I mention the IEEE article because having a reliable connection is a major concern to anyone who would implement a medical application that uses remote programming. Remote programming would involve downloading new instructions, new software or software patches to a device. That download must be performed safely, securely and without error. Furthermore, entire connection system would have to be extremely tolerant of errors and connection breaks. In that vein, I discuss the Rosetta-Wireless connection model in more detail with special emphasis on how the model provides a reliable, logically stable and secure connection with significant throughput. This is a continuation of the article titled "New Communications Model for Medical Devices" that I published 11 October 2009. It is also a continuation of the article that I published on 14 October 2009," Medtronic Patent Application: Communication system for medical devices ."
I provide a slightly revised drawing of the connection model below. (You should see a larger drawing in another window/tab if you click on the drawing).
The area of interest of this discussion is defined by the curly-brace on the right. It is the communications path between the mobile server and the central server. As I had mentioned in my previous post the Central and Mobile Servers are logically identical; i.e., whatever data is on the Central Server will migrate to the Mobile Server and vice versa. So, if a file appears on the CS, it will be mirrored to the PS automatically. Furthermore, since the two servers are logical twins, they continue to maintain a logical connection with each other even when disconnected.
From a security standpoint, all transmissions are encrypted, all data on the mobile server is encrypted and the two system authenticate each other using a shared secret. The data on a Mobile Server is managed by a secure, centralized authority, thus if the Mobile Server is ever stolen, once that stolen Mobile Server contacts a Central Server, the Central Server will send a signal to erase it's data and terminate its operation. This is important because should anyone consider such a model as this for the transfer of medical data, the data and any device that manages that data in the field will have to be secured.
Wireless networks are inherently unreliable, they rely on radio technology with all it's physical instabilities to provide a connection. Anything moving adds instability by continually moving in and out of coverage. The TCP/IP protocol was not designed to handle communications where there are frequent breaks and re-connections. The protocol was designed for an “always connected” state. Furthermore, the endpoints of the communications link – the service provider (server) or the user's equipment (client) – have been designed to “expect” an “always connected state as well. Neither the network, appliances, user devices or users are designed to handle frequent communication breaks.
From a security standpoint, all transmissions are encrypted, all data on the mobile server is encrypted and the two system authenticate each other using a shared secret. The data on a Mobile Server is managed by a secure, centralized authority, thus if the Mobile Server is ever stolen, once that stolen Mobile Server contacts a Central Server, the Central Server will send a signal to erase it's data and terminate its operation. This is important because should anyone consider such a model as this for the transfer of medical data, the data and any device that manages that data in the field will have to be secured.
Wireless networks are inherently unreliable, they rely on radio technology with all it's physical instabilities to provide a connection. Anything moving adds instability by continually moving in and out of coverage. The TCP/IP protocol was not designed to handle communications where there are frequent breaks and re-connections. The protocol was designed for an “always connected” state. Furthermore, the endpoints of the communications link – the service provider (server) or the user's equipment (client) – have been designed to “expect” an “always connected state as well. Neither the network, appliances, user devices or users are designed to handle frequent communication breaks.
The crux of this model and the point of this article is to describe a means for transforming an intermittent and unreliable wireless connection environment into a reliable one. It does this in two ways.
First, the Mobile Server has the capability of utilizing more than one connection simultaneously (opportunistic routing). If two or three connections are available, data can be send over all the connections simultaneously. Should a connection suddenly drop, the system reconfigures itself and starts moving data over the remaining channels. For example, the Mobile Server could have connections both with WiFi and 3G. The WiFi connection could suddenly drop, but the data would be routed over the 3G connection, seamlessly and without interruption. Thus the system is able to use connection redundancy in an effective manner and without the need to suddenly switch to an available wireless connection once that wireless connection drops. Since it can connect to an infinite number of wireless connections (the software is capable of doing this. There are no limits on the number of simultaneous connections.), all the software does is move the traffic to the active connection(s).
Second, the two servers, Mobile and Central, continually maintain a stable connection between each other. Should their be a connection break, each server preserves the state of the data transfer (in the case of a file - a data or software file - with a known end point) or the state of the session should the transfer be a streaming connection (such as video or voice). Should all connections drop, when the Mobile and Central Server reconnect, they authenticate each other and restart the transfer of data.
(One aspect of the system related to its reliability is the capability of the Mobile Server to connect to a variety of Central Servers thus increasing system reliability by providing multiple connection paths to the System Service Provider Servers.)
Finally, it's time to describe the value of the model I've described to the endpoints. The System Service Provider Servers (or Enterprise Server) is provided a stable, hardwired connection. The applications running on the System Service Provider Servers are not required to handle any connection problems. Adding the code to handle intermittent connections just adds to their complexity. The engineers developing services, particularly those based on remote programming, can be assured that the transfer of data between the System Service Provider Servers and the Mobile Server is reliable and assured.
Once the necessary data or software reaches the Mobile Server, the Mobile Server connects in the usual manner to manage uploads, downloads and messages with a patient's device or devices. (A discussion for a later article.)
Biotronik (http://www.biotronik.com/portal/home) has just introduced a new Home Monitoring system. Their Home Monitoring system uses a wearable device monitor/wireless communications device similar to the Mobile Server I have described. Their Home Monitoring Device appears to be tasked only for remote monitoring, not remote programming. Biotronik bears watching.