Search

US-12619702-B2 - Secure user authentication for medical device consoles

US12619702B2US 12619702 B2US12619702 B2US 12619702B2US-12619702-B2

Abstract

A secure authentication scheme for a field service technician to access a device like a medical device in the field is provided. The system is arranged to authenticate an encrypted credential list using a public key from a public/private key pair and to authenticate a user to a device via SSH with a username and password combination stored in the encrypted credential list.

Inventors

  • Heather Moulton
  • Jim Sievert
  • Jeffry V. Marshik
  • Matthew J. Edelman

Assignees

  • BOSTON SCIENTIFIC SCIMED, INC.

Dates

Publication Date
20260505
Application Date
20240424

Claims (20)

  1. 1 . A computer implemented method for a medical device, comprising: determining, at a processor of a medical device, whether a credential package stored on a removable authentication device is authentic, wherein the removable authentication device is coupled to the medical device and wherein the medical device comprises the processor and a memory comprising instructions, which when executed by the processor cause the medical device to execute either a user application or a field service technician application, wherein the credential package comprises indications for a plurality of field service technicians; generating a first graphical indication that the credential package is not authentic and causing the first graphical indication to be displayed on a display coupled to the medical device based on a determination that credential package is not authentic; or verifying, at the processor based on a determination that the credential package is authentic, whether a field service technician attempting to access the medical device is an authorized one of the plurality of field service technicians based on the credential package; and generating a second graphical indication that the field service technician is not authorized and causing the second graphical indication to be displayed on the display based on a determination that field service technician is not authorized; or executing the field service technician application based on a determination that field service technician is authorized.
  2. 2 . The computer implemented method of claim 1 , comprising: determining, at the processor, whether the authentication device is coupled to the medical device; and determining, at the processor, whether the credential package is stored on the removable authentication device based on a determination that the authentication device is coupled to the medical device.
  3. 3 . The computer implemented method of claim 2 , comprising determining, at the processor, whether the authentication device is coupled to the medical device responsive to a trigger, wherein the trigger is a power cycle of the medical device, a power up of the medical device, or an input received from an input device of the medical device.
  4. 4 . The computer implemented method of claim 2 , comprising determining, at the processor, whether the credential package is authentic based on a determination that the credential package is stored on the removable authentication device.
  5. 5 . The computer implemented method of claim 1 , comprising: verifying, at the processor based on a determination that the field service technician is authorized, whether the field service technician has a proper role to access the field service technician application; and generating a third graphical indication that the field service technician does not have the proper role and causing the third graphical indication to be displayed on the display based on a determination that field service technician does not have the proper role; or executing the field service technician application based on the determination that field service technician is authorized and a determination that the field service technician has the proper role.
  6. 6 . The computer implemented method of claim 1 , comprising: identifying, at the processor based on a determination that the field service technician is authorized, a role of the field service technician; and executing a one of a plurality of field service technician applications based on the identified role of the field service technician.
  7. 7 . The computer implemented method of claim 6 , wherein the role of the field service technician is one of a maintenance user role, a developer user role, or a manufacturing user role.
  8. 8 . The computer implemented method of claim 7 , wherein the plurality of field service technician applications comprises one or more of a maintenance user application, a developer user application, and a manufacturing user application.
  9. 9 . The computer implemented method of claim 1 , comprising: verifying, at the processor based on a determination that the field service technician is authorized, whether the field service technician has a proper training to access the field service technician application; and generating a third graphical indication that the field service technician does not have the proper training and causing the third graphical indication to be displayed on the display based on a determination that field service technician does not have the proper training; or executing the field service technician application based on the determination that field service technician is authorized and a determination that the field service technician has the proper training.
  10. 10 . The computer implemented method of claim 1 , wherein the credential package is signed by a private key from an asymmetric key pair, and wherein determining, at the processor, whether the credential package is authentic comprising verifying the authenticity of the credential package using a public key from the asymmetric key pair.
  11. 11 . The computer implemented method of claim 1 , wherein the credential package is encrypted by a public key from an asymmetric key pair, and wherein determining, at the processor, whether the credential package is authentic comprising decrypting the credential package using a private key from the asymmetric key pair.
  12. 12 . The computer implemented method of claim 1 , wherein the memory comprises operating system (OS) instructions, which when executed by the processor cause the medical device to execute the OS, wherein the OS comprises a secure shell (SSH) and wherein verifying, at the processor, whether the field service technician is authorized comprises: receiving at least a password from the field service technician; and establishing an SSH connection to the OS based in part on the password.
  13. 13 . The computer implemented method of claim 12 , comprising determining that the field service technician is authorized based on whether the SSH connection to the OS is successful.
  14. 14 . An apparatus for a medical device, comprising: a processor; and memory coupled to the processor, the memory comprising instruction that when executed by the processor cause the medical device to: determine whether a credential package stored on a removable authentication device is authentic, wherein the removable authentication device is coupled to the medical device and wherein the medical device comprises the processor and a memory comprising instructions, which when executed by the processor cause the medical device to execute either a user application or a field service technician application, wherein the credential package comprises indications for a plurality of field service technicians; generate a first graphical indication that the credential package is not authentic and causing the first graphical indication to be displayed on a display coupled to the medical device based on a determination that credential package is not authentic; or verify whether a field service technician attempting to access the medical device is an authorized one of the plurality of field service technicians based on the credential package based on a determination that the credential package is authentic; and generate a second graphical indication that the field service technician is not authorized and causing the second graphical indication to be displayed on the display based on a determination that field service technician is not authorized; or execute the field service technician application based on a determination that field service technician is authorized.
  15. 15 . The apparatus of claim 14 , the instructions when executed by the processor further cause the medical device to: verify whether the field service technician has a proper role to access the field service technician application based on a determination that the field service technician is authorized; and generate a third graphical indication that the field service technician does not have the proper role and causing the third graphical indication to be displayed on the display based on a determination that field service technician does not have the proper role; or execute the field service technician application based on the determination that field service technician is authorized and a determination that the field service technician has the proper role.
  16. 16 . The apparatus of claim 14 , the instructions when executed by the processor further cause the medical device to: identify a role of the field service technician based on a determination that the field service technician is authorized; and execute a one of a plurality of field service technician applications based on the identified role of the field service technician.
  17. 17 . The apparatus of claim 14 , wherein the memory comprises operating system (OS) instructions, which when executed by the processor cause the medical device to execute the OS, wherein the OS comprises a secure shell (SSH) and wherein the instructions, when executed by the processor further cause the medical device to: receive at least a password from the field service technician; and establish an SSH connection to the OS based in part on the password.
  18. 18 . A computer-readable storage device comprising instruction, which when executed by a processor of a medical device cause the medical device to: determine whether a credential package stored on a removable authentication device is authentic, wherein the removable authentication device is coupled to the medical device and wherein the medical device comprises the processor and a memory comprising instructions, which when executed by the processor cause the medical device to execute either a user application or a field service technician application, wherein the credential package comprises indications for a plurality of field service technicians; generate a first graphical indication that the credential package is not authentic and causing the first graphical indication to be displayed on a display coupled to the medical device based on a determination that credential package is not authentic; or verify whether a field service technician attempting to access the medical device is an authorized one of the plurality of field service technicians based on the credential package based on a determination that the credential package is authentic; and generate a second graphical indication that the field service technician is not authorized and causing the second graphical indication to be displayed on the display based on a determination that field service technician is not authorized; or execute the field service technician application based on a determination that field service technician is authorized.
  19. 19 . The computer-readable storage device of claim 18 , the instructions when executed by the processor further cause the medical device to: identify a role of the field service technician based on a determination that the field service technician is authorized; and execute a one of a plurality of field service technician applications based on the identified role of the field service technician.
  20. 20 . The computer-readable storage device of claim 18 , wherein the memory comprises operating system (OS) instructions, which when executed by the processor cause the medical device to execute the OS, wherein the OS comprises a secure shell (SSH) and wherein the instructions when executed by the processor further cause the medical device to: receive at least a password from the field service technician; and establish an SSH connection to the OS based in part on the password.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application claims the benefit of U.S. Provisional Patent Application Ser. No. 63/499,575 filed on May 2, 2023, the disclosure of which is incorporated herein by reference. TECHNICAL FIELD The present disclosure pertains to securely accessing maintenance features of a medical device in the field. BACKGROUND Modern medical devices often include processing components and memory storing instructions executable by the processing components. The memory will also often store settings for the medical device as well as data related to the use and/or operation of the device. For example, the AngioJet™ Thrombectomy System is a peripheral thrombectomy device that delivers aspiration and a lytic delivery to treat a range of thrombosed vessels. The system itself includes a console having an integrated computing system that itself includes a processing component and memory storing instructions executable by the processing component to enable the aspiration and lytic features of the AngioJet™ Thrombectomy System when in use with various peripherals (e.g., catheters, venous access devices, etc.). Medical devices with such processing features (e.g., AngioJet™ Thrombectomy System) may need to be updated after being deployed in the field. For example, a technician may need to update software, settings, or calibration parameters of the device. Such updating is often done in the field. Further, manufacturers often interrogate systems to access stored data related to performance metrics of the device. Conventionally, accessing such “field service” features of a medical device is done with a simple username and password authentication scheme. However, this provides for limited security as the username and password combination must be set at the time the medical device is configured at the factory. As such, if the identities or roles of a field service technician changes after the device has been deployed, the username and password combinations stored in the medical device may no longer be valid. Thus, there is a need for a more secure and flexible authentication scheme for medical devices to be updated in the field. BRIEF SUMMARY The present disclosure provides a secure authentication scheme for a field service technician to access a device (e.g., a medical device, or the like) in the field. The present disclosure can be provided for a field service technician to access system controls and data that a regular user (e.g., physician, clinical user, etc.) should not have access to. Some embodiments of the disclosure can be implemented as a computer implemented method for a medical device. The computer implemented method can comprise determining, at a processor of a medical device, whether a credential package stored on a removable authentication device is authentic, wherein the removable authentication device is coupled to the medical device and wherein the medical device comprises the processor and a memory comprising instructions, which when executed by the processor cause the medical device to execute either a user application or a field service technician application; generating a first graphical indication that the credential package is not authentic and causing the first graphical indication to be displayed on a display coupled to the medical device based on a determination that credential package is not authentic; or verifying, at the processor based on a determination that the credential package is authentic, whether a field service technician attempting to access the medical device is authorized based on the credential package; and generating a second graphical indication that the field service technician is not authorized and causing the second graphical indication to be displayed on the display based on a determination that field service technician is not authorized; or executing the field service technician application based on a determination that field service technician is authorized. In further embodiments, the computer implemented method can comprise determining, at the processor, whether the authentication device is coupled to the medical device; and determining, at the processor, whether the credential package is stored on the removable authentication device based on a determination that the authentication device is coupled to the medical device. In further embodiments, the computer implemented method can comprise determining, at the processor, whether the authentication device is coupled to the medical device responsive to a trigger, wherein the trigger is a power cycle of the medical device, a power up of the medical device, or an input received from an input device of the medical device. In further embodiments, the computer implemented method can comprise determining, at the processor, whether the credential package is authentic based on a determination that the credential package is stored on the removable authentication device. In further embodiments, the computer