108090000623 proteins and genes Proteins 0.000 description 1
- 235000014214 soft drink Nutrition 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 230000001225 therapeutic effect Effects 0.000 description 1
- 238000002604 ultrasonography Methods 0.000 description 1
- 210000002700 urine Anatomy 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/108—Transfer of content, software, digital rights or licenses
- G06F21/1083—Partial license transfers
-
- G06F2221/0784—
Definitions
- Patents promote science and the useful arts by affording an important barrier to entry to the inventor in the form of a narrow monopoly over his or her inventions for the duration of the patent term. In the absence of these barriers, third parties could simply appropriate these inventions without any license from or compensation to the inventor, thereby eliminating an important incentive to invent and potentially resulting in the underproduction of innovation.
- Many electronic medical devices include program design features that direct the operation of the device.
- the program design features that direct the operation of the device can be implemented using one or more computer systems.
- the program design features of most electronic medical devices reside in the device itself and therefore are easily discovered by reverse engineering. In most cases, however, these features can be introduced into the device from an external source for only so long as necessary for each operation of the device, thereby making the reverse engineering of these features more difficult (or even impossible) and preserving a greater degree of design secrecy.
- the hardware can consist of a microprocessor or other integrated circuit and can reside on the device itself, on a removable medium (including microchips, external GPUs, and external video cards), or on a remote computer or other external device (in which case all or a portion of the program design features can be delivered via the internet or a WAN, LAN, serial or parallel connection, phone line, cable, fiber optics, satellite transmission, microwave transmission, cellular transmission, radio transmission, regular mail, messenger, or other communications network).
- FIG. 1 shows aspects of an embodiment of the invention wherein Electronic Medical Device A ( 1 ) transmits Initiation Signal ( 2 ) to Remote Device ( 3 ) over Communication Network ( 4 ), comprising at least one of internet, WAN, LAN, serial or parallel connection, phone line, cable, fiber optics, satellite transmission, microwave transmission, cellular transmission, radio transmission, regular mail, messenger, or other communications network, whereupon Remote Device ( 3 ) transmits Operating Parameters ( 5 ) over Communication Network ( 4 ) to Electronic Medical Device A ( 1 ).
- Communication Network 4
- Communication Network comprising at least one of internet, WAN, LAN, serial or parallel connection, phone line, cable, fiber optics, satellite transmission, microwave transmission, cellular transmission, radio transmission, regular mail, messenger, or other communications network
- Remote Device ( 3 ) transmits Operating Parameters ( 5 ) over Communication Network ( 4 ) to Electronic Medical Device A ( 1 ).
- FIG. 2 shows aspects of an embodiment of the invention wherein all or a portion of the program design features are embodied on a memory card, smart card, flash drive, dongle, CD-ROM, digital tape cassette, microchip, external GPU, external video card, or other removable drive media or integrated circuit ( 1 ), and introduced by User ( 1 ) into Electronic Medical Device ( 3 ).
- FIG. 3 shows aspects of an embodiment of the invention in the form of a flow chart.
- Many electronic medical devices include program design features that direct the operation of the device.
- Examples of electronic medical devices that operate based on a set of program design features include, without limitation, diagnostic equipment (such as ultrasound and MRI machines, PET and CT scanners, and x-ray machines), therapeutic equipment (such as infusion pumps, medical lasers, and proton therapy machines), life support equipment (such as medical ventilators, anesthetic machines, heart-lung machines, ECMO, and dialysis machines), medical monitors (such as those used to measure ECG, EEG, blood pressure, and dissolved gases in the blood), medical laboratory equipment (such as those used to automates or help analyze blood, urine, and genes).
- diagnostic equipment such as ultrasound and MRI machines, PET and CT scanners, and x-ray machines
- therapeutic equipment such as infusion pumps, medical lasers, and proton therapy machines
- life support equipment such as medical ventilators, anesthetic machines, heart-lung machines, ECMO, and dialysis machines
- medical monitors such as those used to measure ECG, E
- An exemplary computer system can include software, monitor, cabinet, keyboard, and mouse.
- the cabinet can house familiar computer components, such as a processor, memory, mass storage devices, and the like.
- Mass storage devices may include mass disk drives, floppy disks, Iomega ZIP TM disks, magnetic disks, fixed disks, hard disks, CD-ROMs, recordable CDs, DVDs, DVD-R, DVDRW, Flash and other nonvolatile solid- state storage, tape storage, reader, and other similar media, and combinations of these.
- a binary, machine-executable version of the software of the present invention may be stored or reside on mass storage devices.
- a computer system can include subsystems such as central processor, system memory, input/output (I/O) controller, display adapter, serial or universal serial bus (USB) port, network interface, and speaker.
- I/O input/output
- USB universal serial bus
- the present invention may also be used with computer systems with additional or fewer subsystems.
- a computer system could include more than one processor (i.e., a multiprocessor system) or a system may include a cache memory.
- a device driver or software driver might be employed to facilitate interaction between the computer system and the electronic medical device.
- the program design features of an electronic medical device can comprise software or can be embedded in hardware. If these features comprise software, the software can reside on the device itself, on a removable drive medium (including memory cards, smart cards, flash drives, dongles, CD-ROMs, and digital tape cassettes), or on a remote computer or other external device (in which case all or a portion of the program design features can be delivered via the internet or a WAN, LAN, serial or parallel connection, phone line, cable, fiber optics, satellite transmission, microwave transmission, cellular transmission, radio transmission, regular mail, messenger, or other communications network).
- the hardware can consist of a microprocessor or other integrated circuit and can reside on the device itself, on a removable medium (including microchips, external GPUs, and external video cards), or on a remote computer or other external device (in which case all or a portion of the program design features can be delivered via the internet or a WAN, LAN, serial or parallel connection, phone line, cable, fiber optics, satellite transmission, microwave transmission, cellular transmission, radio transmission, regular mail, messenger, or other communications network).
- all or a portion of the program design features are encoded prior to transmission or delivery to the device, during transmission or delivery to the device, or both.
- all or a portion of the program design features are encrypted prior to transmission or delivery to the device, during transmission or delivery to the device, or both.
- none of the program design features is encode or encrypted prior to transmission or delivery to the device, during transmission or delivery to the device, or both.
- At least a portion of the program design features becomes unavailable to the device after the occurrence of at least one event.
- access to the program expires upon (a) the passage of a first period of time from entry of the program into the device if the procedure is not initiated within that period of time, (b) the passage of a second period of time from initiation of the program, wherein the second period of time is approximately equal to the estimated period of time for the procedure, or (c) both.
- access to the program expires upon tampering with the device, its housing, or both.
- programs includes, without limitation, device drivers, application programs, system programs, utility programs, data files, program files, executable files, configuration files, directory files, I/O files, and I/O streams.
- Transmission to a device includes, without limitation, transmission for storage on a hard drive or other permanent storage medium, transmission for temporary storage in RAM or other temporary storage medium, or transmission by data stream in which no data are stored on the device.
- the program design features of a medical laser device comprise software that directs proprietary operating parameters of the laser, including its energy output, beam diameter, pulse width, repetition rate, spot separation, line separation, and number of scans.
- the procedure time for the device is never no greater than 20 seconds from initiation.
- the device is connected to the internet, and the software resides on a remote computer under the control of the device distributor. When the device is activated for a procedure, the remote computer is notified, and all or a portion of the operational program is transmitted over the internet from the remote computer to a data buffer on the device.
- the data buffer is pre-set to clear on the first to occur of (a) two minutes after the program is transmitted, if the procedure is not commenced prior to that time, or (b) 20 seconds after the commencement of the procedure.
- the laser operator commences the procedure and completes it within the 20-second period.
- the buffer clear at the end of the 20-second period, and the operating program no longer resides on the laser device. Attempts to determine the operating parameters of the laser through reverse engineering are futile because the data no longer reside on the device.
- the program design features of a dialysis machine comprise software that directs proprietary operating parameters of the machine.
- the procedure time for this particular treatment session is three hours from initiation.
- the machine is connected to a satellite receiver, and the software resides on a remote computer under the control of the distributor.
- the remote computer is notified, and a file containing the all or a portion of the operational program is transmitted from the remote computer to the machine via satellite.
- the file is pre-set to expire on the first to occur of (a) five minutes after the program is transmitted, if the treatment session is not initiated prior to that time, and (b) three hours after the commencement of the treatment session.
- the medical personnel fails to initiate the treatment within five minutes.
- the file expires at the end of the five-minute period, and the operating program no longer resides on the machine.
- the program design features of a proton therapy machine are embedded on a microchip that directs the proprietary operating parameters of the machine.
- the microchip is housed on a secure microchip holder and does not reside on the projector.
- Microchip holders are well-know to those in the art. See, e.g., Fernandez-la-Villa, et al., New Analytical Portable Instrument for Microchip Electrophoresis with Electrochemical Detection, 31 Electrophoresis 2641-49 (2010).
- the maximum procedure time for a single performance of the machine is one hour.
- the microchip holder is inserted into a slot in the machine.
- Access to the program design features is pre-set to expire on the first to occur of (a) one hour after the microchip holder is inserted into the machine, if the machine is not activated prior to that time, (b) two hours after activation of the machine, or (c) opening any portion of the machine housing.
- a prospective competitor opens the machine housing in an attempt to reverse-engineer the program design features of the machine. The prospective competitor is unsuccessful, however, because those features are no longer resident on the projector.
Abstract
Many electronic medical devices include program design features that direct the operation of the device. The program design features of most electronic medical devices reside in the device itself and therefore are easily discovered by reverse engineering. In most cases, however, these features can be introduced into the device from an external source for only so long as necessary for each operation of the device, thereby making the reverse engineering of these features more difficult (or even impossible) and preserving a greater degree of design secrecy.
Description
- This patent application is a continuation of U.S. patent application Ser. No. 13/458,028, filed Apr. 27, 2012, the entire contents of which is incorporated herein by this reference.
- Patents promote science and the useful arts by affording an important barrier to entry to the inventor in the form of a narrow monopoly over his or her inventions for the duration of the patent term. In the absence of these barriers, third parties could simply appropriate these inventions without any license from or compensation to the inventor, thereby eliminating an important incentive to invent and potentially resulting in the underproduction of innovation.
- Patents alone, however, sometimes fail to provide adequate barriers, and in these cases, an innovation deficit remains. Examples of situations in which patents fail to provide such barriers include (a) consumer applications whereby infringement actions against the entire consumer class would be either impractical or devastating to the goodwill of the inventor or his or her assignee, (b) changes in market conditions unanticipated in the specific language of the patent, (c) appropriations occurring after the filing date but before the issuance of the patent, (d) infringements in jurisdictions that either fail to enforce their patents laws effectively or have no patent laws at all, (e) equipment used in the manufacturing process the infringing use of which would be difficult to discover, detect, or prove, and (f) military equipment, the design of which comprises matters of national security.
- One barrier to entry available to technological innovators is secrecy. Apple, for example, has long enjoyed long market leads on new products by developing those products under strict confidentiality, and the secrecy of its cola soft drink formula has long been a source of market monopoly for the Coca-Cola Company. To the extent inventors and their assignees can keep the technological parameters of their inventions secret, significant additional barriers can be achieved to supplement those lost by inadequate patent protection.
- Design secrecy can be a valuable barrier to entry for many electronic medical devices. Although the physical design features of these devices are easily discovered by reverse engineering, the most valuable features of these devices are often the program design features that direct the operation of the device. Examples of the program design features of a laser device, for example, might include the energy output, beam diameter, pulse width, repetition rate, spot separation, line separation, and number of scans of a laser device. These program design features may be embedded in the device itself or introduced into the device from an external source. If embedded in the device, these features are easily reverse engineered and discovered as well. If, however, these features are introduced into the device from an external source for only so long as necessary for each operation of the device, reverse engineering of these features would difficult, if not impossible, to achieve, and a greater degree of design secrecy would be preserved.
- There is therefore a need for a method to introduce the program design features into an electronic medical device from an external source until the occurrence of a specified event, such as the passage of time estimated for the initiation and/or performance of the procedure or tampering with the device or its housing in order to make the reverse engineering of these features more difficult (or even impossible), thereby preserving a greater degree of design secrecy.
- Many electronic medical devices include program design features that direct the operation of the device. The program design features that direct the operation of the device can be implemented using one or more computer systems. The program design features of most electronic medical devices reside in the device itself and therefore are easily discovered by reverse engineering. In most cases, however, these features can be introduced into the device from an external source for only so long as necessary for each operation of the device, thereby making the reverse engineering of these features more difficult (or even impossible) and preserving a greater degree of design secrecy.
- The program design features of an electronic medical device can comprise software or can be embedded in hardware. If these features comprise software, the software can reside on the device itself, on a removable drive medium (including memory cards, smart cards, flash drives, dongles, CD-ROMs, and digital tape cassettes), or on a remote computer or other external device (in which case all or a portion of the program design features can be delivered via the internet or a WAN, LAN, serial or parallel connection, phone line, cable, fiber optics, satellite transmission, microwave transmission, cellular transmission, radio transmission, regular mail, messenger, or other communications network). If these features are embedded in hardware, the hardware can consist of a microprocessor or other integrated circuit and can reside on the device itself, on a removable medium (including microchips, external GPUs, and external video cards), or on a remote computer or other external device (in which case all or a portion of the program design features can be delivered via the internet or a WAN, LAN, serial or parallel connection, phone line, cable, fiber optics, satellite transmission, microwave transmission, cellular transmission, radio transmission, regular mail, messenger, or other communications network).
- Other objects, features, and advantages of the present invention will become apparent upon consideration of the following detailed description and the accompanying drawings, in which like reference designations represent like features throughout the figures.
-
FIG. 1 shows aspects of an embodiment of the invention wherein Electronic Medical Device A (1) transmits Initiation Signal (2) to Remote Device (3) over Communication Network (4), comprising at least one of internet, WAN, LAN, serial or parallel connection, phone line, cable, fiber optics, satellite transmission, microwave transmission, cellular transmission, radio transmission, regular mail, messenger, or other communications network, whereupon Remote Device (3) transmits Operating Parameters (5) over Communication Network (4) to Electronic Medical Device A (1). -
FIG. 2 shows aspects of an embodiment of the invention wherein all or a portion of the program design features are embodied on a memory card, smart card, flash drive, dongle, CD-ROM, digital tape cassette, microchip, external GPU, external video card, or other removable drive media or integrated circuit (1), and introduced by User (1) into Electronic Medical Device (3). -
FIG. 3 shows aspects of an embodiment of the invention in the form of a flow chart. - Many electronic medical devices include program design features that direct the operation of the device. Examples of electronic medical devices that operate based on a set of program design features include, without limitation, diagnostic equipment (such as ultrasound and MRI machines, PET and CT scanners, and x-ray machines), therapeutic equipment (such as infusion pumps, medical lasers, and proton therapy machines), life support equipment (such as medical ventilators, anesthetic machines, heart-lung machines, ECMO, and dialysis machines), medical monitors (such as those used to measure ECG, EEG, blood pressure, and dissolved gases in the blood), medical laboratory equipment (such as those used to automates or help analyze blood, urine, and genes).
- The program design features that direct the operation of the device can be implemented using one or more computer systems. An exemplary computer system can include software, monitor, cabinet, keyboard, and mouse. The cabinet can house familiar computer components, such as a processor, memory, mass storage devices, and the like. Mass storage devices may include mass disk drives, floppy disks, Iomega ZIP TM disks, magnetic disks, fixed disks, hard disks, CD-ROMs, recordable CDs, DVDs, DVD-R, DVDRW, Flash and other nonvolatile solid- state storage, tape storage, reader, and other similar media, and combinations of these. A binary, machine-executable version of the software of the present invention may be stored or reside on mass storage devices. Furthermore, the source code of the software of the present invention may also be stored or reside on mass storage devices (e.g., magnetic disk, tape, or CD-ROM). Furthermore, a computer system can include subsystems such as central processor, system memory, input/output (I/O) controller, display adapter, serial or universal serial bus (USB) port, network interface, and speaker. The present invention may also be used with computer systems with additional or fewer subsystems. For example, a computer system could include more than one processor (i.e., a multiprocessor system) or a system may include a cache memory. A device driver or software driver might be employed to facilitate interaction between the computer system and the electronic medical device.
- The program design features of most electronic medical devices reside in the device itself and therefore are easily discovered by reverse engineering. In most cases, however, these features can be introduced into the device from an external source for only so long as necessary for each operation of the device, thereby making the reverse engineering of these features more difficult (or even impossible) and preserving a greater degree of design secrecy.
- The program design features of an electronic medical device can comprise software or can be embedded in hardware. If these features comprise software, the software can reside on the device itself, on a removable drive medium (including memory cards, smart cards, flash drives, dongles, CD-ROMs, and digital tape cassettes), or on a remote computer or other external device (in which case all or a portion of the program design features can be delivered via the internet or a WAN, LAN, serial or parallel connection, phone line, cable, fiber optics, satellite transmission, microwave transmission, cellular transmission, radio transmission, regular mail, messenger, or other communications network). If these features are embedded in hardware, the hardware can consist of a microprocessor or other integrated circuit and can reside on the device itself, on a removable medium (including microchips, external GPUs, and external video cards), or on a remote computer or other external device (in which case all or a portion of the program design features can be delivered via the internet or a WAN, LAN, serial or parallel connection, phone line, cable, fiber optics, satellite transmission, microwave transmission, cellular transmission, radio transmission, regular mail, messenger, or other communications network).
- In one embodiment, all or a portion of the program design features are encoded prior to transmission or delivery to the device, during transmission or delivery to the device, or both. In another embodiment of the invention, all or a portion of the program design features are encrypted prior to transmission or delivery to the device, during transmission or delivery to the device, or both. In yet another embodiment of the invention, none of the program design features is encode or encrypted prior to transmission or delivery to the device, during transmission or delivery to the device, or both.
- In one embodiment of the invention, at least a portion of the program design features becomes unavailable to the device after the occurrence of at least one event. In one particular such embodiment, access to the program expires upon (a) the passage of a first period of time from entry of the program into the device if the procedure is not initiated within that period of time, (b) the passage of a second period of time from initiation of the program, wherein the second period of time is approximately equal to the estimated period of time for the procedure, or (c) both. In another particular such embodiment, access to the program expires upon tampering with the device, its housing, or both.
- As used in this application, the term “programs” includes, without limitation, device drivers, application programs, system programs, utility programs, data files, program files, executable files, configuration files, directory files, I/O files, and I/O streams. “Transmission” to a device includes, without limitation, transmission for storage on a hard drive or other permanent storage medium, transmission for temporary storage in RAM or other temporary storage medium, or transmission by data stream in which no data are stored on the device.
- A variety of methods for ensuring that program access expires after a specified period of time are well-known in the art. Some such methods, for example, rely on expiration of the programs themselves, e.g., Infralution Licensing System (Infralution, Mitcham, Australia) and ExeShield (Moonlight Software Inc., Vancouver, BC, Canada). Other methods rely on the impermanence of the files themselves, e.g., temporary files, temporary storage in random access memory (RAM), data buffers, and disk and file caches. More such methods exist and are well-known in the art.
- In one embodiment of the invention, the program design features of a medical laser device comprise software that directs proprietary operating parameters of the laser, including its energy output, beam diameter, pulse width, repetition rate, spot separation, line separation, and number of scans. The procedure time for the device is never no greater than 20 seconds from initiation. The device is connected to the internet, and the software resides on a remote computer under the control of the device distributor. When the device is activated for a procedure, the remote computer is notified, and all or a portion of the operational program is transmitted over the internet from the remote computer to a data buffer on the device. The data buffer is pre-set to clear on the first to occur of (a) two minutes after the program is transmitted, if the procedure is not commenced prior to that time, or (b) 20 seconds after the commencement of the procedure. The laser operator commences the procedure and completes it within the 20-second period. The buffer clear at the end of the 20-second period, and the operating program no longer resides on the laser device. Attempts to determine the operating parameters of the laser through reverse engineering are futile because the data no longer reside on the device.
- In another embodiment of the invention, the program design features of a dialysis machine comprise software that directs proprietary operating parameters of the machine. The procedure time for this particular treatment session is three hours from initiation. The machine is connected to a satellite receiver, and the software resides on a remote computer under the control of the distributor. When the machine is activated, the remote computer is notified, and a file containing the all or a portion of the operational program is transmitted from the remote computer to the machine via satellite. The file is pre-set to expire on the first to occur of (a) five minutes after the program is transmitted, if the treatment session is not initiated prior to that time, and (b) three hours after the commencement of the treatment session. The medical personnel fails to initiate the treatment within five minutes. The file expires at the end of the five-minute period, and the operating program no longer resides on the machine. When prospective competitors attempt to reverse-engineer the program design features of the equipment, they are unsuccessful because those features are no longer resident on the device.
- In yet another embodiment of the invention, the program design features of a proton therapy machine are embedded on a microchip that directs the proprietary operating parameters of the machine. The microchip is housed on a secure microchip holder and does not reside on the projector. (Microchip holders are well-know to those in the art. See, e.g., Fernandez-la-Villa, et al., New Analytical Portable Instrument for Microchip Electrophoresis with Electrochemical Detection, 31 Electrophoresis 2641-49 (2010).) The maximum procedure time for a single performance of the machine is one hour. The microchip holder is inserted into a slot in the machine. Access to the program design features is pre-set to expire on the first to occur of (a) one hour after the microchip holder is inserted into the machine, if the machine is not activated prior to that time, (b) two hours after activation of the machine, or (c) opening any portion of the machine housing. Ten minutes after the microchip holder is inserted into the machine, a prospective competitor opens the machine housing in an attempt to reverse-engineer the program design features of the machine. The prospective competitor is unsuccessful, however, because those features are no longer resident on the projector.
- One of ordinary skill in the art would recognize many other variations, modifications, and alternatives. The above examples are merely illustrations, which should not unduly limit the scope of the claims herein. It is also understood that the examples and embodiments described herein are for illustrative purposes only and that various modifications or changes in light thereof will be suggested to persons skilled in the art and are to be included within the spirit and purview of this application and scope of the appended claims.
Claims (15)
1. A system for protecting the secrecy of a predetermined treatment parameter for an electronic medical device comprising:
the device,
wherein the device is capable of performing a medical procedure on a patient,
the device comprises memory,
the memory is configured to receive transmission of a digital file over a communications network,
the file comprises the parameter,
the parameter comprises at least one trade secret,
at least a portion of the parameter is omitted from the device at a first point in time prior to commencement of the procedure,
at least a portion of the parameter is transmitted to the memory at a second point in time, which second point in time is subsequent to the first point in time, but prior to completion of the procedure,
at least a portion of the parameter is encrypted prior to transmission,
at least a portion of the procedure is performed by the device as directed by the parameter, and
at least a portion of the parameter becomes unavailable to the device after the second point in time and the occurrence of at least one predetermined event.
2. The system of claim 1 wherein the device generates laser energy.
3. The system of claim 1 wherein the network comprises the internet.
4. The system of claim 1 wherein the network comprises at least one of a WAN, LAN, serial or parallel connection, phone line, cable, fiber optics, satellite transmission, microwave transmission, cellular transmission, radio transmission, regular mail, or messenger.
5. The system of claim 1 wherein the predetermined treatment parameter is not customized for the patient.
6. The system of claim 1 wherein the predetermined treatment parameter is customized for the patient.
7. The system of claim 1 wherein the predetermined event comprises the passage of a predetermined period of time.
8. The system of claim 7 wherein the period of time comprises approximately the estimated period of time from commencement of the transmission of the predetermined treatment parameter through commencement of the procedure.
9. The system of claim 7 wherein the period of time comprises approximately the estimated period of time from commencement of the transmission of the predetermined treatment parameter through completion of the procedure.
10. The system of claim 1 wherein the predetermined event comprises tampering with the device.
11. The system of claim 10 wherein the device is contained within a housing, and the tampering comprises tampering with the housing.
12. The system of claim 1 wherein at least a portion of the memory comprises temporary memory.
13. The system of claim 1 wherein the predetermined treatment parameter is transmitted to the device from a remote computer.
14. The system of claim 1 wherein the manner by which the at least a portion of the parameter becomes unavailable to the device is automatic clearing of the at least a portion of the parameter from the memory.
15. The system of claim 2 wherein the predetermined treatment parameter comprises at least one of energy output, beam diameter, pulse width, repetition rate, spot separation, line separation, and number of scans.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/935,918 US20160063221A1 (en) | 2012-04-27 | 2015-11-09 | More External Storage of Medical Device Program Design Parameters |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/458,028 US9208290B2 (en) | 2012-04-27 | 2012-04-27 | External storage of medical device treatment parameters |
US14/935,918 US20160063221A1 (en) | 2012-04-27 | 2015-11-09 | More External Storage of Medical Device Program Design Parameters |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/458,028 Continuation US9208290B2 (en) | 2012-04-27 | 2012-04-27 | External storage of medical device treatment parameters |
Publications (1)
Publication Number | Publication Date |
---|---|
US20160063221A1 true US20160063221A1 (en) | 2016-03-03 |
Family
ID=49478592
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/458,028 Expired - Fee Related US9208290B2 (en) | 2012-04-27 | 2012-04-27 | External storage of medical device treatment parameters |
US14/935,918 Abandoned US20160063221A1 (en) | 2012-04-27 | 2015-11-09 | More External Storage of Medical Device Program Design Parameters |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/458,028 Expired - Fee Related US9208290B2 (en) | 2012-04-27 | 2012-04-27 | External storage of medical device treatment parameters |
Country Status (1)
Country | Link |
---|---|
US (2) | US9208290B2 (en) |
Families Citing this family (56)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9123077B2 (en) | 2003-10-07 | 2015-09-01 | Hospira, Inc. | Medication management system |
US8065161B2 (en) | 2003-11-13 | 2011-11-22 | Hospira, Inc. | System for maintaining drug information and communicating with medication delivery devices |
EP2092470A2 (en) | 2006-10-16 | 2009-08-26 | Hospira, Inc. | System and method for comparing and utilizing activity information and configuration information from mulitple device management systems |
US9026370B2 (en) | 2007-12-18 | 2015-05-05 | Hospira, Inc. | User interface improvements for medical devices |
US8271106B2 (en) | 2009-04-17 | 2012-09-18 | Hospira, Inc. | System and method for configuring a rule set for medical event management and responses |
US9240002B2 (en) | 2011-08-19 | 2016-01-19 | Hospira, Inc. | Systems and methods for a graphical interface including a graphical representation of medical data |
ES2959510T3 (en) | 2011-10-21 | 2024-02-26 | Icu Medical Inc | Medical device update system |
US10022498B2 (en) | 2011-12-16 | 2018-07-17 | Icu Medical, Inc. | System for monitoring and delivering medication to a patient and method of using the same to minimize the risks associated with automated therapy |
ES2741725T3 (en) | 2012-03-30 | 2020-02-12 | Icu Medical Inc | Air detection system and method to detect air in a pump of an infusion system |
ES2743160T3 (en) | 2012-07-31 | 2020-02-18 | Icu Medical Inc | Patient care system for critical medications |
AU2014225658B2 (en) | 2013-03-06 | 2018-05-31 | Icu Medical, Inc. | Medical device communication method |
AU2014268355B2 (en) | 2013-05-24 | 2018-06-14 | Icu Medical, Inc. | Multi-sensor infusion system for detecting air or an occlusion in the infusion system |
AU2014274146B2 (en) | 2013-05-29 | 2019-01-24 | Icu Medical, Inc. | Infusion system which utilizes one or more sensors and additional information to make an air determination regarding the infusion system |
WO2014194065A1 (en) | 2013-05-29 | 2014-12-04 | Hospira, Inc. | Infusion system and method of use which prevents over-saturation of an analog-to-digital converter |
JP6621748B2 (en) | 2013-08-30 | 2019-12-18 | アイシーユー・メディカル・インコーポレーテッド | System and method for monitoring and managing a remote infusion regimen |
US9662436B2 (en) | 2013-09-20 | 2017-05-30 | Icu Medical, Inc. | Fail-safe drug infusion therapy system |
CA2925458C (en) | 2013-09-26 | 2021-11-30 | Companion Medical, Inc. | System for administering a medicament |
US10311972B2 (en) | 2013-11-11 | 2019-06-04 | Icu Medical, Inc. | Medical device system performance index |
WO2015077320A1 (en) | 2013-11-19 | 2015-05-28 | Hospira, Inc. | Infusion pump automation system and method |
JP6636442B2 (en) | 2014-02-28 | 2020-01-29 | アイシーユー・メディカル・インコーポレーテッド | Infusion systems and methods utilizing dual wavelength optical in-pipe air detection |
JP6853669B2 (en) | 2014-04-30 | 2021-03-31 | アイシーユー・メディカル・インコーポレーテッド | Patient treatment system with conditional alert forwarding |
JP2017517302A (en) | 2014-05-29 | 2017-06-29 | ホスピーラ インコーポレイテッド | Infusion system and pump with configurable closed loop delivery rate catchup |
US9724470B2 (en) | 2014-06-16 | 2017-08-08 | Icu Medical, Inc. | System for monitoring and delivering medication to a patient and method of using the same to minimize the risks associated with automated therapy |
EP3659651A3 (en) | 2014-07-10 | 2020-10-14 | Companion Medical, Inc. | Medicine administering system including injection pen and companion device |
US9539383B2 (en) | 2014-09-15 | 2017-01-10 | Hospira, Inc. | System and method that matches delayed infusion auto-programs with manually entered infusion programs and analyzes differences therein |
US11344668B2 (en) | 2014-12-19 | 2022-05-31 | Icu Medical, Inc. | Infusion system with concurrent TPN/insulin infusion |
US10850024B2 (en) | 2015-03-02 | 2020-12-01 | Icu Medical, Inc. | Infusion system, device, and method having advanced infusion features |
WO2016189417A1 (en) | 2015-05-26 | 2016-12-01 | Hospira, Inc. | Infusion pump system and method with multiple drug library editor source capability |
EP3407940A4 (en) | 2016-01-29 | 2019-09-04 | Companion Medical, Inc. | Automatic medication delivery tracking |
EP4085944A1 (en) | 2016-05-13 | 2022-11-09 | ICU Medical, Inc. | Infusion pump system with common line auto flush |
US11324888B2 (en) | 2016-06-10 | 2022-05-10 | Icu Medical, Inc. | Acoustic flow sensor for continuous medication flow measurements and feedback control of infusion |
EP3484541A4 (en) | 2016-07-14 | 2020-03-25 | ICU Medical, Inc. | Multi-communication path selection and security system for a medical device |
WO2018227163A1 (en) | 2017-06-09 | 2018-12-13 | Companion Medical, Inc. | Intelligent medication delivery systems and methods |
US11568975B2 (en) | 2017-10-12 | 2023-01-31 | Medtronic Minimed, Inc. | Intelligent medication delivery systems and methods for dose recommendation and management |
US11116899B2 (en) | 2017-12-12 | 2021-09-14 | Bigfoot Biomedical, Inc. | User interface for diabetes management systems and devices |
US11077243B2 (en) | 2017-12-12 | 2021-08-03 | Bigfoot Biomedical, Inc. | Devices, systems, and methods for estimating active medication from injections |
US10987464B2 (en) | 2017-12-12 | 2021-04-27 | Bigfoot Biomedical, Inc. | Pen cap for insulin injection pens and associated methods and systems |
US11027073B2 (en) | 2017-12-12 | 2021-06-08 | Bigfoot Biomedical, Inc. | Therapy assist information and/or tracking device and related methods and systems |
US11464459B2 (en) | 2017-12-12 | 2022-10-11 | Bigfoot Biomedical, Inc. | User interface for diabetes management systems including flash glucose monitor |
US10089055B1 (en) | 2017-12-27 | 2018-10-02 | Icu Medical, Inc. | Synchronized display of screen content on networked devices |
US10898653B2 (en) | 2018-05-08 | 2021-01-26 | Companion Medical, Inc. | Intelligent medication delivery systems and methods for dose setting and dispensing monitoring |
US11664107B2 (en) | 2018-05-08 | 2023-05-30 | Medtronic Minimed, Inc. | Intelligent medication delivery systems and methods using a prescription-regulated software application |
USD893020S1 (en) | 2018-05-11 | 2020-08-11 | Companion Medical, Inc. | Injection pen |
US11587663B2 (en) | 2018-06-20 | 2023-02-21 | Medtronic Minimed, Inc. | Intelligent medication delivery systems and methods for medicine dose calculation and reporting |
USD892819S1 (en) | 2018-06-20 | 2020-08-11 | Companion Medical, Inc. | Display screen with graphical user interface |
EP3824383B1 (en) | 2018-07-17 | 2023-10-11 | ICU Medical, Inc. | Systems and methods for facilitating clinical messaging in a network environment |
US10950339B2 (en) | 2018-07-17 | 2021-03-16 | Icu Medical, Inc. | Converting pump messages in new pump protocol to standardized dataset messages |
NZ771914A (en) | 2018-07-17 | 2023-04-28 | Icu Medical Inc | Updating infusion pump drug libraries and operational software in a networked environment |
US11139058B2 (en) | 2018-07-17 | 2021-10-05 | Icu Medical, Inc. | Reducing file transfer between cloud environment and infusion pumps |
US10692595B2 (en) | 2018-07-26 | 2020-06-23 | Icu Medical, Inc. | Drug library dynamic version management |
AU2019309766A1 (en) | 2018-07-26 | 2021-03-18 | Icu Medical, Inc. | Drug library management system |
US11948671B2 (en) | 2019-04-11 | 2024-04-02 | Medtronic Minimed, Inc. | Intelligent accessories for medicine dispensing device |
US11278671B2 (en) | 2019-12-04 | 2022-03-22 | Icu Medical, Inc. | Infusion pump with safety sequence keypad |
CA3189781A1 (en) | 2020-07-21 | 2022-01-27 | Icu Medical, Inc. | Fluid transfer devices and methods of use |
US11135360B1 (en) | 2020-12-07 | 2021-10-05 | Icu Medical, Inc. | Concurrent infusion with common line auto flush |
US11701473B2 (en) | 2021-06-23 | 2023-07-18 | Medtronic Minimed, Inc. | Reusable injection pens |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020059049A1 (en) * | 2000-04-05 | 2002-05-16 | Therics, Inc | System and method for rapidly customizing design, manufacture and/or selection of biomedical devices |
US20030178489A1 (en) * | 2002-03-21 | 2003-09-25 | Mikhail Boukhny | Surgical system |
US20040215490A1 (en) * | 1999-04-01 | 2004-10-28 | Duchon Douglas J | Integrated medical information management and medical device control system and method |
US20050088303A1 (en) * | 2003-10-22 | 2005-04-28 | International Business Machines Corporation | Tamper sensing method and apparatus |
US20100217991A1 (en) * | 2008-08-14 | 2010-08-26 | Seung Wook Choi | Surgery robot system of server and client type |
US20110270044A1 (en) * | 2010-05-03 | 2011-11-03 | Ron Kimmel | Surgery planning based on predicted results |
US20120116372A1 (en) * | 2008-12-31 | 2012-05-10 | Joshua Degani | Device and method for laser assisted deep sclerectomy |
US20120185636A1 (en) * | 2010-08-04 | 2012-07-19 | Isc8, Inc. | Tamper-Resistant Memory Device With Variable Data Transmission Rate |
US20130226621A1 (en) * | 2010-11-01 | 2013-08-29 | Koninklijke Philips Electronics N.V. | In vitro diagnostic testing including automated brokering of royalty payments for proprietary tests |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5742718A (en) * | 1996-08-13 | 1998-04-21 | Eclipse Surgical Technologies, Inc. | Proprietary fiber connector and electronic security system |
US5881088A (en) * | 1997-01-08 | 1999-03-09 | Trw Inc. | Face-cooled high-power laser optic cell |
DE19802868C2 (en) * | 1997-02-05 | 1999-06-17 | Siemens Ag | Method and device for data acquisition |
US20010050990A1 (en) * | 1997-02-19 | 2001-12-13 | Frank Wells Sudia | Method for initiating a stream-oriented encrypted communication |
FR2765706B1 (en) * | 1997-07-04 | 1999-10-01 | Sgs Thomson Microelectronics | CHIP CARD READER WITH FAST TRANSMISSION PROTOCOL |
US7225809B1 (en) * | 1999-11-01 | 2007-06-05 | Ric Investments, Llc | Method and apparatus for monitoring and controlling a medical device |
DE10325106A1 (en) * | 2003-06-03 | 2004-12-30 | Disetronic Licensing Ag | Device and method for recognizing a user of a medical device |
US20060049957A1 (en) * | 2004-08-13 | 2006-03-09 | Surgenor Timothy R | Biological interface systems with controlled device selector and related methods |
WO2006055547A2 (en) * | 2004-11-15 | 2006-05-26 | Izex Technologies, Inc. | Instrumented orthopedic and other medical implants |
US8095209B2 (en) * | 2005-01-06 | 2012-01-10 | Braingate Co., Llc | Biological interface system with gated control signal |
ES2354632T3 (en) * | 2006-06-03 | 2011-03-16 | B. BRAUN MEDIZINELEKTRONIK GMBH & CO. KG | DEVICE AND PROCEDURE FOR THE PROTECTION OF A MEDICAL DEVICE AND A PATIENT TREATED WITH SUCH DEVICE, AGAINST HAZARDOUS INFLUENCES FROM A NETWORK OF COMMUNICATIONS. |
US8271106B2 (en) * | 2009-04-17 | 2012-09-18 | Hospira, Inc. | System and method for configuring a rule set for medical event management and responses |
US8388582B2 (en) * | 2009-08-12 | 2013-03-05 | Medrad, Inc. | Systems and methods for operating interventional catheters using a common operating console and adaptive interface components |
-
2012
- 2012-04-27 US US13/458,028 patent/US9208290B2/en not_active Expired - Fee Related
-
2015
- 2015-11-09 US US14/935,918 patent/US20160063221A1/en not_active Abandoned
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040215490A1 (en) * | 1999-04-01 | 2004-10-28 | Duchon Douglas J | Integrated medical information management and medical device control system and method |
US20020059049A1 (en) * | 2000-04-05 | 2002-05-16 | Therics, Inc | System and method for rapidly customizing design, manufacture and/or selection of biomedical devices |
US20030178489A1 (en) * | 2002-03-21 | 2003-09-25 | Mikhail Boukhny | Surgical system |
US20050088303A1 (en) * | 2003-10-22 | 2005-04-28 | International Business Machines Corporation | Tamper sensing method and apparatus |
US20100217991A1 (en) * | 2008-08-14 | 2010-08-26 | Seung Wook Choi | Surgery robot system of server and client type |
US20120116372A1 (en) * | 2008-12-31 | 2012-05-10 | Joshua Degani | Device and method for laser assisted deep sclerectomy |
US20110270044A1 (en) * | 2010-05-03 | 2011-11-03 | Ron Kimmel | Surgery planning based on predicted results |
US20120185636A1 (en) * | 2010-08-04 | 2012-07-19 | Isc8, Inc. | Tamper-Resistant Memory Device With Variable Data Transmission Rate |
US20130226621A1 (en) * | 2010-11-01 | 2013-08-29 | Koninklijke Philips Electronics N.V. | In vitro diagnostic testing including automated brokering of royalty payments for proprietary tests |
Non-Patent Citations (1)
Title |
---|
Fuentes et al, Computational Modeling and Real-Time Control of Patient-Specific Laser Treatment of Cancer, 2009, 35 pages * |
Also Published As
Publication number | Publication date |
---|---|
US9208290B2 (en) | 2015-12-08 |
US20130291116A1 (en) | 2013-10-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9208290B2 (en) | External storage of medical device treatment parameters | |
KR101666187B1 (en) | Care provider terminal, method and computer readable medium for protecting care information | |
Andrioli et al. | Long-term effectiveness of ultrasound-guided laser ablation of hyperfunctioning parathyroid adenomas: present and future perspectives | |
US20200285771A1 (en) | System and method for removing personally identifiable information from medical data | |
EP2932431B1 (en) | Method of secure access to confidential medical data, and storage medium for said method | |
EP3381493B1 (en) | Electronic unit for injection devices | |
US9114261B2 (en) | Electrical stimulation device having remote access | |
EP3545449B1 (en) | Method of extracting data from a database watermarked according to a reversible watermarking mechanism | |
CN105208464B (en) | A kind of playback method and terminal of multimedia data stream | |
KR20120076559A (en) | Method and system for personal health record management based on short range radio communication | |
MX351095B (en) | Defibrillator with a barcode reader and a method for recording data. | |
US20060225043A1 (en) | Debugging device | |
Davis et al. | Rapid relief: thyroidectomy is a quicker cure than radioactive iodine ablation (RAI) in patients with hyperthyroidism | |
CN112216367A (en) | Medicine safety distribution management method and device, computer equipment and storage medium | |
Sunyaev et al. | Security analysis of the german electronic health card’s peripheral parts | |
JP2007179500A (en) | System and program for generation of anonymous identification information | |
CN103020509B (en) | A kind of terminal device encryption and decryption method, device and terminal device | |
CN109961831B (en) | Method and system for acquiring risk data of pediatric kidney stone surgery | |
Ciftci et al. | Influence of stone size, location and impaction on the success of ureteroscopic pneumolithotripsy. | |
CN104217383A (en) | Status notification method for medical reports of patients | |
CN104200173A (en) | Electronic document trust and security control method and system | |
JP2009271943A (en) | Audit trail recording method, audit trail recording device, and audit trail recording program | |
Fofi et al. | Hemodialysis in patients requiring 131I treatment for thyroid carcinoma | |
CN110633585A (en) | Hard disk locking and unlocking method, device, equipment and readable storage medium | |
US9514307B2 (en) | Method for producing a secured data object and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |