FR2911977A1 - Server device for e.g. video or audio terminal, has software application constructed under form of firmware and installed or not installed on mass storage for storing data without requiring any external installation or starting support - Google Patents

Abstract

The device has a power carrier interface (5) for conveying information by an electrical network of a building during a presence of the electrical network or cable, and a software application constructed under a form of firmware. The software application is installed or not installed on a distinct mass storage for storing the data without requiring any external installation or starting support such as floppy disk, key, compact disc ROM and digital versatile disc, where the firmware is interlocked to a hardware rendering an indivisible assembly.

Description

The present invention relates to a simplifying electronic device

  and improving the distribution, distribution, deployment, operation and maintenance of server or one-player software made available within companies or with particular user groups wishing to pool access to one or more applications, all by protecting the industrial property of the concerned software which can be of various origin, the data generated by the applications and reducing the flaws of attacks by viruses or other. It is a housing, server network component dedicated to applications of any type embedded in the form of firmware. Traditionally, the provision of server software applications distinguishes the hardware platform from the computer applications (the software) themselves. Traditionally, the same hardware platform can constantly receive a wide variety of applications, from different origins in terms of suppliers. These software, very often, despite their processing power, have an extremely low interoperability capacity and, moreover, their compatibility must be verified during installations in order to avoid version conflicts. Traditionally and in an extremely common way, server software applications deployed on a centralized hardware platform often require a client software feature that must be maintained and deployed on the users' desktops. This diversity of user interface, requiring significant learning, limits the access to applications for users. Traditionally, this diversity, in addition to possible compatibility problems, generates a multitude of external interlocutors relating to both hardware and software. In addition, each software tool has specific maintenance and update rules such as hardware elsewhere.Traditionally, this diversity creates complexity for the company and the user over the entire life cycle of the tool, during the initial choice, in its phase of installation and deployment as for its maintenance. Traditionally, proprietary software is protected by hardware devices or encrypted keys that are introduced by the holder of a license to use during software installation. These protections can be attempted unlocking, as soon as the user is aware of the zones and procedures for installing the software concerned and has access to it. In addition, because of the development of the internet for the exchange of information, more and more transactions are done on the basis of security certificate and it is necessary to increase the protection of the latter. only by limiting access to them.

  The device according to the invention overcomes all these disadvantages, it is made available in a dedicated manner, all applications already installed in the form of embedded firmware. While offering the end user all expected features, the device is also -simple to install a computer network hardware component (router, firewall ....). Simply connect it physically to the computer network, depending on the version, by one or the other of the existing processes (wired, radio, powerline ...). The deployment of the applications is immediate, the maintenance of the automatic device and its total interchangeability, the integration of applications having been provided upstream during the construction of the device. The end user just has to use it and nothing else. The device according to the invention, is in the form of an independent housing or rack and requires in its most stripped version, a simple power cable or other non-wired support conveying energy, the connection to the network being ipar current carrier. By construction, the device is built on an electronic motherboard receiving all the components necessary for the construction of the central unit of a computer, computing processor, memory, mass storage and network interface. Receiving the power supply the electronic card has, thus at least, a connection capacity to the computer network by power line.

  All transactions only pass through this network connection. The installation of the micro-software to which the device is dedicated is made to the manufacture of the invention based on an installation image disk that integrates the applications to be deployed on it completely dedicated to the device. As a result and by construction the device does not use external boot support, floppy disk, key, cdrom, dvd. The absence of these greatly limits any fraudulent attempt to breach password to access confidential information. As a result, the device increases the levels of protection for both user data, security certificates and possible software license protections. In addition, the device according to the invention inseparably links the hardware to the software and in fact the latter becomes a firmware totally integrated into the hardware. It is embedded software related to the hardware. It is the whole set that constitutes the device regardless of the applications implemented. The device according to the invention, prohibiting any specific installation of application by the end user who furthermore does not have access to the administration privileges, strongly limits or even eliminates the risk of installation of computer virus on himself . According to the state of the art, there are electronic hardware boxes dedicated to connect only to the standard cable network, equipped with processors, temporary memory and persistent storage means as described for example in the European patent. EP 0 853 413 A2 and can receive a variety of server applications, without special specialization, 35 that can be installed by the end user according to his needs. In terms of software, for some months appear the first productions of disk image, combining in the same distribution the application system and -3- the application environment to be implemented under the generic name of software appliarices or software component without particular link with a dedicated target machine, the installation although simplified remains to be done. The reception material is to be managed separately and remains pluralistic.

  There are proposals for managing the evolution of micro-software based on storage in removable memory card or non-volatile memory as claimed in the patent 'NO 2004/017175 A2 for example. There are proposals to integrate in a common environment, in terms of client interface, separate applications served by generalist server platforms as claimed in patent WO 2005/024559 for example. There are various proposals for making available, access to server applications from general hardware platforms on which are distributed specialized processing as claimed in the patent WO 98/33307 for example. There are proposals for application management systems for devices, connecting to the network as claimed in the patent registered in France under number 01 15234 for example. The present invention differs from all these proposals and possibilities and does not claim anything particular approaching them. The present invention goes further by combining and dedicating the micro-software, gathering applications of various uses, to the electronic hardware package which by a mechanism integrated in the firmware during the preparation of the image disk in production may prohibit all installations. new application or any other developments other than those related to the application modules integrated in the firmware from the image disc. The firmware itself serves general purpose applications for client workstations operated by human operators or PLCs. The invention is the combination of the hardware package and the firmware. In its simplest embodiments externally, the invention is like a parallelepiped casing provided with a connection cable to the electrical energy supply network and that's it. According to the particular embodiments, the invention is provided with or without: a power switch, an LCD display means or other means integrated in the housing, a remote control control means, a telephony control means, a connection means to the electrical network, a connection means to the computer network, a means of connection to a keyboard, a connection means, to a mouse, a means of connection to a screen, an audio broadcasting means, a video connection broadcasting means, the connection word is retained in its widest acceptance, it is of electromechanical nature, or provided by any other medium likely to convey information and / or energy. The size and shape of the housing receiving the invention are indifferent. The accompanying drawings show in stylized manner the invention distinguishing the hardware part in FIGS. 1, 3, 4, 5 and the firmware in FIG. 2, although the hardware and the firmware are indissociable to fulfill the features of the present invention. .

  With reference to these drawings, the device comprises a processor or central computing unit (1), a large memory capacity (2) in order to provide user comfort to users. A mass storage device presented here by a hard disk (3) in FIG. 1 makes it possible to store the data and the micro-software. According to embodiments and to facilitate the interchangeability of the housing, the mass storage device can be separated physically into two separate supports, the first receiving the firmware and the second the data whether generated by the configuration or by the applications. The assembly is powered by the energy supply network (8) which can optionally convey the computer data by carrier current according to the standard protocols used on computer networks. The device is provided with a means of communication according to the ethernet protocol. An Ethernet controller (4) provides the interface between the CPU (1) and the computer network. Depending on the case and the frame of use, the network information is conveyed by carrier current (8), by radio frequency network of WiFi or WiMax type (9), by cable network via an RJ45 socket (10). For this purpose, the device is provided with interface capabilities, to the wired network via an RJ45 (7) or other standard socket, to WiFi or WiMax (6) networks by means of an antenna, via a carrier current (5). using the power transmission wiring of the building. The invention comes with an IP (Internet Protocol) address by default. The set is installed on a motherboard as small as possible while respecting the ventilation constraints and provides basically a computing capacity, a storage capacity, a communication capacity with the computer network. For its integration into the network, it must be inserted into the host address space, as soon as it is switched on, an integrated mechanism, to its network interface manager (Figure 2 - 17), identifies the possibilities of connection to the network, the connection to a client station recognizing its default address space, allows to open a WEB page giving the end user the possibility of conducting the parameterization operations for the complete integration of the invention to his own network. With reference to FIGS. 1 and 2, this set receives inseparably a totally dedicated firmware whose structure is illustrated in FIG. 2. This -5-firmware is based on a reduced operating system comprising the capable pilots. to ensure the management of all the hardware interfaces (4, 5, 6, 7) of the permanent storage means (3) or temporary (2). In addition, it may be removed from a WEB server (13), an application server (14), a database manager (15). These means are scheduled by the reduced and specialized operating system (12). Then a plurality of computer applications (16) can be implemented in accordance with the functional requirements of the environment, wherein the device is intended to be implemented. The firmware is prepared for production by generating the image disk for installing the dedicated server. In a systematic way it receives the founding elements (12, 13, 14, 15, 28, 29, 30, 17), then according to the applications to which it is dedicated these are inserted in the image disk for installation, as well as the elements network security configuration to be in minimal configuration and that the only necessary network processes and ports, embedded and dedicated applications in the firmware, are activated and monitored to enhance security. The goal is to offer a limited number of applications for the targeted domain of use so that the box has fully its dedicated character by providing maximum security for the use of installed applications in the operating phase of the application. 'invention. In addition, the generated image disk will also, during manufacture, install the data of the installation and evolution manager in order to avoid any non-dedicated installation and to manage only the evolutions of the dedicated installations.

  Each device of the invention will be identified by its addresses M.A.C. All the applications being implemented in the device to its industrial construction, this thus frees the end user of any installation of new executables (which are prohibited, only the evolutions are allowed) which greatly reduces the risk of implementation of computer virus on the device. Moreover, the device by construction, does not give access to external startup media that could facilitate the decoding and / or falsification of passwords that are a prerequisite for any criminal act of intrusion to try to decrypt keys and / or or security certificates that they concern the protection of the licenses of use or any secured transactions that can be implemented by the device. The assembly, electronic card with its firmware, can be mounted in boxes of various shapes. Figures 3 and 4 which have a parallelepiped-shaped housing (19), not exclusive, highlights the simplicity of the latter. In respect of Figure 3, the assembly has a front panel which can receive a miniature LCD (18) and a stop button (20). With respect to FIG. 4, which presents the rear facade, in the simplest model in terms of electromechanical interface, the present invention requires only the power cable (22) which would also convey information from the computer network by power line ( CPL). In other embodiments, the back cover can also receive either a WiFI / WiMax antenna (21) or an RJ45 socket (23) so that the connection to the computer network is provided, in place of the power line interface, or even by mixing the interfaces. The firmware is installed in the manufacture of the motherboard, from an image disk to build the loading of the mass storage means in accordance with the hardware configuration of the housing equipped with its motherboard and the set of applications that we want to set up on the device. As shown in Figure 2, when it is created, the image disk systematically receives the infrastructure firmware: - the reduced and specialized operating system (12), - the database connection pool (30). ) which makes it possible to jointly manage all the databases by facilitating the interoperability of the applications, - the WEB server (13) for serving pages, - the application server for exploiting servlets and EJB (Java Enterprise Bean) java (14) in cooperation with the WEB server possibly, - the management system of the database (15), - the manager of the installed application base and evolutions (28), - the DHCP server (29) in case of need for automatic management of the network addresses, - the managers of the network interfaces and their drivers (17). Depending on the application destination of the box, the actual server applications (16) from 1 to N may vary. All of these elements make up the firmware. We recall that the invention is characterized by the inseparable aspect of the equipped housing and the set of applications it receives in the embedded firmware. This dedicated association is constantly monitored, for security reasons by the manager of the installed application database and evolutions (28), which prohibits all installations of new server applications and limits evolutions to the elements of the installed installed applications database. According to the possible embodiments, the invention having a PXE server application has the ability to boot client computers to initialize them, to load the operating systems or even specialized application clients and that according to the configuration client workstations that can be managed by the invention. In respect of the particular example of FIG. 5, the invention (26) makes it possible to update the firmware and the set of applications it receives, via an automatic connection to a specialized server or to one of his mirrors (24). But in no case, other than by connecting to the same specialized server where one of its mirrors (24), it can not be envisaged the loading of a new evolution of the firmware, these evolutions being limited to the set of applications set up in the firmware of the case. In the example presented, the connection is made by WiMax (27) and transits over the Internet (25). The connection to the network is of course by the connection method selected for the invention in the particular context of its use.

  In the context of a specific procedure, on the initiative of the remote server or its mirrors, provided that they have secure access to the network domain in which the invention is integrated, it is possible to proceed to the installation of new applications, even the removal of an application and the setting of new installation and evolutions data. Finally, still in the same frame of procedure it can be considered the complete reinstallation of a new disk image with another set of applications. The application settings are made in accordance with the recommendations of the provider of these applications, the latter being made available with their various user licenses and associated obligations for the parties concerned. Given the plurality of applications and the fields of application that can be covered by the device according to the invention, access to the network in compliance with the IP protocol gives it the possibility of accessing any device present on the network and respecting the same protocols and to which, according to the case, the accesses are given in reading and / or in writing. These devices may be of the same nature as the invention or any other: mass storage, video or audio terminals, various measurement or acquisition sensors, servers. In order to increase the calculation power, the invention can manage the load balance and distribute it on identical or even different devices by implementing load management mechanisms like what can be done by the combined implementation of a web server, linked by a fast protocol to servlet servers, knowing that the web server can manage the distribution of client requests by returning them to one or more identical devices, or others, themselves equipped with servlet motor. It is the same access to databases. In each case, it is the parameter setting mechanism of the applications that makes it possible to define the external casings of the type of the invention or others that are associated with the device according to the invention on which the application applied for resides. According to the embodiment, the housings with ventilation holes can start in sizes of 200 x 200 x 60mm, or 2.4 liters of volume, but the size does not matter, it is related to the size of motherboard that varies according to computing power and ventilation requirements. An example of use of the invention, which is not exhaustive or exclusive, could be the implementation of an office and accounting suite associated with a production management (electronic assembly workshop or management of fleet contract for vehicles equipped with taxis, for example). All the applications are integrated into the on-board firmware for the case production. As soon as the box is integrated into the user's computer network, application deployment is immediate and automatic maintenance. The administration is reduced to its simplest expression and the invention makes available all the basic applications necessary for the operation of an administrative organization in an enterprise, a public service or even in an individual, these applications are immediately operational, the device according to the invention being installed as a network box. It is as delivered to the end user as a simple hardware network component to be put in place. Its ability to exchange on the powerline network allows it to be installed in all buildings with an electrical distribution facility, without the need for a prior network infrastructure in place. The device according to the invention, embarked in the hardware micro-software during its manufacture, can be the subject of industrial production in large volume. Its simplicity of implementation, for example the use of free software license, allows to provide users a whole set of applications on economically attractive conditions, while promoting the development of collaborative and collaborative work.

Claims (8)

  1) Server device providing users in their premises, in the form of an independent physical box, a variety of computer applications, combined with a means of connection to the computer network and / or the Internet and a means of connection to the network electrical supply. Computer applications can be accessed via internal computer network protocols by means of universal client [Internet browser type] or specialized client adapted to each application. These clients are installed or installed automatically from the invention on the computer station of the user. The device is characterized by: - a) the integration of a carrier current interface, making it possible, in the presence of a wired electrical network, to convey the information via the building's electrical network, - b) integration into the construction of the software applications in the form of firmware, which may or may not be installed on a mass medium different from that of the data, then requiring no external support for installation or startup.   2) Device according to claim 1 characterized in that the firmware is intimately related to the material making the whole inseparable. This micro-software integrated in the construction, can offer the greatest diversity of applications in all fields of exploitation of computer science and in any field of activity.   3) Device, according to claims 1, 2 characterized by its ability to accept only the developments of the firmware to which it is dedicated, an internal mechanism ensures the corresponding control and rejects all other attempts to install.   4) Device according to claim 1 and 2 characterized by access capabilities 25 complementary to the computer network by radio or wired among which the device makes its choice in respect of a priority mechanism that integrates.   5) Device according to claims 1, 2, 3 where its implementation is as simple as any parameterizable network hardware, characterized by the only provision of parameterization information in accordance with the internal network management policy 30 IT integrates by means of a mechanism built into the device.   6) Device according to claims 1, 2, 3 characterized by the parameterization of the applications being done by a universal client (Internet type) from any computer station of the network he just integrated, then leaves to do deploy by the device of the specialized customers, on these stations, according to the needs of the applications, by a mechanism 35 integrated in the device.   7) Device according to claims 1, 2, 3 characterized by accessibility to applications via the protocols of computer networks in any possible combinations - 10- of user stations with universal customers and / or specialized customers.   8) Device according to claims 1, 2, 3 characterized by a local or remote storage capacity of information, read-accessible and write-accessible, on one or more devices of the same type and / or on any other storage device, data management or data acquisition accessible and made available on the network.