WO2008132352A2 - Multiservice unit (ums) allowing the provision of remote services (i) which cannot be attacked by remote third parties, (ii) which is non intrusive, and (iii) which is independent of the configuration of the host system - Google Patents

Multiservice unit (ums) allowing the provision of remote services (i) which cannot be attacked by remote third parties, (ii) which is non intrusive, and (iii) which is independent of the configuration of the host system Download PDF

Info

Publication number
WO2008132352A2
WO2008132352A2 PCT/FR2008/000398 FR2008000398W WO2008132352A2 WO 2008132352 A2 WO2008132352 A2 WO 2008132352A2 FR 2008000398 W FR2008000398 W FR 2008000398W WO 2008132352 A2 WO2008132352 A2 WO 2008132352A2
Authority
WO
WIPO (PCT)
Prior art keywords
ums
host computer
service
microcontroller
storage unit
Prior art date
Application number
PCT/FR2008/000398
Other languages
French (fr)
Other versions
WO2008132352A3 (en
Inventor
Sylvain Manca
Original Assignee
Cooper Invest S.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cooper Invest S.A. filed Critical Cooper Invest S.A.
Publication of WO2008132352A2 publication Critical patent/WO2008132352A2/en
Publication of WO2008132352A3 publication Critical patent/WO2008132352A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1456Hardware arrangements for backup
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • G06F11/1469Backup restoration techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards

Definitions

  • UMS Multiservice Unit
  • the present invention makes it possible for a remote operator acting anonymously to ensure the backup and restoration of the programs and system of a computer ("host computer").
  • host computer The relationship with remote assistance services is itself massively secure as a direct consequence of the architectural choices that are an integral part of this invention.
  • PXE Pre-Boot Execution Environment and described in US Patent 6,654,797
  • PXE Pre-Boot Execution Environment
  • BIOS BIOS
  • system backups made on servers accessible through a network, which have their own vulnerabilities and whose integrity is expensive to provide, without remote assistance being neither planned nor possible
  • PXE is theoretically economical from 100 stations compared to a solution according to the present invention, and has serious vulnerability vulnerabilities.
  • Stand-alone recovery services as found on laptops, for example, efficiently manage system footprints, but (i) can not provide protection in the event of a single hard drive failure, (ii) unreliable protection in the event of failure of the start-up sequence, and (iii) in any event, in the event of failure of external assistance services to handle the restoration operations themselves, which limits their potential customers to very sophisticated users.
  • the remote control software allows to provide a service in conditions of remarkable comfort and efficiency, but pose as many security questions, until now without simple solution.
  • These services remote assistance can only act on the operating system layer of the computer, and are therefore limited to interventions where the operating system is still functional, and where otherwise it is prohibited to modify it, even to repair it.
  • the present invention provides a simple and transparent solution for backing up and restoring a damaged system by a remote operator.
  • the present technology allows (i) to have the calling computer service rights of the calling computer verified for third party operators, and (ii) to facilitate the implementation of an anonymous and secure relationship between the host computer and the service. remote.
  • UMS itself is supervised by a microcontroller acting on all its components, and to secure its operation especially by making its memories inaccessible to unauthorized third parties, even by connecting locally.
  • the present invention therefore relates to a device (UMS) for backing up and restoring a computer ("Host Computer”), and for providing secure links with service providers known to an authorized third party and based on on particular service call routing features, which is characterized by the fact that it consists of the following components:
  • a microcontroller controlling the general operation of the UMS and each of its components, and controlling the physical access to the peripherals;
  • this apparatus further comprises an updating device which is constituted by an input-output unit - USB-A Interface - also connected to the bus I 1 UMS via a switch interface.
  • this device also uses the following components, housed on separate servers, used to implement the service call routing functions:
  • PAMI International Master Administration Platform
  • the present invention also relates to a method for implementing the device described above, which method comprises the following steps:
  • a user of the Host Computer activates the UMS by means of an identification device
  • a microcontroller acting through the communication interface (5), offers the user a menu asking him to choose between the various services to which his identity gives him access; if it is impossible to display this choice menu, for example if the host computer is out of service, the default service, being the restoration of the system by a remote technician, will be chosen;
  • the microcontroller loads the instructions contained in the service unit, and executes them in sequence; during each step of the execution, the microcontroller acts in particular on the switching interfaces to limit the operation of the communication and storage peripherals to that which is strictly necessary for the implementation of the tasks concerned;
  • the UMS hands over to the host computer, which resets itself, then cuts itself off from the outside world, then copies it back into the space of the US Storage Unit used for the start the host computer its own fingerprint located in a space of the US Storage Unit reserved and inaccessible by third parties, then finally returns to its original configuration, which is inactive and made invisible both from the computer host than third parties by action especially on the switching interfaces.
  • this method comprises the following steps, in particular for the execution of the default service that is the restoration by a remote technician:
  • the microcontroller triggers the restarting of the host computer, by sending the latter an instruction in this direction via the communication port,
  • the International Master Administration Platform consults a BD / TC database (technical and commercial database), and,
  • the method consists of the following steps:
  • an authorized technician formally establishes his identity for example by introducing an identification device such as a smart card, or any combination of identification devices that would be required;
  • the formal identification of its identity causes the authorization of access to certain modules of the service unit (3) by the microcontroller (1) relayed by the switch (7);
  • the technician connects to the input-output unit (4) a suitable external device;
  • the invention is based on mono-station operation taking advantage of all or part of thirteen functional groups, and on methods implementing the hardware resources of the host computer and these functional groups.
  • I 1 UMS itself referring to the synoptic object of FIG.1:
  • An identification device (1) for example consisting of a smart card reader, biometric identification devices, or any other device, acting jointly, which fulfills or fulfills three functions: (i) the identification formal the user to allow a remote administrator to commercially manage its rights to service, (ii) the physical restriction of access to the UMS and the limitation of its active running times, and (iii) the restrictive definition of the services to which this user can physically access.
  • a microcontroller (2) which oversees the operation of the various components of the UMS, and in particular: (i) the sequencing of the operations necessary to achieve a particular result, and (ii) the access controls to the different resources present in the UMS: memories and communication ports, for which the microcontroller can prohibit access or even cut off the power supply.
  • a service unit (3) itself broken down into accessible and separately controllable subsets (in the example of the block diagram four subsets numbered from 3A to 3D), which contains the service and safety instructions that will be used by the micro-controller as needed.
  • An input-output unit (4) for example today in USB format, which allows an administrator with the corresponding rights and who has identified himself by means of the identification device (1), to modify the content of the microcontroller registers (2) and Service Unit memories (3).
  • US Storage Unit (6) One or more mass memory units, collectively referred to collectively as US Storage Unit (6), containing, in physically and logically separated carriers (in the example of the block diagram, four subassemblies numbered from 6A to 6D) 1 the tools necessary for the services intended to be implemented, and the backups necessary for the restoration of the system and data of the host computer.
  • Two switching interfaces (7) and (8) which themselves control the following switches: -
  • the switching interface (7) the supply switches (B1 to B4 and C1 to C4) of the various components of the Service Unit (3) and the US Storage Unit (6), and the switches (D1 to D4, E1 to E4) respectively input-output and read-write of the various components of the US Storage Unit (6).
  • the PAMI International Master Administration Platform
  • the PAMI International Master Administration Platform
  • the PAMI International Master Administration Platform
  • the PAMI receives the calls from the UMS. It consults a BD / TC database (technical and commercial database) (13) and, depending on the indications in the BD / TC, routes the call to the most appropriate remote service provider (12) .
  • the different components of the UMS are activated as part of service instructions, whose sequencing and individual execution are supervised by the microcontroller (2) which can be executed either autonomously or following the activation of an identification device such as for example the introduction of a smart card in the reader (1).
  • Standalone services such as capturing system fingerprints from the main hard disk of the host computer at scheduled intervals, and copying them to the UMS disk, have been set up and activated by a licensed technician. necessary and connecting locally to the I / O unit (4).
  • the non-standalone services such as, for example, the restoration of the fingerprint on the main disk of the host computer, rely on an activation of the UMS device by means of the identification device (1); as soon as this activation, the microcontroller (2) interrogates this device, to identify its owner and define its access rights to the various memories that make up the service module (3).
  • the microcontroller (2) then interrogates the user via a menu of choice transmitted to the host computer through the communication interface
  • the microcontroller automatically chooses the default service which is the implementation by a remote technician of the emergency restoration, without going through a user menu.
  • the microcontroller (2) then loads from the service module (3) the definition of the sequence of instructions to be executed, and then executes these instructions sequentially by controlling at each step the operation of the different peripherals present in I 1 UMS: Input-Output Unit (4) or USB-A Interface, Communication Port (5) or USB-B Interface, Storage Units (US) (6), Service Module (3) ) itself, and the switching interfaces (7 and 8).
  • I 1 UMS Input-Output Unit (4) or USB-A Interface, Communication Port (5) or USB-B Interface, Storage Units (US) (6), Service Module (3) ) itself, and the switching interfaces (7 and 8).
  • the microcontroller In situations that require the implementation by a remote operator of operations affecting the operating system of the host computer, and in particular for the default service that is the implementation by a remote technician of the restoration emergency, the microcontroller typically: (i) triggers the restart of the host computer, and (ii) feeds the portion of the Storage Unit (6) which contains a boot partition, itself configured so that the host starts on this partition rather than on its primary disk, which causes the host computer to boot on that partition, and run programs configured as self-running.
  • One of these programs configured in auto-execution sends a call through the public network to the call servers (F1G.2, item 1), which route the service request to a service technician (FIG. item 2), after verifying on the databases (FIG.2, item 3) the identity of the caller, his rights to service and the identity of the service providers entitled to serve him.
  • this technician may be (i) an individual technician, or (ii) a remote operator.
  • the permanence technician without having to know the identity of the client, performs the requested operations, for example: (i) restoring the system and the programs of the host system on the main disk of the host computer, ( ⁇ ) taking an impression on the main disk of the host computer and saving on the storage unit (6), or (iii) any operation that would have been considered as unnecessarily intrusive if it had been performed on the main disk or using the main operating system of the host computer.
  • the UMS (i) hands over the host computer, which resets itself, (ii) cuts off the outside world to ensure that no outside intervention will interfere with the operation that follows, (iii) copies into the space (6A) of the US Storage Unit used to start the host computer (6) its own footprint in a space (6B) of the US Storage Unit (6) reserved and inaccessible by third parties, and (iv) returns to its original configuration, which is inactive except for the implementation of programmed operations, and made invisible both to the host computer only from third parties, except during the event that scheduled operations are executed because its interfaces with the host computer have been disabled.
  • this method is directly applicable to a computer whose security would be sought independently of the use of a UMS, and for which a separate imprint of the system would be made on a separate physical or logical medium, inaccessible both for the user itself and for others, and for which the operating system itself would organize the regeneration of the system from its own fingerprint, either (i) periodically as a preventive measure, in order to eliminate aggressors that are still dormant, or (ii) events leading to certain changes to the formally defined registry, before the modification itself, so as to operate on a sound basis before performing a new footprint, so that the changes are actually taken into account.
  • the settings on the UMS have the effect of organizing or triggering operations whose principle is already in the public domain, through software already commercialized, which will feed the files saved on the Storage Unit. US (6), and allow selective restorations, which will have to be implemented later and anonymously by the permanence technician or by the UMS itself.
  • Some of these operations are done in a transparent way for the user, at the initiative of the UMS, without the intervention of the user, who does not need to identify himself or herself. In any way, and while the UMS is in idle mode, that means ie both inaccessible to the user and to third parties, and non-intrusive, not interfering with the operation of the host computer.
  • the content of the service module (3) can in no way be modified remotely, and can only be changed by a technician physically connecting locally to the UMS using the only communication port authorized, that is to say the input-output unit - USB-A - (4), after formally establishing its identity for example by introducing an identification device such as a smart card, or any combination of identification devices that would be required.
  • an identification device such as a smart card, or any combination of identification devices that would be required.
  • the formal identification of his identity entails the authorization of access to certain modules of the Service Unit.
  • microcontroller registers (2) the technician's microcomputer then has free access to the corresponding modules and to them alone, to modify them.

Abstract

Device (UMS) for ensuring the backup and system restoral of a computer ("host computer"), and for ensuring secure links with service providers known to an authorized third party and which links are based on particular functionalities for routing service calls, characterized in that it consists of the following components: (i) an identification device (1) allowing activation of the UMS and control of the operations by said UMS; (ii) a microcontroller (2) controlling the general functioning of the UMS and of each of its components, and controlling the physical access ways to the peripherals; (iii) a service unit (3) containing the instruction sets for what may be achieved by the UMS; (iv) a storage unit (6), itself decomposed into several parts containing respectively: (a) a peripheral wherein is installed the bootable partition of the UMS; (b) a peripheral wherein is housed a copy of the medium (a); (c) a slave peripheral wherein are installed tools for remote control managed under the control of the host computer and of its operating system; and (d) a peripheral of the maintenance tools and imprints (system/data) of the host computer; (v) a switching interface (7) allowing individual control of the power supply of each component of the storage unit (6) and of the service unit (3); (vi) a port (5) for communication with the host computer; and (vii) an interface (8) for switching input/output and reading/writing of the communication port (5).

Description

Unité Multiservices (UMS) permettant la fourniture de services distants Multiservice Unit (UMS) allowing the provision of remote services
(i) inattaquable par les tiers distants, (ii) non intrusive, et(i) unassailable by distant third parties, (ii) non-intrusive, and
(iii) indépendante de la configuration du système hôte(iii) independent of host system configuration
La présente invention permet de faire assurer par un opérateur distant et agissant anonymement, la sauvegarde et la restauration des programmes et système d'un ordinateur (« ordinateur hôte »). La relation avec les services d'assistance à distance est elle-même massivement sécurisée comme conséquence directe des choix d'architecture qui sont partie intégrante de cette invention.The present invention makes it possible for a remote operator acting anonymously to ensure the backup and restoration of the programs and system of a computer ("host computer"). The relationship with remote assistance services is itself massively secure as a direct consequence of the architectural choices that are an integral part of this invention.
Le dispositif présent sur (e marché dont les performances s'approchent le plus de l'invention pour la restauration d'un système informatique défaillant, (dénommé PXE, pour Pre-Boot Execution Environnement et décrit dans le brevet US 6.654.797), repose sur un démarrage de l'ordinateur à partir d'une séquence Boot introduite dans le BIOS ou accessible sur un périphérique, et sur des sauvegardes système effectuées sur des serveurs accessibles au travers d'un réseau, qui présentent leurs propres vulnérabilités et dont l'intégrité est coûteuse à assurer, sans qu'une assistance à distance ne soit ni prévue ni possible. Ces dispositifs ne fonctionnent pas en monoposte, sont longs et coûteux à configurer, et coûteux à gérer. Typiquement un PXE est théoriquement économique à partir de 100 postes par rapport à une solution selon la présente invention, et présente des failles de vulnérabilité graves.The device present on the market whose performance comes closest to the invention for the restoration of a faulty computer system (called PXE, for Pre-Boot Execution Environment and described in US Patent 6,654,797), is based on a boot of the computer from a boot sequence introduced in the BIOS or accessible on a device, and on system backups made on servers accessible through a network, which have their own vulnerabilities and whose integrity is expensive to provide, without remote assistance being neither planned nor possible These devices do not work in single-user mode, are time-consuming and expensive to configure, and expensive to manage Typically a PXE is theoretically economical from 100 stations compared to a solution according to the present invention, and has serious vulnerability vulnerabilities.
Les technologies de communication sécurisée, par exemple le « https: », autorisent le bon déroulement de transactions sans intrusion de tiers ; en revanche l'établissement de la liaison doit être sécurisé par d'autres moyens, car ces technologies ne permettent pas de présumer de l'identité de la personne avec laquelle la transaction a lieu.Secure communication technologies, such as "https:", allow transactions to run smoothly without the intrusion of third parties; on the other hand, the establishment of the link must be secured by other means, because these technologies do not make it possible to presume the identity of the person with whom the transaction takes place.
Les services de restauration autonome, comme on peut les trouver sur les ordinateurs portables par exemple, gèrent avec efficacité des empreintes du système, mais (i) ne peuvent constituer une protection en cas de défaillance de l'unique disque dur, (ii) constituent une protection peu fiable en cas de défaillance de la séquence de démarrage, et (iii) ne permettent pas, en tout état de cause, en cas de défaillance à des services d'assistance extérieurs de gérer eux-mêmes les opérations de restauration, ce qui limite leur clientèle potentielle à des utilisateurs très avertis.Stand-alone recovery services, as found on laptops, for example, efficiently manage system footprints, but (i) can not provide protection in the event of a single hard drive failure, (ii) unreliable protection in the event of failure of the start-up sequence, and (iii) in any event, in the event of failure of external assistance services to handle the restoration operations themselves, which limits their potential customers to very sophisticated users.
Pris isolément les logiciels de prise de contrôle à distance permettent d'assurer un service dans des conditions de confort et d'efficacité remarquables, mais posent autant de questions de sécurité, jusqu'à présent sans solution simple. Ces services d'assistance à distance ne peuvent agir que sur la couche système d'exploitation de l'ordinateur, et sont donc limités à des interventions où le système d'exploitation est encore fonctionnel, et où par ailleurs on s'interdit de le modifier, même pour le réparer.In isolation, the remote control software allows to provide a service in conditions of remarkable comfort and efficiency, but pose as many security questions, until now without simple solution. These services remote assistance can only act on the operating system layer of the computer, and are therefore limited to interventions where the operating system is still functional, and where otherwise it is prohibited to modify it, even to repair it.
La présente invention offre une solution simple et transparente de sauvegarde et de restauration d'un système endommagé par un opérateur distant. De plus, la présente technologie permet (i) de faire vérifier les droits commerciaux à service de l'ordinateur appelant pour des opérateurs tiers, et (ii) de faciliter la mise en œuvre d'une relation anonyme et sécurisée entre ordinateur hôte et service distant.The present invention provides a simple and transparent solution for backing up and restoring a damaged system by a remote operator. In addition, the present technology allows (i) to have the calling computer service rights of the calling computer verified for third party operators, and (ii) to facilitate the implementation of an anonymous and secure relationship between the host computer and the service. remote.
Elle repose sur l'existence d'un dispositif physiquement et logiquement distinct de l'ordinateur hôte (UMS), mais qui en exploite les ressources et en particulier les ressources réseau et l'interface utilisateur. Ce dispositif est doté de son propre système d'exploitation et de sa propre unité de stockage, et émet des demandes de service au travers de dispositifs de routage entrant également dans le champ de l'invention. L1UMS est incorporée ou connectée à un ordinateur comme le serait un périphérique standard. De plus, en sus de son propre système d'exploitation pour prendre le contrôle des ressources de l'ordinateur hôte, le fonctionnement du dispositifIt relies on the existence of a device physically and logically distinct from the host computer (UMS), but which exploits the resources and in particular the network resources and the user interface. This device has its own operating system and its own storage unit, and issues service requests through routing devices also falling within the scope of the invention. L 1 UMS is incorporated or connected to a computer as would a standard device. Moreover, in addition to its own operating system to take control of the resources of the host computer, the operation of the device
UMS lui-même est supervisé par un microcontrôleur agissant sur l'ensemble de ses composants, et permettant de sécuriser son fonctionnement en particulier en rendant ses mémoires inaccessibles à des tiers non autorisés, même en se connectant en local.UMS itself is supervised by a microcontroller acting on all its components, and to secure its operation especially by making its memories inaccessible to unauthorized third parties, even by connecting locally.
La présente invention est donc relative à un dispositif (UMS) pour assurer la sauvegarde et la restauration système d'un ordinateur (" Ordinateur Hôte "), et pour assurer des liaisons sécurisées avec des prestataires de services connus d'un tiers autorisé et fondées sur des fonctionnalités particulières de routage des appels de service, qui est caractérisé par le fait qu'il est constitué des composants suivants :The present invention therefore relates to a device (UMS) for backing up and restoring a computer ("Host Computer"), and for providing secure links with service providers known to an authorized third party and based on on particular service call routing features, which is characterized by the fact that it consists of the following components:
- (i) un dispositif d'identification permettant l'activation de l'UMS et le contrôle des opérations par cet UMS;- (i) an identification device enabling the activation of the UMS and the control of operations by this UMS;
- (ii) un micro-contrôleur commandant le fonctionnement général de l'UMS et de chacun de ses composants, et contrôlant les accès physiques aux périphériques ;- (ii) a microcontroller controlling the general operation of the UMS and each of its components, and controlling the physical access to the peripherals;
- (iii) une unité de service contenant les jeux d'instructions de ce qui peut être réalisé par l'UMS; - (iv) une Unité de Stockage, elle-même décomposée en plusieurs parties contenant respectivement :- (iii) a service unit containing instruction sets of what can be done by the UMS; - (iv) a Storage Unit, itself broken down into several parts containing respectively:
- (a) un périphérique où est installée la partition bootable de l'UMS ;- (a) a device where the bootable partition of the UMS is installed;
- (b) un périphérique où est logée une copie du support (a) ;- (b) a device where is housed a copy of the medium (a);
- (c) un périphérique esclave où sont installés les outils généraux qu'un technicien distant sera susceptible d'utiliser ; et,- (c) a slave device where the general tools that a remote technician will be able to use are installed; and,
(d) un périphérique où sont stockés les outils de maintenance (... diagnostic, prise d'empreinte et restauration) et les empreintes (système/donnée) de l'ordinateur hôte ;(d) a device where the maintenance tools (... diagnostics, impression taking and restoration) and fingerprints (system / data) of the host computer are stored;
- (v) une interface de commutation permettant de commander individuellement l'alimentation de chaque composante de l'Unité de Stockage et de l'unité de service ;- (v) a switching interface for individually controlling the power supply of each component of the Storage Unit and the service unit;
- (vi) un port de communication avec l'Ordinateur Hôte ; et,- (vi) a communication port with the Host Computer; and,
- (vii) une interface de commutation d'entrée-sortie et de lecture-écriture du port de communication.- (vii) an input-output switching and read-write interface of the communication port.
Avantageusement, ce dispositif comprend en outre un dispositif de mise à jour qui est constitué d'une unité d'entrée-sortie - Interface USB-A - également connectée au bus de I1UMS par l'intermédiaire d'une interface de commutation.Advantageously, this apparatus further comprises an updating device which is constituted by an input-output unit - USB-A Interface - also connected to the bus I 1 UMS via a switch interface.
De préférence, ce dispositif fait appel en outre aux composantes suivantes, hébergées sur des serveurs distincts, utilisées pour mettre en oeuvre les fonctions de routage des appels de service :Preferably, this device also uses the following components, housed on separate servers, used to implement the service call routing functions:
- (i) la composante de routage proprement dite des appels, appelé " PAMI " (" Plate-forme d'Administration Master International "), qui reçoit tous les appels émis par I1UMS, et est susceptible de les router vers l'un ou l'autre des fournisseurs de service référencés ;- (i) the actual routing component of the calls, called "PAMI"("International Master Administration Platform"), which receives all calls sent by I 1 UMS, and is likely to route them to the one or the other of the referenced service providers;
- (ii) une base de données externe " BD/TC (" Base de Données Techniques et Commerciales "), permettant à la PAMI de déterminer si et où router un appel. La présente invention concerne aussi un procédé pour la mise en oeuvre du dispositif décrit ci-dessus, lequel procédé comprend les étapes suivantes :- (ii) an external database "BD / TC (" Technical and Commercial Database "), allowing PAMI to determine if and where to route a call. The present invention also relates to a method for implementing the device described above, which method comprises the following steps:
- (i) un utilisateur de l'Ordinateur Hôte active l'UMS au moyen d'un dispositif d'identification;- (i) a user of the Host Computer activates the UMS by means of an identification device;
- (ii) un micro-contrôleur, agissant au travers de l'interface de communication (5), propose à l'utilisateur un menu lui demandant de choisir entre les différents services auxquels son identité lui donne accès; en cas d'impossibilité d'afficher ce menu de choix, par exemple si l'ordinateur hôte est hors service, le service par défaut, étant la restauration du système par un technicien distant, sera choisi ;- (ii) a microcontroller, acting through the communication interface (5), offers the user a menu asking him to choose between the various services to which his identity gives him access; if it is impossible to display this choice menu, for example if the host computer is out of service, the default service, being the restoration of the system by a remote technician, will be chosen;
- (iii) en fonction du choix effectué par l'utilisateur, le microcontrôleur charge les instructions contenues dans l'unité de service, et les exécute en séquence; lors de chaque étape de l'exécution, le micro-contrôleur agit en particulier sur les interfaces de commutation pour limiter le fonctionnement des périphériques de communication et de stockage à ce qui est strictement nécessaire pour la mise en oeuvre des tâches concernées ;- (iii) according to the choice made by the user, the microcontroller loads the instructions contained in the service unit, and executes them in sequence; during each step of the execution, the microcontroller acts in particular on the switching interfaces to limit the operation of the communication and storage peripherals to that which is strictly necessary for the implementation of the tasks concerned;
- (iv) après exécution complète des opérations demandées, l'UMS rend la main à l'ordinateur hôte, qui se réinitialise, puis se coupe du monde extérieur, puis recopie dans l'espace de l'Unité de Stockage US utilisé pour le démarrage de l'ordinateur hôte sa propre empreinte se trouvant dans un espace de l'Unité de Stockage US réservé et inaccessible par les tiers, puis enfin se replace dans sa configuration d'origine, qui est inactive et rendue invisible tant de l'ordinateur hôte que de tiers par action en particulier sur les interfaces de commutation .- (iv) after complete execution of the requested operations, the UMS hands over to the host computer, which resets itself, then cuts itself off from the outside world, then copies it back into the space of the US Storage Unit used for the start the host computer its own fingerprint located in a space of the US Storage Unit reserved and inaccessible by third parties, then finally returns to its original configuration, which is inactive and made invisible both from the computer host than third parties by action especially on the switching interfaces.
Avantageusement, ce procédé comprend les étapes suivantes, en particulier pour l'exécution du service par défaut qu'est la restauration par un technicien distant :Advantageously, this method comprises the following steps, in particular for the execution of the default service that is the restoration by a remote technician:
- (i) le microcontrôleur déclenche le re-démarrage de l'ordinateur hôte, en adressant à ce dernier une instruction dans ce sens par le port de communication,- (i) the microcontroller triggers the restarting of the host computer, by sending the latter an instruction in this direction via the communication port,
- (ii) il commande l'alimentation de la partie démarrable de l'Unité de Stockage (6) au travers de l'interface de commutation, - (iii) un logiciel déclenche l'émission d'un appel vers une Plate-forme d'Administration Master International,- (ii) it controls the supply of the bootable part of the Storage Unit (6) through the switching interface, - (iii) a software triggers the issue of a call to an International Master Administration Platform,
- (iv) la Plate-forme d'Administration Master International consulte une base de données BD/TC (base de données technique et commerciale), et,- (iv) the International Master Administration Platform consults a BD / TC database (technical and commercial database), and,
- (v) en fonction des indications contenues dans la BD/TC, elle route l'appel vers le prestataire de services distants le plus approprié.- (v) according to the indications contained in the BD / TC, it routes the call to the most appropriate remote service provider.
Selon un mode de réalisation préféré, le procédé est constitué des étapes suivantes :According to a preferred embodiment, the method consists of the following steps:
- (i) un technicien autorisé établit formellement son identité par exemple en introduisant un dispositif d'identification comme une carte à puce, ou toute combinaison de dispositifs d'identification qui serait requise ;- (i) an authorized technician formally establishes his identity for example by introducing an identification device such as a smart card, or any combination of identification devices that would be required;
- (ii) l'identification formelle de son identité entraîne l'autorisation d'accès à certains modules de l'unité de service (3) par le micro-contrôleur (1 ), relayée par le commutateur (7) ;- (ii) the formal identification of its identity causes the authorization of access to certain modules of the service unit (3) by the microcontroller (1) relayed by the switch (7);
- (iii) le technicien connecte à l'unité d'entrée-sortie (4) un dispositif extérieur approprié ;- (iii) the technician connects to the input-output unit (4) a suitable external device;
- (iv) le technicien effectue la modification des mémoires de l'unité de service (3), avant de- (iv) the technician modifies the memories of the service unit (3), before
- (v) clore la transaction, ce qui désactive l'UMS.- (v) close the transaction, which deactivates the UMS.
Le fonctionnement détaillé de l'invention est exposé par rapport aux deux synoptiques objets des FIG.1 et FIG.2.The detailed operation of the invention is exposed with respect to the two synoptic objects of FIG. 1 and FIG.
L'invention repose sur le fonctionnement en mono poste tirant partie de tout ou partie de treize groupes fonctionnels, et sur des procédés mettant en oeuvre les ressources matérielles de l'ordinateur hôte et ces groupes fonctionnels. Pour I1UMS elle-même, en se référant au synoptique objet de la FIG.1 :The invention is based on mono-station operation taking advantage of all or part of thirteen functional groups, and on methods implementing the hardware resources of the host computer and these functional groups. For I 1 UMS itself, referring to the synoptic object of FIG.1:
Un dispositif d'identification (1), constitué par exemple d'un lecteur de carte à puce, de dispositifs d'identification biométriques, ou de tout autre dispositif, agissant conjointement, qui remplit ou remplissent trois fonctions : (i) l'identification formelle de l'utilisateur de façon à permettre à un administrateur distant de gérer commercialement ses droits à service, (ii) la restriction physique de l'accès à l'UMS et la limitation des temps de fonctionnement actif de celle-ci, et (iii) la définition restrictive des services auxquels cet utilisateur peut physiquement accéder.An identification device (1), for example consisting of a smart card reader, biometric identification devices, or any other device, acting jointly, which fulfills or fulfills three functions: (i) the identification formal the user to allow a remote administrator to commercially manage its rights to service, (ii) the physical restriction of access to the UMS and the limitation of its active running times, and (iii) the restrictive definition of the services to which this user can physically access.
Un micro-contrôleur (2), qui supervise le fonctionnement des différentes composantes de l'UMS, et en particulier : (i) le séquencement des opérations nécessaires pour atteindre un résultat particulier, et (ii) les contrôles d'accès aux différentes ressources présentes dans l'UMS : mémoires et ports de communication, pour lesquels le micro-contrôleur peut interdire l'accès, voire couper l'alimentation en énergie.A microcontroller (2), which oversees the operation of the various components of the UMS, and in particular: (i) the sequencing of the operations necessary to achieve a particular result, and (ii) the access controls to the different resources present in the UMS: memories and communication ports, for which the microcontroller can prohibit access or even cut off the power supply.
Une unité de service (3), elle-même décomposée en sous-ensembles accessibles et contrôlables séparément (dans l'exemple du synoptique quatre sous- ensembles numérotés de 3A à 3D), qui contient les instructions de service et de sécurité qui seront utilisées par le micro-contrôleur en fonction des besoins.A service unit (3), itself broken down into accessible and separately controllable subsets (in the example of the block diagram four subsets numbered from 3A to 3D), which contains the service and safety instructions that will be used by the micro-controller as needed.
Une unité d'entrée-sortie (4), par exemple aujourd'hui au format USB, qui permet à un administrateur muni des droits correspondants et s'étant identifié au moyen du dispositif d'identification (1), de modifier le contenu des registres du microcontrôleur (2) et des mémoires de l'Unité de Service (3).An input-output unit (4), for example today in USB format, which allows an administrator with the corresponding rights and who has identified himself by means of the identification device (1), to modify the content of the microcontroller registers (2) and Service Unit memories (3).
Un port de communication (5), par exemple aujourd'hui au format USB, qui permet au micro-contrôleur (2) de dialoguer avec l'ordinateur hôte, sans permettre à l'ordinateur hôte ou à tout intrus en ayant pris le contrôle de modifier le contenu des différents mémoires de l'UMS.A communication port (5), for example today in USB format, which allows the microcontroller (2) to interact with the host computer, without allowing the host computer or any intruder having taken control to modify the contents of the different memories of the UMS.
Une ou des unités de mémoire de masse, dénommée ou dénommées collectivement Unité de Stockage US (6), contenant, dans des supports physiquement et logiquement séparés (dans l'exemple du synoptique quatre sous-ensembles numérotés de 6A à 6D)1 les outils nécessaires aux services que l'on entend mettre en œuvre, et les sauvegardes nécessaires à la restauration des système et données de l'ordinateur hôte.One or more mass memory units, collectively referred to collectively as US Storage Unit (6), containing, in physically and logically separated carriers (in the example of the block diagram, four subassemblies numbered from 6A to 6D) 1 the tools necessary for the services intended to be implemented, and the backups necessary for the restoration of the system and data of the host computer.
Deux interfaces de commutation (7) et (8), qui elles-mêmes pilotent les commutateurs suivants : - Pour l'interface de commutation (7) : les commutateurs d'alimentation (B1à B4 et C1 à C4) des différentes composantes de l'Unité de Service (3) et de l'Unité de Stockage US (6), et les commutateurs (D1 à D4, E1 à E4) respectivement d'entrée-sortie et lecture-écriture des différentes composantes de l'Unité de Stockage US (6).Two switching interfaces (7) and (8), which themselves control the following switches: - For the switching interface (7): the supply switches (B1 to B4 and C1 to C4) of the various components of the Service Unit (3) and the US Storage Unit (6), and the switches (D1 to D4, E1 to E4) respectively input-output and read-write of the various components of the US Storage Unit (6).
- Pour l'interface de commutation (8), similairement les commutateurs (F1 à F2 et G1 à G2) respectivement de l'unité d'entrée-sortie (4) et du port de communication (5).- For the switching interface (8), similarly the switches (F1 to F2 and G1 to G2) respectively of the input-output unit (4) and the communication port (5).
Enfin les interfaces IDE (9) et / ou USB (10) assurent la connexion de l'unité de stockage US (6) avec l'ordinateur hôte.Finally, the IDE (9) and / or USB (10) interfaces connect the US storage unit (6) to the host computer.
Pour les dispositifs de routage, et en se référant au synoptique objet de la FIG.2 : la PAMI (Plateforme d'Administration Master International) (11), liée à un ou plusieurs des noms de domaine connus des UMS, reçoit les appels des UMS. Elle consulte une base de données BD/TC (base de données technique et commerciale) (13), et, en fonction des indications contenues dans la BD/TC, route l'appel vers le prestataire de services distants le plus approprié (12).For the routing devices, and referring to the block diagram object of FIG. 2: the PAMI (International Master Administration Platform) (11), linked to one or more of the known domain names of the UMS, receives the calls from the UMS. It consults a BD / TC database (technical and commercial database) (13) and, depending on the indications in the BD / TC, routes the call to the most appropriate remote service provider (12) .
Les différents composants de l'UMS sont activés dans le cadre d'instructions de service, dont le séquencement et l'exécution individuelle sont supervisés par le microcontrôleur (2) qui peuvent être exécutées soit de façon autonome soit suite à l'activation d'un dispositif d'identification comme par exemple à l'introduction d'une carte à puce dans le lecteur (1).The different components of the UMS are activated as part of service instructions, whose sequencing and individual execution are supervised by the microcontroller (2) which can be executed either autonomously or following the activation of an identification device such as for example the introduction of a smart card in the reader (1).
Les services à exécution autonome, comme par exemple la prise d'empreintes système du disque dur principal de l'ordinateur hôte à intervalles programmés, et leur copie sur le disque de l'UMS, ont été paramétrés et activés par un technicien doté des droits nécessaires et se connectant en local sur l'unité d'entrée-sortie (4).Standalone services, such as capturing system fingerprints from the main hard disk of the host computer at scheduled intervals, and copying them to the UMS disk, have been set up and activated by a licensed technician. necessary and connecting locally to the I / O unit (4).
Les services à exécution non-autonome, comme par exemple la restauration d'empreinte sur le disque principal de l'ordinateur hôte, reposent sur une activation du dispositif UMS au moyen du dispositif d'identification (1); dès cette activation le microcontrôleur (2) interroge ce dispositif, pour identifier son propriétaire et définir ses droits d'accès aux différentes mémoires qui composent le module de service (3).The non-standalone services, such as, for example, the restoration of the fingerprint on the main disk of the host computer, rely on an activation of the UMS device by means of the identification device (1); as soon as this activation, the microcontroller (2) interrogates this device, to identify its owner and define its access rights to the various memories that make up the service module (3).
Le micro-contrôleur (2) interroge ensuite l'utilisateur par l'intermédiaire d'un menu de choix transmis à l'ordinateur hôte au travers de l'interface de communicationThe microcontroller (2) then interrogates the user via a menu of choice transmitted to the host computer through the communication interface
(5) et lui fait identifier formellement les services qu'il désire voir exécuter parmi ceux pour lesquels il a l'autorisation nécessaire. Si l'ordinateur hôte est hors d'usage, alors le micro-contrôleur choisit d'office le service par défaut qui est la mise en oeuvre par un technicien distant de la restauration d'urgence, sans passer par un menu utilisateur.(5) and has him formally identify the services he wishes to see performed among those for which he has the necessary authorization. If the host computer is out of order, then the microcontroller automatically chooses the default service which is the implementation by a remote technician of the emergency restoration, without going through a user menu.
En fonction du service demandé, le microcontrôleur (2) charge ensuite depuis le module de service (3) la définition de la séquence d'instructions à exécuter, puis exécute séquentiellement ces instructions en commandant à chaque étape le fonctionnement des différents périphériques présents dans I1UMS : l'unité d'entrée- sortie (4) ou interface USB-A, le port de communication (5) ou interface USB-B, les Unités de Stockage (US) (6), le module de service (3) lui-même, et les interfaces de commutation (7 et 8). Par défaut un accès non nécessaire à une étape donnée dans le déroulement d'une transaction n'est pas physiquement autorisé.According to the requested service, the microcontroller (2) then loads from the service module (3) the definition of the sequence of instructions to be executed, and then executes these instructions sequentially by controlling at each step the operation of the different peripherals present in I 1 UMS: Input-Output Unit (4) or USB-A Interface, Communication Port (5) or USB-B Interface, Storage Units (US) (6), Service Module (3) ) itself, and the switching interfaces (7 and 8). By default, unnecessary access to a particular step in a transaction is not physically allowed.
Dans les situations qui requièrent la mise en oeuvre par un opérateur distant d'opérations affectant le système d'exploitation de l'ordinateur hôte, et en particulier pour le service par défaut qu'est la mise en oeuvre par un technicien distant de la restauration d'urgence, le micro-contrôleur typiquement : (i) déclenche le re-démarrage de l'ordinateur hôte, et (ii) alimente la partie de l'Unité de Stockage (6) qui contient une partition de démarrage, elle-même configurée pour que l'ordinateur hôte démarre sur cette partition plutôt que sur son disque principal, ce qui entraîne le démarrage de l'ordinateur hôte sur cette partition, et l'exécution de programmes configurés en auto- exécution.In situations that require the implementation by a remote operator of operations affecting the operating system of the host computer, and in particular for the default service that is the implementation by a remote technician of the restoration emergency, the microcontroller typically: (i) triggers the restart of the host computer, and (ii) feeds the portion of the Storage Unit (6) which contains a boot partition, itself configured so that the host starts on this partition rather than on its primary disk, which causes the host computer to boot on that partition, and run programs configured as self-running.
L'un de ces programmes configurés en auto-exécution émet un appel au travers du réseau public vers les serveurs d'appel (F1G.2, item 1), qui acheminent la demande de service vers un technicien de permanence (FIG.2, item 2), après avoir vérifié sur les bases de données (FIG.2, item 3) l'identité de l'appelant, ses droits à service et l'identité des prestataires habilités à le servir. Suivant les conditions de service spécifiées, ce technicien pourra être (i) un technicien personne physique, ou (ii) un automate fonctionnant à distance.One of these programs configured in auto-execution sends a call through the public network to the call servers (F1G.2, item 1), which route the service request to a service technician (FIG. item 2), after verifying on the databases (FIG.2, item 3) the identity of the caller, his rights to service and the identity of the service providers entitled to serve him. Depending on the service conditions specified, this technician may be (i) an individual technician, or (ii) a remote operator.
Dans tous les cas, le technicien de permanence, sans avoir à connaître l'identité du client, réalise les opérations demandées, par exemple : (i) restauration du système et des programmes du système hôte sur le disque principal de l'ordinateur hôte, (ϋ) prise d'empreinte sur le disque principal de l'ordinateur hôte et sauvegarde sur l'unité de stockage (6), ou (iii) toute opération qui aurait été considérée comme inutilement intrusive si elle avait été réalisée sur le disque principal ou en utilisant le système d'exploitation principal de l'ordinateur hôte.In all cases, the permanence technician, without having to know the identity of the client, performs the requested operations, for example: (i) restoring the system and the programs of the host system on the main disk of the host computer, (ϋ) taking an impression on the main disk of the host computer and saving on the storage unit (6), or (iii) any operation that would have been considered as unnecessarily intrusive if it had been performed on the main disk or using the main operating system of the host computer.
Dès que le technicien de permanence rend la main (interrompt la session), l'UMS (i) rend la main à l'ordinateur hôte, qui se réinitialise, (ii) se coupe du monde extérieur pour assurer qu'aucune intervention extérieure ne viendra interférer avec l'opération qui suit, (iii) recopie dans l'espace (6A) de l'Unité de Stockage US utilisé pour le démarrage de l'ordinateur hôte (6) sa propre empreinte se trouvant dans un espace (6B) de l'Unité de Stockage US (6) réservé et inaccessible par les tiers, et (iv) se replace dans sa configuration d'origine, qui est inactive sauf pour la mise en oeuvre d'opérations programmées, et rendue invisible tant de l'ordinateur hôte que de tiers, sauf pendant l'éventuelle exécution d'opérations programmées, du fait que ses interfaces avec l'ordinateur hôte ont été désactivées.As soon as the duty technician hands over (interrupts the session), the UMS (i) hands over the host computer, which resets itself, (ii) cuts off the outside world to ensure that no outside intervention will interfere with the operation that follows, (iii) copies into the space (6A) of the US Storage Unit used to start the host computer (6) its own footprint in a space (6B) of the US Storage Unit (6) reserved and inaccessible by third parties, and (iv) returns to its original configuration, which is inactive except for the implementation of programmed operations, and made invisible both to the host computer only from third parties, except during the event that scheduled operations are executed because its interfaces with the host computer have been disabled.
On notera à cet égard que ce procédé est directement applicable à un ordinateur dont on chercherait à assurer la sécurité indépendamment de l'emploi d'une UMS, et pour lequel on constituerait sur un support physique ou logique séparé une empreinte propre du système, inaccessible tant pour l'utilisateur lui-même que pour des tiers, et pour lequel le système d'exploitation lui-même organiserait la régénération du système à partir de l'empreinte propre, soit (i) de façon périodique à titre préventif, afin d'éliminer des agresseurs encore dormants, ou (ii) à l'occasion d'événements entraînant certaines modifications de la base de registres formellement définies, avant la modification elle-même, de façon à opérer sur une base saine avant que d'effectuer une nouvelle empreinte, de façon à ce que les modifications soient effectivement prises en compte.It should be noted in this respect that this method is directly applicable to a computer whose security would be sought independently of the use of a UMS, and for which a separate imprint of the system would be made on a separate physical or logical medium, inaccessible both for the user itself and for others, and for which the operating system itself would organize the regeneration of the system from its own fingerprint, either (i) periodically as a preventive measure, in order to eliminate aggressors that are still dormant, or (ii) events leading to certain changes to the formally defined registry, before the modification itself, so as to operate on a sound basis before performing a new footprint, so that the changes are actually taken into account.
Par ailleurs, les paramétrages présents sur l'UMS ont pour effet d'organiser ou de déclencher des opérations dont le principe est déjà dans le domaine public, au travers de logiciels déjà commercialisés, qui vont alimenter les fichiers sauvegardés sur l'Unité de Stockage US (6), et permettre des restaurations sélectives, qui devront être mises en oeuvre ultérieurement et de façon anonyme par le technicien de permanence ou par l'UMS elle-même. Une partie de ces opérations (par exemple sauvegardes automatiques et autonomes) se font de façon transparente pour l'utilisateur, à l'initiative de l'UMS, sans intervention de l'utilisateur, qui n'a pas besoin de s'identifier d'une quelconque façon, et pendant que l'UMS est en mode inactif, c'est- à-dire à la fois inaccessible à l'utilisateur et à des tiers, et non intrusif, n'interférant pas avec le fonctionnement de l'ordinateur hôte.In addition, the settings on the UMS have the effect of organizing or triggering operations whose principle is already in the public domain, through software already commercialized, which will feed the files saved on the Storage Unit. US (6), and allow selective restorations, which will have to be implemented later and anonymously by the permanence technician or by the UMS itself. Some of these operations (for example automatic and autonomous backups) are done in a transparent way for the user, at the initiative of the UMS, without the intervention of the user, who does not need to identify himself or herself. In any way, and while the UMS is in idle mode, that means ie both inaccessible to the user and to third parties, and non-intrusive, not interfering with the operation of the host computer.
On rappellera enfin que le contenu du module de service (3) ne peut en aucune façon être modifié à distance, et ne peut à contrario être modifié que par un technicien se connectant physiquement en local à l'UMS en utilisant le seul port de communication autorisé, c'est-à-dire l'unité d'entrée-sortie - USB-A - (4), après avoir établi formellement son identité par exemple en introduisant un dispositif d'identification comme une carte à puce, ou toute combinaison de dispositifs d'identification qui serait requise. De façon conforme aux principes développés plus haut, l'identification formelle de son identité entraîne l'autorisation d'accès à certains modules de l'Unité de ServiceIt will be recalled finally that the content of the service module (3) can in no way be modified remotely, and can only be changed by a technician physically connecting locally to the UMS using the only communication port authorized, that is to say the input-output unit - USB-A - (4), after formally establishing its identity for example by introducing an identification device such as a smart card, or any combination of identification devices that would be required. In accordance with the principles developed above, the formal identification of his identity entails the authorization of access to certain modules of the Service Unit.
(3) et registres du micro-contrôleur (2) ; le micro-ordinateur du technicien a ensuite libre accès aux modules correspondants et à eux seuls, pour les modifier. (3) and microcontroller registers (2); the technician's microcomputer then has free access to the corresponding modules and to them alone, to modify them.

Claims

R E V E N D I C A T I O N S
1. - Dispositif (UMS) pour assurer la sauvegarde et la restauration système d'un ordinateur (" Ordinateur Hôte "), et pour assurer des liaisons sécurisées avec des prestataires de services connus d'un tiers autorisé et fondées sur des fonctionnalités particulières de routage des appels de service, caractérisé par le fait qu'il est constitué des composants suivants :1. - Device (UMS) for backing up and recovering a computer ("Host Computer"), and for providing secure links with service providers known to an authorized third party and based on particular features of the computer. routing of service calls, characterized in that it consists of the following components:
- (i) un dispositif d'identification (1) permettant l'activation de l'UMS et le contrôle des opérations par ledit UMS;- (i) an identification device (1) for activating the UMS and controlling operations by said UMS;
- (ii) un micro-contrôleur (2) commandant le fonctionnement général de l'UMS et de chacun de ses composants, et contrôlant les accès physiques aux périphériques ;- (ii) a microcontroller (2) controlling the general operation of the UMS and each of its components, and controlling the physical access to the peripherals;
- (iii) une unité de service (3) contenant les jeux d'instructions de ce qui peut être réalisé par l'UMS;- (iii) a service unit (3) containing the instruction sets of what can be realized by the UMS;
- (iv) une Unité de Stockage (6), elle-même décomposée en plusieurs parties contenant respectivement :- (iv) a Storage Unit (6), itself broken down into several parts containing respectively:
- (a) un périphérique où est installé la partition bootable de l'UMS ;- (a) a device where the bootable partition of the UMS is installed;
- (b) un périphérique où est logée une copie du support (a) ;- (b) a device where is housed a copy of the medium (a);
- (c) un périphérique esclave où sont installés des outils de contrôle distant gérés sous le contrôle de l'ordinateur hôte et de son système d'exploitation ; et,- (c) a slave device where managed remote control tools are installed under the control of the host computer and its operating system; and,
(d) un périphérique des outils de maintenance et des empreintes (système/donnée) de l'ordinateur hôte ;(d) a device of the maintenance tools and fingerprints (system / data) of the host computer;
- (v) une interface de commutation (7) permettant de commander individuellement l'alimentation de chaque composante de l'Unité de Stockage (6) et de l'unité de service (3);- (v) a switching interface (7) for individually controlling the supply of each component of the Storage Unit (6) and the service unit (3);
- (vi) un port de communication (5) avec l'Ordinateur Hôte ; et,- (vi) a communication port (5) with the Host Computer; and,
- (vii) une interface de commutation (8) d'entrée-sortie et de lecture-écriture du port de communication (5). - (vii) an input-output switching and read-write interface (8) of the communication port (5).
2. - Dispositif selon la revendication 1 caractérisé par le fait qu'il comprend en outre un dispositif de mise à jour qui est constitué d'une unité d'entrée-sortie - Interface USB-A - (4) également connectée au bus de I1UMS par l'intermédiaire d'une interface de commutation (8).2. - Device according to claim 1 characterized in that it further comprises an updating device which consists of an input-output unit - Interface USB-A - (4) also connected to the bus of I 1 UMS via a switching interface (8).
3. - Dispositif selon l'une quelconque des revendications 1 ou 2, caractérisé par le fait qu'il utilise en outre les composantes suivantes, hébergées sur des serveurs distincts, utilisées pour mettre en oeuvre les fonctions de routage des appels de service :3. - Device according to any one of claims 1 or 2, characterized in that it also uses the following components, hosted on separate servers, used to implement the routing functions of service calls:
- (i) la composante de routage proprement dite des appels, appelé " PAMI " (11) (" Plate-forme d'Administration Master International "), qui reçoit tous les appels émis par I1UMS, et est susceptible de les router vers l'un ou l'autre de fournisseurs de service référencés ;- (i) the actual routing component of the calls, called "PAMI" (11) ("International Master Administration Platform"), which receives all calls sent by I 1 UMS, and is likely to route them to one or the other of the referenced service providers;
- (ii) une base de données externe " BD/TC (" Base de Données Techniques et Commerciales ") (13), et permettant à la PAMI (11) de déterminer si et où router un appel.- (ii) an external database "BD / TC (" Technical and Commercial Database ") (13), and allowing the PAMI (11) to determine if and where to route a call.
4. - Procédé pour la mise en oeuvre du dispositif selon la revendication 1 , caractérisé par le fait qu'il comprend les étapes suivantes :4. - Method for implementing the device according to claim 1, characterized in that it comprises the following steps:
- (i) un utilisateur de l'Ordinateur Hôte active l'UMS au moyen du dispositif d'identification (1) ;- (i) a user of the Host Computer activates the UMS by means of the identification device (1);
- (ii) le micro-contrôleur (2), agissant au travers de l'interface de communication- (ii) the microcontroller (2), acting through the communication interface
(5), propose à l'utilisateur un menu lui demandant de choisir entre les différents services auxquels son identité lui donne accès; en cas d'impossibilité d'afficher ce menu de choix, par exemple si l'ordinateur hôte est hors service, le service par défaut sera choisi, étant la restauration système par un technicien distant ;(5), proposes to the user a menu asking him to choose between the various services to which his identity gives him access; if it is impossible to display this choice menu, for example if the host computer is out of service, the default service will be chosen, being the system restore by a remote technician;
- (iii) en fonction du choix effectué par l'utilisateur, le microcontrôleur (2) charge les instructions contenues dans l'unité de service (3), et les exécute en séquence; lors de chaque étape de l'exécution, le micro-contrôleur agit en particulier sur les interfaces de commutation (7) et (8) pour limiter le fonctionnement des périphériques de communication et de stockage à ce qui est strictement nécessaire pour la mise en oeuvre des tâches concernées ; - (iv) après exécution complète des opérations demandées I1UMS rend la main à l'ordinateur hôte, qui se réinitialise, puis se coupe du monde extérieur, puis recopie dans l'espace (6A) de l'Unité de Stockage US utilisé pour le démarrage de l'ordinateur hôte (6) sa propre empreinte se trouvant dans un espace (6B) de l'Unité de Stockage US (6) réservé et inaccessible par les tiers, puis enfin se replace dans sa configuration d'origine, qui est inactive et rendu invisible tant de l'ordinateur hôte que de tiers par action en particulier sur les interfaces de commutation (7) et (8).- (iii) according to the choice made by the user, the microcontroller (2) loads the instructions contained in the service unit (3), and executes them in sequence; during each step of the execution, the microcontroller acts in particular on the switching interfaces (7) and (8) to limit the operation of the communication and storage peripherals to what is strictly necessary for the implementation relevant tasks; - (iv) after complete execution of the requested operations I 1 UMS hands over to the host computer, which resets itself, then cuts itself off from the outside world, then copies back into the space (6A) of the US Storage Unit used for starting the host computer (6) its own fingerprint in a space (6B) of the US Storage Unit (6) reserved and inaccessible by third parties, then finally returns to its original configuration, which is inactive and made invisible to both the host computer and third parties by action especially on the switch interfaces (7) and (8).
5. - Procédé pour la mise en oeuvre du service par défaut défini dans la revendication 4, caractérisé par le fait qu'il comprend les étapes suivantes :5. - Method for implementing the default service defined in claim 4, characterized in that it comprises the following steps:
- (i) le microcontrôleur (2) déclenche le re-démarrage de l'ordinateur hôte en adressant à ce dernier une instruction dans ce sens par le port de communication (5),- (i) the microcontroller (2) triggers the restart of the host computer by sending the latter an instruction in this direction via the communication port (5),
- (ii) il commande l'alimentation de la partie démarrable de l'Unité de Stockage (6) au travers de l'interface de commutation (7)- (ii) it controls the supply of the bootable part of the Storage Unit (6) through the switching interface (7)
- (iii) un logiciel déclenche l'émission d'un appel vers une Plate-forme d'Administration Master International (11 )- (iii) software triggers the issuance of a call to an International Master Administration Platform (11)
- (iv) la Plate-forme d'Administration Master International (11) consulte une base de données BD/TC (base de données technique et commerciale) (13), et,- (iv) the International Master Administration Platform (11) consults a BD / TC database (technical and commercial database) (13), and
- (v) en fonction des indications contenues dans la BD/TC, elle route l'appel vers le prestataire de services distants le plus approprié (12).- (v) according to the indications contained in the BD / TC, route the call to the most appropriate remote service provider (12).
6. - Procédé selon la revendication 4 pour la mise en œuvre du dispositif selon la revendication 2, caractérisé par le fait qu'il est constitué des étapes suivantes :6. - Method according to claim 4 for the implementation of the device according to claim 2, characterized in that it consists of the following steps:
(i) un technicien autorisé établit formellement son identité par exemple en introduisant un dispositif d'identification comme une carte à puce, ou toute combinaison de dispositifs d'identification qui serait requise ;(i) an authorized technician formally establishes his identity for example by introducing an identification device such as a smart card, or any combination of identification devices that would be required;
- (ii) l'identification formelle de son identité entraîne l'autorisation d'accès à certains modules de l'unité de service (3) par le micro-contrôleur (2), relayée par le commutateur (7) ; - (iii) le technicien connecte à l'unité d'entrée-sortie (4) un dispositif extérieur approprié ;- (ii) the formal identification of its identity involves the authorization of access to certain modules of the service unit (3) by the microcontroller (2) relayed by the switch (7); - (iii) the technician connects to the input-output unit (4) a suitable external device;
- (iv) le technicien effectue la modification des mémoires de l'unité de service (3), avant de- (iv) the technician modifies the memories of the service unit (3), before
- (v) clore la transaction, ce qui désactive l'UMS. - (v) close the transaction, which deactivates the UMS.
PCT/FR2008/000398 2007-03-23 2008-03-25 Multiservice unit (ums) allowing the provision of remote services (i) which cannot be attacked by remote third parties, (ii) which is non intrusive, and (iii) which is independent of the configuration of the host system WO2008132352A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0702142A FR2914078B1 (en) 2007-03-23 2007-03-23 MULTI-SERVICE UNIT (UMS), PROVIDING FOR THE PROVISION OF REMOTE SERVICES (I) UNABLE TO REMOTE THIRD PARTIES, (II) NON-INTRUSIVE, AND (III) INDEPENDENT OF THE CONFIGURATION OF THE HOST SYSTEM.
FR0702142 2007-03-23

Publications (2)

Publication Number Publication Date
WO2008132352A2 true WO2008132352A2 (en) 2008-11-06
WO2008132352A3 WO2008132352A3 (en) 2009-02-19

Family

ID=38982819

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR2008/000398 WO2008132352A2 (en) 2007-03-23 2008-03-25 Multiservice unit (ums) allowing the provision of remote services (i) which cannot be attacked by remote third parties, (ii) which is non intrusive, and (iii) which is independent of the configuration of the host system

Country Status (2)

Country Link
FR (1) FR2914078B1 (en)
WO (1) WO2008132352A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9982036B2 (en) 2011-02-28 2018-05-29 Hoffmann-La Roche Inc. Dual FC antigen binding proteins

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5740397A (en) * 1995-10-11 1998-04-14 Arco Computer Products, Inc. IDE disk drive adapter for computer backup and fault tolerance
US20030191931A1 (en) * 2002-04-05 2003-10-09 Nec Corporation Automatic concealment of expansion cards in computer system
US6654797B1 (en) * 2000-05-25 2003-11-25 International Business Machines Corporation Apparatus and a methods for server configuration using a removable storage device
EP1376360A2 (en) * 2002-06-21 2004-01-02 Sharp Kabushiki Kaisha Automatic backup system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5740397A (en) * 1995-10-11 1998-04-14 Arco Computer Products, Inc. IDE disk drive adapter for computer backup and fault tolerance
US6654797B1 (en) * 2000-05-25 2003-11-25 International Business Machines Corporation Apparatus and a methods for server configuration using a removable storage device
US20030191931A1 (en) * 2002-04-05 2003-10-09 Nec Corporation Automatic concealment of expansion cards in computer system
EP1376360A2 (en) * 2002-06-21 2004-01-02 Sharp Kabushiki Kaisha Automatic backup system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9982036B2 (en) 2011-02-28 2018-05-29 Hoffmann-La Roche Inc. Dual FC antigen binding proteins

Also Published As

Publication number Publication date
FR2914078B1 (en) 2009-06-26
WO2008132352A3 (en) 2009-02-19
FR2914078A1 (en) 2008-09-26

Similar Documents

Publication Publication Date Title
US9954856B2 (en) Token based one-time password security
EP1967949A1 (en) Method of executing a program relating to several services, corresponding electronic device and system
FR2842679A1 (en) PORTABLE DATA STORAGE DEVICE HAVING A LAYERED MEMORY ARCHITECTURE AND METHOD FOR ENCRYPTING / DECRYPTING A USER ENTRY CODE
EP2110742A1 (en) Portable device and method for externally starting up a computer system
WO2000067445A1 (en) Method, server system and device for making safe a communication network
EP2077515A1 (en) Device, systems and method for securely starting up a computer system
WO2011045516A1 (en) Computer system for accessing confidential data by means of at least one remote unit and remote unit
FR2978002A1 (en) METHOD OF AUTHENTICALLY SIGNATURE OF A WORKING DOCUMENT
WO2008132352A2 (en) Multiservice unit (ums) allowing the provision of remote services (i) which cannot be attacked by remote third parties, (ii) which is non intrusive, and (iii) which is independent of the configuration of the host system
FR3095707A1 (en) Method for securing a communication and corresponding device.
WO2015000967A1 (en) Device, system and method for securing transfer of data between a source portable data storage device and a destination computing system
CA2694335A1 (en) Management and sharing of dematerialised safes
EP3729273B1 (en) System and method for formulating and executing fonctional tests for cluster de servers
EP3588337A1 (en) Control of a data storage device
CA3093385A1 (en) Secure data processing
WO2011070241A1 (en) Method of safeguarding data contained in a portable communicating terminal
EP0119886A1 (en) Method of protecting software recorded by a supplier on a portable magnetic holder
FR2913551A1 (en) User authenticating method for use in Internet network, involves authenticating authentication server by token and vice versa for each of web pages requested by user, by executing control script e.g. java script, in computer
EP1262860B1 (en) System and method for user authentication
WO2024079144A1 (en) Method for managing authentication data allowing a user to access a service from a terminal
EP3994596A1 (en) Secure cloud computing architecture and security method
WO2007006960A1 (en) Method for automatic integration and persistent storage of a priori volatile personalizing parameters
EP2755160B1 (en) Method of tracing data related to a device user
EP3825882A1 (en) Method and system for secure provisioning or replacing of a secret in at least one portable communication device
FR3116134A1 (en) Process for automatically updating user data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08787844

Country of ref document: EP

Kind code of ref document: A2

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08787844

Country of ref document: EP

Kind code of ref document: A2