[go: up one dir, main page]

WO2009152864A1 - Network - file system bridge - Google Patents

Network - file system bridge Download PDF

Info

Publication number
WO2009152864A1
WO2009152864A1 PCT/EP2008/057855 EP2008057855W WO2009152864A1 WO 2009152864 A1 WO2009152864 A1 WO 2009152864A1 EP 2008057855 W EP2008057855 W EP 2008057855W WO 2009152864 A1 WO2009152864 A1 WO 2009152864A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
network
layer
file system
embedded system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2008/057855
Other languages
French (fr)
Inventor
Jens Klaas
Andreas Ripke
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NEC Europe Ltd
Original Assignee
NEC Europe Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NEC Europe Ltd filed Critical NEC Europe Ltd
Priority to PCT/EP2008/057855 priority Critical patent/WO2009152864A1/en
Publication of WO2009152864A1 publication Critical patent/WO2009152864A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/59Providing operational support to end devices by off-loading in the network or by emulation, e.g. when they are unavailable

Definitions

  • This invention relates to a data exchange between a device and a network. More particularly, the present invention relates to a method and a device to realize this data exchange between a network and a network-non-compatible or a network-compatible device via a network-file system bridge.
  • the data input for data processing systems in the entertainment sector (e.g. DVD player, home entertainment system, car radio, car-entertainment system, mobile phone) is mostly realized by external data media.
  • a common device for this purpose is a USB - memory stick (LJSB: Universal Serial Bus) which must be plugged to the data processing system. Data copied from a computer to such a memory stick may be subsequently copied to the data processing system.
  • LJSB Universal Serial Bus
  • Another possibility for the data processing system to exchange data can be realized via a network connection. Even though network connections of these data processing systems are possible, the amount of functionality is often restricted.
  • USB - Ethernet Bridge An alternative for an integrated network connection is an USB - Ethernet Bridge.
  • US 2007/0016714 A1 discloses such an USB - Ethernet Bridge.
  • the data processing system can be connected via its USB interface to a network and, thus, may become a part of that network.
  • US 2007/0156710 A1 discloses a method and a device to share computer data among computers.
  • a user identifies on a first computer at least one object of a file system to be shared through a second computer.
  • a sharing file system generator creates on the first computer a sharing file system.
  • the sharing file system generator installs the object to be shared in the sharing file system.
  • the object to be shared is exposed from the sharing file system to a second computer through a USB connection.
  • the invention is based on the idea that data from a network is mapped to a common file system via interconnected data processing layers without the need to install or set anything on the computers realizing the network.
  • the data exchange from a network-non-compatible device or a network- compatible device and a network is possible.
  • the device does not have to support a network protocol and no special arrangements have to be made for the network.
  • This invention uses standard protocols to access the directories or partitions (Plug&Play), instead of installing additional software on the network computers. Special drivers or other special software on the network computers are not necessary.
  • the network-file system bridge the mapping of a network to a common file system is done. The device only has to be able to read data from and write data to a data bus, e.g. such a data bus as realized with an USB memory stick.
  • a network-non-compatible or a network-compatible device using the network-file system bridge are not part of the network.
  • a transfer layer, a control layer, a data layer and a network layer can be separated allowing the control of the data in the embedded system before the data is transmitted to the target device. Therefore in the present invention attacking the target device, e.g. with computer viruses, can be prohibited. Only the embedded system can be affected by these attacks.
  • Fig. 1 is a schematic block diagram of a device and a memory connected via a data bus according to the prior art
  • Fig. 2 is a schematic block diagram of an embodiment showing a network- non-compatible device or a network-compatible device to exchange data with a network via an embedded system according to the present invention
  • Fig. 3 shows the logically separated parts of the embedded system of Fig. 2 in more detail.
  • a data exchange between a network-non-compatible device e.g. DVD player, home entertainment system, car radio, car-entertainment system, mobile phone
  • the device 1 has to provide a minimum of functionality to enable the data exchange.
  • Fig. 1 shows the device 1 and a memory 2 connected via a data bus 3 according to the prior art.
  • the device 1 must be able to read and write data to a memory 2 via a data bus 3.
  • the data bus 3 may be a universal serial bus (USB).
  • the memory 2 can be a USB memory stick.
  • the device 1 must be able to process the data read from e.g. the USB memory stick 2.
  • FIG. 2 shows a schematic block diagram of the embedded system 5 and the connected items according to the present invention.
  • the embedded system 5 is connected to a device 1 via a data bus 3 connection such as an USB connection.
  • the embedded system 5 is further connected to a network 4 using a standard protocol.
  • the standard protocol can be a server message block (SMB) protocol.
  • Fig. 3 shows the logically separated parts of the embedded system 5.
  • the embedded system 5 comprises a data transfer layer 51 , a data control layer 52, a data layer 53 and a network layer 54.
  • the network layer 54 receives data from the network 4 and sends data to the network 4 using a network protocol, e.g. the SMB protocol.
  • the connection between the network layer 54 and the network 4 can be wireless.
  • the network layer 54 also exchanges data with the data layer 53.
  • the data format of the data layer 53 is that of a common file system, e.g. FAT-32. Therefore the mapping of the data from a network 4 to a common file system is established with the network layer 54 and the data layer 53.
  • the network layer 54 and the data layer 53 realize the network-file system bridge.
  • the embedded system acts then as a SMB-USB bridge.
  • the data layer 53 exchanges data with the data control layer 52.
  • the data is checked if it contains any detrimental content for the target device, i.e. the network-non-compatible device 1.
  • the data control layer 52 exchanges data with the data transfer layer 51.
  • a data bus 3 connects the data transfer layer 51 to a network-non-compatible device 1.
  • This data bus 3 connection can be a universal serial bus (USB) connection.
  • USB universal serial bus
  • the SMB protocol could be mapped to a FAT-32 file system. For this, it is necessary that a mapping of the diverse structures of the different systems is carried out. This mapping could be stored in a cache on the embedded system. Then, for the concrete realization with SMB/FAT-32 only the read or changed directory structures of the file system have to be stored during use.
  • a network-compatible device 1 (laptop, PC, mobile device, mobile phone) exchanges data with a network 4 without being part of the network 4.
  • Fig. 1 shows the device 1 which must be able to read data from and write data to a data bus 3 according to the prior art.
  • This can be an USB, i.e. the device 1 must be able to read data from and write data to an USB memory stick 2.
  • the network-compatible device 1 must be able to process the read data.
  • Fig. 2 shows a schematic block diagram of the embedded system 5 and the connected items according to the present invention as described in the first embodiment.
  • the difference in the second embodiment compared to the first embodiment is, that the device 1 is a network-compatible device.
  • Fig. 3 shows the logically separated parts of the embedded system 5.
  • the exchange of the data is realized with this embedded system 5.
  • the data transfer layer 51 , the data control layer 52, the data layer 53 and the network layer 54 are isolated.
  • the isolation can be only logically or the isolation can be logically and physically.
  • the data control layer 52 is separated from the other layers. Therefore the data can be checked in this layer without the possibility of affecting the following layers with detrimental data.
  • This also means that the data can be checked before sending the data to the target device 1 , i.e. before the data processing in the target device 1 begins. This technology is therefore called "pre-execution trusted computing". Attacks from the network can only affect the embedded system 5 but cannot adversely affect the target system. Therefore, trustability can also be established to insecure data sources.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

A network-file system bridge enables a network-non-compatible or a network- compatible device (1) to exchange data with a network (4). The network-file system bridge is realized via an embedded system comprising a data transfer layer (51) for connecting to a device (1), a data control layer (52) for controlling data, a data layer (53) for establishing a file system and a network layer (54) for connecting to a network (4). The network (4) is mapped to a common file system. Therefore a device (1) which is able to read data from and write data to a data bus (3) is able to exchange data with the network (4). The bus (3) can be realized as USB, i.e. the device (1) must be able to read data from or write data to an USB memory stick (2). A network-non- compatible or a network-compatible device (1) which exchanges data with a network (4) via the embedded system do not have to be part of that network (4) or support a network protocol. Because of the isolation of the network layer (54), the data layer (53), the data control layer (52) and the transfer layer (51) in the embedded system the data can be checked before it is transferred to a target device (1). Therefore in this pre-execution trusted computing technology the checking of the data is always possible before the processing of the data begins.

Description

Network - File system Bridge
This invention relates to a data exchange between a device and a network. More particularly, the present invention relates to a method and a device to realize this data exchange between a network and a network-non-compatible or a network-compatible device via a network-file system bridge.
The data input for data processing systems in the entertainment sector (e.g. DVD player, home entertainment system, car radio, car-entertainment system, mobile phone) is mostly realized by external data media. A common device for this purpose is a USB - memory stick (LJSB: Universal Serial Bus) which must be plugged to the data processing system. Data copied from a computer to such a memory stick may be subsequently copied to the data processing system.
Another possibility for the data processing system to exchange data can be realized via a network connection. Even though network connections of these data processing systems are possible, the amount of functionality is often restricted.
An alternative for an integrated network connection is an USB - Ethernet Bridge. US 2007/0016714 A1 discloses such an USB - Ethernet Bridge. In this case the data processing system can be connected via its USB interface to a network and, thus, may become a part of that network.
US 2007/0156710 A1 discloses a method and a device to share computer data among computers. A user identifies on a first computer at least one object of a file system to be shared through a second computer. A sharing file system generator creates on the first computer a sharing file system. The sharing file system generator installs the object to be shared in the sharing file system. The object to be shared is exposed from the sharing file system to a second computer through a USB connection.
There are several drawbacks in the above mentioned technologies. External data media such as USB - memory sticks have to be plugged to a device before they can be used which is often not practicable. Devices must be network-compatible and support a network protocol to establish a network connection. Furthermore, devices are part of the network while they are connected. Or special arrangements have to be made for the network. For example duplicate the data which is exchanged. In methods used so far for ensuring security, the trustability of the source of the data, but not the data itself, are checked before accepting the data over the network. Therefore, a control of the data occurs only after receipt and processing of these data which, however, results in a substantial safety risk.
Therefore it is an object of the invention to overcome the above problems and to provide a flexible and safe data exchange between a network and a network-non-compatible or a network-compatible device. This object is achieved with the features of the claims.
The invention is based on the idea that data from a network is mapped to a common file system via interconnected data processing layers without the need to install or set anything on the computers realizing the network.
With a so-called network-file system bridge realized in an embedded system, the data exchange from a network-non-compatible device or a network- compatible device and a network is possible. The device does not have to support a network protocol and no special arrangements have to be made for the network. This invention uses standard protocols to access the directories or partitions (Plug&Play), instead of installing additional software on the network computers. Special drivers or other special software on the network computers are not necessary. With the network-file system bridge the mapping of a network to a common file system is done. The device only has to be able to read data from and write data to a data bus, e.g. such a data bus as realized with an USB memory stick. Furthermore a network-non-compatible or a network-compatible device using the network-file system bridge are not part of the network. In the embedded system realizing the network-file system bridge a transfer layer, a control layer, a data layer and a network layer can be separated allowing the control of the data in the embedded system before the data is transmitted to the target device. Therefore in the present invention attacking the target device, e.g. with computer viruses, can be prohibited. Only the embedded system can be affected by these attacks.
The above and other objects and advantages of the present invention will be apparent upon consideration of the following detailed description taken in conjunction with the accompanying drawings:
Fig. 1 is a schematic block diagram of a device and a memory connected via a data bus according to the prior art;
Fig. 2 is a schematic block diagram of an embodiment showing a network- non-compatible device or a network-compatible device to exchange data with a network via an embedded system according to the present invention;
Fig. 3 shows the logically separated parts of the embedded system of Fig. 2 in more detail.
In a first embodiment of the present invention a data exchange between a network-non-compatible device (e.g. DVD player, home entertainment system, car radio, car-entertainment system, mobile phone) and a network is realized. The device 1 has to provide a minimum of functionality to enable the data exchange. Fig. 1 shows the device 1 and a memory 2 connected via a data bus 3 according to the prior art. The device 1 must be able to read and write data to a memory 2 via a data bus 3. The data bus 3 may be a universal serial bus (USB). The memory 2 can be a USB memory stick. The device 1 must be able to process the data read from e.g. the USB memory stick 2. With this minimum of functionality of the device 1 the data exchange may be realized with an embedded system. Fig. 2 shows a schematic block diagram of the embedded system 5 and the connected items according to the present invention. The embedded system 5 is connected to a device 1 via a data bus 3 connection such as an USB connection. The embedded system 5 is further connected to a network 4 using a standard protocol. The standard protocol can be a server message block (SMB) protocol.
Fig. 3 shows the logically separated parts of the embedded system 5. The embedded system 5 comprises a data transfer layer 51 , a data control layer 52, a data layer 53 and a network layer 54. The network layer 54 receives data from the network 4 and sends data to the network 4 using a network protocol, e.g. the SMB protocol. The connection between the network layer 54 and the network 4 can be wireless. The network layer 54 also exchanges data with the data layer 53. The data format of the data layer 53 is that of a common file system, e.g. FAT-32. Therefore the mapping of the data from a network 4 to a common file system is established with the network layer 54 and the data layer 53. The network layer 54 and the data layer 53 realize the network-file system bridge. The embedded system acts then as a SMB-USB bridge. The data layer 53 exchanges data with the data control layer 52. In the data control layer 52 the data is checked if it contains any detrimental content for the target device, i.e. the network-non-compatible device 1. The data control layer 52 exchanges data with the data transfer layer 51. A data bus 3 connects the data transfer layer 51 to a network-non-compatible device 1. This data bus 3 connection can be a universal serial bus (USB) connection. With the embedded system 5 the mapping of the data of a network 4 to a common file system is done. Therefore the device 1 does not have to be network-compatible and also the device 1 does not have to support a network protocol to exchange data with the network 4.
In a concrete implementation the SMB protocol could be mapped to a FAT-32 file system. For this, it is necessary that a mapping of the diverse structures of the different systems is carried out. This mapping could be stored in a cache on the embedded system. Then, for the concrete realization with SMB/FAT-32 only the read or changed directory structures of the file system have to be stored during use.
In a second embodiment of the present invention a network-compatible device 1 (laptop, PC, mobile device, mobile phone) exchanges data with a network 4 without being part of the network 4. Fig. 1 shows the device 1 which must be able to read data from and write data to a data bus 3 according to the prior art. This can be an USB, i.e. the device 1 must be able to read data from and write data to an USB memory stick 2. The network-compatible device 1 must be able to process the read data.
Fig. 2 shows a schematic block diagram of the embedded system 5 and the connected items according to the present invention as described in the first embodiment. The difference in the second embodiment compared to the first embodiment is, that the device 1 is a network-compatible device.
As described above, Fig. 3 shows the logically separated parts of the embedded system 5. The exchange of the data is realized with this embedded system 5. In the second embodiment the data transfer layer 51 , the data control layer 52, the data layer 53 and the network layer 54 are isolated. The isolation can be only logically or the isolation can be logically and physically. Important is that the data control layer 52 is separated from the other layers. Therefore the data can be checked in this layer without the possibility of affecting the following layers with detrimental data. This also means that the data can be checked before sending the data to the target device 1 , i.e. before the data processing in the target device 1 begins. This technology is therefore called "pre-execution trusted computing". Attacks from the network can only affect the embedded system 5 but cannot adversely affect the target system. Therefore, trustability can also be established to insecure data sources.

Claims

Claims
1. A method for mapping a network to a common file system using only standard protocols and for realizing a data exchange between a device (1) and a network (4), said method comprising data processing layers connected in the following order: a data transfer layer (51) connectable to said device adapted to read data from and write data to a data bus (3); a data control layer (52) for controlling data; a data layer (53) for establishing a file system and a network layer (54) connectable to a network.
2. The method according to claim 1 , wherein the device is a network-non- compatible device.
3. The method according to claim 1 , wherein the device is a network- compatible device.
4. The method according to claim 1 , 2 or 3, wherein the network layer, the data layer and the data transfer layer are separated from the data control layer.
5. The method according to any one of claims 1 to 4, wherein the data processing layers are logically and/or physically isolated.
6. The method according to claim 4 or 5 , wherein the data is checked before it is transferred to the device.
7. The method according to any one of claims 1 to 6, wherein the connection between the device and the data transfer layer comprises a universal serial bus (USB).
8. The method according to any one of claims 1 to 7, wherein the connection between the network layer and the network is controlled by means of the server message block (SMB) protocol.
9. The method according to claim 8, wherein the connection between the network layer and the network is wireless.
10. An embedded system for a data exchange between a device (1) and a network (4), said system comprising data processing layers connected in the following order: a data transfer layer (51) connectable to said device adapted to read data from and write data to a data bus (3); a data control layer (52) for controlling data; a data layer (53) for establishing a file system; and a network layer (54) connectable to a network, wherein the data exchanged from the network to the network layer is mapped to a common file system in the data layer using only standard protocols.
11. The embedded system according to claim 10, wherein the network layer, the data layer and the data transfer layer are separated from the data control layer.
12. The embedded system according to claim 10 or 11 , wherein the data processing layers are logically and/or physically isolated.
13. The embedded system according to claim 10, 11 or 12, wherein the connection between the device and the data transfer layer comprises a universal serial bus (USB).
14. The embedded system according to any one of claims 10 to 13, wherein the connection between the network layer and the network is controlled by means of the server message block (SMB) protocol.
15. The embedded system according to claim 14, wherein the connection between the network layer and the network is wireless.
16. A data exchange system comprising a network (4), a device (1) and an embedded system according to any one of claims 10 to 15 interconnected between the network and the device.
17. The data exchange system according to claim 16, wherein the device is a network-non-compatible device.
18. The data exchange system according to claim 16, wherein the device is a network-compatible device.
PCT/EP2008/057855 2008-06-20 2008-06-20 Network - file system bridge Ceased WO2009152864A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2008/057855 WO2009152864A1 (en) 2008-06-20 2008-06-20 Network - file system bridge

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2008/057855 WO2009152864A1 (en) 2008-06-20 2008-06-20 Network - file system bridge

Publications (1)

Publication Number Publication Date
WO2009152864A1 true WO2009152864A1 (en) 2009-12-23

Family

ID=40459626

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2008/057855 Ceased WO2009152864A1 (en) 2008-06-20 2008-06-20 Network - file system bridge

Country Status (1)

Country Link
WO (1) WO2009152864A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103440336A (en) * 2013-09-06 2013-12-11 济钢集团有限公司 Safe physical-isolation automatic transmission method of network database tables
CN106686628A (en) * 2016-12-13 2017-05-17 西安电子科技大学 A system and method for realizing separation of LTE air interface side control and data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040153765A1 (en) * 2001-01-11 2004-08-05 Dieter Prifling Data communication system and data conversion device
EP1662408A1 (en) * 2004-11-30 2006-05-31 Microsoft Corporation Method and system for caching remote files locally
US20060173843A1 (en) * 2005-01-31 2006-08-03 Wilson Christopher S Method and system for flexibly providing shared access to data pools

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040153765A1 (en) * 2001-01-11 2004-08-05 Dieter Prifling Data communication system and data conversion device
EP1662408A1 (en) * 2004-11-30 2006-05-31 Microsoft Corporation Method and system for caching remote files locally
US20060173843A1 (en) * 2005-01-31 2006-08-03 Wilson Christopher S Method and system for flexibly providing shared access to data pools

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103440336A (en) * 2013-09-06 2013-12-11 济钢集团有限公司 Safe physical-isolation automatic transmission method of network database tables
CN106686628A (en) * 2016-12-13 2017-05-17 西安电子科技大学 A system and method for realizing separation of LTE air interface side control and data

Similar Documents

Publication Publication Date Title
EP3758326B1 (en) Secure updating of computing system firmware
CN102255888B (en) Method and device for security scanning of data storage device from remote server
KR101825005B1 (en) In-system provisioning of firmware for a hardware platform
US20120042376A1 (en) Host Device and Method for Securely Booting the Host Device with Operating System Code Loaded From a Storage Device
US20230140209A1 (en) System and method for secure access to a distributed virtual firmware network drive
JP2010073193A (en) System and method to secure boot uefi firmware and uefi-aware operating system in mobile internet device (mid)
JP2010073193A5 (en)
CN111625263A (en) A method for updating server component firmware
JP2003006048A (en) Storage system for host computer authentication
US20170063877A1 (en) Hacking-resistant computer design
EP4233274B1 (en) Distributed secure communication system
WO2020087783A1 (en) Data forwarding control method and system based on hardware control logic
RU2602336C2 (en) Establishing physical locality between secure execution environments
EP1877910B1 (en) Delegating universal serial bus functionality
EP4229818B1 (en) Distributed key management system
US11068035B2 (en) Dynamic secure ACPI power resource enumeration objects for embedded devices
US20220131687A1 (en) Device and method for updating immobilizer token in digital key sharing system
WO2009152864A1 (en) Network - file system bridge
KR101042218B1 (en) Data Security Method of Computer Data Security System
US12362919B2 (en) Enforcing access control for embedded controller resources and interfaces
CN103065105B (en) For equipment and the method for encipher hard disc
HK1251673B (en) Hacking-resistant computer design

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08761266

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC OF 280311

122 Ep: pct application non-entry in european phase

Ref document number: 08761266

Country of ref document: EP

Kind code of ref document: A1