Split key architecture for facilitating authentication between an implanted medical device and an external device

The invention claimed is: 1 . A method of facilitating authentication between an external device (ED) and an implantable medical device (IMD) of a patient, the method comprising: generating, a device authentication parameter; decomposing, the device authentication parameter into a first key component and a second key component; providing, the first key component to a cloud storage system; embedding, the second key component into a therapy application that is executable on the external device, wherein the second key component is embedded into the therapy application via encoding in a non-descript string obfuscation; and retrieving, the second key component from the therapy application, and the first key component from the cloud storage system, wherein the second key component is obtained via non-descript string de-obfuscation from the therapy application, and generating, based on the retrieving, a reconstituted device authentication parameter from the first key component and the second key component and authenticating the ED device by presenting the reconstituted device authentication parameter to the IMD. 2 . The method as recited in claim 1 , wherein the first key component comprises a random 128-bit value generated using OpenSSL. 3 . The method as recited in claim 2 , wherein the second key component comprises a value obtained by executing a reversible logic operation combining the random 128-bit value and a binary value of the device authentication parameter. 4 . The method as recited in claim 3 , wherein the reversible logic operation comprises a bitwise XOR operation between the random 128-bit value and the binary value. 5 . The method as recited in claim 1 , further comprising: storing the reconstituted device authentication parameter in a device keychain; and accessing the reconstituted device authentication parameter on at least one subsequent attempt to establish connection with the IMD. 6 . The method as recited in claim 1 , wherein the therapy application embedded with the second key component is distributed or otherwise obtained via at least one of a public app store, a private app store, a File Transfer Protocol (FTP) site, an enterprise device management system, a push mechanism or a pull mechanism. 7 . The method as recited in claim 1 , wherein the first key component is obtained from the cloud storage system responsive to an authenticated application programming interface (API) call over a Transport Layer Security (TLS) session. 8 . The method as recited in claim 1 , further comprising: launching the therapy application and obtaining the second key component. 9 . The method as recited in claim 1 , further comprising configuring the ED one of a clinician programmer device, a patient controller device, or a delegated agent device. 10 . The method as recited in claim 1 , further comprising mutually authenticating between the therapy application of the external device and the IMD based on a pair of challenge-response sequences, each further based on exchanging respective public key infrastructure (PKI) credentials relating to the therapy application and the IMD. 11 . A method of using an external device (ED) operative to communicate with an implantable medical device (IMD) of a patient, the method comprising: establishing, using communication circuitry of the external device, a wireless telemetry communication link with the IMD; obtaining, at a therapy application stored in a persistent memory module of the external device, a first key component from a cloud storage system; obtaining a second key component embedded in the therapy application, wherein the obtaining comprises non-descript string de-obfuscation of data stored in the therapy application; generating a reconstituted device authentication parameter from the first and second key components to be presented to the IMD for authentication; storing the reconstituted device authentication parameter in a device keychain; and establishing a connection with the IMD based on the reconstituted device authentication parameter stored in the device keychain. 12 . The method as recited in claim 11 , wherein the first key component comprises a random 128-bit value generated using OpenSSL. 13 . The method as recited in claim 12 , wherein the second key component comprises a value obtained by executing a reversible logic operation combining the random 128-bit value and a binary value. 14 . The method as recited in claim 13 , wherein the reversible logic operation comprises a bitwise XOR operation between the random 128 -bit value and the binary value. 15 . The method as recited in claim 11 , wherein the persistent memory module includes program instructions for facilitating obtaining the therapy application including the embedded second key component via at least one of a public app store, a private app store, a File Transfer Protocol (FTP) site, an enterprise device management system, a push mechanism and/or a pull mechanism. 16 . The method as recited in claim 11 , wherein the persistent memory module includes program instructions for facilitating obtaining the first key component from the cloud storage system responsive to initiating an authenticated application programming interface (API) call over a Transport Layer Security (TLS) session. 17 . The method as recited in claim 11 , wherein the therapy application further includes program instructions for performing: storing the reconstituted device authentication parameter in a device keychain; and accessing the reconstituted device authentication parameter on an attempt to establish connection with the IMD. 18 . The method as recited in claim 11 , wherein the therapy application is configured with a privilege level for operating the external device as one of a clinician programmer device, a patient controller device, or a delegated agent device. 19 . A method of facilitating authentication between an external device (ED) and an implantable medical device (IMD) of a patient, the method comprising: generating a device authentication parameter having a key strength; decomposing the device authentication parameter into a first key component and a second key component, the second key component comprises a value obtained by executing a reversible logic operation combining a random value and a binary value of the device authentication parameter; providing the first key component to a cloud storage system; embedding the second key component into a therapy application executable on the ED; responsive to obtaining the first key component from the cloud storage system, retrieving from the therapy application the second key component via non-descript string de-obfuscation, and generating a reconstituted device authentication parameter from the first key component and the second key components; and authenticating the ED device by presenting the reconstituted device authentication parameter to the IMD.