Exchanging data for programming or managing programmable personal medical devices such as a cardiac pacemaker via data connections such as a line-based telephone network, the Internet, a radio-based telephone network, or similar means between a (central) service provider and the cardiac pacemaker is known. The data connections typically do not represent secure connections which are unconditionally trustworthy.
During operation of a cardiac pacemaker or defibrillator, data arises in regard to the medical device and in regard to its operation. This data results on one hand from the operating state of the personal medical device itself and on the other hand from data which is detected by the personal medical device. Such data is significant in particular for optimum aftercare. Such aftercare data which has been recorded by an implant may be transmitted via the above-mentioned connections to the service provider.
In the opposite direction, i.e., from the service provider to the implant, updates of the operating parameters or the operating program of the implant may be applied by the attending physician.
In both cases, on one hand for reasons of securing the private sphere and the confidentiality of the patient data and on the other hand for reasons of operational reliability and avoiding manipulations of the settings of the implant, predetermined protocols or modules are used in the data transmission, encryption and/or decryption and authentication algorithms being used in particular.
The encryption of a data transmission between a medical implant and a central service provider via POP is cited in U.S. Pat. No. 6,442,432.
Even if a data exchange does not occur via possibly unsecured data lines, but rather in a secure environment such as a hospital, an increase of the security may also be achieved by using appropriate protocols.
Experience has shown that algorithms or modules first classified as secure and adequate may be classified as unsecured or at least only restrictedly secure at a later time. In such a case, the problem arises that the protocols, algorithms, or modules must be easily replaceable both on the encrypting side and also on the decrypting side and/or on both sides of an authentication without the remainder of the data transmission or the useful data load having to be changed for this purpose.
The terms “algorithm”, “module”, and “protocol” are to be understood as fundamentally synonymous in the context of the present invention and are used interchangeably in the following discussion.