Abstract: A method for remotely updating the behavior and state of a medical device or the firmware itself of a medical device, not requiring physical access to the device, that occurs through an encrypted and authenticated communication channel. The behavior and state of the device may be modified from a healthcare provider interface through a transmission method. The firmware of the medical device may be modified by the use of over the air device firmware updates, created from a designated secure machine called a build machine described herein. Both actions are transmitted to a server and then forwarded to a companion device and are particularly designed so that the server never stores sensitive cryptographic material in the event of server compromise. The companion device forwards the update to the medical device, which decrypts and validates the update or command before performing the change.

Abstract: A method for remotely bonding a companion device to an implanted medical device to achieve long-term encrypted and authenticated communication channel, that is resilient to companion device failure or compromise and hence mitigates the risk or need for unplanned, revision surgery and/or premature device explantation. Through use of a shared cryptographic key between the two systems, the companion device may request an encrypted challenge number from the implant. Completing the challenge via transmitting an encrypted validation number permits the implanted medical device to bond and perform a new long-term key exchange. The shared cryptographic key can be changed as well, in event of compromise or other adverse event, using a described device firmware update procedure.

Abstract: A method for remotely bonding a companion device to an implanted medical device to achieve long-term encrypted and authenticated communication channel, that is resilient to companion device failure or compromise and hence mitigates the risk or need for unplanned, revision surgery and/or premature device explantation. Through use of a shared cryptographic key between the two systems, the companion device may request an encrypted challenge number from the implant. Completing the challenge via transmitting an encrypted validation number permits the implanted medical device to bond and perform a new long-term key exchange. The shared cryptographic key can be changed as well, in event of compromise or other adverse event, using a described device firmware update procedure.

Abstract: A method for remotely bonding a companion device to an implanted medical device to achieve long-term encrypted and authenticated communication channel, that is resilient to companion device failure or compromise and hence mitigates the risk or need for unplanned, revision surgery and/or premature device explanation. Through use of a shared cryptographic key between the two systems, the companion device may request an encrypted challenge number from the implant. Completing the challenge via transmitting an encrypted validation number permits the implanted medical device to bond and perform a new long-term key exchange. The shared cryptographic key can be changed as well, in event of compromise or other adverse event, using a described device firmware update procedure.

Abstract: A method for remotely updating the behavior and state of a medical device or the firmware itself of a medical device, not requiring physical access to the device, that occurs through an encrypted and authenticated communication channel. The behavior and state of the device may be modified from a healthcare provider interface through a transmission method. The firmware of the medical device may be modified by the use of over the air device firmware updates, created from a designated secure machine called a build machine described herein. Both actions are transmitted to a server and then forwarded to a companion device and are particularly designed so that the server never stores sensitive cryptographic material in the event of server compromise. The companion device forwards the update to the medical device, which decrypts and validates the update or command before performing the change.

Abstract: A method for remotely bonding a companion device to an implanted medical device to achieve long-term encrypted and authenticated communication channel, that is resilient to companion device failure or compromise and hence mitigates the risk or need for unplanned, revision surgery and/or premature device explantation. Through use of a shared cryptographic key between the two systems, the companion device may request an encrypted challenge number from the implant. Completing the challenge via transmitting an encrypted validation number permits the implanted medical device to bond and perform a new long-term key exchange. The shared cryptographic key can be changed as well, in event of compromise or other adverse event, using a described device firmware update procedure.

Abstract: A method for remotely updating the behavior and state of a medical device or the firmware itself of a medical device, not requiring physical access to the device, that occurs through an encrypted and authenticated communication channel. The behavior and state of the device may be modified from a healthcare provider interface through a transmission method. The firmware of the medical device may be modified by the use of over the air device firmware updates, created from a designated secure machine called a build machine described herein. Both actions are transmitted to a server and then forwarded to a companion device and are particularly designed so that the server never stores sensitive cryptographic material in the event of server compromise. The companion device forwards the update to the medical device, which decrypts and validates the update or command before performing the change.

Abstract: A method for remotely updating the behavior and state of a medical device or the firmware itself of a medical device, not requiring physical access to the device, that occurs through an encrypted and authenticated communication channel. The behavior and state of the device may be modified from a healthcare provider interface through a transmission method. The firmware of the medical device may be modified by the use of over the air device firmware updates, created from a designated secure machine called a build machine described herein. Both actions are transmitted to a server and then forwarded to a companion device and are particularly designed so that the server never stores sensitive cryptographic material in the event of server compromise. The companion device forwards the update to the medical device, which decrypts and validates the update or command before performing the change.