WO2019191222A1 - Secure device pairing - Google Patents

Secure device pairing Download PDF

Info

Publication number
WO2019191222A1
WO2019191222A1 PCT/US2019/024268 US2019024268W WO2019191222A1 WO 2019191222 A1 WO2019191222 A1 WO 2019191222A1 US 2019024268 W US2019024268 W US 2019024268W WO 2019191222 A1 WO2019191222 A1 WO 2019191222A1
Authority
WO
WIPO (PCT)
Prior art keywords
drug delivery
pen
pairing
data
communication
Prior art date
Application number
PCT/US2019/024268
Other languages
French (fr)
Inventor
Nathan Pletcher
Robert Wiser
Daniel Yeager
Fred Shungneng LEE
Andrew REUSCH
Original Assignee
Verily Life Sciences Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Verily Life Sciences Llc filed Critical Verily Life Sciences Llc
Publication of WO2019191222A1 publication Critical patent/WO2019191222A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61MDEVICES FOR INTRODUCING MEDIA INTO, OR ONTO, THE BODY; DEVICES FOR TRANSDUCING BODY MEDIA OR FOR TAKING MEDIA FROM THE BODY; DEVICES FOR PRODUCING OR ENDING SLEEP OR STUPOR
    • A61M5/00Devices for bringing media into the body in a subcutaneous, intra-vascular or intramuscular way; Accessories therefor, e.g. filling or cleaning devices, arm-rests
    • A61M5/178Syringes
    • A61M5/20Automatic syringes, e.g. with automatically actuated piston rod, with automatic needle injection, filling automatically
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0492Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • H04W12/0471Key exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/50Secure pairing of devices
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61MDEVICES FOR INTRODUCING MEDIA INTO, OR ONTO, THE BODY; DEVICES FOR TRANSDUCING BODY MEDIA OR FOR TAKING MEDIA FROM THE BODY; DEVICES FOR PRODUCING OR ENDING SLEEP OR STUPOR
    • A61M2205/00General characteristics of the apparatus
    • A61M2205/27General characteristics of the apparatus preventing use
    • A61M2205/276General characteristics of the apparatus preventing use preventing unwanted use
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61MDEVICES FOR INTRODUCING MEDIA INTO, OR ONTO, THE BODY; DEVICES FOR TRANSDUCING BODY MEDIA OR FOR TAKING MEDIA FROM THE BODY; DEVICES FOR PRODUCING OR ENDING SLEEP OR STUPOR
    • A61M2205/00General characteristics of the apparatus
    • A61M2205/33Controlling, regulating or measuring
    • A61M2205/3368Temperature
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61MDEVICES FOR INTRODUCING MEDIA INTO, OR ONTO, THE BODY; DEVICES FOR TRANSDUCING BODY MEDIA OR FOR TAKING MEDIA FROM THE BODY; DEVICES FOR PRODUCING OR ENDING SLEEP OR STUPOR
    • A61M2205/00General characteristics of the apparatus
    • A61M2205/35Communication
    • A61M2205/3546Range
    • A61M2205/3569Range sublocal, e.g. between console and disposable
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61MDEVICES FOR INTRODUCING MEDIA INTO, OR ONTO, THE BODY; DEVICES FOR TRANSDUCING BODY MEDIA OR FOR TAKING MEDIA FROM THE BODY; DEVICES FOR PRODUCING OR ENDING SLEEP OR STUPOR
    • A61M2205/00General characteristics of the apparatus
    • A61M2205/35Communication
    • A61M2205/3576Communication with non implanted data transmission devices, e.g. using external transmitter or receiver
    • A61M2205/3584Communication with non implanted data transmission devices, e.g. using external transmitter or receiver using modem, internet or bluetooth
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61MDEVICES FOR INTRODUCING MEDIA INTO, OR ONTO, THE BODY; DEVICES FOR TRANSDUCING BODY MEDIA OR FOR TAKING MEDIA FROM THE BODY; DEVICES FOR PRODUCING OR ENDING SLEEP OR STUPOR
    • A61M2205/00General characteristics of the apparatus
    • A61M2205/35Communication
    • A61M2205/3576Communication with non implanted data transmission devices, e.g. using external transmitter or receiver
    • A61M2205/3592Communication with non implanted data transmission devices, e.g. using external transmitter or receiver using telemetric means, e.g. radio or optical transmission
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61MDEVICES FOR INTRODUCING MEDIA INTO, OR ONTO, THE BODY; DEVICES FOR TRANSDUCING BODY MEDIA OR FOR TAKING MEDIA FROM THE BODY; DEVICES FOR PRODUCING OR ENDING SLEEP OR STUPOR
    • A61M2205/00General characteristics of the apparatus
    • A61M2205/60General characteristics of the apparatus with identification means
    • A61M2205/6009General characteristics of the apparatus with identification means for matching patient with his treatment, e.g. to improve transfusion security
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61MDEVICES FOR INTRODUCING MEDIA INTO, OR ONTO, THE BODY; DEVICES FOR TRANSDUCING BODY MEDIA OR FOR TAKING MEDIA FROM THE BODY; DEVICES FOR PRODUCING OR ENDING SLEEP OR STUPOR
    • A61M2205/00General characteristics of the apparatus
    • A61M2205/60General characteristics of the apparatus with identification means
    • A61M2205/6018General characteristics of the apparatus with identification means providing set-up signals for the apparatus configuration
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61MDEVICES FOR INTRODUCING MEDIA INTO, OR ONTO, THE BODY; DEVICES FOR TRANSDUCING BODY MEDIA OR FOR TAKING MEDIA FROM THE BODY; DEVICES FOR PRODUCING OR ENDING SLEEP OR STUPOR
    • A61M2205/00General characteristics of the apparatus
    • A61M2205/60General characteristics of the apparatus with identification means
    • A61M2205/6063Optical identification systems
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61MDEVICES FOR INTRODUCING MEDIA INTO, OR ONTO, THE BODY; DEVICES FOR TRANSDUCING BODY MEDIA OR FOR TAKING MEDIA FROM THE BODY; DEVICES FOR PRODUCING OR ENDING SLEEP OR STUPOR
    • A61M5/00Devices for bringing media into the body in a subcutaneous, intra-vascular or intramuscular way; Accessories therefor, e.g. filling or cleaning devices, arm-rests
    • A61M5/14Infusion devices, e.g. infusing by gravity; Blood infusion; Accessories therefor
    • A61M5/142Pressure infusion, e.g. using pumps
    • A61M5/14244Pressure infusion, e.g. using pumps adapted to be carried by the patient, e.g. portable on the body
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61MDEVICES FOR INTRODUCING MEDIA INTO, OR ONTO, THE BODY; DEVICES FOR TRANSDUCING BODY MEDIA OR FOR TAKING MEDIA FROM THE BODY; DEVICES FOR PRODUCING OR ENDING SLEEP OR STUPOR
    • A61M5/00Devices for bringing media into the body in a subcutaneous, intra-vascular or intramuscular way; Accessories therefor, e.g. filling or cleaning devices, arm-rests
    • A61M5/14Infusion devices, e.g. infusing by gravity; Blood infusion; Accessories therefor
    • A61M5/142Pressure infusion, e.g. using pumps
    • A61M5/14244Pressure infusion, e.g. using pumps adapted to be carried by the patient, e.g. portable on the body
    • A61M5/14248Pressure infusion, e.g. using pumps adapted to be carried by the patient, e.g. portable on the body of the skin patch type

Definitions

  • the securing pairing may be achieved using light transmission based pairing.
  • a drug delivery apparatus includes an elongated body having a drug delivery tip and a communication tip, wherein the communication tip includes at least one photodiode configured to receive data using light transmissions or receptions and a controller configured to: (1) control storage and transmission of medication dispensing data related to use of the drug delivery apparatus; (2) transmit or receive encryption information related to secure transmission of the medication dispensing data, and (3) transmit the medication dispensing data via a transmit-oniy Bluetooth interface.
  • a method of device pairing includes receiving, via an optical receiver of a first device, an optical signal from a second device, authenticating the second device using information from the optical signal, and transmitting, upon successful authentication, via a wireless transmitter, data stored in the first device to the second device.
  • a method of pairing a smartphone with a drug delivery device includes displaying, on an user interface, a pairing area of the screen, receiving an indication of contact in the pairing area, determining that the contact was made by a drug delivery device, communicated, using light modulation, with the drug delivery device, and forming, based on the communicating, a secure pairing with the drug delivery device.
  • FIG. 1 shows an example of a medication dispensing device.
  • FIG. 2 shows an example of user Interface used during the process of pairing a medication dispensing device with a mobile device.
  • FIG. 3 is a flowchart of an example method of securely pairing a medication dispensing device with a controller device.
  • FIG. 4 is a block diagram of an example of a hardware platform.
  • FIG. 5 is a flowchart of an example method of secure device pairing
  • Bluetooth is one such wireless communication technology. Bluetooth also offers a low energy mode (BLE) in which short range wireless communication is possible (e.g , within a few meters) using power that is lower than conventional Bluetooth techniques.
  • BLE low energy mode
  • a medication dispensing pen may be operated in a“transmit only” mode. This mode of operation saves electronics and power consumption that may be used for data reception capability
  • TX-oniy BLE pairing with a medication dispensing pen does not have a method to feed information back to the pen in a low power manner. Without this feedback, there is a risk that the data is never captured by the smartphone device due to the lack of acknowledgement.
  • Backfill packet design is currently the data transfer choice, and does well for sparse data, but the pen could carry larger data payloads, especially if data during insulin storage for 2 years (storage mode data, such as temperature, light exposure, other) is to be transmitted as well.
  • TX/RX BLE could be Implemented, but carries a prohibitive power penalty.
  • Some embodiments may provide a reliable feedback path (ACK) from smartphone to pen (the pen only has a TX only BLE beacon). This reliable feedback path may enable:
  • [0022] 1b. may provide confirmation of storage mode data reception by the smartphone.
  • Some embodiments may include the ability to share an encryption key from smartphone to the pen.
  • the securing pairing may allow for Diffie-Hellman encryption without the use of a QR code.
  • the pairing and mode switching may be performed via a "one touch" action. Such a simplified use is typically considered extremely user friendly.
  • the medication dispensing pen may be designed like a dicker that is often elongated and tapering like a pen and has a button-like one end that can be operated by a user finger press or click.
  • a touch sensitive ring and a photodiode transceiver on an end of button to facilitate user interaction and communication.
  • the photodiode may be covered with a material that allows for visible light transmission. This material may be fully transparent or may have optical filtering properties that pass light of certain wavelengths and filter out remaining light to enable robust, low error communication.
  • the pen also be designed such that the sidewalls are made of opaque material, to block out ambient light, such that only the flat button end has the translucent material.
  • FIG. 1 illustrates an example of a medication dispensing device 100.
  • the device 100 may include a dispensing end 106, coupled to a container 104 and at a tip of the container 104, there may be a button 102.
  • An example fop view 116 of the button 102 shows additional details of the embodiment depicted for device 100.
  • the top surface of the button 102 may include one or more photodiodes (PD) 112 and one or more light emitting diodes (LEDs) 114.
  • the LEDs may have the ability to emit different colors, thereby making it easier for a user to see the pairing status of the device 100.
  • the LED may be lit in red color when the device 100 is not paired, and in green color when the device 100 is paired.
  • a receiving photodiode (RX PD) 112 may be used for receiving optical communication signals.
  • the RX PD may also include the ability to generate power from solar energy or from the light emitted by the display of a phone in proximity of the phone. This power may be used to sustain the operation of the LEDs and other electronics of the device 100.
  • photodiode 112 is used to receive information from the cellular phone, and uses the TX only BLE (not explicitly shown in FIG. 1) to transmit data back to the phone and complete the communication loop.
  • TX only BLE not explicitly shown in FIG. 1
  • information can be passed from pen to phone (via TX only BLE) and phone to pen (via light from the screen onto the photodiode in the pen) to authenticate such as to create a shared key (e.g., using Diffie Fieilman procedure).
  • the ability to receive and transmit signals using optical communication may be used during manufacturing.
  • code may be downloaded by optically communicating to the device 100.
  • the device 100 may transmit quality data, operational conditions and other diagnostics information, using the optical communication.
  • an LED in the factory may be programmed to transmit optical signals (e.g., photonic communication) to the photodiode and thereby program the pen for use
  • the cap may include a transparent cover 108 that protects the photodiodes 112 and LED 114 from wear and tear and weather elements.
  • a transparent cover 108 that protects the photodiodes 112 and LED 114 from wear and tear and weather elements.
  • any material that allows light based communication to pass through the material may be used as the cover 108.
  • a touch sensitive rubber material or opaque plastic material may act as sheath
  • the encasing sheath 110 encasing the button 102, as may be visible in the top view 116.
  • any material that blocks out ambient light may be used as the encasing sheath 110.
  • the encasing, or sidewalls, is made of opaque material to block out ambient light, such that only the flat button end has the translucent material
  • the medical dispensing device 100 may include the following features:
  • a low power state machine that governs storage mode data sampling.
  • the state machine may be able to receive an interrupt from the photodiode transceiver circuit.
  • the interrupt may trigger the state machine to:
  • B2. Deliver data packets, including payload, to the smartphone via a wireless interface such as a BLE interface.
  • This interface may be operated in a transmit-only manner.
  • optical communication may be used for data transmission via the photodiode.
  • B3. Receive an acknowledgement that the data has been received from the smartphone.
  • the reception may be based on optical communication reception.
  • the operation starts when the user opens the apparatus, or a pen, for use.
  • the apparatus may respond to sudden movement by the user or simply a user’s skin pressing on the apparatus, such as would be experienced by the pen when a user holds and picks up the pen.
  • a touch sensitive pen button tells smartphone to try, and that connection is maintained throughout communications
  • a PD receiver circuitry (RX) on the pen receives digital authentication data such as a key through smartphone screen blinks.
  • a smartphone listens on BLE from the pen to pair and receive storage data.
  • a disconnection indication of the pen from the touchscreen tells app to automatically move on to normal operating mode.
  • the disconnection may be made by physically removing the contact between the pen and the smartphone or by closing the app on smartphone.
  • D1 A user will open a pen smartphone app that will automatically turn on BLE in the phone, and temporarily raise the display brightness of the phone to perform data transfer.
  • the pen in one more of operation, the pen may transfer stored data about medication usage to the smartphone.
  • the smartphone may send, and the pen may receive, an acknowledgement of payload transfer
  • D3c perform secure key transfer and link between smartphone and pen
  • User actions when beginning to use a pen may include:
  • an additional QR scan may also be included in this workflow. This QR scan may be used to securely pair the pen with the smartphone.
  • An example workflow may be as follows:
  • mode 1 No ack is sent back to the pen if BLE is TX only.
  • mode 2 A combination of sleep + active modes is used and data is sent all the time.
  • the phone may, optionally, provide a visual indication on display so that a user knows that data sync has been completed.
  • a workflow in which pairing of Bluetooth transceivers is performed may be as follows:
  • F1 Open cellphone app.
  • F2 User takes QR code through app & camera
  • F3 Pen listens for request from cellphone at a slow RX sleep pairing rate
  • F4 Phone receives and syncs data from pen with TX/RX ACK over BLE
  • F5 The pen transitions from sleep to active mode with TX/RX communications over BLE.
  • G1 User opens a cellphone app
  • G2 User places pen button that is“touch compatible” (can actuate touchscreen sensor) w/optically transparent PD over top of button that would read from the cellphone display in the marked screen region (target location for pen button placement).
  • G3 A touch by the pen causes the pen to register
  • G4 A coded light sequence will proceed to send code to pen.
  • G5 BLE beacon can be manually triggered by phone to increase pairing speed and reliability
  • Some embodiments may thus provide a very robust channel of communication by which historical data upload may be performed via the BLE interface and w/ACK from PD.
  • the touch-based pairing also may be used to transition a pen from sleep to normal mode.
  • a 2-factor authentication may be performed using phone.
  • Multiple types of communication touch to signal connection made, light for phone->pen, BLE beacon for pen -> phone) may also make the communication secure.
  • easy factory programming may be achieved.
  • the programming can be done after full assembly without requiring physical connection.
  • a transmitting LED may be placed next to PD for 100% light-based communication in the factory (see, e.g., FIG. 2, LED 114).
  • All pens may be programmed with a device-specific digital key such as an AES key.
  • a pen During use, a pen advertises its Serial #, g A y + AES-HMAC over BLE.
  • Short-term key derivation may be performed as follows. In some
  • a Galois Counter Mode with an initial random seed may be used.
  • the key may be rotated on scheduled dictated by phone. This allows for mitigations against AES attacks.
  • the pen may confirm with an additional BLE advertisement that includes: Short term key + nonce + key-rotation info. This information may be encrypted with a Long-Term Key Once a short-term key is derived, future traffic uses newly-derived short-term key.
  • a pen could try to periodically flash an encoding on the TX LED that gets reflected to the RX PD. By doing so, the pen makes sure that the encryption keys expected to be used for transmission are in fact being used.
  • the phone’s data packet could be much shorter than the encoding and also transmitted periodically such that the screen would be idle long enough for pen to read the encoding.
  • the link is considered secure when pen can read its own encoding.
  • a factory creates a random encryption key that is constructed from two parts, A and B.
  • Half of the key, A is printed on the packaging of the pen.
  • the other half, B is accessible over PD-link.
  • the actual key could be the XOR of A and B, or some other scheme.
  • a user may open cellphone app, scan the QR in packaging (A), and scan Pen with PD link (B), and derive the Encryption key in the phone app with the two parts, A and B.
  • a pen may also be configured to periodically sample and record ambient external temperature. This information may be used to ensure that the medication being dispensed (e.g., insulin) is safe and has not been exposed to excessive temperatures.
  • medication being dispensed e.g., insulin
  • the temperature sampling may be made adaptive to temperature range. For example, at lower temperatures in a safe range, temperature sampling may be performed at a low rate (e.g., once a minute or once every ten minutes). When external temperature is higher (e.g., 100 degree F or higher), then temperature sampling may be performed at a higher sampling rate (e.g., once every 10 seconds). In some embodiments, to save memory, only temperature readings that are outside a range may be stored in memory.
  • a drug delivery apparatus (e.g., as depicted in FIG. 1) includes an elongated body (e.g., 104) having a drug delivery tip (e.g., 106) and a communication tip (e.g., 102), wherein the communication tip includes at least one photodiode configured to communicate data using light transmissions or receptions.
  • the drug delivery apparatus includes a controller configured to: (1) control storage and transmission of medication dispensing data related to use of the drug delivery apparatus; (2) receive encryption information related to secure transmission of the medication dispensing data, and (3) transmit the medication dispensing data via a transmit-only Bluetooth interface.
  • a processor, a field programmable gate array (FPGA) or an application specific integrated circuit (ASIC) may perform the function of the controller.
  • the controller may be located generally anywhere in the drug delivery apparatus. However, it may be advantageous to locate the controller closer to the communication tip so that the controller may share a same power source (e.g., battery) with the communication tip LED and circuitry.
  • the communication tip may further include an LED that is configured to emit light of different colors depending on an operational state or status of the drug delivery apparatus
  • a transparent protective surface may cover the communication tip to protect the LED and medication and at the same time allowing light to pass through.
  • a power on/off mechanism such as an on/off switch that may be pressure triggered or movement triggered may be provided on the drug delivery b apparatus to enable turning off or on of the LED by a user.
  • a method 300 of pairing a smartphone with a drug delivery device includes the steps of displaying (302), on an user interface, a pairing area of the screen, receiving (304) an indication of contact in the pairing area, determining (306) that the contact was made by a drug delivery device, communicated0 (308), using light modulation, with the drug delivery device, and thereby forming (310) a secure pairing with the drug delivery device.
  • communicating using light modulation may include the smartphone using variations in screen color or brightness for communicating the information.
  • the secure pairing may be formed by performing a full duplex partial key exchange to establish a shared secret key with the drug delivery device.
  • FIG. 4 depicts an example apparatus 400 that make be used for receiving or transmitting medication dispensing data and may be fitted within the pen or smartphone.
  • the apparatus 400 includes control processor electronics 402 that may implement the controller function.
  • the apparatus 400 may include memory 404 that may be used to store medication0 dispensing data and instructions for implementing the techniques described in the present document.
  • the apparatus 400 may include communication electronics 406 such as BLE or photodiode transceiver electronics.
  • FIG. 5 depicts a flowchart of a method 500 of secure device pairing.
  • the method 500 includes receiving (502), via an optical receiver of a first device, an optical signal from a5 second device, authenticating (504) the second device using information from the optical signal, and transmitting (506), upon successful authentication, via a wireless transmitter, data stored in the first device to the second device. No data transfer may be performed when authentication fails.
  • the method 500 may use the pen embodiments disclosed herein for making contact between the first and second devices and for performing optical and wireless0 communication.
  • the secure pairing may include exchanging encryption information such as Diffie Hillman keys or partial keys using G codes.
  • the method 300 may be implemented using a smartphone application that is designed to run on a smartphone.
  • the method 300 may be embodied in the form of a computer readable medium that stores program code.
  • the program code when executed, may cause a smartphone processor to implement the method 300.
  • the method 500 may be implemented by a drug delivery device, e.g , as described with respect to FIG. 1.
  • the method 500 may be implemented to protect medical information data stored on the drug delivery device.
  • the method 500 may be embodied in the form of a computer-readable program medium that
  • 5 stores program code for implementing the method 500 using a processor or a controller in the drug delivery device.
  • NFC near-field communication
  • the antenna design, RF connectivity and coexistence with BLE, and self0 powering may be addressed through design and placement of the transceiver electronics.
  • An optical transceiver is a non-interfering and different mode of communication that will not interfere with BLE, makes hacking harder because of physical proximity need and also because signals transmitted via optical link and via wireless link may have to be
  • the pen may have to be placed on the back of the5 phone and not the display end, which could make Ul more complicated.
  • the pen may have to be placed on the back of the5 phone and not the display end, which could make Ul more complicated.
  • the present document discloses several device designs and operations for pairing a medication dispensing device with a data receiver such as a smartphone equipped with an app.
  • a securing pairing that uses optical communication, physical contact and a second, different, wireless communication channel (using electromagnetic waves in the MHz to GHz range) is possible for transmission of medication5 dispensing data and for controlling operation of the medication dispensing device.
  • Embodiments may also be described with reference to particular system configurations and networks. However, those skilled in the art will recognize that the features described herein are equally applicable to other system configurations, network types, etc. Moreover, the technology can be embodied as special-purpose hardware (e.g.,0 circuitry), programmable circuitry appropriately programmed with software and/or firmware, or as a combination of special-purpose and programmable circuitry. Accordingly, embodiments may include a machine-readable medium having instructions that may be used to program a computing device to perform the methods described herein.
  • special-purpose hardware e.g.,0 circuitry
  • programmable circuitry appropriately programmed with software and/or firmware
  • embodiments may include a machine-readable medium having instructions that may be used to program a computing device to perform the methods described herein.
  • references in this description to“an embodiment” or“one embodiment” means b that the particular feature, function, structure, or characteristic being described is included in at least one embodiment. Occurrences of such phrases do not necessarily refer to the same embodiment, nor are they necessarily referring to alternative embodiments that are mutually exclusive of one another
  • the words“comprise” and “comprising” are to be construed in an inclusive sense rather than an exclusive or exhaustive sense (i.e., in the sense of“including but not limited to”).
  • the terms“connected,”“coupled,” or any variant thereof is intended to include any connection or coupling, either direct or indirect, between two or more elements.
  • the coupling/connection can be physical, logical, or a combination thereof.
  • two devices may be communicatively coupled to one another despite not sharing a physical connection.
  • programmable circuitry e g., one or more microprocessors
  • software and/or firmware special-purpose hardwired (i.e., non-programmable) circuitry, or a combination of such forms.
  • Special-purpose circuitry can be in the form of one or more application-specific integrated circuits (ASICs), programmable logic devices (PLDs), field-programmable gate arrays (FPGAs), etc.
  • ASICs application-specific integrated circuits
  • PLDs programmable logic devices
  • FPGAs field-programmable gate arrays

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Public Health (AREA)
  • Veterinary Medicine (AREA)
  • Animal Behavior & Ethology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Hematology (AREA)
  • Heart & Thoracic Surgery (AREA)
  • Anesthesiology (AREA)
  • Vascular Medicine (AREA)
  • Infusion, Injection, And Reservoir Apparatuses (AREA)

Abstract

A drug delivery apparatus includes an elongated body having a drug delivery tip and a communication tip, wherein the communication tip includes at least one photodiode configured to receive data using light transmissions or receptions, and a controller configured to: (1) control storage and transmission of medication dispensing data related to use of the drug delivery apparatus; (2) transmit or receive encryption information related to secure transmission of the medication dispensing data, and (3) transmit the medication dispensing data via a transmit-only Bluetooth interface.

Description

SECURE DEVICE PAIRING
PRIORITY CLAIIV!
[0001] The present patent document claims the benefit of priority of U.S. Provisional Patent Application Serial No. 62/650,784, titled“Secure Device Pairing,” filed on March 30, 2018. The entire contents of this patent application are incorporated by reference in the present patent document.
TECHNICAL FIELD
[0002] Various embodiments concern techniques for securely pairing medical devices to operate with each other.
BACKGROUND
[0003] With the advent of new communication and computing technologies, today’s healthcare uses a variety of electronic equipment for diagnosis, treatment and for administering medications.
SUNliViARY
[0004] Various techniques for secure pairing of medical devices are disclosed. In one example embodiment, the securing pairing may be achieved using light transmission based pairing.
[0005] In one example aspect, a drug delivery apparatus is disclosed. The apparatus includes an elongated body having a drug delivery tip and a communication tip, wherein the communication tip includes at least one photodiode configured to receive data using light transmissions or receptions and a controller configured to: (1) control storage and transmission of medication dispensing data related to use of the drug delivery apparatus; (2) transmit or receive encryption information related to secure transmission of the medication dispensing data, and (3) transmit the medication dispensing data via a transmit-oniy Bluetooth interface.
[0006] In another example aspect, a method of device pairing is disclosed. The method includes receiving, via an optical receiver of a first device, an optical signal from a second device, authenticating the second device using information from the optical signal, and transmitting, upon successful authentication, via a wireless transmitter, data stored in the first device to the second device.
[0007] In another example aspect, a method of pairing a smartphone with a drug delivery device is disclosed. The method includes displaying, on an user interface, a pairing area of the screen, receiving an indication of contact in the pairing area, determining that the contact was made by a drug delivery device, communicated, using light modulation, with the drug delivery device, and forming, based on the communicating, a secure pairing with the drug delivery device.
[0008] These, and other aspects, are described in greater details in the present document.
BRIEF DESCRIPTION OF THE DRAWINGS
[0009] Various features and characteristics of the technology will become more apparent to those skilled in the art from a study of the Detailed Description in conjunction with the drawings. Embodiments of the technology are illustrated by way of example and not limitation in the drawings, in which like references indicate similar elements.
[0010] FIG. 1 shows an example of a medication dispensing device.
[0011] FIG. 2 shows an example of user Interface used during the process of pairing a medication dispensing device with a mobile device.
[0012] FIG. 3 is a flowchart of an example method of securely pairing a medication dispensing device with a controller device.
[0013] FIG. 4 is a block diagram of an example of a hardware platform.
[0014] FIG. 5 is a flowchart of an example method of secure device pairing
[0015] The drawings depict various embodiments for the purpose of illustration only. Those skilled in the art will recognize that alternative embodiments may be employed without departing from the principles of the technology. Accordingly, while specific embodiments are shown in the drawings, the technology is amenable to various modifications.
DETAILED DESCRIPTION
[0016] In recent years, medication dispensing using a dispenser shaped like a pen has become popular. Users often find the pen-shaped dispenser easy to carry and operate.
[0017] With the advent of low power, low cost wireless communication technology, it is possible to make such pen-shaped medication dispensers more versatile, secure, and easier to use. Bluetooth is one such wireless communication technology. Bluetooth also offers a low energy mode (BLE) in which short range wireless communication is possible (e.g , within a few meters) using power that is lower than conventional Bluetooth techniques.
Furthermore, to reduce power consumption and increase operational life of a battery, a medication dispensing pen may be operated in a“transmit only” mode. This mode of operation saves electronics and power consumption that may be used for data reception capability
[0018] Currently, a TX-oniy BLE pairing with a medication dispensing pen (sometimes simply called“pen” in this document) does not have a method to feed information back to the pen in a low power manner. Without this feedback, there is a risk that the data is never captured by the smartphone device due to the lack of acknowledgement. Backfill packet design is currently the data transfer choice, and does well for sparse data, but the pen could carry larger data payloads, especially if data during insulin storage for 2 years (storage mode data, such as temperature, light exposure, other) is to be transmitted as well. TX/RX BLE could be Implemented, but carries a prohibitive power penalty.
[0019] The solutions disclosed in the present document can be used to implement embodiments that provide some of the following operational advantages:
[0020] 1. Some embodiments may provide a reliable feedback path (ACK) from smartphone to pen (the pen only has a TX only BLE beacon). This reliable feedback path may enable:
[0021] 1a. a reliable state transition of the pen (e.g., from storage mode to operational mode), and
[0022] 1b. may provide confirmation of storage mode data reception by the smartphone.
[0023] 2. Simplified security: Some embodiments may include the ability to share an encryption key from smartphone to the pen. For example, the securing pairing may allow for Diffie-Hellman encryption without the use of a QR code.
[0024] 3. Simplicity in user interface (UX): In some embodiments, the pairing and mode switching may be performed via a "one touch" action. Such a simplified use is typically considered extremely user friendly.
[0025] 4. Simplified production workflow: A simple wireless/non-electrieal contact protocol to test each pen during production could be implemented. This protocol may greatly reduce test complexity.
[0026] This is ail possible by adding a light-based photodiode / LED transceiver on the end of the pen button.
[0027] Example pen embodiments
[0028] In some embodiments, the medication dispensing pen may be designed like a dicker that is often elongated and tapering like a pen and has a button-like one end that can be operated by a user finger press or click. In some embodiments, a touch sensitive ring and a photodiode transceiver on an end of button to facilitate user interaction and communication. The photodiode may be covered with a material that allows for visible light transmission. This material may be fully transparent or may have optical filtering properties that pass light of certain wavelengths and filter out remaining light to enable robust, low error communication. In some embodiments, the pen also be designed such that the sidewalls are made of opaque material, to block out ambient light, such that only the flat button end has the translucent material.
[0029] FIG. 1 illustrates an example of a medication dispensing device 100. The device 100 may include a dispensing end 106, coupled to a container 104 and at a tip of the container 104, there may be a button 102.
[0030] An example fop view 116 of the button 102 shows additional details of the embodiment depicted for device 100. The top surface of the button 102 may include one or more photodiodes (PD) 112 and one or more light emitting diodes (LEDs) 114. in some embodiments, the LEDs may have the ability to emit different colors, thereby making it easier for a user to see the pairing status of the device 100. For example, the LED may be lit in red color when the device 100 is not paired, and in green color when the device 100 is paired. In some embodiments, a receiving photodiode (RX PD) 112 may be used for receiving optical communication signals. The RX PD may also include the ability to generate power from solar energy or from the light emitted by the display of a phone in proximity of the phone. This power may be used to sustain the operation of the LEDs and other electronics of the device 100.
[0031] As further described in this document, when used in pairing mode, the
photodiode 112 is used to receive information from the cellular phone, and uses the TX only BLE (not explicitly shown in FIG. 1) to transmit data back to the phone and complete the communication loop. During this initialization and loop completion, information can be passed from pen to phone (via TX only BLE) and phone to pen (via light from the screen onto the photodiode in the pen) to authenticate such as to create a shared key (e.g., using Diffie Fieilman procedure).
[0032] In some embodiments, the ability to receive and transmit signals using optical communication may be used during manufacturing. For example, code may be downloaded by optically communicating to the device 100. For example, the device 100 may transmit quality data, operational conditions and other diagnostics information, using the optical communication. During manufacturing and initial programming of the pen, an LED in the factory may be programmed to transmit optical signals (e.g., photonic communication) to the photodiode and thereby program the pen for use
[0033] The cap may include a transparent cover 108 that protects the photodiodes 112 and LED 114 from wear and tear and weather elements. In general, any material that allows light based communication to pass through the material may be used as the cover 108.
[0034] A touch sensitive rubber material or opaque plastic material may act as sheath
110 encasing the button 102, as may be visible in the top view 116. in general, any material that blocks out ambient light, may be used as the encasing sheath 110. The encasing, or sidewalls, is made of opaque material to block out ambient light, such that only the flat button end has the translucent material
[0035] The medical dispensing device 100 may include the following features:
[0036] A1. A low power photodiode / LED transceiver circuit with that utilizes light as it power source.
[0037] A2. A low power state machine that governs storage mode data sampling. The state machine may be able to receive an interrupt from the photodiode transceiver circuit. The interrupt may trigger the state machine to:
[0038] B1. Switch from storage mode to data collection.
[0039] B2. Deliver data packets, including payload, to the smartphone via a wireless interface such as a BLE interface. This interface may be operated in a transmit-only manner. Alternatively, or additionally, optical communication may be used for data transmission via the photodiode.
[0040] B3. Receive an acknowledgement that the data has been received from the smartphone. The reception may be based on optical communication reception.
[0041] B4. Switch to normal mode data collection and BLE backfill mode after activation and acknowledgement of Step B3.
[0042] Examples of operational flows
[0043] In some embodiments, the operation starts when the user opens the apparatus, or a pen, for use. Alternatively, or in addition, the apparatus may respond to sudden movement by the user or simply a user’s skin pressing on the apparatus, such as would be experienced by the pen when a user holds and picks up the pen.
[0044] C1. A touch sensitive pen button tells smartphone to try, and that connection is maintained throughout communications
[0045] C2. A PD receiver circuitry (RX) on the pen receives digital authentication data such as a key through smartphone screen blinks.
[0046] C3. A smartphone listens on BLE from the pen to pair and receive storage data.
[0047] C4. A disconnection indication of the pen from the touchscreen tells app to automatically move on to normal operating mode. The disconnection may be made by physically removing the contact between the pen and the smartphone or by closing the app on smartphone.
[0048] Another example method
[0049] In another example operation flow, the following operations may be performed. This example is further depicted using the example user interface 200.
[0050] D1. A user will open a pen smartphone app that will automatically turn on BLE in the phone, and temporarily raise the display brightness of the phone to perform data transfer.
[0051] D2. On the smartphone app display (202), there will be a glowing white circle
(204) that is the same diameter as the pen button, and text that will say "please place pen here."
[0052] D3. when the pen's optically transparent button is placed on the white circle (as depicted in 206), the photodiode circuit will automatically power up due to the light, and the phone will be able to transmit commands to the pen via Light pulses, and listen to the pen response via BLE. Once full duplex communication between the pen and smartphone has been established, the smartphone can begin the following actions:
[0053] D3a. in one more of operation, the pen may transfer stored data about medication usage to the smartphone.
[0054] D3b. The smartphone may send, and the pen may receive, an acknowledgement of payload transfer
[0055] D3c. perform secure key transfer and link between smartphone and pen
[0056] D3d. communicating to the pen to switch from storage mode to normal mode operation
[0057] User actions when beginning to use a pen may include:
[0058] 1. open the pen from the box & throw away box. Unlike some prior art pens, a user does not need to track and save a QR code with the pen.
[0059] 2. open the smartphone app.
[0060] 3. place the pen on the smartphone app to make optical contact.
[0061] In some embodiments, for added security, an additional QR scan may also be included in this workflow. This QR scan may be used to securely pair the pen with the smartphone.
[0062] Example of pen pairing using BLE TX-only configuration
[0063] An example workflow may be as follows:
[0064] E1. User opens a cellphone application. [0065] E2. User takes a picture of the GR code through app & camera to pass security code to phone, gets true security code (with more phone-level authentication) from cloud.
[0066] E3. Phone listens for BLE beacon. The time taken may be proportional to the periodicity of beacons used.
[0067] E4. Phone receive and syncs data from pen using:
[0068] mode 1 : No ack is sent back to the pen if BLE is TX only.
[0069] mode 2: A combination of sleep + active modes is used and data is sent all the time.
[0070] The phone may, optionally, provide a visual indication on display so that a user knows that data sync has been completed.
[0071] An example of BLE TX/RX Pairing
[0072] A workflow in which pairing of Bluetooth transceivers is performed may be as follows:
[0073] F1 : Open cellphone app.
[0074] F2: User takes QR code through app & camera
[0075] F3: Pen listens for request from cellphone at a slow RX sleep pairing rate
[0076] F4: Phone receives and syncs data from pen with TX/RX ACK over BLE
[0077] F5: The pen transitions from sleep to active mode with TX/RX communications over BLE.
[0078] An example of One Touch pairing with BLE TX-on!y and photodiode (PD) [0079] In some examples, the pairing between a pen and a smartphone app may be performed as follows:
[0080] G1 : User opens a cellphone app
[0081] G2: User places pen button that is“touch compatible” (can actuate touchscreen sensor) w/optically transparent PD over top of button that would read from the cellphone display in the marked screen region (target location for pen button placement).
[0082] G3: A touch by the pen causes the pen to register
[0083] G4: A coded light sequence will proceed to send code to pen.
[0084] G5: BLE beacon can be manually triggered by phone to increase pairing speed and reliability
[0085] Using this configuration, it may be possible to receive and sync data from pen with TX/'RX ACK over PD.
[0086] Some embodiments may thus provide a very robust channel of communication by which historical data upload may be performed via the BLE interface and w/ACK from PD.
[0087] The touch-based pairing also may be used to transition a pen from sleep to normal mode.
[0088] To further increase security of communication, a 2-factor authentication may be performed using phone. Multiple types of communication (touch to signal connection made, light for phone->pen, BLE beacon for pen -> phone) may also make the communication secure.
[0089] In some embodiments, easy factory programming may be achieved. The programming can be done after full assembly without requiring physical connection. For example a transmitting LED may be placed next to PD for 100% light-based communication in the factory (see, e.g., FIG. 2, LED 114).
[0090] An example of secure communication - Diffie-Hellman over PD-link
[0091] All pens may be programmed with a device-specific digital key such as an AES key.
[0092] During use, a pen advertises its Serial #, gAy + AES-HMAC over BLE.
[0093] Phone sends gAx + nonce + key-rotation info + AES-HMAC using PD-link.
[0094] Long-term key derivation: gAxy -> PBKDF (password based key derivation function). The L function represents the exponential function.
[0095] Short-term key derivation may be performed as follows. In some
implementations, a Galois Counter Mode with an initial random seed may be used. The key may be rotated on scheduled dictated by phone. This allows for mitigations against AES attacks.
[0096] The pen may confirm with an additional BLE advertisement that includes: Short term key + nonce + key-rotation info. This information may be encrypted with a Long-Term Key Once a short-term key is derived, future traffic uses newly-derived short-term key.
[0097] For additional link protection, a pen could try to periodically flash an encoding on the TX LED that gets reflected to the RX PD. By doing so, the pen makes sure that the encryption keys expected to be used for transmission are in fact being used.
[0098] In use, the phone’s data packet could be much shorter than the encoding and also transmitted periodically such that the screen would be idle long enough for pen to read the encoding. The link is considered secure when pen can read its own encoding.
[0099] Examples of Two touch, no-cloud pairing with BLE TX-on!y
[00100] In some embodiments, a factory creates a random encryption key that is constructed from two parts, A and B. Half of the key, A, is printed on the packaging of the pen. The other half, B, is accessible over PD-link. The actual key could be the XOR of A and B, or some other scheme. During operation, a user may open cellphone app, scan the QR in packaging (A), and scan Pen with PD link (B), and derive the Encryption key in the phone app with the two parts, A and B.
[00101] Example pen functionalities
[00102] A pen may also be configured to periodically sample and record ambient external temperature. This information may be used to ensure that the medication being dispensed (e.g., insulin) is safe and has not been exposed to excessive temperatures.
[00103] The temperature sampling may be made adaptive to temperature range. For example, at lower temperatures in a safe range, temperature sampling may be performed at a low rate (e.g., once a minute or once every ten minutes). When external temperature is higher (e.g., 100 degree F or higher), then temperature sampling may be performed at a higher sampling rate (e.g., once every 10 seconds). In some embodiments, to save memory, only temperature readings that are outside a range may be stored in memory.
[00104] Examples of benefits achieved by implementations
[00105] During test in the assembly line, by allowing a non-contact TX/RX communication method for programming the pen, wearing out of electrical contacts on the tester can be avoided. At the same time, due to RX capability, the limitations of testing a TX-oniy, device are overcome. For a TX-only pen device, it would be more difficult to do final test after the entire device has been manufactured. For example, such a device would entail finding a way to physically connect cables to the pen to do full electrical test after manufacturing.
Such availability of electrical contact may therefore make waterproofing challenging and expensive. By allowing a completely sealed button to still be testable is advantageous for operation and for cost reduction in the manufacturing process.
[00106] In some embodiments, a drug delivery apparatus (e.g., as depicted in FIG. 1) includes an elongated body (e.g., 104) having a drug delivery tip (e.g., 106) and a communication tip (e.g., 102), wherein the communication tip includes at least one photodiode configured to communicate data using light transmissions or receptions. The drug delivery apparatus includes a controller configured to: (1) control storage and transmission of medication dispensing data related to use of the drug delivery apparatus; (2) receive encryption information related to secure transmission of the medication dispensing data, and (3) transmit the medication dispensing data via a transmit-only Bluetooth interface. A processor, a field programmable gate array (FPGA) or an application specific integrated circuit (ASIC) may perform the function of the controller. The controller may be located generally anywhere in the drug delivery apparatus. However, it may be advantageous to locate the controller closer to the communication tip so that the controller may share a same power source (e.g., battery) with the communication tip LED and circuitry.
[00107] As described with respect to FIG. 1 , in some embodiments, the communication tip may further include an LED that is configured to emit light of different colors depending on an operational state or status of the drug delivery apparatus A transparent protective surface may cover the communication tip to protect the LED and medication and at the same time allowing light to pass through. A power on/off mechanism such as an on/off switch that may be pressure triggered or movement triggered may be provided on the drug delivery b apparatus to enable turning off or on of the LED by a user.
[00108] As depicted in an example flowchart of FIG. 3, a method 300 of pairing a smartphone with a drug delivery device includes the steps of displaying (302), on an user interface, a pairing area of the screen, receiving (304) an indication of contact in the pairing area, determining (306) that the contact was made by a drug delivery device, communicated0 (308), using light modulation, with the drug delivery device, and thereby forming (310) a secure pairing with the drug delivery device. In some embodiments, the step of
communicating using light modulation may include the smartphone using variations in screen color or brightness for communicating the information. As described in this document, the secure pairing may be formed by performing a full duplex partial key exchange to establish a shared secret key with the drug delivery device.
[00109] FIG. 4 depicts an example apparatus 400 that make be used for receiving or transmitting medication dispensing data and may be fitted within the pen or smartphone. The apparatus 400 includes control processor electronics 402 that may implement the controller function. The apparatus 400 may include memory 404 that may be used to store medication0 dispensing data and instructions for implementing the techniques described in the present document. The apparatus 400 may include communication electronics 406 such as BLE or photodiode transceiver electronics.
[00110] FIG. 5 depicts a flowchart of a method 500 of secure device pairing. The method 500 includes receiving (502), via an optical receiver of a first device, an optical signal from a5 second device, authenticating (504) the second device using information from the optical signal, and transmitting (506), upon successful authentication, via a wireless transmitter, data stored in the first device to the second device. No data transfer may be performed when authentication fails. The method 500 may use the pen embodiments disclosed herein for making contact between the first and second devices and for performing optical and wireless0 communication. As described in the present document, the secure pairing may include exchanging encryption information such as Diffie Hillman keys or partial keys using G codes.
[00111] In some embodiments, the method 300 may be implemented using a smartphone application that is designed to run on a smartphone. The method 300 may be embodied in the form of a computer readable medium that stores program code. The program code, when executed, may cause a smartphone processor to implement the method 300. [00112] In some embodiments, the method 500 may be implemented by a drug delivery device, e.g , as described with respect to FIG. 1. The method 500 may be implemented to protect medical information data stored on the drug delivery device. In some embodiments, the method 500 may be embodied in the form of a computer-readable program medium that
5 stores program code for implementing the method 500 using a processor or a controller in the drug delivery device.
[00113] Various alternatives for wireless communication may also be used. For example, instead of (or in addition to) BLE, near-field communication (NFC) may be used. In such embodiments, the antenna design, RF connectivity and coexistence with BLE, and self0 powering may be addressed through design and placement of the transceiver electronics.
An optical transceiver is a non-interfering and different mode of communication that will not interfere with BLE, makes hacking harder because of physical proximity need and also because signals transmitted via optical link and via wireless link may have to be
synchronized for spoofing. Also, for NFC, the pen may have to be placed on the back of the5 phone and not the display end, which could make Ul more complicated. For example,
physical proximity of a device is ascertained during pairing by having the two devices (e.g., a smartphone and a medication pen) not only couple via optical frequency (light)
communication, but also based on physical contact or a focused light beam directed at a specific location on the screen, e.g., as shown in the embodiment of FIG. 2.
0 [00114] It will be appreciated that the present document discloses several device designs and operations for pairing a medication dispensing device with a data receiver such as a smartphone equipped with an app. A securing pairing that uses optical communication, physical contact and a second, different, wireless communication channel (using electromagnetic waves in the MHz to GHz range) is possible for transmission of medication5 dispensing data and for controlling operation of the medication dispensing device.
[00115] Embodiments may also be described with reference to particular system configurations and networks. However, those skilled in the art will recognize that the features described herein are equally applicable to other system configurations, network types, etc. Moreover, the technology can be embodied as special-purpose hardware (e.g.,0 circuitry), programmable circuitry appropriately programmed with software and/or firmware, or as a combination of special-purpose and programmable circuitry. Accordingly, embodiments may include a machine-readable medium having instructions that may be used to program a computing device to perform the methods described herein.
[00116] References in this description to“an embodiment” or“one embodiment” means b that the particular feature, function, structure, or characteristic being described is included in at least one embodiment. Occurrences of such phrases do not necessarily refer to the same embodiment, nor are they necessarily referring to alternative embodiments that are mutually exclusive of one another
[00117] Unless the context dearly requires otherwise, the words“comprise” and “comprising” are to be construed in an inclusive sense rather than an exclusive or exhaustive sense (i.e., in the sense of“including but not limited to”). The terms“connected,”“coupled,” or any variant thereof is intended to include any connection or coupling, either direct or indirect, between two or more elements. The coupling/connection can be physical, logical, or a combination thereof. For example, two devices may be communicatively coupled to one another despite not sharing a physical connection.
[00118] When used in reference to a list of multiple items, the word“or” is intended to cover all of the following interpretations: any of the items in the list, all of the items in the list, and any combination of items in the list.
[00119] It will be appreciated that this patent document discloses This solution makes the UX extremely simple and easy for the user while improving security, data transfer reliability, and user experience. By making a smart pen extremely SIMPLE to use and interface with, we will build a great reputation of having the user first, and greatly improve our chances of patient adherence and loyalty to the smart pen. Technology that does not get in the way.
[00120] The techniques introduced here can be implemented by programmable circuitry (e g., one or more microprocessors), software and/or firmware, special-purpose hardwired (i.e., non-programmable) circuitry, or a combination of such forms. Special-purpose circuitry can be in the form of one or more application-specific integrated circuits (ASICs), programmable logic devices (PLDs), field-programmable gate arrays (FPGAs), etc.
[00121] Remarks
[00122] The foregoing description of various embodiments of the claimed subject matter has been provided for the purposes of illustration and description. It is not intended to be exhaustive or to limit the claimed subject matter to the precise forms disclosed. Many modifications and variations will be apparent to one skilled in the art. Embodiments were chosen and described in order to best describe the principles of the invention and its practical applications, thereby enabling those skilled in the relevant art to understand the claimed subject matter, the various embodiments, and the various modifications that are suited to the particular uses contemplated.
[00123] Although the Detailed Description describes certain embodiments and the best mode contemplated, the technology can be practiced in many ways no matter how detailed the Detailed Description appears. Embodiments may vary considerably in their
implementation details, while still being encompassed by the specification. Particular terminology used when describing certain features or aspects of various embodiments should not be taken to imply that the terminology is being redefined herein to be restricted to any specific characteristics, features, or aspects of the technology with which that terminology is associated. In general, the terms used in the following claims should not be construed to limit the technology to the specific embodiments disclosed in the specification, unless those terms are explicitly defined herein. Accordingly, the actual scope of the technology encompasses not only the disclosed embodiments, but also all equivalent ways of practicing or implementing the embodiments.
[00124] The language used in the specification has been principally selected for readability and instructional purposes it may not have been selected to delineate or circumscribe the subject matter. It is therefore intended that the scope of the technology be limited not by this Detailed Description, but rather by any claims that issue on an application based hereon. Accordingly, the disclosure of various embodiments is intended to be illustrative, but not limiting, of the scope of the technology as set forth in the following claims.

Claims

1 A drug delivery apparatus, comprising:
an elongated body having a drug delivery tip and a communication tip, wherein the communication tip includes at least one photodiode configured to receive data using light transmissions or receptions, and
a controller configured to: (1) control storage and transmission of medication dispensing data related to use of the drug delivery apparatus; (2) transmit or receive encryption information related to secure transmission of the medication dispensing data, and (3) transmit the medication dispensing data via a transmit-oniy Bluetooth interface
2. The apparatus of claim 1 , wherein the communication tip further includes a light emitting diode configured to emit different colors based on operational status of the drug delivery apparatus.
3. The apparatus of claims 1-2 further comprising a transparent surface covering the communication tip.
4. A method of pairing a smartphone with a drug delivery device, comprising:
displaying, on an user interface, a pairing area of the screen;
receiving an indication of contact in the pairing area;
determining that the contact was made by a drug delivery device;
communicated, using light modulation, with the drug delivery device; and forming, based on the communicating, a secure pairing with the drug delivery device.
5. The method of claim 4, wherein the step of communicating using light modulation includes communicating using at least one of a screen color and a screen brightness variation for communication 8. The method of claim 4 or 5, wherein the step of forming the secure pairing includes: performing a full duplex partial key exchange to establish a shared secret key with the drug delivery device.
7. The method of claim 4 or 5, wherein the step of forming the secure pairing includes scanning, by the smartphone, a QR code associated with the drug delivery device.
A device pairing method, comprising: receiving, via an optica! receiver of a first device, an optica! signal from a second device;
authenticating the second device using information from the optica! signal; and transmitting, upon successful authentication, via a wireless transmitter, data stored in the first device to the second device.
9. The method of claim 8, wherein the optical receiver comprises a photodiode.
10. The method of claim 8, wherein the optical signal is received upon physically contacting the first device with a user interface of the second device.
11. The method of claims 8-10, wherein the optical signal comprises a portion of a digital key or a certificate and wherein the authenticating comprises verifying that a correct digital key or certificate is received.
12. The method of claims 8-11 , wherein the data comprises medication dispensing data regarding medication dispensing performed by the first device.
13. The method of claims 8-12, wherein the transmitting the data comprises transmitting the data via a Bluetooth low energy transmit-only interface.
PCT/US2019/024268 2018-03-30 2019-03-27 Secure device pairing WO2019191222A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201862650784P 2018-03-30 2018-03-30
US62/650,784 2018-03-30

Publications (1)

Publication Number Publication Date
WO2019191222A1 true WO2019191222A1 (en) 2019-10-03

Family

ID=66290532

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2019/024268 WO2019191222A1 (en) 2018-03-30 2019-03-27 Secure device pairing

Country Status (1)

Country Link
WO (1) WO2019191222A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022013267A1 (en) * 2020-07-15 2022-01-20 Sanofi Improvements of the usability of a drug delivery device
WO2022066394A1 (en) * 2020-09-22 2022-03-31 Apple Inc. Device communication through high-frequency light encoding
US11317944B2 (en) 2011-03-14 2022-05-03 Unomedical A/S Inserter system with transport protection
US11458292B2 (en) 2019-05-20 2022-10-04 Unomedical A/S Rotatable infusion device and methods thereof
US11617827B2 (en) 2005-09-12 2023-04-04 Unomedical A/S Invisible needle
WO2023051963A1 (en) * 2021-09-28 2023-04-06 Ypsomed Ag Administering devices which can communicate via visible light

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014165172A1 (en) * 2013-03-12 2014-10-09 Nipro Diagnostics, Inc. Wireless pairing of personal health device with a computing device
WO2016019375A1 (en) * 2014-08-01 2016-02-04 Common Sensing Inc. Liquid measurement systems, apparatus, and methods optimized with temperature sensing
WO2018057606A1 (en) * 2016-09-20 2018-03-29 Solpad, Inc. Optical pairing

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014165172A1 (en) * 2013-03-12 2014-10-09 Nipro Diagnostics, Inc. Wireless pairing of personal health device with a computing device
WO2016019375A1 (en) * 2014-08-01 2016-02-04 Common Sensing Inc. Liquid measurement systems, apparatus, and methods optimized with temperature sensing
WO2018057606A1 (en) * 2016-09-20 2018-03-29 Solpad, Inc. Optical pairing

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11617827B2 (en) 2005-09-12 2023-04-04 Unomedical A/S Invisible needle
US11317944B2 (en) 2011-03-14 2022-05-03 Unomedical A/S Inserter system with transport protection
US11458292B2 (en) 2019-05-20 2022-10-04 Unomedical A/S Rotatable infusion device and methods thereof
US11944775B2 (en) 2019-05-20 2024-04-02 Unomedical A/S Rotatable infusion device and methods thereof
WO2022013267A1 (en) * 2020-07-15 2022-01-20 Sanofi Improvements of the usability of a drug delivery device
WO2022066394A1 (en) * 2020-09-22 2022-03-31 Apple Inc. Device communication through high-frequency light encoding
US11483712B2 (en) 2020-09-22 2022-10-25 Apple Inc. Device communication through high-frequency light encoding
WO2023051963A1 (en) * 2021-09-28 2023-04-06 Ypsomed Ag Administering devices which can communicate via visible light

Similar Documents

Publication Publication Date Title
WO2019191222A1 (en) Secure device pairing
ES2913178T3 (en) Electronic device and communication procedure thereof
EP3158540B1 (en) Electronic access control device and access control method
US10122414B2 (en) Spatially enabled secure communications
CN205829628U (en) Device for communication
KR20160114642A (en) Using visible light communication to manage wireless communications between devices
US9369008B2 (en) Method, apparatus, and computer program product for powering electronic devices
CN105452940B (en) For the apparatus and method with the contact lens to inner light source
US20220070221A1 (en) Secure communication link between medical apparatuses of a data-management device
US20200036443A1 (en) Visible light communication locks
CA2585531C (en) System and method for managing multiple smart card sessions
ES2704062T3 (en) Near field communication label
WO2004034610A1 (en) Method and system for pairing a remote control transmitter and receiver
KR102385887B1 (en) Apparatus for Payment Authorisation by Using Beacons
US20160290838A1 (en) Mobile device and method for meter configuring and data collection
US20140119734A1 (en) Method and apparatus for connecting to a wireless local area network
CN107079273A (en) Communication between the equipment in the case of not setting up persistently connection
US9760510B2 (en) Dynamic pairing device
US20140218280A1 (en) Peripheral device with multi-transmission capability
WO2020035625A1 (en) System and method for enabling a lock based on wireless optical technology
JP2016131313A (en) Processing device and program
GB2605037A (en) Systems and methods for pairing with wound therapy devices
US20170150297A1 (en) Display device, which is equipped with a wireless interface, for the operating state of a switch device
CA2976115A1 (en) System and method for secure data transfer between mobile computing devices
CN105072529A (en) Earphone and audio sharing system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19719992

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 19719992

Country of ref document: EP

Kind code of ref document: A1