Patent attributes
Methods and apparatus provide communications among respiratory therapy device (“TD”), server and intermediary (e.g., a control device (“CTLD”) for the therapy device) to improve security. More secure communication channel(s) may be established using shared secrets derived with different channels. The communications may include transmitting therapy data from TD to server for authentication. The CTLD may receive the data and a nonce from a server. The CTLD receives from the TD a signing key dependent on the nonce and a secret shared by TD and server. The CTLD generates an authorisation code with received therapy data and the key for authentication of the data by the server upon its receipt of the code and data. The server computes (1) a key from the nonce and the secret known to TD, and (2) another authorisation code from received therapy data and the key. Data authentication may involve comparing received and computed codes.