Medical Authentication

Medical equipment such as electro-surgical systems, glucose monitors, pharmaceutical injectors, ultrasound imagers, and pulse oximeters use various plug-in tools, probes, sensors, and consumables that are crucial in determining the correct diagnoses or applying the correct therapy. If these tools and consumables are applied incorrectly, or if they are sourced from non-genuine channels, they could result in severe health consequences for the patient and severe economic and reputational consequences for the practice. Employing electronic authentication within medical products can insure that the products are used per the operating instructions.

One of the challenges in the medical industry is that products must be protected against counterfeiting throughout the whole supply chain and traceability is a key requirement in this area. Appropriate calibration of medical sensors or probes is also a key factor for accurate diagnostic, calibration parameters thus become sensitive data. Another requirement is usage control: consumables have by definition a limited number of usages. Again, if they are used over the number of times they have been designed for, this may have negative consequences for patient health and equipment manufacturer reputation.

Authentication circuitry can be embedded within a product to provide a solution for all of the above challenges.

Strong Authentication is Required

Because medical products can be expensive and in some cases produced in large quantities, there is a strong profit motive for counterfeiters to offer replacement or remanufactured products that can be lower in price and quality.

Counterfeiters have the technology to reverse engineer simple authentication techniques like serial number IDs or simple password solutions. Therefore, the electronic authentication solution chosen for use with medical products must offer strong authentication features in order to eliminate the possibility of non-genuine alternatives from being used. A crypto-strong method based on challenge-and-response authentication provides a solution that is backed by industry standards and practice.

An EEPROM can store sensitive data such as traceability information or calibration parameters as long as it is tamper proof and has authenticated write access. The tamper proof EEPROM technology of the DeepCover authentication ICs associated to authenticated read and write enable to manage usage control and expiration date of accessories or consumable. Only authorized entries are allowed to program the expiration date or usage counter in the EEPROM memory making impossible for an attacker to reset the number of usages or set the expiration date beyond the intended one. The content of the EEPROM can be authenticated using the SHA-256 or ECDSA algorithms and then the contents can be trusted.

Maxim's DeepCover® Secure Authenticators meet and exceed these requirements with features including Crypto based on symmetric-key SHA-256 (secure hash algorithm) or asymmetric-key ECDSA (elliptic-curve digital signature algorithm).

Medical Application: Traceability


Blood Glucose Meter Featuring Secure Digital Signature for Traceability

The above diagram shows an application that provides authenticated results data to be transferred from a blood glucose meter into a smart phone for subsequent transfer to a patient's record. Authentication verifies the data came from a specific device.

Back to Top |

Medical Application: Secure Monitoring


Authentication Consummable with Digital Signature

The above diagram shows an application that authenticates the consumable and also provides authenticated usage information back to a central processing site for transfer to a patient's record.

Back to Top |

Medical Application: Enforcing One-Time Use of Surgical Tool


Authentication One Time Use of Surgical Tool

In the diagram above, a secure memory keeps a count of the number of times a surgical tool has been used while also ensuring that the tool is authentic.

Back to Top |

Authentication Process Flow

Implementing strong authentication within a product requires a few extra steps during manufacturing and in field usage. These flow diagrams outline the procedures.

Resources

DS28E15
DeepCover Secure Authenticator with 1-Wire SHA-256 and 512-Bit User EEPROM

  • Symmetric-Key-Based Bidirectional Secure Authentication Model Based on SHA-256
  • Strong Authentication with a High-Bit-Count User-Programmable Secret and Input Challenge
  • 512 Bits of User EEPROM Partitioned Into Two Pages of 256 Bits

DS2465
DeepCover Secure Authenticator with SHA-256 Coprocessor and 1-Wire Master Function

  • SHA-256 Engine to Operate a Symmetric-Key-Based Bidirectional Secure Authentication Model
  • Two 32-Byte Pages of User EEPROM with Multiple Programmable Protection Options
  • 1-Wire Master Port with Selectable Active or Passive 1-Wire Pullup