US20170348536A1 - Intrusion resistant implantable medical device - Google Patents
Intrusion resistant implantable medical device Download PDFInfo
- Publication number
- US20170348536A1 US20170348536A1 US15/595,191 US201715595191A US2017348536A1 US 20170348536 A1 US20170348536 A1 US 20170348536A1 US 201715595191 A US201715595191 A US 201715595191A US 2017348536 A1 US2017348536 A1 US 2017348536A1
- Authority
- US
- United States
- Prior art keywords
- communication
- medical apparatus
- processor
- malware
- threat
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- A—HUMAN NECESSITIES
- A61—MEDICAL OR VETERINARY SCIENCE; HYGIENE
- A61N—ELECTROTHERAPY; MAGNETOTHERAPY; RADIATION THERAPY; ULTRASOUND THERAPY
- A61N1/00—Electrotherapy; Circuits therefor
- A61N1/18—Applying electric currents by contact electrodes
- A61N1/32—Applying electric currents by contact electrodes alternating or intermittent currents
- A61N1/36—Applying electric currents by contact electrodes alternating or intermittent currents for stimulation
- A61N1/372—Arrangements in connection with the implantation of stimulators
- A61N1/37211—Means for communicating with stimulators
- A61N1/37235—Aspects of the external programmer
- A61N1/37247—User interfaces, e.g. input or presentation means
-
- A—HUMAN NECESSITIES
- A61—MEDICAL OR VETERINARY SCIENCE; HYGIENE
- A61N—ELECTROTHERAPY; MAGNETOTHERAPY; RADIATION THERAPY; ULTRASOUND THERAPY
- A61N1/00—Electrotherapy; Circuits therefor
- A61N1/02—Details
- A61N1/08—Arrangements or circuits for monitoring, protecting, controlling or indicating
-
- A—HUMAN NECESSITIES
- A61—MEDICAL OR VETERINARY SCIENCE; HYGIENE
- A61N—ELECTROTHERAPY; MAGNETOTHERAPY; RADIATION THERAPY; ULTRASOUND THERAPY
- A61N1/00—Electrotherapy; Circuits therefor
- A61N1/18—Applying electric currents by contact electrodes
- A61N1/32—Applying electric currents by contact electrodes alternating or intermittent currents
- A61N1/36—Applying electric currents by contact electrodes alternating or intermittent currents for stimulation
- A61N1/362—Heart stimulators
- A61N1/37—Monitoring; Protecting
-
- A—HUMAN NECESSITIES
- A61—MEDICAL OR VETERINARY SCIENCE; HYGIENE
- A61N—ELECTROTHERAPY; MAGNETOTHERAPY; RADIATION THERAPY; ULTRASOUND THERAPY
- A61N1/00—Electrotherapy; Circuits therefor
- A61N1/18—Applying electric currents by contact electrodes
- A61N1/32—Applying electric currents by contact electrodes alternating or intermittent currents
- A61N1/36—Applying electric currents by contact electrodes alternating or intermittent currents for stimulation
- A61N1/372—Arrangements in connection with the implantation of stimulators
- A61N1/37211—Means for communicating with stimulators
- A61N1/37252—Details of algorithms or data aspects of communication system, e.g. handshaking, transmitting specific data or segmenting data
-
- A—HUMAN NECESSITIES
- A61—MEDICAL OR VETERINARY SCIENCE; HYGIENE
- A61N—ELECTROTHERAPY; MAGNETOTHERAPY; RADIATION THERAPY; ULTRASOUND THERAPY
- A61N1/00—Electrotherapy; Circuits therefor
- A61N1/18—Applying electric currents by contact electrodes
- A61N1/32—Applying electric currents by contact electrodes alternating or intermittent currents
- A61N1/36—Applying electric currents by contact electrodes alternating or intermittent currents for stimulation
- A61N1/372—Arrangements in connection with the implantation of stimulators
- A61N1/37211—Means for communicating with stimulators
- A61N1/37252—Details of algorithms or data aspects of communication system, e.g. handshaking, transmitting specific data or segmenting data
- A61N1/37258—Alerting the patient
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16H—HEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
- G16H40/00—ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices
- G16H40/60—ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices
- G16H40/63—ICT specially adapted for the management or administration of healthcare resources or facilities; ICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for local operation
-
- A—HUMAN NECESSITIES
- A61—MEDICAL OR VETERINARY SCIENCE; HYGIENE
- A61N—ELECTROTHERAPY; MAGNETOTHERAPY; RADIATION THERAPY; ULTRASOUND THERAPY
- A61N1/00—Electrotherapy; Circuits therefor
- A61N1/18—Applying electric currents by contact electrodes
- A61N1/32—Applying electric currents by contact electrodes alternating or intermittent currents
- A61N1/36—Applying electric currents by contact electrodes alternating or intermittent currents for stimulation
- A61N1/372—Arrangements in connection with the implantation of stimulators
- A61N1/37211—Means for communicating with stimulators
- A61N1/37252—Details of algorithms or data aspects of communication system, e.g. handshaking, transmitting specific data or segmenting data
- A61N1/37254—Pacemaker or defibrillator security, e.g. to prevent or inhibit programming alterations by hackers or unauthorised individuals
Definitions
- An embodiment provides a medical apparatus. At least a portion of the medical apparatus is configured for implantation in an animal.
- the medical apparatus includes a communication module configured to receive communications originating external to the animal.
- the medical apparatus also includes a threat assessment module configured to ascertain a threat characteristic of a communication received by the communication module.
- the medical apparatus further includes a threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication.
- the medical apparatus includes a patient module configured to engage a physiological aspect of the animal.
- the medical apparatus includes a biocompatible housing adapted to be implanted in an animal.
- the medical apparatus also includes a power source providing operational power to at least a portion of the medical apparatus.
- the medical apparatus includes a backdoor module configured to respond to a command received from a trusted or a verified third party without regard to the implemented mitigation measure responsive to the ascertained threat characteristic of the received communication.
- Another embodiment provides a method.
- the method is implemented in a medical apparatus implanted in an animal and configured to at least one of transmit or receive a communication originating external to the animal.
- the method includes receiving a communication.
- the method also includes detecting an indication of a malware in the received communication.
- the method further includes implementing in the implanted medical device a countermeasure responsive to the detected indication of malware in the received communication.
- the method further includes initiating a transmission of an attack notification in response to the indication of malware in the received communication.
- a further embodiment provides a computer program product.
- the computer program product includes a computer-readable signal-bearing medium bearing program instructions.
- the program instructions are configured to perform a process in a computing device of an animal-implantable medical apparatus.
- the process includes receiving a communication originated by a source external to the animal.
- the process also includes detecting an indication of a malware in the received communication.
- the process further includes implementing in the implanted medical apparatus a countermeasure responsive to the detected indication of malware in the received communication.
- An embodiment provides a medical device.
- the medical device is configured for implantation in a living subject.
- the medical device includes means for at least one of receiving or transmitting a communication outside of the living subject.
- the medical device also includes means for detecting an indication of a malware in a received communication.
- the medical device further includes means for implementing in an element of the implanted medical device a countermeasure responsive to the detected indication of malware in the received communication.
- the medical device further includes means for engaging a physiological aspect of the living subject.
- FIG. 1 illustrates an example embodiment of a thin computing device in which embodiments may be implemented
- FIG. 2 illustrates an example embodiment of a general-purpose computing system in which embodiments may be implemented
- FIG. 3 illustrates an example environment in which embodiments may be implemented
- FIG. 4 illustrates another example environment in which embodiments may be implemented
- FIG. 5 illustrates an example of an operational flow implemented in an environment
- FIG. 6 illustrates an alternative embodiment of the operational flow of FIG. 5
- FIG. 7 illustrates another alternative embodiment of the operational flow of FIG. 5 ;
- FIG. 8 illustrates a further alternative embodiment of the operational flow of FIG. 5 ;
- FIG. 9 illustrates an alternative embodiment of the operational flow of FIG. 5 ;
- FIG. 10 illustrates an example computer program product
- FIG. 11 illustrates an example system in which embodiments may be implemented.
- FIG. 1 illustrates an example system that includes a thin computing device 20 , which may be included in an electronic device that also includes a device functional element 50 .
- the electronic device may include any item having electrical and/or electronic components playing a role in a functionality of the item, such as a limited resource computing device, a wireless communication device, a mobile wireless communication device, an electronic pen, a handheld electronic writing device, a digital camera, a scanner, an ultrasound device, an x-ray machine, a non-invasive imaging device, a cell phone, a PDA, a Blackberry® device, a printer, a refrigerator, a car, and an airplane.
- the thin computing device may be included in an implantable medical apparatus or device.
- the thin computing device may be operable to communicate with an implantable or implanted medical apparatus.
- the thin computing device 20 includes a processing unit 21 , a system memory 22 , and a system bus 23 that couples various system components including the system memory 22 to the processing unit 21 .
- the system bus 23 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures.
- the system memory includes read-only memory (ROM) 24 and random access memory (RAM) 25 .
- ROM read-only memory
- RAM random access memory
- a basic input/output system (BIOS) 26 containing the basic routines that help to transfer information between sub-components within the thin computing device 20 , such as during start-up, is stored in the ROM 24 .
- a number of program modules may be stored in the ROM 24 and/or RAM 25 , including an operating system 28 , one or more application programs 29 , other program modules 30 and program data 31 .
- a user may enter commands and information into the computing device 20 through input devices, such as a number of switches and buttons, illustrated as hardware buttons 44 , connected to the system via a suitable interface 45 .
- Input devices may further include a touch-sensitive display with suitable input detection circuitry, illustrated as a display 32 and screen input detector 33 .
- the output circuitry of the touch-sensitive display 32 is connected to the system bus 23 via a video driver 37 .
- Other input devices may include a microphone 34 connected through a suitable audio interface 35 , and a physical hardware keyboard (not shown).
- Output devices may include at least one the display 32 , or a projector display 36 .
- the computing device 20 may include other peripheral output devices, such as at least one speaker 38 .
- Other external input or output devices 39 such as a joystick, game pad, satellite dish, scanner or the like may be connected to the processing unit 21 through a USB port 40 and USB port interface 41 , to the system bus 23 .
- the other external input and output devices 39 may be connected by other interfaces, such as a parallel port, game port or other port.
- the computing device 20 may further include or be capable of connecting to a flash card memory (not shown) through an appropriate connection port (not shown).
- the computing device 20 may further include or be capable of connecting with a network through a network port 42 and network interface 43 , and through wireless port 46 and corresponding wireless interface 47 may be provided to facilitate communication with other peripheral devices, including other computers, printers, and so on (not shown). It will be appreciated that the various components and connections shown are examples and other components and means of establishing communication links may be used.
- the computing device 20 may be primarily designed to include a user interface.
- the user interface may include a character, a key-based, and/or another user data input via the touch sensitive display 32 .
- the user interface may include using a stylus (not shown).
- the user interface is not limited to an actual touch-sensitive panel arranged for directly receiving input, but may alternatively or in addition respond to another input device such as the microphone 34 . For example, spoken words may be received at the microphone 34 and recognized.
- the computing device 20 may be designed to include a user interface having a physical keyboard (not shown).
- the device functional elements 50 are typically application specific and related to a function of the electronic device, and is coupled with the system bus 23 through an interface (not shown).
- the functional elements may typically perform a single well-defined task with little or no user configuration or setup, such as a refrigerator keeping food cold, a cell phone connecting with an appropriate tower and transceiving voice or data information, a camera capturing and saving an image, an implantable medical apparatus.
- one or more elements of the thin computing device 20 may be deemed not necessary and omitted. In other instances, one or more other elements may be deemed necessary and added to the thin computing device.
- FIG. 2 illustrates an example embodiment of a general-purpose computing system in which embodiments may be implemented, shown as a computing system environment 100 .
- Components of the computing system environment 100 may include, but are not limited to, a computing device 110 having a processing unit 120 , a system memory 130 , and a system bus 121 that couples various system components including the system memory to the processing unit 120 .
- the system bus 121 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures.
- such architectures include Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus, also known as Mezzanine bus.
- ISA Industry Standard Architecture
- MCA Micro Channel Architecture
- EISA Enhanced ISA
- VESA Video Electronics Standards Association
- PCI Peripheral Component Interconnect
- Computer-readable media may include any media that can be accessed by the computing device 110 and include both volatile and nonvolatile media, removable and non-removable media.
- Computer-readable media may include computer storage media and communication media.
- Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules, or other data.
- Computer storage media includes, but is not limited to, random-access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory, or other memory technology, CD-ROM, digital versatile disks (DVD), or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage, or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by the computing device 110 .
- a computer storage media may include a group of computer storage media devices.
- a computer storage media may include an information store.
- an information store may include a quantum memory, a photonic quantum memory, and/or atomic quantum memory. Combinations of any of the above may also be included within the scope of computer-readable media.
- Communication media may typically embody computer-readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism and include any information delivery media.
- modulated data signal means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.
- communication media include wired media, such as a wired network and a direct-wired connection, and wireless media such as acoustic, RF, optical, and infrared media.
- the system memory 130 includes computer storage media in the form of volatile and nonvolatile memory such as ROM 131 and RAM 132 .
- a RAM may include at least one of a DRAM, an EDO DRAM, a SDRAM, a RDRAM, a VRAM, and/or a DDR DRAM.
- a basic input/output system (BIOS) 133 containing the basic routines that help to transfer information between elements within the computing device 110 , such as during start-up, is typically stored in ROM 131 .
- BIOS basic input/output system
- RAM 132 typically contains data and program modules that are immediately accessible to or presently being operated on by processing unit 120 .
- FIG. 2 illustrates an operating system 134 , application programs 135 , other program modules 136 , and program data 137 .
- the operating system 134 offers services to applications programs 135 by way of one or more application programming interfaces (APIs) (not shown). Because the operating system 134 incorporates these services, developers of applications programs 135 need not redevelop code to use the services. Examples of APIs provided by operating systems such as Microsoft's “WINDOWS” are well known in the art.
- the computing device 110 may also include other removable/non-removable, volatile/nonvolatile computer storage media products.
- FIG. 2 illustrates a non-removable non-volatile memory interface (hard disk interface) 140 that reads from and writes for example to non-removable, non-volatile magnetic media.
- FIG. 2 also illustrates a removable non-volatile memory interface 150 that, for example, is coupled to a magnetic disk drive 151 that reads from and writes to a removable, non-volatile magnetic disk 152 , and/or is coupled to an optical disk drive 155 that reads from and writes to a removable, non-volatile optical disk 156 , such as a CD ROM.
- removable/nonremovable, volatile/non-volatile computer storage media that can be used in the example operating environment include, but are not limited to, magnetic tape cassettes, memory cards, flash memory cards, DVDs, digital video tape, solid state RAM, and solid state ROM.
- the hard disk drive 141 is typically connected to the system bus 121 through a non-removable memory interface, such as the interface 140
- magnetic disk drive 151 and optical disk drive 155 are typically connected to the system bus 121 by a removable non-volatile memory interface, such as interface 150 .
- hard disk drive 141 is illustrated as storing an operating system 144 , application programs 145 , other program modules 146 , and program data 147 . Note that these components can either be the same as or different from the operating system 134 , application programs 135 , other program modules 136 , and program data 137 .
- the operating system 144 , application programs 145 , other program modules 146 , and program data 147 are given different numbers here to illustrate that, at a minimum, they are different copies.
- a user may enter commands and information into the computing device 110 through input devices such as a microphone 163 , keyboard 162 , and pointing device 161 , commonly referred to as a mouse, trackball, or touch pad.
- Other input devices may include at least one of a touch sensitive display, joystick, game pad, satellite dish, and scanner.
- a user input interface 160 that is coupled to the system bus, but may be connected by other interface and bus structures, such as a parallel port, game port, or a universal serial bus (USB).
- a display 191 such as a monitor or other type of display device or surface may be connected to the system bus 121 via an interface, such as a video interface 190 .
- a projector display engine 192 that includes a projecting element may be coupled to the system bus.
- the computing device 110 may also include other peripheral output devices such as speakers 197 and printer 196 , which may be connected through an output peripheral interface 195 .
- the computing system environment 100 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 180 .
- the remote computer 180 may be a personal computer, a server, a router, a network PC, a peer device, or other common network node, and typically includes many or all of the elements described above relative to the computing device 110 , although only a memory storage device 181 has been illustrated in FIG. 2 .
- the network logical connections depicted in FIG. 2 include a local area network (LAN) and a wide area network (WAN), and may also include other networks such as a personal area network (PAN) (not shown).
- LAN local area network
- WAN wide area network
- PAN personal area network
- Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets, and the Internet.
- the computing system environment 100 When used in a networking environment, the computing system environment 100 is connected to the network 171 through a network interface, such as the network interface 170 , the modem 172 , and/or the wireless interface 193 .
- the network may include a LAN network environment, and/or a WAN network environment, such as the Internet.
- program modules depicted relative to the computing device 110 may be stored in a remote memory storage device.
- FIG. 2 illustrates remote application programs 185 as residing on computer storage medium 181 . It will be appreciated that the network connections shown are examples and other means of establishing communication link between the computers may be used.
- one or more elements of the computing device 110 may be deemed not necessary and omitted. In other instances, one or more other elements may be deemed necessary and added to the computing device.
- FIG. 3 illustrates an example environment 200 in which embodiments may be implemented.
- the environment includes a medical apparatus 210 , at least a portion of which is configured for implantation in a patient.
- the environment may also include another device 205 .
- the environment may also include a terrestrial or extraterrestrial communication link, illustrated as a communication tower and satellite.
- the communication link may include at least one of a wired or a wireless communication link.
- the medical apparatus 210 includes a communication module 220 , a threat assessment module 230 , and a threat mitigation module 260 .
- the communication module includes a communication module configured to receive communications originated externally of the patient (not shown).
- a communication originated externally of the patient may include a wireless signal originated by another device 205 , such as a handheld version of the thin computing device 20 of FIG. 1 , the computing device 110 of FIG. 2 , a cell phone, or other communication originating device physically located outside of the patient.
- the threat assessment module 230 includes a threat assessment module configured to ascertain a threat characteristic of a communication received by the communication module.
- the communication received may include at least one of a received packet, file, data or information.
- the communication received may include at least one of a first communication received in an ordinary course of employing the medical apparatus and a second communication that includes a threat characteristic.
- the communication received may include at least one of a signal or a modulated carrier.
- the communication received may include a communication received in at least one of an analog format or a digital format.
- a threat characteristic of the communication received may include at least one of a blocking communication, such as noise or a jamming, a failure to receive an expected communication, or an overwhelming communication, such as a denial of service attack.
- a threat characteristic of the communication received may include a spyware.
- a threat characteristic of the communication received may include an unauthorized or unregistered executable.
- a threat characteristic of the communication received may include a malware.
- a malware may include malicious software.
- a malware may include at least one of a virus, worm, or Trojan horse.
- the threat characteristic may include an action the malware may perform on the medical apparatus 210 , or on a computing device associated with the medical apparatus.
- the threat characteristic may include an attack vector.
- the threat characteristic may include at least one of target environment, a carrier object, a transport mechanism, a payload, a trigger mechanism, or a defense mechanism.
- a payload may include at least one of a backdoor, data corruption or deletion, information theft, denial of service, system shutdown, or service disruption.
- ascertaining a threat characteristic may include identifying a malware present in the communication received. In another embodiment, ascertaining a threat characteristic may include identifying a malware present in the communication received, and finding the identified malware's threat characteristic in a look-up table stored in the implantable medical apparatus. In a further embodiment, ascertaining a threat characteristic may include identifying a malware present in the communication received, and obtaining the identified malware's threat characteristic from a device external to the animal. In an embodiment, the threat characteristic may be ascertaining using at least one of signature scanning, or heuristic scanning.
- the threat mitigation module 260 includes a threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication.
- the medical apparatus 210 may include a patient module 270 configured to engage a pliysiological aspect of the animal.
- the animal module includes a patient module configured to at least one of interact, relate, act, affect, effect, sense, or couple with a physiological aspect of the animal.
- the patient module may be configured to acquire physiological signals from the heart, such as an electrocardiograph.
- the patient module may be configured to both sense and provide cardiac signals, such as with a cardiac pacemaker.
- the patient module may be configured to acquire physiological signals from the central nervous system or the peripheral nervous system, such as with an EEG, or a NIR.
- the patient module may be configured to monitor at least one of electrical changes, or changes in metabolism reflected by alterations in blood flow, glucose metabolism, or oxygen extraction.
- the patient module may be configured to monitor brain systems, and/or provide deep brain stimulation, cortical stimulation, vagus nerve stimulation, or spinal cord stimulation.
- the patient module may be configured to monitor physiological conditions and/or changes in a limb, such as pulsoximetry, or blood or tissue pressure.
- the patient module may be configured to monitor an animal's metabolites, such as a glucose monitor.
- the patient module includes a patient module configured to sense a physiological aspect of the patient.
- a sensed physiological aspect may include at least one of a sensed heart rate, heart pacing, acidity, blood chemistry such as pH, pCO2, pO2, blood component, activity state, or body temperature.
- the sensed physiological aspect may include at least one of a drug level, drug concentration, metabolite level, circulatory physiology such as blood pressure and cardiac output monitoring devices that communicate with ventricular assist devices to pump blood faster or slower, brain signal, perspiration, or movement.
- patient module 270 includes a patient module configured to provide a therapeutic benefit to the animal.
- a provided therapeutic benefit may include at least one of providing a medicant, a medicine, a therapeutic substance, a drug eluted by a stent, a stimulation, a blocking, or a heart pacing.
- the patient module is configured to provide a therapeutic benefit by sensing a physiological aspect of the animal and communicating the sensed physiological aspect to an external device that in response provides or adjusts a therapeutic benefit.
- physiological data may be acquired by the patient module and communicated using the communication module 220 with an external ventilator (not shown) configured to adjust at least one of the FI02, tidal volume, or rate of the breaths of the animal.
- the provided therapeutic benefit may include a non-drug approach, such at least one of an electrical, gastric, or mechanical approach.
- the patient module 270 includes a patient module configured to engage at least a portion of a brain of the animal.
- a neural implant, brain implant, or a neural modulator configured to engage at least a portion of a nervous system of the animal.
- a deep brain stimulator, neural interface, or nerve stimulator for example, a deep brain stimulator, neural interface, or nerve stimulator.
- the patient module includes a patient module configured to acquire data indicative of a physiological aspect of the animal.
- the patient module includes a control module configured to manage the patient module.
- the patient module includes a patient module configured to engage a physiological aspect of the animal and to monitor its own functioning.
- the patient module includes a patient module configured to engage a physiological aspect of the animal during an implementation of the threat mitigation measure responsive to the ascertained threat characteristic of the received communication.
- the communication module 220 further includes a communication module configured to send and/or receive data having a relevance to the animal.
- the communication module includes a communication module configured to receive communication originating external to the animal and configured to communicate with another medical apparatus configured for association with the animal.
- the another medical apparatus configured for association with the animal may include another medical apparatus implanted in the animal.
- the communication module includes a communication module configured to receive communications originating external to the animal and to receive a communication useful in updating at least one of the threat assessment module or the threat mitigation module.
- the threat assessment module includes a threat assessment module configured to ascertain a susceptibly of an implanted medical device to a threat characteristic of a communication received by the communication module.
- the threat assessment module 230 includes a threat assessment module configured to ascertain a threat characteristic of at least one of a fake communication, a spoofed communication, or a jamming communication received by the communication module.
- the threat assessment module includes a threat assessment module configured to ascertain a threat characteristic of a communication received by the communication module and to initiate a notification to another apparatus of the ascertained threat characteristic.
- the another apparatus may include at least one of another implantable or implanted medical apparatus, an external device or apparatus, or a health care provider.
- the threat assessment module includes a threat assessment module configured to be updatable in vivo and configured to ascertain a threat characteristic of a communication received by the communication module.
- the threat assessment module 230 includes a threat assessment module configured to ascertain a threat characteristic in response to a communication received by the communication module and in response to a history of previously ascertained threat characteristics.
- the threat assessment module includes a threat assessment module configured to store the ascertained threat characteristic.
- the threat characteristic module includes a threat module configured to provide a stored ascertained threat characteristic in response to a query.
- the threat assessment module configured to ascertain a threat characteristic of a communication received by the communication module includes a threat assessment module configured to ascertain a presence of a threat characteristic of a communication received by the communication module and to ascertain a cessation of the ascertained threat characteristic
- the threat mitigation module 260 includes a threat mitigation module configured to implement a selected mitigation measure responsive to the ascertained threat characteristic of the received communication.
- the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication and selected in response to a selection algorithm.
- the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure selected based on a lookup table.
- a mitigation measure may include establishing a safe mode in the medical apparatus 210 .
- the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure selected according to a function dependent on at least one of a nature of the ascertained threat characteristic of the received communication, a remaining capability of a patient module of the medical apparatus to engage a physiological aspect of the animal, or a remaining life of a power source 274 providing operational power to the medical apparatus.
- a threat mitigation module configured to implement a mitigation measure selected according to a function dependent on at least one of a nature of the ascertained threat characteristic of the received communication, a remaining capability of a patient module of the medical apparatus to engage a physiological aspect of the animal, or a remaining life of a power source 274 providing operational power to the medical apparatus.
- the nature of the ascertained threat characteristic may include an anticipated duration of a threat.
- a remaining capacity of the patient module may include an amount of medicant available for release in the animal.
- the threat mitigation module 260 includes a threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication, the mitigation measure including at least one of an encryption, an encryption change, a disinformation measure, a change of communication frequency, a change of a schedule of communication, a formatting of communication, a communication polarization, a handshake, tunneling, signature, authentication, or verification.
- the threat mitigation module includes a threat mitigation module configured to be updated in vivo and configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication.
- the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure. The mitigation measure is responsive to the ascertained threat characteristic of the received communication and meeting a minimum safety standard for the animal.
- the threat mitigation module 260 includes a threat mitigation module configured to implement a mitigation measure in at least one of the patient module 270 or the communication module 220 .
- the mitigation measure is responsive to the ascertained threat characteristic of the received communication and meeting a minimum safety standard for the animal.
- the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure.
- the mitigation measure responsive to the ascertained threat characteristic of the received communication and predicted to meet a minimum safety standard for the animal.
- the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure.
- the mitigation measure responsive to the ascertained threat characteristic of the received communication and selected to provide the least adverse effect on the animal from among two countermeasures.
- the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure responsive.
- the mitigation measure is responsive to the ascertained threat characteristic of the received communication and predicted by a lookup table as unlikely to have an at least substantial adverse impact on the animal.
- the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure.
- the mitigation measure is responsive to the ascertained threat characteristic of the received communication and predicted by a lookup table stored in the implanted medical apparatus as unlikely to have an at least substantial adverse impact on the animal.
- the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure. The mitigation measure is responsive to the ascertained threat characteristic of the received communication and unlikely to have an at least substantially serious impact on the animal.
- the threat mitigation module 260 includes a threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication and to initiate a notification to another apparatus of the implemented mitigation measure.
- the threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication includes a threat mitigation module configured to reverse the implementation of the mitigation measure responsive.
- the threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication includes a threat mitigation module configured to reverse the implementation of the mitigation measure and to initiate a notification to another apparatus of the reversing the implementation of the mitigation measure.
- the threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication includes a threat module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication and save an indication of the implemented mitigation measure.
- the threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication includes a threat module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication and provide stored indication of the implemented mitigation measure in response to a query.
- the threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication includes a threat module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication and a history that includes an ascertained threat characteristic of another received communication.
- the threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication includes a threat module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication and a history that includes a previously implemented mitigation measure.
- the medical apparatus 210 includes a biocompatible housing 272 adapted to be implanted in a mammalian patient (not shown).
- the medical apparatus includes the power source 296 providing operational power to at least a portion of the medical apparatus.
- the medical apparatus includes a backdoor module 274 configured to respond to a command received from a trusted or a verified third party without regard to the implemented mitigation measure responsive to the ascertained threat characteristic of the received communication.
- the backdoor module may be configured to respond to a control command.
- the backdoor module may be configured to a command with respect to at least one of the patient module 270 or the medical apparatus as a whole.
- the medical apparatus may include at least one of other module(s) 272 , processor 292 , or an information store 294 .
- the medical apparatus 210 of FIG. 3 includes a medical apparatus at least a portion of which is configured for implantation in an animal.
- the medical apparatus 210 includes the communication module 220 , the threat assessment module 230 , and the threat mitigation module 260 .
- the communication module includes a communication module configured to receive communications originating external to the medical apparatus.
- a communication originating external to the medical apparatus may include another medical apparatus and/or device implanted in the animal (not shown).
- FIG. 4 illustrates another example environment 300 in which embodiments may be implemented.
- the example environment includes a medical apparatus 302 and another device 305 .
- the medical apparatus is implanted in an animal 304 .
- the medical apparatus includes a receiver module 310 , a malware indication detector module 320 , and a countermeasure module 350 .
- one or more of the receiver module, malware indication detector module, and countermeasure module may be structurally distinct from the remaining modules.
- the electronic device or a portion of the medical apparatus may be implemented in whole or in part using the thin computing device 20 described in conjunction with FIG. 1 , and/or the computing device 110 described in conjunction with FIG. 2 .
- the medical apparatus or a portion of the medical apparatus may be implemented using Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs), digital signal processors (DSPs), or other integrated formats.
- ASICs Application Specific Integrated Circuits
- FPGAs Field Programmable Gate Arrays
- DSPs digital signal processors
- one or more of the modules, circuits and/or the apparatus may be implemented in hardware, software, and/or firmware.
- the receiver module 310 includes a receiver module configured to at least one of transmit or receive a communication.
- the receive module is configured to communicate externally to the animal, such as a communication with another device 305 .
- the communication may be implemented using at least one of a wireless communication link or a wired communication link.
- the receiver module may be operable to communicate with the another device using a network, for example, such as the Internet or a private network.
- the receiver module is configured to communicate externally to itself, such as with a second implanted medical apparatus or a device (not shown).
- the medical apparatus 302 may include at least one additional module.
- the at least one additional module may include a notification module 390 , a patient module 303 , a processor 304 , an information store 306 , a power source 308 , or other module(s) 309 .
- FIG. 5 illustrates an example of an operational flow 400 implemented in an environment.
- the environment includes a medical apparatus at least a portion of which is implanted in an animal and configured to at least one of transmit or receive a communication.
- the medical apparatus may be adhered to the skin of the animal, or partially or wholly implanted in the animal.
- the animal may include at least one of a patient, living body, human, animal, mammal, bird, fish, or food stock.
- the medical apparatus may be implemented using the medical apparatus 303 implanted in the animal 304 of FIG. 4 .
- FIG. 5 and several following figures may include various examples of operational flows, discussions, and explanations with respect to the above-described environment 300 of FIG. 4 , and/or with respect to other examples and contexts.
- the operational flow 400 includes an acquirement operation 410 .
- the acquirement operation includes receiving a communication.
- the acquirement operation may be implemented using the receiver module 310 of FIG. 4 .
- a demodulation operation 420 includes detecting an indication of a malware in the received communication.
- malware may include at least one of virus, a worm, Trojan horse, a rootkit, spyware, adware, a buffer overflow, a virus hoax, a dialer, or a hack tool.
- a malware may include a program having a threat characteristic.
- the demodulation operation may be implemented using the malware indication detection module 320 of FIG. 4 .
- a defense operation 450 includes implementing in the implanted medical device a countermeasure responsive to the detected indication of malware in the received communication.
- the defense operation may be implemented using the countermeasure module 350 of FIG. 4 .
- the operational flow then proceeds to an end operation.
- the operational flow 400 may include at least one additional operation.
- the at least one additional operation may include a notification operation 490 .
- the notification operation includes initiating a transmission of an attack notification in response to the indication of malware in the received communication.
- the notification operation 490 includes an operation 492 initiating a transmission of an attack notification receivable by a trusted external unit in response to the indication of malware in the received communication.
- the trusted external unit may include the another device 305 of FIG. 4 .
- the notification operation may be implemented using the notification module 390 of FIG. 4 .
- the notification operation includes initiating a secure transmission of an attack notification in response to the indication of malware in the received communication.
- the notification operation includes initiating a transmission of an indication of the countermeasure implemented in the implanted medical device.
- FIG. 6 illustrates an alternative embodiment of the operational flow 400 of FIG. 5 .
- the acquirement operation 410 may include at least one additional operation.
- the at least one additional operation may include at least one of an operation 412 , an operation 414 , or an operation 416 .
- the operation 412 includes receiving a communication that includes at least one of instruction, command, data request, or inquiry receivable by the medical device.
- the operation 414 includes receiving a communication originated by another device external to the animal.
- the operation 416 includes failing to receive an expected communication. For example, failing to receive an expected communication may include at least one of failing to receive a handshake, an acknowledgement, or a scheduled communication.
- the operation 416 may include at least one additional operation, such as an operation 418 .
- the operation 418 includes detecting an indication of a malware in response to the failing to receive an expected communication.
- FIG. 7 illustrates another alternative embodiment of the operational flow 400 of FIG. 5 .
- the demodulation operation 420 may include at least one additional operation.
- the at least one additional operation may include at least one of an operation 422 , an operation 424 , an operation 426 , an operation 428 , an operation 432 , an operation 434 , or an operation 436 .
- the operation 422 includes detecting an indication of a malware threat characteristic in the received communication.
- the operation 424 includes detecting an indication of a malware attack strategy in the received communication.
- the operation 426 includes detecting an indication of at least one of a virus, a worm, a Trojan horse, a rootkit, a spyware, an adware, a buffer overflow, a virus hoax, a dialer, a hack tool, backdoor, data corruption, or data deletion in the received communication.
- the operation 428 includes detecting an indication of at least one of an information theft, denial of service, system shut down instruction, unexpected instruction, tampering, spoofing, bandwidth flooding, service disruption, insertion of a false instruction, or taking control of an aspect of the medical device in the received communication.
- the operation 432 includes detecting an indication of a malware in the received communication to which the implanted medical device may be susceptible.
- the operation 434 includes detecting an indication that the received communication was received from a non-trusted source.
- the operation 436 includes detecting an indication of a malware in the received communication using at least one of a signature-based detection system, heuristic engine, artificial intelligence, pattern recognition, or malware definition.
- FIG. 8 illustrates a further alternative embodiment of the operational flow 400 of FIG. 5 .
- the defensive operation 450 may include at least one additional operation.
- the at least one additional operation may include at least one of an operation 452 , an operation 454 , an operation 456 , an operation 458 , and an operation 462 .
- the operation 452 includes implementing in the implanted medical device a selected countermeasure responsive to the detected indication of malware in the received communication.
- the operation 454 includes implementing in the implanted medical device a selected countermeasure responsive to the detected indication of malware in the received communication, wherein the selected countermeasure is selected in response to at least one of a selection algorithm function or a lookup table.
- the operation 456 includes implementing in the implanted medical device a selected countermeasure useable in at least substantially reducing a harm caused by a malware, and responsive to the detected indication of malware in the received communication.
- the operation 458 includes implementing in the implanted medical device a countermeasure responsive to a determined threat characteristic of the detected indication of malware in the received communication.
- the operation 462 includes implementing in the implanted medical device a countermeasure responsive to the detected indication of malware in the received communication, the countermeasure including at least one of an encryption, an encryption change, a disinformation measure, a change of communication frequency, a change of a schedule of communication, formatting a communication, a communication polarization, a handshake, tunneling, signature, authentication, or verification.
- FIG. 9 illustrates an alternative embodiment of the operational flow 400 of FIG. 5 .
- the defensive operation 450 may include at least one additional operation.
- the at least one additional operation may include an operation 464 .
- the operation 464 includes implementing in the implanted medical device a countermeasure.
- the countermeasure is responsive to the detected indication of malware in the received communication and meeting a minimum safety standard for the animal.
- the operation 464 may include at least one additional operation.
- the at least one additional operation may include an operation 466 , an operation 468 , an operation 472 , an operation 474 , an operation 476 , or an operation 478 .
- the operation 466 includes implementing in the implanted medical device a countermeasure.
- the countermeasure is responsive to the detected indication of malware in the received communication and predicted to meet a minimum safety standard for the animal.
- the operation 468 includes implementing in the implanted medical device a countermeasure.
- the countermeasure is responsive to the detected indication of malware in the received communication and selected to provide a least adverse effect on the animal from among two countermeasures.
- the operation 472 includes implementing in the implanted medical device a countermeasure.
- the counter measure is responsive to the ascertained threat characteristic of the received communication and predicted as unlikely to have an at least substantial adverse impact on the animal.
- the operation 474 includes in the implanted medical device a countermeasure.
- the countermeasure is responsive to the ascertained threat characteristic of the received communication and predicted by a lookup table as unlikely to have an at least substantial adverse impact on the animal.
- the operation 476 includes implementing in the implanted medical device a countermeasure.
- the countermeasure is responsive to the detected indication of malware in the received communication and unlikely to cause an adverse reaction in the animal.
- the operation 478 includes implementing in the implanted medical device a countermeasure.
- the countermeasure is responsive to the detected indication of malware in the received communication and unlikely to have an at least substantially adverse impact on the medical device implanted in the animal.
- the operation 464 includes implementing in the implanted medical device a countermeasure.
- the countermeasure is responsive to the detected indication of malware in the received communication and unlikely to have an at least substantially adverse impact on an operation of the medical device implanted in the animal.
- the operation 464 includes implementing in the implanted medical device a countermeasure.
- the countermeasure is responsive to the detected indication of malware in the received communication and predicted by at least one of a prediction algorithm or a lookup table as unlikely to cause an adverse outcome to the animal.
- FIG. 10 illustrates an example computer program product 500 .
- the computer program product includes a computer-readable signal-bearing medium 510 bearing program instructions 520 .
- the program instructions are configured to perform a process in a computing device of an animal-implantable medical apparatus.
- the process includes receiving a communication originated by a source external to the animal.
- the process also includes detecting an indication of a malware in the received communication.
- the process further includes implementing in the implanted medical apparatus a countermeasure responsive to the detected indication of malware in the received communication.
- the program instructions 520 may include at least one alternative embodiment.
- the at least one alternative embodiment may include program instruction 522 , a program instruction 524 , or program instruction 526 .
- Program instruction 522 includes implementing in the implanted medical apparatus a countermeasure.
- the countermeasure is selected in response to at least one of an algorithm or a lookup table and responsive to the detected indication of malware in the received communication.
- the lookup table may include a locally stored lookup table or a remotely stored lookup table.
- the program instruction 524 includes implementing in the implanted medical apparatus a countermeasure responsive to the detected indication of malware in the received communication, and predicted as unlikely to have an at least substantially adverse impact on the animal.
- “predicted as unlikely” may include at least one of predicted as unlikely by a lookup table stored in the implanted medical apparatus, or by a selection algorithm.
- the program instruction 526 includes implementing in the implanted medical apparatus a countermeasure. The countermeasure is responsive to the detected indication of malware in the received communication and meeting a minimum safety standard for the animal.
- the computer-readable signal-bearing medium 510 bearing the program instructions includes a computer readable storage medium 512 bearing the program instructions.
- the computer-readable signal-bearing medium bearing the program instructions includes a computer readable communication medium 514 bearing the program instructions.
- FIG. 11 illustrates an example system 600 in which embodiments may be implemented.
- the system includes a medical device 605 configured for at least partial implantation in a living subject.
- the medical device includes means 610 for at least one of receiving or transmitting a communication.
- the means 610 is configured for receiving or transmitting outside of its self
- the means 610 is configured for receiving or transmitting outside of the living subject.
- the medical device further includes means 620 for detecting an indication of a malware in a received communication.
- the medical device further includes means 630 for implementing in an element of the implanted medical device a countermeasure responsive to the detected indication of malware in the received communication.
- the medical device includes means 640 for engaging a physiological aspect of the living subject.
- a signal bearing medium examples include, but are not limited to, the following: a recordable type medium such as a floppy disk, a hard disk drive, a Compact Disc (CD), a Digital Video Disk (DVD), a digital tape, a computer memory, etc.; and a transmission type medium such as a digital and/or an analog communication medium (e.g., a fiber optic cable, a waveguide, a wired communication link, a wireless communication link, etc.).
- an implementer may opt for a mainly hardware and/or firmware vehicle; alternatively, if flexibility is paramount, the implementer may opt for a mainly software implementation; or, yet again alternatively, the implementer may opt for some combination of hardware, software, and/or firmware.
- any vehicle to be utilized is a choice dependent upon the context in which the vehicle will be deployed and the specific concerns (e.g., speed, flexibility, or predictability) of the implementer, any of which may vary.
- optical aspects of implementations will typically employ optically-oriented hardware, software, and or firmware.
- optical aspects of implementations will typically employ optically-oriented hardware, software, and or firmware.
- electrical circuitry includes, but is not limited to, electrical circuitry having at least one discrete electrical circuit, electrical circuitry having at least one integrated circuit, electrical circuitry having at least one application specific integrated circuit, electrical circuitry forming a general purpose computing device configured by a computer program (e.g., a general purpose computer configured by a computer program which at least partially carries out processes and/or devices described herein, or a microprocessor configured by a computer program which at least partially carries out processes and/or devices described herein), electrical circuitry forming a memory device (e.g., forms of random access memory), and/or electrical circuitry forming a communication device (e.g., a modem, communication switch, or optical-electrical equipment).
- a computer program e.g., a general purpose computer configured by a computer program which at least partially carries out processes and/or devices described herein, or a microprocessor configured by a computer program which at least partially carries out processes and/or devices described herein
- electrical circuitry forming a memory device
- “configured” includes at least one of designed, set up, shaped, implemented, constructed, or adapted for at least one of a particular purpose, application, or function.
- “module” includes a hardware, firmware, or software component that interacts with a larger system.
- a software module or program module may come in a form of a file and may typically handle a specific task within a larger software system.
- a hardware module may include a unit that plugs into a larger system.
- a module may be implemented in a circuit, such as in a software circuit or an electrical circuit.
- a module may be implemented in hardware, software, firmware, or any combination thereof.
- any two components herein combined to achieve a particular functionality can be seen as “associated with” each other such that the desired functionality is achieved, irrespective of architectures or intermedial components.
- any two components so associated can also be viewed as being “operably connected,” or “operably coupled,” to each other to achieve the desired functionality.
- operably couplable any two components capable of being so associated can also be viewed as being “operably couplable” to each other to achieve the desired functionality.
- operably couplable include but are not limited to physically mateable and/or physically interacting components and/or wirelessly interactable and/or wirelessly interacting components.
Landscapes
- Health & Medical Sciences (AREA)
- Engineering & Computer Science (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Public Health (AREA)
- Nuclear Medicine, Radiotherapy & Molecular Imaging (AREA)
- Radiology & Medical Imaging (AREA)
- Life Sciences & Earth Sciences (AREA)
- Animal Behavior & Ethology (AREA)
- Veterinary Medicine (AREA)
- Heart & Thoracic Surgery (AREA)
- Cardiology (AREA)
- Human Computer Interaction (AREA)
- Epidemiology (AREA)
- Medical Informatics (AREA)
- Primary Health Care (AREA)
- General Business, Economics & Management (AREA)
- Business, Economics & Management (AREA)
- Measuring And Recording Apparatus For Diagnosis (AREA)
- Neurology (AREA)
Abstract
Provided embodiments include a device, apparatus, system, computer program product, and method. A medical apparatus is provided. At least a portion of which is configured for implantation in an animal. The medical apparatus includes a communication module configured to receive communications originating external to the animal. The medical apparatus also includes a threat assessment module configured to ascertain a threat characteristic of a communication received by the communication module. The medical apparatus further includes a threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication.
Description
- The present application is related to and claims the benefit of the earliest available effective filing date(s) from the following listed application(s) (the “Related Applications”) (e.g., claims earliest available priority dates for other than provisional patent applications or claims benefits under 35 USC §119(e) for provisional patent applications, for any and all parent, grandparent, great-grandparent, etc. applications of the Related Application(s)).
- For purposes of the USPTO extra-statutory requirements, the present application constitutes a continuation-in-part of U.S. patent application Ser. No. To be assigned, entitled SECURE OPERATION OF IMPLANTED DEVICE, naming Roderick A. Hyde, Muriel Y. Ishikawa, Eric C. Leuthardt, Michael A. Smith, and Lowell L. Wood, Jr. as inventors, filed Apr. 30, 2008, which is currently co-pending, or is an application of which a currently co-pending application is entitled to the benefit of the filing date.
- The United States Patent Office (USPTO) has published a notice to the effect that the USPTO's computer programs require that patent applicants reference both a serial number and indicate whether an application is a continuation or continuation-in-part. Stephen G. Kunin, Benefit of Prior-Filed Application, USPTO Official Gazette Mar. 18, 2003, available at http://www.uspto.gov/web/offices/com/sol/og/2003/week11/patbene.htm. The present Applicant Entity (hereinafter “Applicant”) has provided above a specific reference to the application(s)from which priority is being claimed as recited by statute. Applicant understands that the statute is unambiguous in its specific reference language and does not require either a serial number or any characterization, such as “continuation” or “continuation-in-part,” for claiming priority to U.S. patent applications. Notwithstanding the foregoing, Applicant understands that the USPTO's computer programs have certain data entry requirements, and hence Applicant is designating the present application as a continuation-in-part of its parent applications as set forth above, but expressly points out that such designations are not to be construed in any way as any type of commentary and/or admission as to whether or not the present application contains any new matter in addition to the matter of its parent application(s).
- All subject matter of the Related Applications and of any and all parent, grandparent, great-grandparent, etc. applications of the Related Applications is incorporated herein by reference to the extent such subject matter is not inconsistent herewith.
- An embodiment provides a medical apparatus. At least a portion of the medical apparatus is configured for implantation in an animal. The medical apparatus includes a communication module configured to receive communications originating external to the animal. The medical apparatus also includes a threat assessment module configured to ascertain a threat characteristic of a communication received by the communication module. The medical apparatus further includes a threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication. In an alternative embodiment, the medical apparatus includes a patient module configured to engage a physiological aspect of the animal. In another embodiment, the medical apparatus includes a biocompatible housing adapted to be implanted in an animal. In another embodiment, the medical apparatus also includes a power source providing operational power to at least a portion of the medical apparatus. In another embodiment, the medical apparatus includes a backdoor module configured to respond to a command received from a trusted or a verified third party without regard to the implemented mitigation measure responsive to the ascertained threat characteristic of the received communication. In addition to the foregoing, other embodiments are described in the claims, drawings, and text that form a part of the present application.
- Another embodiment provides a method. The method is implemented in a medical apparatus implanted in an animal and configured to at least one of transmit or receive a communication originating external to the animal. The method includes receiving a communication. The method also includes detecting an indication of a malware in the received communication. The method further includes implementing in the implanted medical device a countermeasure responsive to the detected indication of malware in the received communication. In an alternative embodiment, the method further includes initiating a transmission of an attack notification in response to the indication of malware in the received communication. In addition to the foregoing, other embodiments are described in the claims, drawings, and text that form a part of the present application.
- A further embodiment provides a computer program product. The computer program product includes a computer-readable signal-bearing medium bearing program instructions. The program instructions are configured to perform a process in a computing device of an animal-implantable medical apparatus. The process includes receiving a communication originated by a source external to the animal. The process also includes detecting an indication of a malware in the received communication. The process further includes implementing in the implanted medical apparatus a countermeasure responsive to the detected indication of malware in the received communication. In addition to the foregoing, other embodiments are described in the claims, drawings, and text that form a part of the present application.
- An embodiment provides a medical device. The medical device is configured for implantation in a living subject. The medical device includes means for at least one of receiving or transmitting a communication outside of the living subject. The medical device also includes means for detecting an indication of a malware in a received communication. The medical device further includes means for implementing in an element of the implanted medical device a countermeasure responsive to the detected indication of malware in the received communication. In an alternative embodiment, the medical device further includes means for engaging a physiological aspect of the living subject. In addition to the foregoing, other embodiments are described in the claims, drawings, and text that form a part of the present application.
- The foregoing summary is illustrative only and is not intended to be in any way limiting. In addition to the illustrative aspects, embodiments, and features described above, further aspects, embodiments, and features will become apparent by reference to the drawings and the following detailed description.
-
FIG. 1 illustrates an example embodiment of a thin computing device in which embodiments may be implemented; -
FIG. 2 illustrates an example embodiment of a general-purpose computing system in which embodiments may be implemented; -
FIG. 3 illustrates an example environment in which embodiments may be implemented; -
FIG. 4 illustrates another example environment in which embodiments may be implemented; -
FIG. 5 illustrates an example of an operational flow implemented in an environment; -
FIG. 6 illustrates an alternative embodiment of the operational flow ofFIG. 5 -
FIG. 7 illustrates another alternative embodiment of the operational flow ofFIG. 5 ; -
FIG. 8 illustrates a further alternative embodiment of the operational flow ofFIG. 5 ; -
FIG. 9 illustrates an alternative embodiment of the operational flow ofFIG. 5 ; -
FIG. 10 illustrates an example computer program product; and -
FIG. 11 illustrates an example system in which embodiments may be implemented. - In the following detailed description, reference is made to the accompanying drawings, which form a part hereof. In the drawings, similar symbols typically identify similar components, unless context dictates otherwise. The illustrated embodiments described in the detailed description, drawings, and claims are not meant to be limiting. Other embodiments may be utilized, and other changes may be made, without departing from the spirit or scope of the subject matter presented here.
-
FIG. 1 and the following discussion are intended to provide a brief, general description of an environment in which embodiments may be implemented.FIG. 1 illustrates an example system that includes athin computing device 20, which may be included in an electronic device that also includes a devicefunctional element 50. For example, the electronic device may include any item having electrical and/or electronic components playing a role in a functionality of the item, such as a limited resource computing device, a wireless communication device, a mobile wireless communication device, an electronic pen, a handheld electronic writing device, a digital camera, a scanner, an ultrasound device, an x-ray machine, a non-invasive imaging device, a cell phone, a PDA, a Blackberry® device, a printer, a refrigerator, a car, and an airplane. In another example, the thin computing device may be included in an implantable medical apparatus or device. In a further example, the thin computing device may be operable to communicate with an implantable or implanted medical apparatus. - The
thin computing device 20 includes aprocessing unit 21, asystem memory 22, and a system bus 23 that couples various system components including thesystem memory 22 to theprocessing unit 21. The system bus 23 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. The system memory includes read-only memory (ROM) 24 and random access memory (RAM) 25. A basic input/output system (BIOS) 26, containing the basic routines that help to transfer information between sub-components within thethin computing device 20, such as during start-up, is stored in theROM 24. A number of program modules may be stored in theROM 24 and/orRAM 25, including anoperating system 28, one ormore application programs 29,other program modules 30 andprogram data 31. - A user may enter commands and information into the
computing device 20 through input devices, such as a number of switches and buttons, illustrated ashardware buttons 44, connected to the system via asuitable interface 45. Input devices may further include a touch-sensitive display with suitable input detection circuitry, illustrated as adisplay 32 andscreen input detector 33. The output circuitry of the touch-sensitive display 32 is connected to the system bus 23 via avideo driver 37. Other input devices may include amicrophone 34 connected through asuitable audio interface 35, and a physical hardware keyboard (not shown). Output devices may include at least one thedisplay 32, or aprojector display 36. - In addition to the
display 32, thecomputing device 20 may include other peripheral output devices, such as at least onespeaker 38. Other external input oroutput devices 39, such as a joystick, game pad, satellite dish, scanner or the like may be connected to theprocessing unit 21 through a USB port 40 andUSB port interface 41, to the system bus 23. Alternatively, the other external input andoutput devices 39 may be connected by other interfaces, such as a parallel port, game port or other port. Thecomputing device 20 may further include or be capable of connecting to a flash card memory (not shown) through an appropriate connection port (not shown). Thecomputing device 20 may further include or be capable of connecting with a network through anetwork port 42 andnetwork interface 43, and throughwireless port 46 andcorresponding wireless interface 47 may be provided to facilitate communication with other peripheral devices, including other computers, printers, and so on (not shown). It will be appreciated that the various components and connections shown are examples and other components and means of establishing communication links may be used. - The
computing device 20 may be primarily designed to include a user interface. The user interface may include a character, a key-based, and/or another user data input via the touchsensitive display 32. The user interface may include using a stylus (not shown). Moreover, the user interface is not limited to an actual touch-sensitive panel arranged for directly receiving input, but may alternatively or in addition respond to another input device such as themicrophone 34. For example, spoken words may be received at themicrophone 34 and recognized. Alternatively, thecomputing device 20 may be designed to include a user interface having a physical keyboard (not shown). - The device
functional elements 50 are typically application specific and related to a function of the electronic device, and is coupled with the system bus 23 through an interface (not shown). The functional elements may typically perform a single well-defined task with little or no user configuration or setup, such as a refrigerator keeping food cold, a cell phone connecting with an appropriate tower and transceiving voice or data information, a camera capturing and saving an image, an implantable medical apparatus. - In certain instances, one or more elements of the
thin computing device 20 may be deemed not necessary and omitted. In other instances, one or more other elements may be deemed necessary and added to the thin computing device. -
FIG. 2 illustrates an example embodiment of a general-purpose computing system in which embodiments may be implemented, shown as acomputing system environment 100. Components of thecomputing system environment 100 may include, but are not limited to, acomputing device 110 having aprocessing unit 120, asystem memory 130, and a system bus 121 that couples various system components including the system memory to theprocessing unit 120. The system bus 121 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus, also known as Mezzanine bus. - The
computing system environment 100 typically includes a variety of computer-readable media products. Computer-readable media may include any media that can be accessed by thecomputing device 110 and include both volatile and nonvolatile media, removable and non-removable media. By way of example, and not of limitation, computer-readable media may include computer storage media and communication media. - Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules, or other data. Computer storage media includes, but is not limited to, random-access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory, or other memory technology, CD-ROM, digital versatile disks (DVD), or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage, or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by the
computing device 110. In a further embodiment, a computer storage media may include a group of computer storage media devices. In another embodiment, a computer storage media may include an information store. In another embodiment, an information store may include a quantum memory, a photonic quantum memory, and/or atomic quantum memory. Combinations of any of the above may also be included within the scope of computer-readable media. - Communication media may typically embody computer-readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism and include any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media include wired media, such as a wired network and a direct-wired connection, and wireless media such as acoustic, RF, optical, and infrared media.
- The
system memory 130 includes computer storage media in the form of volatile and nonvolatile memory such asROM 131 andRAM 132. A RAM may include at least one of a DRAM, an EDO DRAM, a SDRAM, a RDRAM, a VRAM, and/or a DDR DRAM. A basic input/output system (BIOS) 133, containing the basic routines that help to transfer information between elements within thecomputing device 110, such as during start-up, is typically stored inROM 131.RAM 132 typically contains data and program modules that are immediately accessible to or presently being operated on by processingunit 120. By way of example, and not limitation,FIG. 2 illustrates anoperating system 134, application programs 135,other program modules 136, andprogram data 137. Often, theoperating system 134 offers services to applications programs 135 by way of one or more application programming interfaces (APIs) (not shown). Because theoperating system 134 incorporates these services, developers of applications programs 135 need not redevelop code to use the services. Examples of APIs provided by operating systems such as Microsoft's “WINDOWS” are well known in the art. - The
computing device 110 may also include other removable/non-removable, volatile/nonvolatile computer storage media products. By way of example only,FIG. 2 illustrates a non-removable non-volatile memory interface (hard disk interface) 140 that reads from and writes for example to non-removable, non-volatile magnetic media.FIG. 2 also illustrates a removablenon-volatile memory interface 150 that, for example, is coupled to a magnetic disk drive 151 that reads from and writes to a removable, non-volatilemagnetic disk 152, and/or is coupled to anoptical disk drive 155 that reads from and writes to a removable, non-volatileoptical disk 156, such as a CD ROM. Other removable/nonremovable, volatile/non-volatile computer storage media that can be used in the example operating environment include, but are not limited to, magnetic tape cassettes, memory cards, flash memory cards, DVDs, digital video tape, solid state RAM, and solid state ROM. Thehard disk drive 141 is typically connected to the system bus 121 through a non-removable memory interface, such as theinterface 140, and magnetic disk drive 151 andoptical disk drive 155 are typically connected to the system bus 121 by a removable non-volatile memory interface, such asinterface 150. - The drives and their associated computer storage media discussed above and illustrated in
FIG. 2 provide storage of computer-readable instructions, data structures, program modules, and other data for thecomputing device 110. InFIG. 2 , for example,hard disk drive 141 is illustrated as storing anoperating system 144,application programs 145,other program modules 146, and program data 147. Note that these components can either be the same as or different from theoperating system 134, application programs 135,other program modules 136, andprogram data 137. Theoperating system 144,application programs 145,other program modules 146, and program data 147 are given different numbers here to illustrate that, at a minimum, they are different copies. - A user may enter commands and information into the
computing device 110 through input devices such as a microphone 163,keyboard 162, andpointing device 161, commonly referred to as a mouse, trackball, or touch pad. Other input devices (not shown) may include at least one of a touch sensitive display, joystick, game pad, satellite dish, and scanner. These and other input devices are often connected to theprocessing unit 120 through auser input interface 160 that is coupled to the system bus, but may be connected by other interface and bus structures, such as a parallel port, game port, or a universal serial bus (USB). - A
display 191, such as a monitor or other type of display device or surface may be connected to the system bus 121 via an interface, such as avideo interface 190. Aprojector display engine 192 that includes a projecting element may be coupled to the system bus. In addition to the display, thecomputing device 110 may also include other peripheral output devices such asspeakers 197 andprinter 196, which may be connected through an outputperipheral interface 195. - The
computing system environment 100 may operate in a networked environment using logical connections to one or more remote computers, such as aremote computer 180. Theremote computer 180 may be a personal computer, a server, a router, a network PC, a peer device, or other common network node, and typically includes many or all of the elements described above relative to thecomputing device 110, although only amemory storage device 181 has been illustrated inFIG. 2 . The network logical connections depicted inFIG. 2 include a local area network (LAN) and a wide area network (WAN), and may also include other networks such as a personal area network (PAN) (not shown). Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets, and the Internet. - When used in a networking environment, the
computing system environment 100 is connected to thenetwork 171 through a network interface, such as thenetwork interface 170, themodem 172, and/or thewireless interface 193. The network may include a LAN network environment, and/or a WAN network environment, such as the Internet. In a networked environment, program modules depicted relative to thecomputing device 110, or portions thereof, may be stored in a remote memory storage device. By way of example, and not limitation,FIG. 2 illustratesremote application programs 185 as residing oncomputer storage medium 181. It will be appreciated that the network connections shown are examples and other means of establishing communication link between the computers may be used. - In certain instances, one or more elements of the
computing device 110 may be deemed not necessary and omitted. In other instances, one or more other elements may be deemed necessary and added to the computing device. -
FIG. 3 illustrates anexample environment 200 in which embodiments may be implemented. The environment includes a medical apparatus 210, at least a portion of which is configured for implantation in a patient. The environment may also include anotherdevice 205. The environment may also include a terrestrial or extraterrestrial communication link, illustrated as a communication tower and satellite. In an embodiment, the communication link may include at least one of a wired or a wireless communication link. - The medical apparatus 210 includes a
communication module 220, athreat assessment module 230, and athreat mitigation module 260. The communication module includes a communication module configured to receive communications originated externally of the patient (not shown). For example, a communication originated externally of the patient may include a wireless signal originated by anotherdevice 205, such as a handheld version of thethin computing device 20 ofFIG. 1 , thecomputing device 110 ofFIG. 2 , a cell phone, or other communication originating device physically located outside of the patient. - The
threat assessment module 230 includes a threat assessment module configured to ascertain a threat characteristic of a communication received by the communication module. In an embodiment, the communication received may include at least one of a received packet, file, data or information. In a further embodiment, the communication received may include at least one of a first communication received in an ordinary course of employing the medical apparatus and a second communication that includes a threat characteristic. In another embodiment, the communication received may include at least one of a signal or a modulated carrier. In a further embodiment, the communication received may include a communication received in at least one of an analog format or a digital format. - In an embodiment, a threat characteristic of the communication received may include at least one of a blocking communication, such as noise or a jamming, a failure to receive an expected communication, or an overwhelming communication, such as a denial of service attack. In a further embodiment, a threat characteristic of the communication received may include a spyware.
- In another embodiment, a threat characteristic of the communication received may include an unauthorized or unregistered executable. In an embodiment, a threat characteristic of the communication received may include a malware. A malware may include malicious software. In another embodiment, a malware may include at least one of a virus, worm, or Trojan horse. In an embodiment, the threat characteristic may include an action the malware may perform on the medical apparatus 210, or on a computing device associated with the medical apparatus. In another embodiment, the threat characteristic may include an attack vector. In a further embodiment, the threat characteristic may include at least one of target environment, a carrier object, a transport mechanism, a payload, a trigger mechanism, or a defense mechanism. In another embodiment, a payload may include at least one of a backdoor, data corruption or deletion, information theft, denial of service, system shutdown, or service disruption.
- In a further embodiment, ascertaining a threat characteristic may include identifying a malware present in the communication received. In another embodiment, ascertaining a threat characteristic may include identifying a malware present in the communication received, and finding the identified malware's threat characteristic in a look-up table stored in the implantable medical apparatus. In a further embodiment, ascertaining a threat characteristic may include identifying a malware present in the communication received, and obtaining the identified malware's threat characteristic from a device external to the animal. In an embodiment, the threat characteristic may be ascertaining using at least one of signature scanning, or heuristic scanning.
- The
threat mitigation module 260 includes a threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication. - In an alternative embodiment, the medical apparatus 210 may include a
patient module 270 configured to engage a pliysiological aspect of the animal. In a further embodiment, the animal module includes a patient module configured to at least one of interact, relate, act, affect, effect, sense, or couple with a physiological aspect of the animal. For example, the patient module may be configured to acquire physiological signals from the heart, such as an electrocardiograph. In another example, the patient module may be configured to both sense and provide cardiac signals, such as with a cardiac pacemaker. In a further example, the patient module may be configured to acquire physiological signals from the central nervous system or the peripheral nervous system, such as with an EEG, or a NIR. In a further example, the patient module may be configured to monitor at least one of electrical changes, or changes in metabolism reflected by alterations in blood flow, glucose metabolism, or oxygen extraction. In another example, the patient module may be configured to monitor brain systems, and/or provide deep brain stimulation, cortical stimulation, vagus nerve stimulation, or spinal cord stimulation. In a further example, the patient module may be configured to monitor physiological conditions and/or changes in a limb, such as pulsoximetry, or blood or tissue pressure. In another example, the patient module may be configured to monitor an animal's metabolites, such as a glucose monitor. In another alternative embodiment, the patient module includes a patient module configured to sense a physiological aspect of the patient. For example, a sensed physiological aspect may include at least one of a sensed heart rate, heart pacing, acidity, blood chemistry such as pH, pCO2, pO2, blood component, activity state, or body temperature. In another example, the sensed physiological aspect may include at least one of a drug level, drug concentration, metabolite level, circulatory physiology such as blood pressure and cardiac output monitoring devices that communicate with ventricular assist devices to pump blood faster or slower, brain signal, perspiration, or movement. - In another embodiment,
patient module 270 includes a patient module configured to provide a therapeutic benefit to the animal. For example, a provided therapeutic benefit may include at least one of providing a medicant, a medicine, a therapeutic substance, a drug eluted by a stent, a stimulation, a blocking, or a heart pacing. In a further embodiment, the patient module is configured to provide a therapeutic benefit by sensing a physiological aspect of the animal and communicating the sensed physiological aspect to an external device that in response provides or adjusts a therapeutic benefit. For example, physiological data may be acquired by the patient module and communicated using thecommunication module 220 with an external ventilator (not shown) configured to adjust at least one of the FI02, tidal volume, or rate of the breaths of the animal. In another example, the provided therapeutic benefit may include a non-drug approach, such at least one of an electrical, gastric, or mechanical approach. - In a further embodiment, the
patient module 270 includes a patient module configured to engage at least a portion of a brain of the animal. For example, a neural implant, brain implant, or a neural modulator. In another embodiment, the patient module includes a neural modulator module configured to engage at least a portion of a nervous system of the animal. For example, a deep brain stimulator, neural interface, or nerve stimulator. In an embodiment, the patient module includes a patient module configured to acquire data indicative of a physiological aspect of the animal. In another embodiment, the patient module includes a control module configured to manage the patient module. In a further embodiment, the patient module includes a patient module configured to engage a physiological aspect of the animal and to monitor its own functioning. In another embodiment, the patient module includes a patient module configured to engage a physiological aspect of the animal during an implementation of the threat mitigation measure responsive to the ascertained threat characteristic of the received communication. - In an embodiment, the
communication module 220 further includes a communication module configured to send and/or receive data having a relevance to the animal. In another embodiment, the communication module includes a communication module configured to receive communication originating external to the animal and configured to communicate with another medical apparatus configured for association with the animal. For example, the another medical apparatus configured for association with the animal may include another medical apparatus implanted in the animal. In a further embodiment, the communication module includes a communication module configured to receive communications originating external to the animal and to receive a communication useful in updating at least one of the threat assessment module or the threat mitigation module. In another embodiment, the threat assessment module includes a threat assessment module configured to ascertain a susceptibly of an implanted medical device to a threat characteristic of a communication received by the communication module. - In an embodiment, the
threat assessment module 230 includes a threat assessment module configured to ascertain a threat characteristic of at least one of a fake communication, a spoofed communication, or a jamming communication received by the communication module. In another embodiment, the threat assessment module includes a threat assessment module configured to ascertain a threat characteristic of a communication received by the communication module and to initiate a notification to another apparatus of the ascertained threat characteristic. For example, the another apparatus may include at least one of another implantable or implanted medical apparatus, an external device or apparatus, or a health care provider. In a further embodiment, the threat assessment module includes a threat assessment module configured to be updatable in vivo and configured to ascertain a threat characteristic of a communication received by the communication module. - In another embodiment, the
threat assessment module 230 includes a threat assessment module configured to ascertain a threat characteristic in response to a communication received by the communication module and in response to a history of previously ascertained threat characteristics. In a further embodiment, the threat assessment module includes a threat assessment module configured to store the ascertained threat characteristic. In another embodiment, the threat characteristic module includes a threat module configured to provide a stored ascertained threat characteristic in response to a query. In a further embodiment, the threat assessment module configured to ascertain a threat characteristic of a communication received by the communication module includes a threat assessment module configured to ascertain a presence of a threat characteristic of a communication received by the communication module and to ascertain a cessation of the ascertained threat characteristic - In an embodiment, the
threat mitigation module 260 includes a threat mitigation module configured to implement a selected mitigation measure responsive to the ascertained threat characteristic of the received communication. In another embodiment, the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication and selected in response to a selection algorithm. In a further embodiment, the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure selected based on a lookup table. For example, a mitigation measure may include establishing a safe mode in the medical apparatus 210. In another embodiment, the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure selected according to a function dependent on at least one of a nature of the ascertained threat characteristic of the received communication, a remaining capability of a patient module of the medical apparatus to engage a physiological aspect of the animal, or a remaining life of apower source 274 providing operational power to the medical apparatus. For example, the nature of the ascertained threat characteristic may include an anticipated duration of a threat. By way of further example, a remaining capacity of the patient module may include an amount of medicant available for release in the animal. - In an embodiment, the
threat mitigation module 260 includes a threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication, the mitigation measure including at least one of an encryption, an encryption change, a disinformation measure, a change of communication frequency, a change of a schedule of communication, a formatting of communication, a communication polarization, a handshake, tunneling, signature, authentication, or verification. In another embodiment, the threat mitigation module includes a threat mitigation module configured to be updated in vivo and configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication. In a further embodiment, the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure. The mitigation measure is responsive to the ascertained threat characteristic of the received communication and meeting a minimum safety standard for the animal. - In an embodiment, the
threat mitigation module 260 includes a threat mitigation module configured to implement a mitigation measure in at least one of thepatient module 270 or thecommunication module 220. The mitigation measure is responsive to the ascertained threat characteristic of the received communication and meeting a minimum safety standard for the animal. - In another embodiment, the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure. The mitigation measure responsive to the ascertained threat characteristic of the received communication and predicted to meet a minimum safety standard for the animal. In a further embodiment, the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure. The mitigation measure responsive to the ascertained threat characteristic of the received communication and selected to provide the least adverse effect on the animal from among two countermeasures. In an embodiment, the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure responsive. The mitigation measure is responsive to the ascertained threat characteristic of the received communication and predicted by a lookup table as unlikely to have an at least substantial adverse impact on the animal. In another embodiment, the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure. The mitigation measure is responsive to the ascertained threat characteristic of the received communication and predicted by a lookup table stored in the implanted medical apparatus as unlikely to have an at least substantial adverse impact on the animal. In a further embodiment, the threat mitigation module includes a threat mitigation module configured to implement a mitigation measure. The mitigation measure is responsive to the ascertained threat characteristic of the received communication and unlikely to have an at least substantially serious impact on the animal.
- In another embodiment, the
threat mitigation module 260 includes a threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication and to initiate a notification to another apparatus of the implemented mitigation measure. In a further embodiment, the threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication includes a threat mitigation module configured to reverse the implementation of the mitigation measure responsive. In an embodiment, the threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication includes a threat mitigation module configured to reverse the implementation of the mitigation measure and to initiate a notification to another apparatus of the reversing the implementation of the mitigation measure. - In another embodiment, the threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication includes a threat module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication and save an indication of the implemented mitigation measure. In further embodiment, the threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication includes a threat module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication and provide stored indication of the implemented mitigation measure in response to a query. In an embodiment, the threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication includes a threat module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication and a history that includes an ascertained threat characteristic of another received communication. In another embodiment, the threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication includes a threat module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication and a history that includes a previously implemented mitigation measure. In further embodiment, the threat mitigation module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication includes a threat module configured to implement a mitigation measure responsive to the ascertained threat characteristic of the received communication and an indication of a cessation of the ascertained threat characteristic.
- In an embodiment, the medical apparatus 210 includes a
biocompatible housing 272 adapted to be implanted in a mammalian patient (not shown). In another embodiment, the medical apparatus includes thepower source 296 providing operational power to at least a portion of the medical apparatus. In another embodiment, the medical apparatus includes abackdoor module 274 configured to respond to a command received from a trusted or a verified third party without regard to the implemented mitigation measure responsive to the ascertained threat characteristic of the received communication. For example, the backdoor module may be configured to respond to a control command. By way of further example, the backdoor module may be configured to a command with respect to at least one of thepatient module 270 or the medical apparatus as a whole. In a further embodiment, the medical apparatus may include at least one of other module(s) 272,processor 292, or aninformation store 294. - In an alternative embodiment, the medical apparatus 210 of
FIG. 3 includes a medical apparatus at least a portion of which is configured for implantation in an animal. The medical apparatus 210 includes thecommunication module 220, thethreat assessment module 230, and thethreat mitigation module 260. The communication module includes a communication module configured to receive communications originating external to the medical apparatus. For example, a communication originating external to the medical apparatus may include another medical apparatus and/or device implanted in the animal (not shown). -
FIG. 4 illustrates anotherexample environment 300 in which embodiments may be implemented. The example environment includes a medical apparatus 302 and anotherdevice 305. The medical apparatus is implanted in ananimal 304. The medical apparatus includes areceiver module 310, a malwareindication detector module 320, and acountermeasure module 350. In some embodiments, one or more of the receiver module, malware indication detector module, and countermeasure module may be structurally distinct from the remaining modules. In another embodiment, the electronic device or a portion of the medical apparatus may be implemented in whole or in part using thethin computing device 20 described in conjunction withFIG. 1 , and/or thecomputing device 110 described in conjunction withFIG. 2 . In a further embodiment, the medical apparatus or a portion of the medical apparatus may be implemented using Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs), digital signal processors (DSPs), or other integrated formats. In a further embodiment, one or more of the modules, circuits and/or the apparatus may be implemented in hardware, software, and/or firmware. - The
receiver module 310 includes a receiver module configured to at least one of transmit or receive a communication. In an alternative, embodiment, the receive module is configured to communicate externally to the animal, such as a communication with anotherdevice 305. The communication may be implemented using at least one of a wireless communication link or a wired communication link. The receiver module may be operable to communicate with the another device using a network, for example, such as the Internet or a private network. In another embodiment, the receiver module is configured to communicate externally to itself, such as with a second implanted medical apparatus or a device (not shown). - The medical apparatus 302 may include at least one additional module. The at least one additional module may include a
notification module 390, apatient module 303, aprocessor 304, aninformation store 306, apower source 308, or other module(s) 309. -
FIG. 5 illustrates an example of anoperational flow 400 implemented in an environment. The environment includes a medical apparatus at least a portion of which is implanted in an animal and configured to at least one of transmit or receive a communication. In an embodiment, the medical apparatus may be adhered to the skin of the animal, or partially or wholly implanted in the animal. In another embodiment, the animal may include at least one of a patient, living body, human, animal, mammal, bird, fish, or food stock. The medical apparatus may be implemented using themedical apparatus 303 implanted in theanimal 304 ofFIG. 4 .FIG. 5 and several following figures may include various examples of operational flows, discussions, and explanations with respect to the above-describedenvironment 300 ofFIG. 4 , and/or with respect to other examples and contexts. However, it should be understood that the operational flows may be executed in a number of other environments and contexts, and/or in modified versions ofFIG. 4 . Also, although the various operational flows are illustrated in a sequence(s), it should be understood that the various operations may be performed in other orders than those which are illustrated, and/or may be performed concurrently. - After a start operation implemented in the environment that includes a medical apparatus implanted in an animal and configured to at least one of transmit or receive a communication, the
operational flow 400 includes anacquirement operation 410. The acquirement operation includes receiving a communication. The acquirement operation may be implemented using thereceiver module 310 ofFIG. 4 . Ademodulation operation 420 includes detecting an indication of a malware in the received communication. In an embodiment, malware may include at least one of virus, a worm, Trojan horse, a rootkit, spyware, adware, a buffer overflow, a virus hoax, a dialer, or a hack tool. In another embodiment, a malware may include a program having a threat characteristic. The demodulation operation may be implemented using the malwareindication detection module 320 ofFIG. 4 . Adefense operation 450 includes implementing in the implanted medical device a countermeasure responsive to the detected indication of malware in the received communication. The defense operation may be implemented using thecountermeasure module 350 ofFIG. 4 . The operational flow then proceeds to an end operation. - In an alternative embodiment, the
operational flow 400 may include at least one additional operation. The at least one additional operation may include anotification operation 490. The notification operation includes initiating a transmission of an attack notification in response to the indication of malware in the received communication. In an alternative embodiment, thenotification operation 490 includes an operation 492 initiating a transmission of an attack notification receivable by a trusted external unit in response to the indication of malware in the received communication. The trusted external unit may include the anotherdevice 305 ofFIG. 4 . The notification operation may be implemented using thenotification module 390 ofFIG. 4 . In another embodiment, the notification operation includes initiating a secure transmission of an attack notification in response to the indication of malware in the received communication. In a further embodiment, the notification operation includes initiating a transmission of an indication of the countermeasure implemented in the implanted medical device. -
FIG. 6 illustrates an alternative embodiment of theoperational flow 400 ofFIG. 5 . Theacquirement operation 410 may include at least one additional operation. The at least one additional operation may include at least one of anoperation 412, anoperation 414, or anoperation 416. Theoperation 412 includes receiving a communication that includes at least one of instruction, command, data request, or inquiry receivable by the medical device. Theoperation 414 includes receiving a communication originated by another device external to the animal. Theoperation 416 includes failing to receive an expected communication. For example, failing to receive an expected communication may include at least one of failing to receive a handshake, an acknowledgement, or a scheduled communication. Theoperation 416 may include at least one additional operation, such as anoperation 418. Theoperation 418 includes detecting an indication of a malware in response to the failing to receive an expected communication. -
FIG. 7 illustrates another alternative embodiment of theoperational flow 400 ofFIG. 5 . Thedemodulation operation 420 may include at least one additional operation. The at least one additional operation may include at least one of anoperation 422, anoperation 424, anoperation 426, anoperation 428, anoperation 432, anoperation 434, or anoperation 436. Theoperation 422 includes detecting an indication of a malware threat characteristic in the received communication. Theoperation 424 includes detecting an indication of a malware attack strategy in the received communication. Theoperation 426 includes detecting an indication of at least one of a virus, a worm, a Trojan horse, a rootkit, a spyware, an adware, a buffer overflow, a virus hoax, a dialer, a hack tool, backdoor, data corruption, or data deletion in the received communication. Theoperation 428 includes detecting an indication of at least one of an information theft, denial of service, system shut down instruction, unexpected instruction, tampering, spoofing, bandwidth flooding, service disruption, insertion of a false instruction, or taking control of an aspect of the medical device in the received communication. Theoperation 432 includes detecting an indication of a malware in the received communication to which the implanted medical device may be susceptible. Theoperation 434 includes detecting an indication that the received communication was received from a non-trusted source. Theoperation 436 includes detecting an indication of a malware in the received communication using at least one of a signature-based detection system, heuristic engine, artificial intelligence, pattern recognition, or malware definition. -
FIG. 8 illustrates a further alternative embodiment of theoperational flow 400 ofFIG. 5 . Thedefensive operation 450 may include at least one additional operation. The at least one additional operation may include at least one of anoperation 452, anoperation 454, anoperation 456, anoperation 458, and anoperation 462. Theoperation 452 includes implementing in the implanted medical device a selected countermeasure responsive to the detected indication of malware in the received communication. Theoperation 454 includes implementing in the implanted medical device a selected countermeasure responsive to the detected indication of malware in the received communication, wherein the selected countermeasure is selected in response to at least one of a selection algorithm function or a lookup table. Theoperation 456 includes implementing in the implanted medical device a selected countermeasure useable in at least substantially reducing a harm caused by a malware, and responsive to the detected indication of malware in the received communication. Theoperation 458 includes implementing in the implanted medical device a countermeasure responsive to a determined threat characteristic of the detected indication of malware in the received communication. Theoperation 462 includes implementing in the implanted medical device a countermeasure responsive to the detected indication of malware in the received communication, the countermeasure including at least one of an encryption, an encryption change, a disinformation measure, a change of communication frequency, a change of a schedule of communication, formatting a communication, a communication polarization, a handshake, tunneling, signature, authentication, or verification. -
FIG. 9 illustrates an alternative embodiment of theoperational flow 400 ofFIG. 5 . Thedefensive operation 450 may include at least one additional operation. The at least one additional operation may include anoperation 464. Theoperation 464 includes implementing in the implanted medical device a countermeasure. The countermeasure is responsive to the detected indication of malware in the received communication and meeting a minimum safety standard for the animal. Theoperation 464 may include at least one additional operation. The at least one additional operation may include anoperation 466, anoperation 468, anoperation 472, anoperation 474, an operation 476, or anoperation 478. Theoperation 466 includes implementing in the implanted medical device a countermeasure. The countermeasure is responsive to the detected indication of malware in the received communication and predicted to meet a minimum safety standard for the animal. . Theoperation 468 includes implementing in the implanted medical device a countermeasure. The countermeasure is responsive to the detected indication of malware in the received communication and selected to provide a least adverse effect on the animal from among two countermeasures. Theoperation 472 includes implementing in the implanted medical device a countermeasure. The counter measure is responsive to the ascertained threat characteristic of the received communication and predicted as unlikely to have an at least substantial adverse impact on the animal. Theoperation 474 includes in the implanted medical device a countermeasure. The countermeasure is responsive to the ascertained threat characteristic of the received communication and predicted by a lookup table as unlikely to have an at least substantial adverse impact on the animal. The operation 476 includes implementing in the implanted medical device a countermeasure. The countermeasure is responsive to the detected indication of malware in the received communication and unlikely to cause an adverse reaction in the animal. Theoperation 478 includes implementing in the implanted medical device a countermeasure. The countermeasure is responsive to the detected indication of malware in the received communication and unlikely to have an at least substantially adverse impact on the medical device implanted in the animal. In another embodiment, theoperation 464 includes implementing in the implanted medical device a countermeasure. The countermeasure is responsive to the detected indication of malware in the received communication and unlikely to have an at least substantially adverse impact on an operation of the medical device implanted in the animal. In a further embodiment, theoperation 464 includes implementing in the implanted medical device a countermeasure. The countermeasure is responsive to the detected indication of malware in the received communication and predicted by at least one of a prediction algorithm or a lookup table as unlikely to cause an adverse outcome to the animal. -
FIG. 10 illustrates an examplecomputer program product 500. The computer program product includes a computer-readable signal-bearing medium 510 bearing program instructions 520. The program instructions are configured to perform a process in a computing device of an animal-implantable medical apparatus. The process includes receiving a communication originated by a source external to the animal. The process also includes detecting an indication of a malware in the received communication. The process further includes implementing in the implanted medical apparatus a countermeasure responsive to the detected indication of malware in the received communication. - The program instructions 520 may include at least one alternative embodiment. The at least one alternative embodiment may include program instruction 522, a program instruction 524, or program instruction 526. Program instruction 522 includes implementing in the implanted medical apparatus a countermeasure. The countermeasure is selected in response to at least one of an algorithm or a lookup table and responsive to the detected indication of malware in the received communication. The lookup table may include a locally stored lookup table or a remotely stored lookup table. The program instruction 524 includes implementing in the implanted medical apparatus a countermeasure responsive to the detected indication of malware in the received communication, and predicted as unlikely to have an at least substantially adverse impact on the animal. In an embodiment, “predicted as unlikely” may include at least one of predicted as unlikely by a lookup table stored in the implanted medical apparatus, or by a selection algorithm. The program instruction 526 includes implementing in the implanted medical apparatus a countermeasure. The countermeasure is responsive to the detected indication of malware in the received communication and meeting a minimum safety standard for the animal.
- In an alternative embodiment, the computer-readable signal-bearing medium 510 bearing the program instructions includes a computer
readable storage medium 512 bearing the program instructions. In another alternative embodiment, the computer-readable signal-bearing medium bearing the program instructions includes a computerreadable communication medium 514 bearing the program instructions. -
FIG. 11 illustrates anexample system 600 in which embodiments may be implemented. The system includes a medical device 605 configured for at least partial implantation in a living subject. The medical device includes means 610 for at least one of receiving or transmitting a communication. In an alternative embodiment, themeans 610 is configured for receiving or transmitting outside of its self In another embodiment, themeans 610 is configured for receiving or transmitting outside of the living subject. The medical device further includesmeans 620 for detecting an indication of a malware in a received communication. The medical device further includesmeans 630 for implementing in an element of the implanted medical device a countermeasure responsive to the detected indication of malware in the received communication. In an alternative embodiment, the medical device includes means 640 for engaging a physiological aspect of the living subject. - The foregoing detailed description has set forth various embodiments of the systems, apparatus, devices, computer program products, and/or processes using block diagrams, flow diagrams, operation diagrams, flowcharts, illustrations, and/or examples. A particular block diagram, operation diagram, flowchart, illustration, environment, and/or example should not be interpreted as having any dependency or requirement relating to any one or combination of components illustrated therein. For example, in certain instances, one or more elements of an environment may be deemed not necessary and omitted. In other instances, one or more other elements may be deemed necessary and added.
- Insofar as such block diagrams, operation diagrams, flowcharts, illustrations, and/or examples contain one or more functions and/or operations, it will be understood that each function and/or operation within such block diagrams, operation diagrams, flowcharts, illustrations, or examples can be implemented, individually and/or collectively, by a wide range of hardware, software, firmware, or virtually any combination thereof unless otherwise indicated. In an embodiment, several portions of the subject matter described herein may be implemented via Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs), digital signal processors (DSPs), or other integrated formats. However, those skilled in the art will recognize that some aspects of the embodiments disclosed herein, in whole or in part, can be equivalently implemented in circuits, as one or more computer programs running on one or more computers (e.g., as one or more programs running on one or more computer systems), as one or more programs running on one or more processors (e.g., as one or more programs running on one or more microprocessors), as firmware, or as virtually any combination thereof, and that designing the circuitry and/or writing the code for the software and or firmware would be well within the skill of one of skill in the art in light of this disclosure. In addition, those skilled in the art will appreciate that the mechanisms of the subject matter described herein are capable of being distributed as a program product in a variety of forms, and that an illustrative embodiment of the subject matter described herein applies regardless of the particular type of signal bearing medium used to actually carry out the distribution. Examples of a signal bearing medium include, but are not limited to, the following: a recordable type medium such as a floppy disk, a hard disk drive, a Compact Disc (CD), a Digital Video Disk (DVD), a digital tape, a computer memory, etc.; and a transmission type medium such as a digital and/or an analog communication medium (e.g., a fiber optic cable, a waveguide, a wired communication link, a wireless communication link, etc.).
- Those having skill in the art will recognize that the state of the art has progressed to the point where there is little distinction left between hardware and software implementations of aspects of systems; the use of hardware or software is generally (but not always, in that in certain contexts the choice between hardware and software can become significant) a design choice representing cost vs. efficiency tradeoffs. Those having skill in the art will appreciate that there are various vehicles by which processes and/or systems and/or other technologies described herein can be effected (e.g., hardware, software, and/or firmware), and that the preferred vehicle will vary with the context in which the processes and/or systems and/or other technologies are deployed. For example, if an implementer determines that speed and accuracy are paramount, the implementer may opt for a mainly hardware and/or firmware vehicle; alternatively, if flexibility is paramount, the implementer may opt for a mainly software implementation; or, yet again alternatively, the implementer may opt for some combination of hardware, software, and/or firmware. Hence, there are several possible vehicles by which the processes and/or devices and/or other technologies described herein may be effected, none of which is inherently superior to the other in that any vehicle to be utilized is a choice dependent upon the context in which the vehicle will be deployed and the specific concerns (e.g., speed, flexibility, or predictability) of the implementer, any of which may vary. Those skilled in the art will recognize that optical aspects of implementations will typically employ optically-oriented hardware, software, and or firmware. Those skilled in the art will recognize that optical aspects of implementations will typically employ optically-oriented hardware, software, and or firmware.
- In a general sense, those skilled in the art will recognize that the various aspects described herein which can be implemented, individually and/or collectively, by a wide range of hardware, software, firmware, or any combination thereof can be viewed as being composed of various types of “electrical circuitry.” Consequently, as used herein “electrical circuitry” includes, but is not limited to, electrical circuitry having at least one discrete electrical circuit, electrical circuitry having at least one integrated circuit, electrical circuitry having at least one application specific integrated circuit, electrical circuitry forming a general purpose computing device configured by a computer program (e.g., a general purpose computer configured by a computer program which at least partially carries out processes and/or devices described herein, or a microprocessor configured by a computer program which at least partially carries out processes and/or devices described herein), electrical circuitry forming a memory device (e.g., forms of random access memory), and/or electrical circuitry forming a communication device (e.g., a modem, communication switch, or optical-electrical equipment). Those having skill in the art will recognize that the subject matter described herein may be implemented in an analog or digital fashion or some combination thereof
- In some embodiments, “configured” includes at least one of designed, set up, shaped, implemented, constructed, or adapted for at least one of a particular purpose, application, or function. In some embodiment, “module” includes a hardware, firmware, or software component that interacts with a larger system. In a further embodiment, a software module or program module may come in a form of a file and may typically handle a specific task within a larger software system. In another embodiment, a hardware module may include a unit that plugs into a larger system. In an embodiment, a module may be implemented in a circuit, such as in a software circuit or an electrical circuit. In another embodiment, a module may be implemented in hardware, software, firmware, or any combination thereof.
- It will be understood by those within the art that, in general, terms used herein, and especially in the appended claims (e.g., bodies of the appended claims) are generally intended as “open” terms (e.g., the term “including” should be interpreted as “including but not limited to,” the term “having” should be interpreted as “having at least,” the term “includes” should be interpreted as “includes but is not limited to,” etc.).
- It will be further understood by those within the art that if a specific number of an introduced claim recitation is intended, such an intent will be explicitly recited in the claim, and in the absence of such recitation no such intent is present. For example, as an aid to understanding, the following appended claims may contain usage of the introductory phrases “at least one” and “one or more” to introduce claim recitations. However, the use of such phrases should not be construed to imply that the introduction of a claim recitation by the indefinite articles “a” or “an” limits any particular claim containing such introduced claim recitation to inventions containing only one such recitation, even when the same claim includes the introductory phrases “one or more” or “at least one” and indefinite articles such as “a” or “an” (e.g., “a” and/or “an” should typically be interpreted to mean “at least one” or “one or more”); the same holds true for the use of definite articles used to introduce claim recitations. In addition, even if a specific number of an introduced claim recitation is explicitly recited, those skilled in the art will recognize that such recitation should typically be interpreted to mean at least the recited number (e.g., the bare recitation of “two recitations,” without other modifiers, typically means at least two recitations, or two or more recitations).
- Furthermore, in those instances where a convention analogous to “at least one of A, B, and C, etc.” is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., “a system having at least one of A, B, and C” would include but not be limited to systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.). In those instances where a convention analogous to “at least one of A, B, or C, etc.” is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., “a system having at least one of A, B, or C” would include but not be limited to systems that have A alone, B alone, C alone, A and B together, A and C together, B and C together, and/or A, B, and C together, etc.). It will be further understood by those within the art that virtually any disjunctive word and/or phrase presenting two or more alternative terms, whether in the description, claims, or drawings, should be understood to contemplate the possibilities of including one of the terms, either of the terms, or both terms. For example, the phrase “A or B” will be understood to include the possibilities of “A” or “B” or “A and B.”
- The herein described aspects depict different components contained within, or connected with, different other components. It is to be understood that such depicted architectures are merely examples, and that in fact many other architectures can be implemented which achieve the same functionality. In a conceptual sense, any arrangement of components to achieve the same functionality is effectively “associated” such that the desired functionality is achieved. Hence, any two components herein combined to achieve a particular functionality can be seen as “associated with” each other such that the desired functionality is achieved, irrespective of architectures or intermedial components. Likewise, any two components so associated can also be viewed as being “operably connected,” or “operably coupled,” to each other to achieve the desired functionality. Any two components capable of being so associated can also be viewed as being “operably couplable” to each other to achieve the desired functionality. Specific examples of operably couplable include but are not limited to physically mateable and/or physically interacting components and/or wirelessly interactable and/or wirelessly interacting components.
- While various aspects and embodiments have been disclosed herein, other aspects and embodiments will be apparent to those skilled in the art. The various aspects and embodiments disclosed herein are for purposes of illustration and are not intended to be limiting, with the true scope and spirit being indicated by the following claims.
Claims (21)
1.-38. (canceled)
39. A computer program product comprising a non-transitory computer-readable signal-bearing medium bearing program instructions, the program instructions executable by a processor of an implantable medical apparatus to cause the processor to:
receive communications originating external to an animal in which the implantable medical apparatus is at least partially implanted;
ascertain a malware threat characteristic of a received communication; and
implement a mitigation measure responsive to the ascertained malware threat characteristic of the received communication.
40. The computer program product of claim 39 , wherein the program instructions are executable by the processor of the implantable medical apparatus to further cause the processor to:
communicate with another medical apparatus configured for association with the animal.
41. The computer program product of claim 39 , wherein the program instructions are executable by the processor of the implantable medical apparatus to further cause the processor to:
receive a communication useful in updating at least one of a threat assessment module or a threat mitigation module.
42. The computer program product of claim 39 , wherein the program instructions are executable by the processor of the implantable medical apparatus to further cause the processor to:
ascertain a susceptibly of the medical device to the malware threat characteristic of the received communication.
43. The computer program product of claim 39 , wherein the program instructions are executable by the processor of the implantable medical apparatus to further cause the processor to:
initiate a notification to another apparatus of the ascertained threat characteristic.
44. The computer program product of claim 39 , wherein the program instructions are executable by the processor of the implantable medical apparatus to further cause the processor to:
implement a mitigation measure responsive to the ascertained malware threat characteristic of the received communication by implementing a malware mitigation measure responsive to the ascertained malware threat characteristic of the received communication and selected in response to a selection algorithm.
45. The computer program product of claim 39 , wherein the program instructions are executable by the processor of the implantable medical apparatus to further cause the processor to:
implement a mitigation measure responsive to the ascertained malware threat characteristic of the received communication by implementing a malware mitigation measure selected based on to a lookup table.
46. The computer program product of claim 39 , wherein the malware mitigation measure includes at least one of an encryption, an encryption change, a disinformation measure, a change of communication frequency, a change of a schedule of communication, formatting a communication, a communication polarization, a handshake, tunneling, signature, authentication, or verification.
47. The computer program product of claim 39 , wherein the program instructions are executable by the processor of the implantable medical apparatus to further cause the processor to:
respond to a command received from a trusted or a verified third party without regard to the implemented malware mitigation measure responsive to the ascertained threat characteristic of the received communication.
48. The computer program product of claim 39 , wherein the malware threat characteristic includes a threat characteristic of a blocking communication, a denial of service attack, a spyware, unauthorized or unregistered executable, a malicious software, a virus, worm, a Trojan horse, an attack vector, a target environment, a carrier object, a transport mechanism, a trigger mechanism, or a defense mechanism.
49. An implantable medical apparatus that is at least partially implantable within an animal, the implantable medical apparatus comprising:
a patient module configured to engage a physiological aspect of the animal; and
a processor, the processor configured to:
receive communications originating external to the animal;
ascertain a malware threat characteristic of a received communication; and
implement a mitigation measure responsive to the ascertained malware threat characteristic of the received communication.
50. The implantable medical apparatus of claim 49 , wherein the processor is further configured to:
communicate with another medical apparatus configured for association with the animal.
51. The implantable medical apparatus of claim 49 , wherein the processor is further configured to:
receive a communication useful in updating at least one of a threat assessment module or a threat mitigation module.
52. The implantable medical apparatus of claim 49 , wherein the processor is further configured to:
ascertain a susceptibly of the medical device to the malware threat characteristic of the received communication.
53. The implantable medical apparatus of claim 49 , wherein the processor is further configured to:
initiate a notification to another apparatus of the ascertained threat characteristic.
54. The implantable medical apparatus of claim 49 , wherein the processor is further configured to:
implement a mitigation measure responsive to the ascertained malware threat characteristic of the received communication by implementing a malware mitigation measure responsive to the ascertained malware threat characteristic of the received communication and selected in response to a selection algorithm.
55. The implantable medical apparatus of claim 49 , wherein the processor is further configured to:
implement a mitigation measure responsive to the ascertained malware threat characteristic of the received communication by implementing a malware mitigation measure selected based on to a lookup table.
56. The implantable medical apparatus of claim 49 , wherein the malware mitigation measure includes at least one of an encryption, an encryption change, a disinformation measure, a change of communication frequency, a change of a schedule of communication, formatting a communication, a communication polarization, a handshake, tunneling, signature, authentication, or verification.
57. The implantable medical apparatus of claim 49 , wherein the processor is further configured to:
respond to a command received from a trusted or a verified third party without regard to the implemented malware mitigation measure responsive to the ascertained threat characteristic of the received communication.
58. The implantable medical apparatus of claim 49 , wherein the malware threat characteristic includes a threat characteristic of a blocking communication, a denial of service attack, a spyware, unauthorized or unregistered executable, a malicious software, a virus, worm, a Trojan horse, an attack vector, a target environment, a carrier object, a transport mechanism, a trigger mechanism, or a defense mechanism.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/595,191 US20170348536A1 (en) | 2008-04-30 | 2017-05-15 | Intrusion resistant implantable medical device |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/150,934 US9999776B2 (en) | 2008-04-30 | 2008-04-30 | Secure operation of implanted device |
US12/150,933 US9682241B2 (en) | 2008-04-30 | 2008-04-30 | Intrusion resistant implantable medical device |
US15/595,191 US20170348536A1 (en) | 2008-04-30 | 2017-05-15 | Intrusion resistant implantable medical device |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/150,933 Continuation US9682241B2 (en) | 2008-04-30 | 2008-04-30 | Intrusion resistant implantable medical device |
Publications (1)
Publication Number | Publication Date |
---|---|
US20170348536A1 true US20170348536A1 (en) | 2017-12-07 |
Family
ID=41257597
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/150,933 Expired - Fee Related US9682241B2 (en) | 2008-04-30 | 2008-04-30 | Intrusion resistant implantable medical device |
US15/595,191 Abandoned US20170348536A1 (en) | 2008-04-30 | 2017-05-15 | Intrusion resistant implantable medical device |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/150,933 Expired - Fee Related US9682241B2 (en) | 2008-04-30 | 2008-04-30 | Intrusion resistant implantable medical device |
Country Status (1)
Country | Link |
---|---|
US (2) | US9682241B2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020093020A1 (en) * | 2018-11-02 | 2020-05-07 | Arizona Board Of Regents On Behalf Of The University Of Arizona | Runtime adaptive risk assessment and automated mitigation |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11723579B2 (en) | 2017-09-19 | 2023-08-15 | Neuroenhancement Lab, LLC | Method and apparatus for neuroenhancement |
US11717686B2 (en) | 2017-12-04 | 2023-08-08 | Neuroenhancement Lab, LLC | Method and apparatus for neuroenhancement to facilitate learning and performance |
US11478603B2 (en) | 2017-12-31 | 2022-10-25 | Neuroenhancement Lab, LLC | Method and apparatus for neuroenhancement to enhance emotional response |
US11364361B2 (en) | 2018-04-20 | 2022-06-21 | Neuroenhancement Lab, LLC | System and method for inducing sleep by transplanting mental states |
US11452839B2 (en) | 2018-09-14 | 2022-09-27 | Neuroenhancement Lab, LLC | System and method of improving sleep |
Family Cites Families (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7060031B2 (en) | 1999-12-17 | 2006-06-13 | Medtronic, Inc. | Method and apparatus for remotely programming implantable medical devices |
US20060189854A1 (en) | 1999-12-17 | 2006-08-24 | Medtronic, Inc. | Method and apparatus for remotely programming implantable medical devices |
US7198603B2 (en) | 2003-04-14 | 2007-04-03 | Remon Medical Technologies, Inc. | Apparatus and methods using acoustic telemetry for intrabody communications |
US7044911B2 (en) | 2001-06-29 | 2006-05-16 | Philometron, Inc. | Gateway platform for biological monitoring and delivery of therapeutic compounds |
US7127299B2 (en) | 2001-10-23 | 2006-10-24 | Medtronic, Inc. | Network communications arrangement for IMD programming units |
US20030144711A1 (en) | 2002-01-29 | 2003-07-31 | Neuropace, Inc. | Systems and methods for interacting with an implantable medical device |
US6957107B2 (en) | 2002-03-13 | 2005-10-18 | Cardionet, Inc. | Method and apparatus for monitoring and communicating with an implanted medical device |
US7164950B2 (en) | 2002-10-30 | 2007-01-16 | Pacesetter, Inc. | Implantable stimulation device with isolating system for minimizing magnetic induction |
US7065409B2 (en) | 2002-12-13 | 2006-06-20 | Cardiac Pacemakers, Inc. | Device communications of an implantable medical device and an external system |
US7233825B2 (en) | 2003-02-15 | 2007-06-19 | Medtronic, Inc. | Impedance measurement in implanted device |
US7231251B2 (en) | 2003-08-14 | 2007-06-12 | Cardiac Pacemakers, Inc. | EMI detection for implantable medical devices |
US20050101843A1 (en) | 2003-11-06 | 2005-05-12 | Welch Allyn, Inc. | Wireless disposable physiological sensor |
US7228182B2 (en) * | 2004-03-15 | 2007-06-05 | Cardiac Pacemakers, Inc. | Cryptographic authentication for telemetry with an implantable medical device |
EP1591943A3 (en) | 2004-04-30 | 2008-03-26 | BIOTRONIK CRM Patent AG | Sending and receiving device |
US20050251227A1 (en) | 2004-05-04 | 2005-11-10 | Cardiac Pacemakers, Inc. | Transferring software over a wireless radio frequency link onto external programmers for implantable medical devices |
US7801611B2 (en) | 2004-06-03 | 2010-09-21 | Cardiac Pacemakers, Inc. | System and method for providing communications between a physically secure programmer and an external device using a cellular network |
US7565197B2 (en) | 2004-06-18 | 2009-07-21 | Medtronic, Inc. | Conditional requirements for remote medical device programming |
US7225031B2 (en) | 2004-06-29 | 2007-05-29 | Hitachi Global Storage Technologies Netherlands, B.V. | Hard disk drive medical monitor with security encryption |
US7210966B2 (en) | 2004-07-12 | 2007-05-01 | Medtronic, Inc. | Multi-polar feedthrough array for analog communication with implantable medical device circuitry |
US7890180B2 (en) | 2004-08-09 | 2011-02-15 | Cardiac Pacemakers, Inc. | Secure remote access for an implantable medical device |
US8160705B2 (en) | 2005-02-23 | 2012-04-17 | Greatbatch Ltd | Shielded RF distance telemetry pin wiring for active implantable medical devices |
US20060212097A1 (en) | 2005-02-24 | 2006-09-21 | Vijay Varadan | Method and device for treatment of medical conditions and monitoring physical movements |
WO2007117302A2 (en) | 2005-11-11 | 2007-10-18 | Greatbatch Ltd. | Low loss band pass filter for rf distance telemetry pin antennas of active implantable medical devices |
US20070210923A1 (en) | 2005-12-09 | 2007-09-13 | Butler Timothy P | Multiple radio frequency network node rfid tag |
CA2641821C (en) | 2006-02-16 | 2017-10-10 | Imthera Medical, Inc. | An rfid-based apparatus, system, and method for therapeutic treatment of a patient |
US20090048644A1 (en) * | 2007-08-14 | 2009-02-19 | Stahmann Jeffrey E | System and method for providing intrabody data security on an active implantable medical device |
-
2008
- 2008-04-30 US US12/150,933 patent/US9682241B2/en not_active Expired - Fee Related
-
2017
- 2017-05-15 US US15/595,191 patent/US20170348536A1/en not_active Abandoned
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020093020A1 (en) * | 2018-11-02 | 2020-05-07 | Arizona Board Of Regents On Behalf Of The University Of Arizona | Runtime adaptive risk assessment and automated mitigation |
US20220035927A1 (en) * | 2018-11-02 | 2022-02-03 | Arizona Board of Regents on Behalf of th University of Arizona | Runtime Adaptive Risk Assessment and Automated Mitigation |
US11868479B2 (en) * | 2018-11-02 | 2024-01-09 | Arizona Board Of Regents On Behalf Of The University Of Arizona | Runtime adaptive risk assessment and automated mitigation |
Also Published As
Publication number | Publication date |
---|---|
US20090276011A1 (en) | 2009-11-05 |
US9682241B2 (en) | 2017-06-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20170348536A1 (en) | Intrusion resistant implantable medical device | |
US9999776B2 (en) | Secure operation of implanted device | |
Hassija et al. | Security issues in implantable medical devices: Fact or fiction? | |
US10135849B2 (en) | Securing medical devices through wireless monitoring and anomaly detection | |
Newaz et al. | A survey on security and privacy issues in modern healthcare systems: Attacks and defenses | |
US11950936B2 (en) | Methods and apparatuses for providing adverse condition notification with enhanced wireless communication range in analyte monitoring systems | |
Burleson et al. | Design challenges for secure implantable medical devices | |
Nausheen et al. | Healthcare IoT: Benefits, vulnerabilities and solutions | |
Zafar et al. | A systematic review of bio-cyber interface technologies and security issues for internet of bio-nano things | |
EP3897823B1 (en) | Implantable medical device with secure connection to an external instrument | |
US10722719B2 (en) | Vibration-based secure side channel for medical devices | |
Kintzlinger et al. | Keep an eye on your personal belongings! The security of personal medical devices and their ecosystems | |
Zhang et al. | Towards trustworthy medical devices and body area networks | |
US20220192552A1 (en) | Systems and methods for analyte detection | |
Sears Jr et al. | Psychological aspects of cardiac devices and recalls in patients with implantable cardioverter defibrillators | |
McGowan et al. | Medical internet of things: a survey of the current threat and vulnerability landscape | |
Astillo et al. | SMDAps: A specification-based misbehavior detection system for implantable devices in artificial pancreas system | |
Panda et al. | A secure insulin infusion system using verification monitors | |
Yan et al. | Semantic attacks on wireless medical devices | |
Usman et al. | Trust-based DoS mitigation technique for medical implants in Wireless Body Area Networks | |
Sears et al. | Enhancing patient care by estimation and discussion of risk for ICD shock | |
CA3139632A1 (en) | Sharing continuous glucose data and reports | |
Choi et al. | Energy‐Aware Key Exchange for Securing Implantable Medical Devices | |
Panda et al. | Securing Pacemakers using Runtime Monitors over Physiological Signals | |
Russo et al. | Remote monitoring of implantable cardiac monitors in patients with unexplained syncope: Predictors of false‐positive alert episodes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |