[go: up one dir, main page]

WO2025038268A2 - Enabling secure data communication using the nervous system - Google Patents

Enabling secure data communication using the nervous system Download PDF

Info

Publication number
WO2025038268A2
WO2025038268A2 PCT/US2024/039782 US2024039782W WO2025038268A2 WO 2025038268 A2 WO2025038268 A2 WO 2025038268A2 US 2024039782 W US2024039782 W US 2024039782W WO 2025038268 A2 WO2025038268 A2 WO 2025038268A2
Authority
WO
WIPO (PCT)
Prior art keywords
bits
patient
stimulator
receiver
shared secret
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/US2024/039782
Other languages
French (fr)
Other versions
WO2025038268A3 (en
Inventor
Tushar JOIS
Rohan PANAPARAMBIL
Michael RUSHANAN
Aviel D. Rubin
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Johns Hopkins University
Original Assignee
Johns Hopkins University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Johns Hopkins University filed Critical Johns Hopkins University
Publication of WO2025038268A2 publication Critical patent/WO2025038268A2/en
Publication of WO2025038268A3 publication Critical patent/WO2025038268A3/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61NELECTROTHERAPY; MAGNETOTHERAPY; RADIATION THERAPY; ULTRASOUND THERAPY
    • A61N1/00Electrotherapy; Circuits therefor
    • A61N1/18Applying electric currents by contact electrodes
    • A61N1/32Applying electric currents by contact electrodes alternating or intermittent currents
    • A61N1/36Applying electric currents by contact electrodes alternating or intermittent currents for stimulation
    • A61N1/372Arrangements in connection with the implantation of stimulators
    • A61N1/37211Means for communicating with stimulators
    • A61N1/37217Means for communicating with stimulators characterised by the communication link, e.g. acoustic or tactile
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61NELECTROTHERAPY; MAGNETOTHERAPY; RADIATION THERAPY; ULTRASOUND THERAPY
    • A61N1/00Electrotherapy; Circuits therefor
    • A61N1/18Applying electric currents by contact electrodes
    • A61N1/32Applying electric currents by contact electrodes alternating or intermittent currents
    • A61N1/36Applying electric currents by contact electrodes alternating or intermittent currents for stimulation
    • A61N1/372Arrangements in connection with the implantation of stimulators
    • A61N1/37211Means for communicating with stimulators
    • A61N1/37252Details of algorithms or data aspects of communication system, e.g. handshaking, transmitting specific data or segmenting data
    • A61N1/37254Pacemaker or defibrillator security, e.g. to prevent or inhibit programming alterations by hackers or unauthorised individuals
    • AHUMAN NECESSITIES
    • A61MEDICAL OR VETERINARY SCIENCE; HYGIENE
    • A61NELECTROTHERAPY; MAGNETOTHERAPY; RADIATION THERAPY; ULTRASOUND THERAPY
    • A61N1/00Electrotherapy; Circuits therefor
    • A61N1/18Applying electric currents by contact electrodes
    • A61N1/32Applying electric currents by contact electrodes alternating or intermittent currents
    • A61N1/36Applying electric currents by contact electrodes alternating or intermittent currents for stimulation
    • A61N1/372Arrangements in connection with the implantation of stimulators
    • A61N1/37211Means for communicating with stimulators
    • A61N1/37252Details of algorithms or data aspects of communication system, e.g. handshaking, transmitting specific data or segmenting data
    • A61N1/37264Changing the program; Upgrading firmware

Definitions

  • BANs portable, wearable, and/or implantable medical devices
  • IMDs implantable medical devices
  • This BAN relies on the feasibility of wearing or implanting biosensors on or inside the human body that are comfortable and that don’t impair normal activities.
  • the IMDs in the human body measure various parameters (e.g., physiological changes) in order to monitor the patient’s health status.
  • the information will be transmitted wirelessly to an external processing unit.
  • Conventional BANs perform communication over traditional wireless communication mechanisms, such as Bluetooth, which the security community has recently lambasted due to numerous security vulnerabilities in the protocol and software implementations. This may allow an adversary to spoof a new or existing IMD to access external communicators or the patient’s body area network (BAN).
  • a system includes a first device configured to be in contact with a patient.
  • the system also includes a stimulator configured to be in contact with the patient.
  • the stimulator is configured to transmit one or more first bits to the patient.
  • the system also includes a receiver configured to be in contact with the patient.
  • the one or more first bits are PATENT C17610_P17610-02 configured to travel from the stimulator, through a nerve in a limb of the patient, to the receiver.
  • the receiver is configured to cause the first device to wirelessly transmit one or more second bits to the stimulator in response to the receiver receiving the one or more first bits.
  • a system for providing secure communication using a nervous system of a patient as a communication medium is also disclosed.
  • the system includes a first device configured to be in contact with the patient.
  • the first device includes an implantable medical device (IMD) or a wearable device.
  • the first device is configured to measure parameters related to the patient, to provide medical stimulation or drugs to the patient, or both.
  • the system also includes a stimulator configured to be in contact with the patient.
  • the stimulator is configured to be in contact with a limb of the patient.
  • the stimulator is configured to transmit one or more first bits to the patient.
  • the system also includes a receiver configured to be in contact with the patient.
  • the receiver is a band that is configured to be positioned around the limb of the patient.
  • the one or more first bits are configured to travel from the stimulator, through a nerve in the limb, to the receiver.
  • the receiver is wirelessly connected to the first device.
  • the receiver is configured to cause the first device to wirelessly transmit one or more second bits to the stimulator in response to the receiver receiving the one or more first bits.
  • the system also includes a second device configured to receive the one or more second bits from the stimulator.
  • the first device and the second device are configured to perform a key exchange using the one or more first bits and the one or more second bits to produce a shared secret.
  • the second device is configured to sign the shared secret with a signing key to produce a signed shared secret.
  • the second device is configured to transmit the signed shared secret to the first device.
  • the first device is configured to use the signed shared secret to wirelessly communicate with other IMDs or wearable devices within a body-area network (BAN).
  • BAN body-area network
  • a method for providing secure communication using a nervous system of a patient as a communication medium includes placing a stimulator in contact with the patient.
  • the method also includes placing a receiver in contact with the patient.
  • the method also includes transmitting one or more first bits to the patient.
  • the one or more first bits travel from the stimulator, through a nerve in a limb of the patient, to the receiver.
  • the method also includes transmitting one or more second bits to the stimulator in response to the receiver receiving the one or more first bits.
  • Figure 1 illustrates a perspective view of a system for providing secure communication using the nervous system of a patient as a communication medium, according to an embodiment.
  • Figure 2 illustrates a flowchart of a method for providing secure communication using the nervous system of the patient as the communication medium, according to an embodiment.
  • Figure 3 illustrates a graph showing the change in instantaneous frequencies (IFs) over time, according to an embodiment.
  • the present disclosure includes a system and method that may provide secure communication between an IMD or wearable and an external device. More particularly, the system and method described herein may provide a secure communication channel for BANs. The system and method may be or include a standalone device or be integrated into an existing ecosystem of IMDs and wearables. If the BAN is made secure, individual devices have an avenue for trusted communication with each other, improving their functionality and utility without compromising patient safety.
  • the system and method may provide an authentication mechanism that uses the nervous system as a communication medium.
  • the nervous system may be used for wireless data transmission between a number of IMDs or wearable devices. This may also include biohacking devices, a suite of devices that integrate with digital devices and services rather than sustaining or supporting life.
  • the nervous system may also be used as an out- of-band channel that is independent from some main channels such as Bluetooth. This effectively creates a physical channel that mitigates remote observability (i.e., an attacker may only intercept communicated data by physically touching the user).
  • EMG electromyography
  • measuring electrical impulses transmitted across nerves may be used as a source of entropy.
  • This process may be used for generating cryptographic parameters such as nonces, salts, passwords (e.g., if signals can be fuzzily reproduced via certain muscle movements), and private keys.
  • Nervous system communication may also be used to perform distance bounding. This technique requires data to be sent, round-trip, in a certain amount of time to determine physical proximity.
  • PATENT C17610_P17610-02 [0014] In normal physiology, nerves are able to conduct electricity losslessly throughout the body, using self-propagating action potentials.
  • NCS nerve conduction study
  • two leads are placed some distance from each other along an extremity.
  • One lead is stimulated with a small electrical current, which travels down the nerve and is measured at the downstream lead.
  • Nerve damage can affect the velocity of conduction or the amplitude of the measured response, and the slowing or weakening of nerve responses can be indicative of certain pathologies.
  • NCS is routinely performed as an outpatient procedure, and typically causes no more than slight discomfort.
  • the NCS technology sends an electrical current along a nerve, so it can be used to transmit bits in a code as well.
  • the present disclosure uses a channel along the nerve to send information, and this channel can also be used for authentication.
  • the NCS system may be modified to provide this authenticated channel for a key agreement/exchange.
  • a key agreement allows two parties A and B to agree upon a secret sk over a shared channel without leaking information about sk to any third-party eavesdroppers.
  • One type of key agreement is the Diffie- Hellman key exchange, which prevents third parties from inferring anything about the results of the key exchange. Because the communication requires contact with an intact nerve, it may be nearly impossible for it to be hacked or intercepted.
  • Elliptic curve cryptograph [0018] Elliptic curves may be used as the basis for a key exchange protocol.
  • has keypair ( ⁇ ⁇ , ⁇ ⁇ ) and ⁇ has keypair ( ⁇ ⁇ , ⁇ ⁇ ).
  • ⁇ and ⁇ exchange public keys over the shared channel, so ⁇ receives ⁇ ⁇ and ⁇ receives ⁇ ⁇ .
  • 4. ⁇ computes the point ⁇ ⁇ ⁇ ⁇ ⁇ and ⁇ computes the point ⁇ ⁇ ⁇ ⁇ 5.
  • the present disclosure uses the ideas around the NCS apparatus to send communication along the nerve, and uses this communication to bootstrap a secure channel.
  • the nerve communication may take the form of (e.g., random) bits, used to seed a cryptographic key. This key can then be used to encrypt a more traditional channel, such as Bluetooth or Wi-Fi.
  • FIG. 1 illustrates a schematic view of a system 100 for providing secure communication using the nervous system of a patient 105 as a communication medium, according to an embodiment.
  • the system 100 may include a first device 110.
  • the first device 110 may be or include an IMD 110 that may be implanted in a patient 105 (e.g., proximate to or in the heart of the patient 105).
  • IMDs may be or include implantable insulin pumps, neurostimulators, spinal cord stimulators, drug delivery systems, etc.
  • the first device 110 may instead be or include a wearable device (e.g., that is on and/or outside of the patient 105) such as a continuous glucose monitor/meter (CGM), an external insulin pump, a portable ECG monitor, a smart watch, etc.
  • CGM continuous glucose monitor/meter
  • the first device 110 may be configured to measure parameters related to the patient 105 and/or to provide medical intervention (e.g., stimulation, drugs, etc.).
  • the first device 110 may also be configured to authenticate to a BAN.
  • the system 100 may also include a stimulator 120.
  • the stimulator 120 may be or include a NCS stimulator.
  • a source lead of the stimulator 120 may be placed in contact with a limb (e.g., arm) 106 of the patient 105.
  • the source lead of the stimulator 120 is in contact with the bicep.
  • the stimulator 120 may provide the power (e.g., voltage and/or electrical current) for the communication.
  • the electrical current may travel through a nerve 107 in the limb 106.
  • the nerve 107 may also be used as an authenticated channel for a key exchange between the stimulator 120 and the first device 110.
  • the system 100 may also include a receiver 130.
  • the receiver 130 may be or include a band.
  • the band 130 may be placed on or around the limb (e.g., arm) 106 of the patient 105.
  • the band 130 may be placed on or around the forearm or wrist of the same PATENT C17610_P17610-02 arm 106 with which the stimulator 120 is in contact.
  • the nerve 107 may extend between the stimulator 120 and the band 130.
  • the power (e.g., electrical current) from the stimulator 120 may be received by and/or travel through the nerve 107 in the arm 106, from the stimulator 120 to the band 130.
  • the system 100 e.g., the BAN
  • the second device 140 may also or instead be referred to as an existing device.
  • the second device 140 may be or include an associated wearable device, portable device, and/or IMD, or it may be independent.
  • related wearables may include a continuous glucose monitor/meter (CGM) and insulin pump that function together to provide insulin therapy.
  • Unrelated or independent devices within a patient’s BAN may, for example, include an ICD and insulin pump.
  • the second device 140 may hold the persistent state of the protocol, such as keys and/or authentication information.
  • the second device 140 can either be a standalone device or be a part of an existing device on the BAN.
  • One or more (e.g., all) of the components (e.g., the first device 110, the stimulator 120, the band 130, etc.) in the BAN may have a (e.g., wired or wireless) connection with the second device 140, and the authentication protocol may be used to create this shared connection.
  • the stimulator 120 and the second device 140 may have a pre-existing trusted connection.
  • the existing connection may, but not necessarily, include a wireless connection.
  • Figure 2 illustrates a flowchart of a method 200 for providing secure communication using the nervous system of the patient 105 as a communication medium, according to an embodiment. An illustrative order of the method 200 is provided below; however, one or more steps of the method 200 may be performed in a different order, simultaneously, repeated, or omitted. [0028] In an embodiment, the following may be assumed for the system 100 and method 200.
  • the BAN includes one or more IMDs.
  • the BAN includes the second device 140 (also referred to as ⁇ ), which is able to hold a persistent state about the network, such as keys and authentication information.
  • the second device 140 can either be a functionality of a device in the BAN or a standalone device.
  • Each IMD in the BAN has some sort of wireless communication with the second device 140, which is used to bootstrap secure communications.
  • the first device 110 (also referred to as ⁇ ) may be added to the BAN.
  • the first device 110 may be an IMD or wearable device, and has an associated receiver 130 (also referred to as PATENT C17610_P17610-02 ⁇ ⁇ ), with an electrode capable of securely communicating with the first device 110 (e.g., bootstrapped during manufacturing).
  • a modified NCS stimulator 130 may support the data transfer (instead of simple stimulation for measurements).
  • the stimulator 130 can communicate with the second device 140 securely via a secure channel established during some prior setup phase.
  • the stimulator 130 can also communicate with the first device 110 wirelessly (e.g., over Bluetooth), but this communication is not assumed to be secure.
  • the method 200 may include placing the receiver (e.g., band) 130 in contact with the patient 105, as at 205.
  • the band 130 may be positioned around the arm 106 (e.g., forearm or wrist) of the patient 105. This acts as a sink lead.
  • the method 200 may also include placing the stimulator 120 in contact with the patient 105, as at 210.
  • the lead of the stimulator 120 may be placed in contact with the arm 106 (e.g., bicep) of the patient 105. This acts as a source lead.
  • the method 200 may also include transmitting one or more first bits ⁇ ⁇ from the second device 140 to the stimulator 120, as at 215. More particularly, this may include generating the first bits ⁇ ⁇ with the second device 140 and (e.g., wirelessly) transmitting the first bits ⁇ ⁇ from the second device 140 to the stimulator 120.
  • the first bits ⁇ ⁇ may be or include an elliptic curve Diffie-Hellman (ECDH) keypair.
  • the method 200 may also include transmitting the one or more first bits ⁇ ⁇ from the stimulator 120 to the receiver (e.g., the band) 130, as at 220. More particularly, this may include transmitting the one or more first bits ⁇ ⁇ from the stimulator 120, through the nerve 107, to the receiver (e.g., band 130). In one embodiment, the first bits ⁇ ⁇ may be randomly generated by the stimulator 120.
  • the method 200 may also include transmitting (e.g., forwarding) the one or more first bits ⁇ ⁇ from the receiver (e.g., the band) 130 to the first device 110, as at 225.
  • the one or more first bits ⁇ ⁇ may be forwarded wirelessly (e.g., along one or more other nerves) in the patient 105.
  • the method 200 may also include transmitting one or more second bits ⁇ ⁇ from the first device 110 to the stimulator 120, as at 230.
  • the one or more second bits ⁇ ⁇ may be generated by the first device 110 based upon (or in response to) the one or more first bits ⁇ ⁇ .
  • the second bits ⁇ ⁇ may be randomly-generated by the first device 110.
  • the second bits ⁇ ⁇ may be transmitted to the stimulator 120 over Bluetooth and/or NFC.
  • PATENT C17610_P17610-02 may also include transmitting (e.g., forwarding) the one or more second bits ⁇ ⁇ from the stimulator 120 to the second device 140, as at 235.
  • the one or more second bits ⁇ ⁇ may be forwarded over a pre-existing Bluetooth and/or NFC link.
  • the method 200 may also include performing a key exchange using the first device 110 and the second device 140, as at 240. The key exchange may be performed based upon and/or using the one or more first bits ⁇ ⁇ , the one or more second bits ⁇ ⁇ , or both.
  • the key exchange may be or include a Diffie-Hellman key exchange.
  • the key exchange may create a shared secret S.
  • the method 200 may also include signing the shared secret S with a signing key, as at 245.
  • the signing key may belong to the second device 140.
  • the shared secret S may be signed by the second device 140.
  • the method 200 may also include transmitting the signed shared secret S to one or more devices in the BAN, as at 250. More particularly, the signed shared secret may be transmitted from the second device 140 to the first device 110, the stimulator 120, the receiver (e.g., band) 130, other IMDs in the BAN, or a combination thereof.
  • the signed shared secret S may be transmitted in an encrypted manner.
  • the method 200 may also include using the signed shared secret S, as at 255.
  • the signed shared secret S may be used by the first device 110 to communicate (e.g., pairwise) with individual BAN devices and/or other IMDs or wearable devices in the BAN (e.g., over a wireless channel).
  • the first device 110 may transmit measured data (e.g., heart rate, temperature, blood pressure, etc.) in real-time to a computing system that may be accessed by a physician. If an emergency is detected, the physician may immediately inform the patient 105 through the computing by transmitting appropriate messages or alarms.
  • the stimulator 120 may be modified to support data transmission.
  • a conventional NCS device uses a source and a sink lead attached to the patient, stimulating a specific frequency at the source and measuring a reading at the sink. Instead of simply measuring the frequency to measure how a nerve functions, the system 100 and method 200 described herein add data to the signal sent over the nerve 107. Specifically, the system 100 and method 200 use a digital modulation scheme (e.g., binary frequency shift keying (FSK)), to encode information into the signal. The sink lead can then read and decode the modulated signal to recover the intended message.
  • the source PATENT C17610_P17610-02 remains the stimulator 120, which is modified to encode the first bits ⁇ ⁇ using frequency shift keying into its generated stimulus.
  • a digital modulation scheme e.g., binary frequency shift keying (FSK)
  • the adversary can only access the first bits ⁇ ⁇ and/or the second bits ⁇ ⁇ . If the adversary remains passive, then, based on the DDH assumption, the adversary cannot distinguish between the actual key ⁇ ⁇ and some random point on the elliptic curve ⁇ , and therefore security holds. The adversary could choose to mount an active attack and attempt to set up a manipulator-in-the-middle scenario and force the first device 110 and/or the second device 140 to use attacker-controlled keys.
  • a digital modulation scheme (e.g., a binary FSK) was implemented using PyPNS. Specifically, nerve, bundle, recording objects, geometries, and parameters exposed by the PyPNS module were accessed, and these values were experimentally adjusted until they met the required parameters above.
  • PyPNS is a Python 3 module based on popular open-source computing and data science packages, NumPy and SciPy, and NEURON, a simulation environment for modeling neurons and neural networks. PyPNS can be run in a Docker container to provide a consistent and reproducible environment.
  • Docker is a platform that packages applications with their dependencies, providing a stable runtime environment regardless of the host OS and its packages.
  • a Docker image was built using the Dockerfile provided by the PyPNS authors. The image was then run as a Docker container, creating a bind mount to a host machine so that Applicant could interactively edit the experimental Python program within the container.
  • the Python program defined the sampling frequency as 44,100 Hz, the bit rate as 100 bits-per-second (bps), and the test message as "Hello World!” Next, the message was converted to binary and defined the frequency for the 0 bit ( ⁇ 0 ⁇ ) as 1200 Hz and the frequency for the 1 bit ( ⁇ 1 ⁇ ) as 2200 Hz.
  • the simulation parameters may be defined such as the duration of the simulation, number of time steps, stimulus parameters (e.g., amplitude, frequency, and duty cycle), signal generator parameters, nerve bundle geometric parameters (e.g., bundle length and segment length axon in micrometers), number of axons (i.e., 1), myelinated and unmyelinated fiber properties, and recording parameters (e.g., number of probes and their radius).
  • stimulus parameters e.g., amplitude, frequency, and duty cycle
  • signal generator parameters e.g., nerve bundle geometric parameters (e.g., bundle length and segment length axon in micrometers), number of axons (i.e., 1), myelinated and unmyelinated fiber properties, and recording parameters (e.g., number of probes and their radius).
  • nerve bundle geometric parameters e.g., bundle length and segment length axon in micrometers
  • number of axons i.e., 1
  • Figure 3 illustrates a graph showing the change in instantaneous frequencies (IFs) over time, according to an embodiment.
  • the change may be dependent upon the change in frequency PATENT C17610_P17610-02 that was applied using an excitation mechanism.
  • the X and Y axis limits may be constrained to provide more granularity to subtle frequency changes over the duration of the modulation.
  • the spike times were calculated (e.g., when a neuron generates an action potential) based on the time vector associated with a matrix of single fiber action potentials (i.e., the returned tuple from the bundle.get_SFAPs_from_file method).
  • ISI inter-spike interval
  • IFs instantaneous frequencies
  • This final calculation is relevant because shorter ISIs and increased IFs demonstrate increased signal frequency.
  • the modification herein is to the frequency.
  • the changes in frequencies may be discerned with the parameters defined in the setup section above with a bit rate of 100 bits per second over the simulated nerve. With this rate, a 256-bit EC key may be communicated, and the protocol tasks may be performed in under 3 seconds.
  • Other Extensions [0061] Using the nervous system as a communication medium enables several functionalities or extensions.
  • the nervous system may be used for wireless data transmission between a number of IMDs. This may also include biohacking devices, a suite of devices that integrate with digital devices and services rather than sustaining or supporting life.
  • the nervous system may also or instead be used as an out-of-band channel that is independent from some main channels such as Bluetooth. This effectively creates a physical channel that mitigates remote observability (i.e., an attacker may only intercept communicated data by physically touching the user).
  • EMG may be coupled with the random number generation process. Specifically, measuring electrical impulses from nerves may be used as a source of entropy.
  • This process may be used for generating cryptographic parameters such as nonces, salts, passwords (if signals could be fuzzily reproduced via certain muscle movements), and private keys.
  • Nervous system communication may also be used to perform distance bounding. This technique requires data to be sent, round-trip, in a certain amount of time to determine physical proximity.
  • the terms “inner” and “outer”; “up” and “down”; “upper” and “lower”; “upward” and “downward”; “upstream” and “downstream”; “above” and “below”; “inward” and “outward”; and other like terms as used herein refer to relative positions to one another and are not intended to denote a particular direction or spatial orientation.
  • Couple refers to “in direct connection with” or “in connection with via one or more intermediate elements or members.”

Landscapes

  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Animal Behavior & Ethology (AREA)
  • General Health & Medical Sciences (AREA)
  • Engineering & Computer Science (AREA)
  • Biomedical Technology (AREA)
  • Nuclear Medicine, Radiotherapy & Molecular Imaging (AREA)
  • Radiology & Medical Imaging (AREA)
  • Veterinary Medicine (AREA)
  • Public Health (AREA)
  • Heart & Thoracic Surgery (AREA)
  • Biophysics (AREA)
  • Physics & Mathematics (AREA)
  • Acoustics & Sound (AREA)
  • Measuring And Recording Apparatus For Diagnosis (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A system includes a first device configured to be in contact with a patient. The system also includes a stimulator configured to be in contact with the patient. The stimulator is configured to transmit one or more first bits to the patient. The system also includes a receiver configured to be in contact with the patient. The one or more first bits are configured to travel from the stimulator, through a nerve in a limb of the patient, to the receiver. The receiver is configured to cause the first device to wirelessly transmit one or more second bits to the stimulator in response to the receiver receiving the one or more first bits.

Description

PATENT C17610_P17610-02 ENABLING SECURE DATA COMMUNICATION USING THE NERVOUS SYSTEM Cross-Reference to Related Applications [0001] This application claims priority to U.S. Provisional Patent Application No.63/532,993, filed on August 16, 2023, which is incorporated by reference. Field of the Disclosure [0002] The present disclosure relates generally to systems and methods for using a body-area network (BAN). More particularly, the present disclosure relates to systems and methods for enabling secure data communication using the nervous system. Background of the Disclosure [0003] Medical device security is inherently a balancing act; that is, it attempts to cope with patient safety risks, usability concerns, privacy issues, and computational resource constraints. The rise of BANs, portable, wearable, and/or implantable medical devices (IMDs) that communicate with external devices has compounded this problem. This BAN relies on the feasibility of wearing or implanting biosensors on or inside the human body that are comfortable and that don’t impair normal activities. The IMDs in the human body measure various parameters (e.g., physiological changes) in order to monitor the patient’s health status. The information will be transmitted wirelessly to an external processing unit. [0004] Conventional BANs perform communication over traditional wireless communication mechanisms, such as Bluetooth, which the security community has recently lambasted due to numerous security vulnerabilities in the protocol and software implementations. This may allow an adversary to spoof a new or existing IMD to access external communicators or the patient’s body area network (BAN). Summary [0005] A system is disclosed. The system includes a first device configured to be in contact with a patient. The system also includes a stimulator configured to be in contact with the patient. The stimulator is configured to transmit one or more first bits to the patient. The system also includes a receiver configured to be in contact with the patient. The one or more first bits are PATENT C17610_P17610-02 configured to travel from the stimulator, through a nerve in a limb of the patient, to the receiver. The receiver is configured to cause the first device to wirelessly transmit one or more second bits to the stimulator in response to the receiver receiving the one or more first bits. [0006] A system for providing secure communication using a nervous system of a patient as a communication medium is also disclosed. The system includes a first device configured to be in contact with the patient. The first device includes an implantable medical device (IMD) or a wearable device. The first device is configured to measure parameters related to the patient, to provide medical stimulation or drugs to the patient, or both. The system also includes a stimulator configured to be in contact with the patient. The stimulator is configured to be in contact with a limb of the patient. The stimulator is configured to transmit one or more first bits to the patient. The system also includes a receiver configured to be in contact with the patient. The receiver is a band that is configured to be positioned around the limb of the patient. The one or more first bits are configured to travel from the stimulator, through a nerve in the limb, to the receiver. The receiver is wirelessly connected to the first device. The receiver is configured to cause the first device to wirelessly transmit one or more second bits to the stimulator in response to the receiver receiving the one or more first bits. The system also includes a second device configured to receive the one or more second bits from the stimulator. The first device and the second device are configured to perform a key exchange using the one or more first bits and the one or more second bits to produce a shared secret. The second device is configured to sign the shared secret with a signing key to produce a signed shared secret. The second device is configured to transmit the signed shared secret to the first device. The first device is configured to use the signed shared secret to wirelessly communicate with other IMDs or wearable devices within a body-area network (BAN). [0007] A method for providing secure communication using a nervous system of a patient as a communication medium is also disclosed. The method includes placing a stimulator in contact with the patient. The method also includes placing a receiver in contact with the patient. The method also includes transmitting one or more first bits to the patient. The one or more first bits travel from the stimulator, through a nerve in a limb of the patient, to the receiver. The method also includes transmitting one or more second bits to the stimulator in response to the receiver receiving the one or more first bits. PATENT C17610_P17610-02 Brief Description of the Figures [0008] Figure 1 illustrates a perspective view of a system for providing secure communication using the nervous system of a patient as a communication medium, according to an embodiment. [0009] Figure 2 illustrates a flowchart of a method for providing secure communication using the nervous system of the patient as the communication medium, according to an embodiment. [0010] Figure 3 illustrates a graph showing the change in instantaneous frequencies (IFs) over time, according to an embodiment. Detailed Description [0011] The present disclosure includes a system and method that may provide secure communication between an IMD or wearable and an external device. More particularly, the system and method described herein may provide a secure communication channel for BANs. The system and method may be or include a standalone device or be integrated into an existing ecosystem of IMDs and wearables. If the BAN is made secure, individual devices have an avenue for trusted communication with each other, improving their functionality and utility without compromising patient safety. [0012] More particularly, the system and method may provide an authentication mechanism that uses the nervous system as a communication medium. Using the nervous system as a communication medium enables several functionalities or extensions. First, the nervous system may be used for wireless data transmission between a number of IMDs or wearable devices. This may also include biohacking devices, a suite of devices that integrate with digital devices and services rather than sustaining or supporting life. The nervous system may also be used as an out- of-band channel that is independent from some main channels such as Bluetooth. This effectively creates a physical channel that mitigates remote observability (i.e., an attacker may only intercept communicated data by physically touching the user). [0013] The system and method may use electromyography (EMG) coupled with a random number generation process. Specifically, measuring electrical impulses transmitted across nerves may be used as a source of entropy. This process may be used for generating cryptographic parameters such as nonces, salts, passwords (e.g., if signals can be fuzzily reproduced via certain muscle movements), and private keys. Nervous system communication may also be used to perform distance bounding. This technique requires data to be sent, round-trip, in a certain amount of time to determine physical proximity. PATENT C17610_P17610-02 [0014] In normal physiology, nerves are able to conduct electricity losslessly throughout the body, using self-propagating action potentials. This is achieved at the molecular level via a complex symphony of ion channels, which open and close based on sensed voltages within the nerve, causing a triggered response to an electric stimulus. The resting nerve is negatively charged, keeping a measurable voltage of roughly -70 mV to its external environment. During the action potential, the voltage will rapidly increase to about +40 mV and then fall to about -90 mV before returning to the resting value of -70 mV, all within a timeframe of roughly 5 ms. [0015] Because electricity is used to trigger action potentials, an action potential may be triggered with an external electrical impulse, which then propagates down the targeted nerve and can be measured at a downstream electrode. This forms the basis of the nerve conduction study (NCS), a medical procedure which is used to diagnose nerve lesions in the extremities. In a NCS, two leads are placed some distance from each other along an extremity. One lead is stimulated with a small electrical current, which travels down the nerve and is measured at the downstream lead. Nerve damage can affect the velocity of conduction or the amplitude of the measured response, and the slowing or weakening of nerve responses can be indicative of certain pathologies. NCS is routinely performed as an outpatient procedure, and typically causes no more than slight discomfort. [0016] The NCS technology sends an electrical current along a nerve, so it can be used to transmit bits in a code as well. The present disclosure uses a channel along the nerve to send information, and this channel can also be used for authentication. The NCS system may be modified to provide this authenticated channel for a key agreement/exchange. A key agreement allows two parties A and B to agree upon a secret sk over a shared channel without leaking information about sk to any third-party eavesdroppers. One type of key agreement is the Diffie- Hellman key exchange, which prevents third parties from inferring anything about the results of the key exchange. Because the communication requires contact with an intact nerve, it may be nearly impossible for it to be hacked or intercepted. [0017] Elliptic curve cryptograph [0018] Elliptic curves may be used as the basis for a key exchange protocol. Any Diffie- Hellman group can be used, but specific elliptic curves (e.g., Curve25519) may be used for cryptographic applications and have desirable performance and security properties, making it suitable for the present application. PATENT C17610_P17610-02 [0019] In general, elliptic curve cryptography is defined by its domain parameters, which are a tuple ^^^^ ^^^^ = ( ^^^^, ^^^^, ^^^^, ^^^^, ^^^^,ℎ ) consisting of a prime integer ^^^^ that defines a finite field ^^^^ ^^^^, coefficients ^^^^, ^^^^ ∈ ^^^^ ^^^^ of an elliptic curve ^^^^ ^^^^: ^^^^2 = ^^^^3 + ^^^^ ^^^^ + ^^^^ (mod ^^^^)
Figure imgf000006_0001
a base point ^^^^ = ( ^^^^ ^^^^ , ^^^^ ^^^^ ) on ^^^^, a prime ^^^^ which is the order of ^^^^ (i.e., the smallest number such that ^^^^ ⋅ ^^^^ = ∞), and the cofactor ℎ = | ^^^^| ^^^^ . [0020] Elliptic Curve Diffie-Hellman (ECDH) [0021] To perform Diffie-Hellman key exchange with elliptic curve cryptography, the two parties ^^^^ and ^^^^ proceed as follows: 1. ^^^^ and ^^^^ agree on a set of domain parameters ^^^^ = ( ^^^^, ^^^^, ^^^^, ^^^^, ^^^^,ℎ). 2. Both parties select a private key ^^^^: $ ^^^^ ← [ 1, ^^^^ − 1 ] which is a random integer from 1 to ^^^^ − 1, and generate a public key ^^^^ ^^^^ = ^^^^ ⋅ ^^^^ which is a point on ^^^^ derived from adding ^^^^ to itself ^^^^ times. Suppose ^^^^ has keypair ( ^^^^ ^^^^, ^^^^ ^^^^) and ^^^^ has keypair ( ^^^^ ^^^^, ^^^^ ^^^^). 3. ^^^^ and ^^^^ exchange public keys over the shared channel, so ^^^^ receives ^^^^ ^^^^ and ^^^^ receives ^^^^ ^^^^. 4. ^^^^ computes the point ^^^^ ^^^^ ⋅ ^^^^ ^^^^ and ^^^^ computes the point ^^^^ ^^^^ ⋅ ^^^^ ^^^^ 5. ^^^^ and ^^^^ now share the same point ^^^^ ^^^^ = ( ^^^^ ^^^^ ^^^^, ^^^^ ^^^^ ^^^^ ) since ^^^^ ^^^^ ⋅ ^^^^ ^^^^ = ^^^^ ^^^^ ⋅ ^^^^ ^^^^ ⋅ ^^^^ = ^^^^ ^^^^ ⋅ ^^^^ ^^^^ PATENT C17610_P17610-02 and can use this point as a key for symmetric key cryptography (i.e., encryption and authentication). [0022] The present disclosure uses the ideas around the NCS apparatus to send communication along the nerve, and uses this communication to bootstrap a secure channel. The nerve communication may take the form of (e.g., random) bits, used to seed a cryptographic key. This key can then be used to encrypt a more traditional channel, such as Bluetooth or Wi-Fi. In essence, the nerve is used to instantiate a communication channel (e.g., out-of-band). Security, at a high level, comes from the fact that the initial bits required to create the secure channel are sent along the nerve only. The only way to have received the bits is to be physically listening to the nerve, which cannot be spoofed. [0023] Figure 1 illustrates a schematic view of a system 100 for providing secure communication using the nervous system of a patient 105 as a communication medium, according to an embodiment. The system 100 may include a first device 110. In the example shown, the first device 110 may be or include an IMD 110 that may be implanted in a patient 105 (e.g., proximate to or in the heart of the patient 105). Other IMDs may be or include implantable insulin pumps, neurostimulators, spinal cord stimulators, drug delivery systems, etc. In other embodiments, the first device 110 may instead be or include a wearable device (e.g., that is on and/or outside of the patient 105) such as a continuous glucose monitor/meter (CGM), an external insulin pump, a portable ECG monitor, a smart watch, etc. The first device 110 may be configured to measure parameters related to the patient 105 and/or to provide medical intervention (e.g., stimulation, drugs, etc.). The first device 110 may also be configured to authenticate to a BAN. [0024] The system 100 may also include a stimulator 120. The stimulator 120 may be or include a NCS stimulator. A source lead of the stimulator 120 may be placed in contact with a limb (e.g., arm) 106 of the patient 105. In the example shown, the source lead of the stimulator 120 is in contact with the bicep. The stimulator 120 may provide the power (e.g., voltage and/or electrical current) for the communication. As discussed above, the electrical current may travel through a nerve 107 in the limb 106. The nerve 107 may also be used as an authenticated channel for a key exchange between the stimulator 120 and the first device 110. [0025] The system 100 may also include a receiver 130. The receiver 130 may be or include a band. The band 130 may be placed on or around the limb (e.g., arm) 106 of the patient 105. In the example shown, the band 130 may be placed on or around the forearm or wrist of the same PATENT C17610_P17610-02 arm 106 with which the stimulator 120 is in contact. The nerve 107 may extend between the stimulator 120 and the band 130. The power (e.g., electrical current) from the stimulator 120 may be received by and/or travel through the nerve 107 in the arm 106, from the stimulator 120 to the band 130. [0026] The system 100 (e.g., the BAN) may also include a second device 140. The second device 140 may also or instead be referred to as an existing device. The second device 140 may be or include an associated wearable device, portable device, and/or IMD, or it may be independent. For example, related wearables may include a continuous glucose monitor/meter (CGM) and insulin pump that function together to provide insulin therapy. Unrelated or independent devices within a patient’s BAN may, for example, include an ICD and insulin pump. The second device 140 may hold the persistent state of the protocol, such as keys and/or authentication information. The second device 140 can either be a standalone device or be a part of an existing device on the BAN. One or more (e.g., all) of the components (e.g., the first device 110, the stimulator 120, the band 130, etc.) in the BAN may have a (e.g., wired or wireless) connection with the second device 140, and the authentication protocol may be used to create this shared connection. In one example, the stimulator 120 and the second device 140 may have a pre-existing trusted connection. The existing connection may, but not necessarily, include a wireless connection. [0027] Figure 2 illustrates a flowchart of a method 200 for providing secure communication using the nervous system of the patient 105 as a communication medium, according to an embodiment. An illustrative order of the method 200 is provided below; however, one or more steps of the method 200 may be performed in a different order, simultaneously, repeated, or omitted. [0028] In an embodiment, the following may be assumed for the system 100 and method 200. The BAN includes one or more IMDs. The BAN includes the second device 140 (also referred to as ^^^^), which is able to hold a persistent state about the network, such as keys and authentication information. The second device 140 can either be a functionality of a device in the BAN or a standalone device. Each IMD in the BAN has some sort of wireless communication with the second device 140, which is used to bootstrap secure communications. [0029] The first device 110 (also referred to as ^^^^) may be added to the BAN. The first device 110 may be an IMD or wearable device, and has an associated receiver 130 (also referred to as PATENT C17610_P17610-02 ^^^^ ^^^^ ), with an electrode capable of securely communicating with the first device 110 (e.g., bootstrapped during manufacturing). [0030] A modified NCS stimulator 130 (also referred to as ^^^^), may support the data transfer (instead of simple stimulation for measurements). The stimulator 130 can communicate with the second device 140 securely via a secure channel established during some prior setup phase. The stimulator 130 can also communicate with the first device 110 wirelessly (e.g., over Bluetooth), but this communication is not assumed to be secure. [0031] The method 200 may include placing the receiver (e.g., band) 130 in contact with the patient 105, as at 205. As mentioned above, the band 130 may be positioned around the arm 106 (e.g., forearm or wrist) of the patient 105. This acts as a sink lead. [0032] The method 200 may also include placing the stimulator 120 in contact with the patient 105, as at 210. As mentioned above, the lead of the stimulator 120 may be placed in contact with the arm 106 (e.g., bicep) of the patient 105. This acts as a source lead. [0033] The method 200 may also include transmitting one or more first bits ^^^^ ^^^^ from the second device 140 to the stimulator 120, as at 215. More particularly, this may include generating the first bits ^^^^ ^^^^ with the second device 140 and (e.g., wirelessly) transmitting the first bits ^^^^ ^^^^ from the second device 140 to the stimulator 120. In one embodiment, the first bits ^^^^ ^^^^ may be or include an elliptic curve Diffie-Hellman (ECDH) keypair. [0034] The method 200 may also include transmitting the one or more first bits ^^^^ ^^^^ from the stimulator 120 to the receiver (e.g., the band) 130, as at 220. More particularly, this may include transmitting the one or more first bits ^^^^ ^^^^ from the stimulator 120, through the nerve 107, to the receiver (e.g., band 130). In one embodiment, the first bits ^^^^ ^^^^ may be randomly generated by the stimulator 120. [0035] The method 200 may also include transmitting (e.g., forwarding) the one or more first bits ^^^^ ^^^^ from the receiver (e.g., the band) 130 to the first device 110, as at 225. The one or more first bits ^^^^ ^^^^ may be forwarded wirelessly (e.g., along one or more other nerves) in the patient 105. [0036] The method 200 may also include transmitting one or more second bits ^^^^ ^^^^ from the first device 110 to the stimulator 120, as at 230. The one or more second bits ^^^^ ^^^^ may be generated by the first device 110 based upon (or in response to) the one or more first bits ^^^^ ^^^^ . In another embodiment, the second bits ^^^^ ^^^^ may be randomly-generated by the first device 110. The second bits ^^^^ ^^^^ may be transmitted to the stimulator 120 over Bluetooth and/or NFC. PATENT C17610_P17610-02 [0037] The method 200 may also include transmitting (e.g., forwarding) the one or more second bits ^^^^ ^^^^ from the stimulator 120 to the second device 140, as at 235. The one or more second bits ^^^^ ^^^^ may be forwarded over a pre-existing Bluetooth and/or NFC link. [0038] The method 200 may also include performing a key exchange using the first device 110 and the second device 140, as at 240. The key exchange may be performed based upon and/or using the one or more first bits ^^^^ ^^^^, the one or more second bits ^^^^ ^^^^, or both. The key exchange may be or include a Diffie-Hellman key exchange. The key exchange may create a shared secret S. [0039] The method 200 may also include signing the shared secret S with a signing key, as at 245. The signing key may belong to the second device 140. Thus, the shared secret S may be signed by the second device 140. [0040] The method 200 may also include transmitting the signed shared secret S to one or more devices in the BAN, as at 250. More particularly, the signed shared secret may be transmitted from the second device 140 to the first device 110, the stimulator 120, the receiver (e.g., band) 130, other IMDs in the BAN, or a combination thereof. The signed shared secret S may be transmitted in an encrypted manner. [0041] The method 200 may also include using the signed shared secret S, as at 255. The signed shared secret S may be used by the first device 110 to communicate (e.g., pairwise) with individual BAN devices and/or other IMDs or wearable devices in the BAN (e.g., over a wireless channel). For example, the first device 110 may transmit measured data (e.g., heart rate, temperature, blood pressure, etc.) in real-time to a computing system that may be accessed by a physician. If an emergency is detected, the physician may immediately inform the patient 105 through the computing by transmitting appropriate messages or alarms. [0042] Data Transmission Over the Nerve [0043] The stimulator 120 may be modified to support data transmission. A conventional NCS device uses a source and a sink lead attached to the patient, stimulating a specific frequency at the source and measuring a reading at the sink. Instead of simply measuring the frequency to measure how a nerve functions, the system 100 and method 200 described herein add data to the signal sent over the nerve 107. Specifically, the system 100 and method 200 use a digital modulation scheme (e.g., binary frequency shift keying (FSK)), to encode information into the signal. The sink lead can then read and decode the modulated signal to recover the intended message. The source PATENT C17610_P17610-02 remains the stimulator 120, which is modified to encode the first bits ^^^^ ^^^^ using frequency shift keying into its generated stimulus. This signal then travels along the nerve 107, and is read by the sink lead, now the receiver 130 associated with the first device 110. Adapting NCS devices for data transmission applications has not been achieved before. [0044] Security [0045] Threat model [0046] It may be assumed that an adversary can eavesdrop wirelessly during the entire process of a key agreement and inject and modify data in the stream, allowing the adversary to attempt to impersonate the parties of the communication. It may also be assumed that the security of the Bluetooth protocol is compromised given a long history of attacks against its implementation and specification. This means the adversary may have access to all communication that is not explicitly end-to-end encrypted. Finally, it may be assumed that, while the adversary can operate freely over the wireless, they cannot physically be in the same room as the physician and patient, and cannot touch the patient. [0047] Analysis [0048] Based on the above threat model, the adversary can only access the first bits ^^^^ ^^^^ and/or the second bits ^^^^ ^^^^. If the adversary remains passive, then, based on the DDH assumption, the adversary cannot distinguish between the actual key ^^^^ ^^^^ and some random point on the elliptic curve ^^^^, and therefore security holds. The adversary could choose to mount an active attack and attempt to set up a manipulator-in-the-middle scenario and force the first device 110 and/or the second device 140 to use attacker-controlled keys. However, such an attack is not possible under solution provided herein because the transmission of the first bits ^^^^ ^^^^ to the first device 110 may only occur on the nerve 107. Because the adversary cannot interfere with this communication, it cannot change the key computed by the first device 110 and therefore cannot attempt to intercept messages. [0049] Preliminary Experiments [0050] Objectives [0051] Applicant first set out to use PyPNS, a peripheral nerve simulation program written in Python, to model whether it would be feasible to use a nerve to send data of the scope and complexity needed for a key agreement. This in silico work would then inform reasonable PATENT C17610_P17610-02 parameters for the range of required voltages and currents and the speed at which information can be transmitted without compromising fidelity. [0052] To identify parameters for electrical stimulation by which a user can transmit a test signal pattern and observe the modeled output from the nerve, a digital modulation scheme (e.g., a binary FSK) was implemented using PyPNS. Specifically, nerve, bundle, recording objects, geometries, and parameters exposed by the PyPNS module were accessed, and these values were experimentally adjusted until they met the required parameters above. [0053] Setup [0054] PyPNS is a Python 3 module based on popular open-source computing and data science packages, NumPy and SciPy, and NEURON, a simulation environment for modeling neurons and neural networks. PyPNS can be run in a Docker container to provide a consistent and reproducible environment. Docker is a platform that packages applications with their dependencies, providing a stable runtime environment regardless of the host OS and its packages. A Docker image was built using the Dockerfile provided by the PyPNS authors. The image was then run as a Docker container, creating a bind mount to a host machine so that Applicant could interactively edit the experimental Python program within the container. [0055] The Python program defined the sampling frequency as 44,100 Hz, the bit rate as 100 bits-per-second (bps), and the test message as "Hello World!" Next, the message was converted to binary and defined the frequency for the 0 bit ( ^^^0^ ) as 1200 Hz and the frequency for the 1 bit ( ^^^1^ ) as 2200 Hz. Then, regarding the PyPNS setup, the simulation parameters may be defined such as the duration of the simulation, number of time steps, stimulus parameters (e.g., amplitude, frequency, and duty cycle), signal generator parameters, nerve bundle geometric parameters (e.g., bundle length and segment length axon in micrometers), number of axons (i.e., 1), myelinated and unmyelinated fiber properties, and recording parameters (e.g., number of probes and their radius). Finally, the stimulus frequency was modulated according to the message. In other words, for each bit, frequency was shifted based on ^^^0^ and ^^^1^, adding a new excitation mechanism that generates an electrical stimulus to the axons when we invoke the bundle stimulate method. [0056] Results [0057] Figure 3 illustrates a graph showing the change in instantaneous frequencies (IFs) over time, according to an embodiment. The change may be dependent upon the change in frequency PATENT C17610_P17610-02 that was applied using an excitation mechanism. The X and Y axis limits may be constrained to provide more granularity to subtle frequency changes over the duration of the modulation. [0058] The spike times were calculated (e.g., when a neuron generates an action potential) based on the time vector associated with a matrix of single fiber action potentials (i.e., the returned tuple from the bundle.get_SFAPs_from_file method). Then, the inter-spike interval (ISI) or time interval between two consecutive action potentials was calculated, and those values were converted to instantaneous frequencies (IFs), or the rate of change of ISI over time. That was then used to compute the changes in signal frequency. [0059] This final calculation is relevant because shorter ISIs and increased IFs demonstrate increased signal frequency. The modification herein is to the frequency. The changes in frequencies may be discerned with the parameters defined in the setup section above with a bit rate of 100 bits per second over the simulated nerve. With this rate, a 256-bit EC key may be communicated, and the protocol tasks may be performed in under 3 seconds. [0060] Other Extensions [0061] Using the nervous system as a communication medium enables several functionalities or extensions. First, the nervous system may be used for wireless data transmission between a number of IMDs. This may also include biohacking devices, a suite of devices that integrate with digital devices and services rather than sustaining or supporting life. The nervous system may also or instead be used as an out-of-band channel that is independent from some main channels such as Bluetooth. This effectively creates a physical channel that mitigates remote observability (i.e., an attacker may only intercept communicated data by physically touching the user). [0062] EMG may be coupled with the random number generation process. Specifically, measuring electrical impulses from nerves may be used as a source of entropy. This process may be used for generating cryptographic parameters such as nonces, salts, passwords (if signals could be fuzzily reproduced via certain muscle movements), and private keys. Nervous system communication may also be used to perform distance bounding. This technique requires data to be sent, round-trip, in a certain amount of time to determine physical proximity. [0063] As used herein, the terms “inner” and “outer”; “up” and “down”; “upper” and “lower”; “upward” and “downward”; “upstream” and “downstream”; “above” and “below”; “inward” and “outward”; and other like terms as used herein refer to relative positions to one another and are not intended to denote a particular direction or spatial orientation. The terms “couple,” “coupled,” PATENT C17610_P17610-02 “connect,” “connection,” “connected,” “in connection with,” and “connecting” refer to “in direct connection with” or “in connection with via one or more intermediate elements or members.” [0064] The foregoing description, for purposes of explanation, used specific nomenclature to provide a thorough understanding of the disclosure. However, it will be apparent to one skilled in the art that the specific details are not required in order to practice the systems and methods described herein. The foregoing descriptions of specific examples are presented for purposes of illustration and description. They are not intended to be exhaustive of or to limit this disclosure to the precise forms described. Many modifications and variations are possible in view of the above teachings. The examples are shown and described in order to best explain the principles of this disclosure and practical applications, to thereby enable others skilled in the art to best utilize this disclosure and various examples with various modifications as are suited to the particular use contemplated. It is intended that the scope of this disclosure be defined by the claims and their equivalents below.

Claims

PATENT C17610_P17610-02 Claims 1. A system, comprising: a first device configured to be in contact with a patient; a stimulator configured to be in contact with the patient, wherein the stimulator is configured to transmit one or more first bits to the patient; and a receiver configured to be in contact with the patient, wherein the one or more first bits are configured to travel from the stimulator, through a nerve in a limb of the patient, to the receiver, and wherein the receiver is configured to cause the first device to wirelessly transmit one or more second bits to the stimulator in response to the receiver receiving the one or more first bits. 2. The system of claim 1, wherein the first device comprises an implantable medical device (IMD) that is implanted within the patient. 3. The system of claim 1 or claim 2, wherein the first device comprises a wearable device that is configured to be worn on an exterior of the patient. 4. The system of any of claims 1-3, wherein the stimulator is configured to be in contact with the limb of the patient at a different location than the receiver. 5. The system of any of claims 1-4, wherein the receiver comprises a band that is configured to be positioned around the limb of the patient. 6. The system of any of claims 1-5, further comprising a second device configured to receive the one or more second bits from the stimulator. 7. The system of claim 6, wherein the first device and the second device are configured to perform a key exchange using the one or more first bits and the one or more second bits to produce a shared secret. PATENT C17610_P17610-02 8. The system of claim 7, wherein the second device is configured to sign the shared secret with a signing key to produce a signed shared secret. 9. The system of claim 8, wherein the second device is configured to transmit the signed shared secret to the first device. 10. The system of claim 9, wherein the first device is configured to use the signed shared secret to wirelessly communicate with other IMDs within a body-area network (BAN). 11. A system for providing secure communication using a nervous system of a patient as a communication medium, the system comprising: a first device configured to be in contact with the patient, wherein the first device comprises an implantable medical device (IMD) or a wearable device, and wherein the first device is configured to measure parameters related to the patient, to provide medical stimulation or drugs to the patient, or both; a stimulator configured to be in contact with the patient, wherein the stimulator is configured to be in contact with a limb of the patient, and wherein the stimulator is configured to transmit one or more first bits to the patient; a receiver configured to be in contact with the patient, wherein the receiver comprises a band that is configured to be positioned around the limb of the patient, wherein the one or more first bits are configured to travel from the stimulator, through a nerve in the limb, to the receiver, wherein the receiver is wirelessly connected to the first device, and wherein the receiver is configured to cause the first device to wirelessly transmit one or more second bits to the stimulator in response to the receiver receiving the one or more first bits; and a second device configured to receive the one or more second bits from the stimulator, wherein the first device and the second device are configured to perform a key exchange using the one or more first bits and the one or more second bits to produce a shared secret, wherein the second device is configured to sign the shared secret with a signing key to produce a signed shared secret, wherein the second device is configured to transmit the signed shared secret to the first PATENT C17610_P17610-02 device, and wherein the first device is configured to use the signed shared secret to wirelessly communicate with other IMDs or wearable devices within a body-area network (BAN). 12. The system of claim 11, wherein the second device is configured to transmit the one or more first bits to the stimulator prior to the stimulator transmitting the one or more first bits to the patient. 13. The system of claim 11 or claim 12, wherein the receiver is configured to transmit the one or more first bits to the first device. 14. The system of claim 13, wherein the first device is configured to generate and transmit the one or more second bits based upon the one or more first bits. 15. The system of any of claims 11-14, wherein the key exchange comprises a Diffie Hellman key exchange. 16. A method for providing secure communication using a nervous system of a patient as a communication medium, the method comprising: placing a stimulator in contact with the patient; placing a receiver in contact with the patient; transmitting one or more first bits to the patient, wherein the one or more first bits travel from the stimulator, through a nerve in a limb of the patient, to the receiver; and transmitting one or more second bits to the stimulator in response to the receiver receiving the one or more first bits. 17. The method of claim 16, wherein the receiver causes a first device in that is in contact with the patient to transmit the one or more second bits in response to the receiver receiving the one or more first bits. 18. The method of claim 17, further comprising: receiving the one or more second bits with a second device; and PATENT C17610_P17610-02 performing a key exchange using the one or more first bits and the one or more second bits to produce a shared secret, wherein the key exchange is performed by the first device and the second device. 19. The method of claim 18, further comprising signing the shared secret with a signing key to produce a signed shared secret, wherein the shared secret is signed by the second device. 20. The method of claim 19, further comprising: transmitting the signed shared secret from the device to the first device; and communicating wirelessly from the first device to one or more implantable medical devices (IMDs) or wearable devices within a body-area network (BAN) using the signed shared secret.
PCT/US2024/039782 2023-08-16 2024-07-26 Enabling secure data communication using the nervous system Pending WO2025038268A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202363532993P 2023-08-16 2023-08-16
US63/532,993 2023-08-16

Publications (2)

Publication Number Publication Date
WO2025038268A2 true WO2025038268A2 (en) 2025-02-20
WO2025038268A3 WO2025038268A3 (en) 2025-04-17

Family

ID=94632605

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2024/039782 Pending WO2025038268A2 (en) 2023-08-16 2024-07-26 Enabling secure data communication using the nervous system

Country Status (1)

Country Link
WO (1) WO2025038268A2 (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008154504A2 (en) * 2007-06-08 2008-12-18 William Marsh Rice University System and method for intra-body communication
EP2690950B1 (en) * 2011-03-29 2017-01-04 Dynavax Technologies Corporation Tlr8 transgenic animals
US9205258B2 (en) * 2013-11-04 2015-12-08 ElectroCore, LLC Nerve stimulator system
JP7036728B2 (en) * 2016-01-11 2022-03-15 バイオネス インコーポレイテッド Systems and devices for gait adjustment and how to use them
EP4041080A4 (en) * 2019-10-11 2023-10-11 Neuroscience Research Australia (Neura) Methods, devices and systems for providing stimulus to guide movement

Also Published As

Publication number Publication date
WO2025038268A3 (en) 2025-04-17

Similar Documents

Publication Publication Date Title
Ghubaish et al. Recent advances in the internet-of-medical-things (IoMT) systems security
Marin et al. On the (in) security of the latest generation implantable cardiac defibrillators and how to secure them
Halperin et al. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses
Chang et al. Body Area Network Security: Robust Key Establishment Using Human Body Channel.
Wu et al. Access control schemes for implantable medical devices: A survey
Halperin et al. Security and privacy for implantable medical devices
Usman et al. Security in wireless body area networks: From in-body to off-body communications
Li et al. Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system
US10305692B2 (en) Pairing of devices for far-field wireless communication
US20150089590A1 (en) Methods for secure control of and secure data extraction from implantable medical devices using smartphones or other mobile devices
Challa et al. Authentication protocols for implantable medical devices: taxonomy, analysis and future directions
Marin et al. On the feasibility of cryptography for a wireless insulin pump system
US8345879B2 (en) Securing wireless body sensor networks using physiological data
Siddiqi et al. Improving the security of the IEEE 802.15. 6 standard for medical bans
Wu et al. Designing novel proxy-based access control scheme for implantable medical devices
Duttagupta et al. Hat: Secure and practical key establishment for implantable medical devices
Oberoi et al. Wearable security: Key derivation for body area sensor networks based on host movement
Karimian et al. Never lose your ECG: A novel key generation and authentication scheme for implantable medical devices
WO2025038268A2 (en) Enabling secure data communication using the nervous system
Chi et al. e-safe: Secure, efficient and forensics-enabled access to implantable medical devices
Beck et al. BCG & ECG-based secure communication for medical devices in Body Area Networks
Mitra et al. Guarding the beats by defending resource depletion attacks on implantable cardioverter defibrillators
Ninglekhu Securing implantable cardioverter defibrillators using smartphones
Cao et al. Muscle Activity‐Driven Green‐Oriented Random Number Generation Mechanism to Secure WBSN Wearable Device Communications
Siddiqi On the security and privacy of implantable medical devices

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 24854625

Country of ref document: EP

Kind code of ref document: A2