Firmware update
US-11157265-B2 · Oct 26, 2021 · US
Secure software updates and architectures
US12080409B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12080409-B2 |
| Application number | US-202117543674-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 6, 2021 |
| Priority date | Dec 7, 2020 |
| Publication date | Sep 3, 2024 |
| Grant date | Sep 3, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and techniques to ensure reliable operation of devices, such as medical devices, that are configured to execute installed software are described. A secure software update process for the device utilizes multiple integrity checks in order to prove that software integrity has not been compromised before the device is allowed to be put into service with the software installed thereon. Also described is a computer architecture for an external defibrillator that isolates the execution of installed software applications by separately compiling the code for those applications and by executing the separately-compiled applications on different processors of the defibrillator. Among other things, this allows the defibrillator to be “brought online” faster, such as to deliver a shock to a patient.
First claim
Opening claim text (preview).
The invention claimed is: 1. A device comprising: a processor; first memory; and second memory storing computer-executable instructions that, when executed by the processor, cause performance of operations comprising: downloading software from an external device to the first memory as downloaded software, the downloaded software associated with a software update for the device; performing a first integrity check on the downloaded software; determining that the downloaded software passed the first integrity check; based on the downloaded software having passed the first integrity check, installing the downloaded software in the second memory as installed software; performing a second integrity check on the installed software; determining that the installed software did not pass the second integrity check; and disabling the device so that the device is inoperable in association with a patient based on the installed software having not passed the second integrity check. 2. The device of claim 1 , wherein the first memory organizes data within a staging area that comprises, prior to the installing of the downloaded software in the second memory: a current folder containing a copy of existing software that is currently installed in the second memory; and a working folder containing the downloaded software. 3. The device of claim 2 , wherein the operations further comprise, prior to the downloading of the software: receiving a digitally-signed manifest file from the external device that specifies a list of files included in the software update; determining that a first file in the list of files matches a second file of the copy of the existing software in the current folder; storing a copy of the second file in the working folder; performing a preliminary integrity check on the copy of the second file; and determining that the copy of the second file passed the preliminary integrity check; wherein the software downloaded from the external device excludes the first file, and wherein the performing of the first integrity check further comprises performing the first integrity check on the copy of the second file. 4. The device of claim 1 , wherein the operations further comprise, after the installing of the downloaded software in the second memory: recording information that identifies hardware components that are currently installed in the device; powering off the device; powering on the device into a patient mode; and failing to detect, based on the information, that any of the hardware components have been replaced with a different hardware component. 5. A device comprising: a processor; first memory; and second memory storing computer-executable instructions that, when executed by the processor, cause performance of operations comprising: storing software received from an external device in the first memory as stored software, the stored software associated with a software update for the device; performing a first integrity check on the stored software; determining that the stored software passed the first integrity check; based on the stored software having passed the first integrity check, installing the stored software in the second memory as installed software; after the installing of the stored software, rebooting the device into a test mode; and performing a second integrity check on the installed software while the device is in the test mode. 6. The device of claim 5 , wherein the operations further comprise: determining that the installed software passed the second integrity check; and enabling the device for use based on the installed software having passed the second integrity check. 7. The device of claim 6 , wherein the device is a medical device, and wherein the enabling the device comprises enabling the medical device for use in association with a patient. 8. The device of claim 5 , wherein the operations further comprise: determining that the installed software did not pass the second integrity check; and disabling the device so that the device is inoperable based on the installed software having not passed the second integrity check. 9. The device of claim 5 , wherein the first memory organizes data within a staging area that comprises, prior to the installing of the stored software in the second memory: a first folder containing a copy of existing software that is currently installed in the second memory; and a second folder containing the stored software. 10. The device of claim 9 , wherein the operations further comprise, prior to the storing of the software: receiving a digitally-signed manifest file from the external device that specifies a list of files included in the software update; determining that a first file in the list of files matches a second file of the copy of the existing software in the first folder; storing a copy of the second file in the second folder; performing a preliminary integrity check on the copy of the second file; determining that the copy of the second file passed the preliminary integrity check; and receiving, from the external device, the software excluding the first file, wherein the performing of the first integrity check further comprises performing the first integrity check on the copy of the second file. 11. The device of claim 5 , wherein the operations further comprise, after the installing of the stored software in the second memory: recording information that identifies hardware components that are currently installed in the device; powering off the device; powering on the device; detecting, based on the information, that a hardware component of the hardware components has been replaced with a different hardware component; and disabling the device so that the device is temporarily unusable based on the detecting that the hardware component has been replaced. 12. A method comprising: downloading software to first memory of a device as downloaded software, the downloaded software associated with a software update for the device; performing, by the device, a first integrity check on the downloaded software; determining, by the device, that the downloaded software passed the first integrity check; based on the downloaded software having passed the first integrity check, installing the downloaded software in second memory of the device as installed software; performing, by the device, a second integrity check on the installed software prior to enabling the device to execute the installed software to operate the device; determining, by the device, that the installed software passed the second integrity check; and after the determining that the installed software passed the second integrity check; rebooting the device into a setup mode; and sending, while the device is in the setup mode, information to a server computer indicating that the software update was successful. 13. The method of claim 12 , further comprising, after the installing of the downloaded software, rebooting the device into a test mode, wherein the second integrity check is performed while the device is in the test mode. 14. The method of claim 12 , further comprising: enabling the device for use based on the installed software having passed the second integrity check. 15. The method of claim 12 , further comprising, prior to the downloading of the software: receiving, at the device, a digitally-signed manifest file that specifies a list of files included in the software update; determining, by the device, that a first file in the list of files matches a second file of existing software that is c
Assignees
Inventors
Classifications
using techniques specially adapted for alterable solid state memories, e.g. for EEPROM or flash memories · CPC title
Secure firmware programming, e.g. of basic input output system [BIOS] · CPC title
Test or assess software · CPC title
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
for local operation · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12080409B2 cover?
- Systems and techniques to ensure reliable operation of devices, such as medical devices, that are configured to execute installed software are described. A secure software update process for the device utilizes multiple integrity checks in order to prove that software integrity has not been compromised before the device is allowed to be put into service with the software installed thereon. Also…
- Who is the assignee on this patent?
- Stryker Corp
- What technology area does this patent fall under?
- Primary CPC classification G16H40/40. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 03 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).