Base Ten Systems, Inc. (Trenton, NJ)

A system and method for operating application software in a security-critical environment includes providing a processor that has an operating system to perform processing operations and an intermediate shell that interacts with the operating system as well as application software in order to provide the safety-critical environment for the application software. In order to create a secure environment the application software should only interact with the intermediate shell.

The invention concerns a system and method for running software in a safe environment. A safe critical environment is one in which a computer software activity (process functions, functions, etc.) where errors like inadvertent or unauthorized occurrences or failures to occur when required, erroneous values, or undetected hardware malfunctions could result in the potential for danger or loss of predictability of system outcome. A security critical environment is required forsafety critical computer software components wherein an inadvertent action might be directly responsible for death or injury, occupational illness or other significant event, or in situations where the outcomes of a computer’s actions would be used to make decisions whichmight cause the death or injury of a person or cause a serious decision. The term “safety critical environment” refers to a set or set of guidelines or standards. It is described in military specifications such as MIL-STD-882B. It’s combined with DOD-STD-2167 as well as DOD?STD-2168 software. In addition, the capability to audit and review the operation of the program following the completion of its execution, to insure compliance becomes an integral part of the safety critical environmental.

Heretofore, special purpose computers have been designed wherein the firmware and the hardware integrated into the system are created to meet the performance, testing , and reporting requirements to provide a safety critical environment forapplication software.

However, government agencies such as the Food and Drug Administration, require safety critical standards for existing medical systems, along with the requirement of confirming the development process for software and the operation of the software when it is used in a safety critical operation There is a requirement to create a safe critical environment embedded within general purpose data processing systems like the ones with standard commercial operating systems, such as DOS and system 7 forMacintosh, Windows, OS/2 and OS/2. This environment of safety is also be accountable for monitoring and verifying of the correct operation, allowing demonstrable evidence of application system functioning.

The main object of the invention is to create security critical environments in a data processing system which is normally not equipped to provide a safety critical environment and which operates with an industry standard operatingsystem for personal computers.

The present invention achieves these and other goals through an intermediate operating shell. The shell is superimposed on a standard personal computing operating system such as DOS, System 7 for the Macintosh or Windows. The intermediate shell simulates the safety-critical environment of a personal computing system that is not normally considered to be a security-critical system. It monitors its performance in a way that is a safety critical instrument. The shell works with the operating system to watch all system functions for safety crucial performance issues and then corrects them in real time or stops the system from proceeding, along with an on the spot reportingfunction. It also interacts with application software to ensure that it is not interfering with the operating system’s normal operation. The intermediate shell is able to provide an operating environment that is consistent and standard for application software, which is inherently compatible with the requirements of a safety critical environment.

In accordance with the invention described herein, the intermediate shell is imposed over the operating system to emulate the safety-critical information processing system. The preferred intermediate shell provides a consistent machine-to-application software that supports the most common database operations and structures as well as standard screens handling capabilities.

The intermediate shell performs safety critical operations such as database integrity checks with every read and write to the database, range check and continuous monitoring of hardware and problem log. The intermediate shell is responsible for security-critical functions like redundancy by double copying all data , or other equivalent methods, validation of database information via cyclic redundancy checks of every data element including hardware validation and validation of variable data, format testing, and range testing.

The shell executes the software in front of it and checks for hardware integrity and database integrity in the background. This is a crucial characteristic of the invention.

The above and other features and advantages of the present invention can be seen in the complete description of the invention along with the accompanying drawings in which:

Click here to view the patent on USPTO website.

Get Patents with PatentPC

What is a software medical device?

The FDA refers to software functions which may include ” Software as a Medical Device” (SaMD) and “Software in a Medical Device (SiMD) ), which is software that is integrated into (embedded in) the medical device.

Section 201(h) of the?Federal Food Drug, Cosmetic, and Act, ?21 U.S.C. 321(h),(1) defines medical devices as apparatus, device machines, machines, contrivances, implant, in vitro regulator or other similar or related articles and an accessory or component. . . (b) intended for use in the diagnosis of illnesses or other conditions or in the treatment or mitigation of disease, or prevention of disease in man or other animals or (c) intended to affect the structure or any functions of the human body or other animals.? To be considered a medical device and therefore subject to FDA regulation the software must satisfy at least one of the following criteria:

  • It should be designed to aid in diagnosing or treating an individual patient.
  • It must be designed to modify the structure or perform any function of the body

Thus, if your software is specifically designed for health professionals to treat and diagnose patients or used in hospitals to manage patient information, the FDA will likely consider such software as medical devices subject to review by the regulatory authorities.

Is Your Software a Medical Device?

What does it mean if your software/SaaS is classified as a medical device?

SaaS founders need to be aware of the compliance risks that medical devices pose. Data breaches are one of the biggest risks. Medical devices often contain sensitive patient data, which is why they are subject to strict regulations. This data could lead to devastating consequences if it were to become unprotected. SaaS companies who develop medical devices need to take extra precautions to ensure their products are safe.

So who needs to apply for FDA clearance? The FDA defines a ?mobile medical app manufacturer? is any person or entity who initiates specifications, designs, labels, or creates a software system or application for a regulated medical device in whole or from multiple software components. This term does not include persons who exclusively distribute mobile medical apps without engaging in manufacturing functions; examples of such distributors may include the app stores.

Software As Medical Device Patenting Considerations

The good news is that investors like medical device companies which have double exclusivity obtained through FDA and US Patent and Trademark Office (USPTO) approvals. As such, the exit point for many medical device companies is an acquisition by cash rich medical public companies. This approach enables medical devices to skip the large and risky go-to-market (GTM) spend and work required to put products in the hands of consumers.

Now that we have discussed the FDA review process, we will discuss IP issues for software medical device companies. Typically, IP includes Patents, Trademarks, Copyrights, and Trade secrets. All of these topics matter and should be considered carefully. However, we will concentrate on patents to demonstrate how careless drafting and lack of planning can lead to problems, namely unplanned disclosures of your design that can then be used as prior art against your patent application.

In general, you should file patent application(s) as soon as practicable to get the earliest priority dates. This will help you when you talk to investors, FDA consultants, prototyping firms, and government agencies, among others. Compliance or other documents filed with any government agency may be considered disclosure to third parties and could make the document public. In general, disclosures to third parties or public availability of an invention trigger a one year statutory bar during which you must file your patent application. Failure to file your application within the required time frame could result in you losing your right to protect your invention.

The information from your FDA application may find its way into FDA databases, including DeNovo, PMA and 510k databases and FDA summaries of orders, decisions, and other documents on products and devices currently being evaluated by the FDA. Your detailed information may be gleaned from Freedom of Information Act requests on your application. This risk mandates that you patent your invention quickly.

When you patent your medical device invention, have a global picture of FDA regulatory framework when you draft your patent application. Be mindful of whether your software/SaaS application discusses the diagnosing and treating patients or affecting the structure or function of the body and add language to indicate that such description in the patent application relates to only one embodiment and not to other embodiments. That way you have flexibility in subsequent discussions with the FDA if you want to avoid classification of your software/SaaS/software as a medical device. In this way, if you wish to avoid FDA registration and oversight, you have the flexibility to do so.

An experienced attorney can assist you in navigating the regulatory landscape and ensure that you comply with all applicable laws. This area of law is complex and constantly changing. It is important that you seek legal advice if you have any questions about whether or not your software should be registered with FDA.

Patent PC is an intellectual property and business law firm that was built to speed startups. We have internally developed AI tools to assist our patent workflow and to guide us in navigating through government agencies. Our business and patent lawyers are experienced in software, SaaS, and medical device technology. For a flat fee, we offer legal services to startups, businesses, and intellectual property. Our lawyers do not have to track time as there is no hourly billing and no charges for calls or emails. We just focus on getting you the best legal work for your needs.

Our expertise ranges from advising established businesses on regulatory and intellectual property issues to helping startups in their early years. Our lawyers are familiar with helping entrepreneurs and fast-moving companies in need of legal advice regarding company formation, liability, equity issuing, venture financing, IP asset security, infringement resolution, litigation, and equity issuance. For a confidential consultation, contact us at 800-234-3032 or make an appointment here.