Firmware Security Architecture for Class III FDA Medical Device with Bluetooth Integration

Client

American manufacturer of next-generation insulin pumps.

Challenge

Designing and implementing critical security features (mission-critical) for an insulin pump – a FDA Class III medical device, requiring the highest level of reliability. The challenge was integrating new security mechanisms, including authorization via Bluetooth (BLE), into an existing, mature, and complex codebase without regression risk.

Solution

My work focused on strengthening (hardening) and expanding the firmware security architecture:

I adapted and hardened an open-source library for elliptic curve cryptography (ECC).

A key challenge was sleep/wake cycles. I developed an innovative context management system to maintain integrity of ongoing ECC computations despite interrupted power operations, which was critical for security continuity.

During integration work, I contributed to overall product stability by identifying and reporting a Memory Protection Fault directly in the ThreadX real-time system.

Result

Implemented security mechanisms (including ECC context management) raised firmware integrity and reliability to the level required by rigorous FDA standards for Class III. Detection of the RTOS (ThreadX) error further increased stability and security of the entire system, protecting patients.

Technologies Used:

RTOS: ThreadX

Cryptography: ECC (Elliptic Curves), Hardening Open-Source Libraries

Concepts: FDA Class III, MedTech Security (Safety-Critical), Context Management, Low-Power Modes, Memory Protection

Communication: Bluetooth Low Energy (BLE)

Language: C / C++