Biometric Access Control - VPI-Initiative.com

collarlimabeansΑσφάλεια

23 Φεβ 2014 (πριν από 3 χρόνια και 1 μήνα)

49 εμφανίσεις

VPI


Virtual Private Infrastructure

Solutions@Impact


www.impact.eu.memec.com

Application

description

Virtual

Private

Infrastructure

(VPI)

connects

remote

devices

over

the

Internet

via

a

portal

(VPI

Portal)

using

standard

protocols

(HTTP,

TCP/IP)

and

open

standards
.

VPI

uses

a

secure

HTTP

tunnel

from

the

VPI

Portal

to

the

VPI

Agent

to

communicate

with

the

remote

device
.

The

VPI

portal

handles

the

security

and

authentication

and

forwards

the

HTTP

requests

to

the

VPI

Agent,

which

acts

as

Relais

and

forwards

it

to

the

device

itself
.

Alarming

systems

can

easily

be

integrated

as

well

as

database

connections
.

The

devices

can

be

connect

to

net

in

many

ways

and

it

can

be

easily

changed

if

the

device

will

be

connected

in

another

way
.

VPI

is

a

flexible,

powerful,

secure

and

easy

to

handle

concept
.

Remote Access

Network

Control station

Mobile control station

Remote device

Remote device

Remote device

Remote device

Remote device

Remote device






Remote maintenance and control is already widely used in






industrial automation and building automation and becomes






more and more important for many other applications.






Controlling a remote device over the Internet allows to save






maintenance cost and allows to provide a lot of additional






services to the customer.






For example washing machines and many other devices will






no longer be bought in the future, instead you pay for hours






using the devices and it is guarantied the washing machine






is working all the time and in case of a defect it will be






repaired immediately. The service technician can connect to






the device read out the status and identify which part has to






be replaced.






A lot of other services like energy balancing and contracting,






information and advertisement on public devices like






vending machines, statistics for improvement of the product,

providing information and access to the device for the customer over a Internet portal, software upgrade and many more can be

im
plemented.

To connect remote devices to the internet is a cost effective way, because existing infrastructures, well proven technologies

an
d standard
protocols are used. The user interface is an ordinary Webbrowser which is available on any platform and is easy to use.

Usually the devices are connected to the Internet in many different ways, over dial
-
up connection, leased lines, GSM/GPRS and so

on and it is
important to have a solution to access and manage the devices in an easy way. The connection to the device has to be secure,
so
that only
authorized people can access the remote device and data.

The Virtual Private Infrastructure (VPI) concept solves all those and many other issues, uses standard protocols and is easy
to
implement and
manage.

VPI


Virtual Private Infrastructure

Solutions@Impact


www.impact.eu.memec.com

Intranet (Management)

Service Company

LAN

Customer A

LAN

Customer B

Firewall

Internet

Coach

Alarming / SMS / e
-
mail / Report DB

Control

(Office)

ISP

ISP

Service

Control

(Home)

Firewall

VPI Portal

VPI Agent

VPI Agent

Leased Line

Leased Line

Dial
-
up

Device

Dial
-
up / GSM / GPRS

SSL

Device

Device

Device

Device

Device

Device

Device

Device

VPI Overview

VPI Initiative

Acronyms

VPI


Virtual Private Infrastructure

Solutions@Impact


www.impact.eu.memec.com

Virtual Private Infrastructure

-

iniNet

For the monitoring and controlling of devices, the remote access via a web browser to an embedded webserver of a distant syst
em
is a widely
used technology. Generally, by means of PPP (Point to Point Protocol), a temporary point
-
to
-
point connection via a telephone lin
e is made. For
cost and security reasons, however, the systems to be monitored have neither a permanent or a transparent Internet access.

iniNet AG has developed a new concept


with the SpiderControl

VPI which integrates existing company networks and infrastructures and
does not require additional connections. With the SpiderControl

VPI, distant systems can be called up at all times in the same way as with a
permanent connection. Firewalls, routers and switches are no handicap, and do not have to be reconfigured. The VPI offers a h
igh

degree of
security and is also used in the banking sector.

The VPI
-
agent allows you to reach your device via the Internet even if this is behind a firewall and does not have a “public” TC
P/IP number.

The operator of the intranet has control over the VPI
-
agent and can define at any time which target systems should be imaged on
the Internet.
Through the Internet Service Provider (ISP) the VPI
-
agent keeps a tunnel to a central webserver on the Internet (or VPI
-
portal).

A user now
selects the address of this server and must identify himself with his user name and password.

Subsequently, this user receives a list with the links (direct on the target system) to which he has right of access. If the
use
r selects such a
target, the connection is now taken up fully transparent and maintained via the marked route.

The VPI
-
agent is a software module which can be operated on any system within the intranet. A PC, a server or a suitably embedde
d device
can be used for this.


Features


Data traffic runs over the Internet via Secure Socket Layer (SSL)


User identification with user name and password


Each access can be logged


Access is realised on application level instead of protocol level


The connection can be activated from the device only when required


The whole tunnel can be closed at any time without having any effect on normal operation of the network whatsoever


VPI


Virtual Private Infrastructure

Solutions@Impact


www.impact.eu.memec.com

VPI Portal

The VPI Portal is provided by a Internet Service Provider (ISP). A user
selects the address of this server and must identify himself with his user
name and password. Subsequently, this user receives a list with the links of
target systems to which he has right of access. If the user selects such a
target, the connection is now taken up fully transparent via the marked
route.


Features


ISP guarantees internet access


Maintain user accounts, access rights


Solves security


Provides access to the remote devices


Portal Requirements


Transparent forwarding of HTTP
-
protocol


SSL Encryption


Multiple communication channels:


Leased line, GSM, GPRS, dial
-
out, analogue, ISDN, wireless


Manual and automated use


VPI


Virtual Private Infrastructure

Solutions@Impact


www.impact.eu.memec.com

VPI Agent

The VPI Agent is used to make devices within an intranet
accessible from the VPI
-
Portal. The operator of the intranet
has control over the VPI
-
Agent and can define at any time
which target systems should be imaged on the Internet.
Through the Internet Service Provider (ISP) the VPI
-
Agent
keeps a secure tunnel to a central to VPI
-
Portal on the
Internet. The VPI
-
agent is a software module which can be
operated on any system within the intranet. A PC, a server
or a suitably embedded device can be used for this.


Features


Similar technology as VPN, but on a device level not on a
network level


Secure, encrypted tunnel to the VPI Portal


HTTP
-
Relais


No TCP/IP routing to the Internet


Customer (end
-
user) has control over the connection


No reconfiguration of IT infrastructure needed


Physical connection interchangeable, leas
-
line, ADSL,
ISDN, Modem, GPRS, …


Easy configuration


VPI


Virtual Private Infrastructure

Solutions@Impact


www.impact.eu.memec.com

Remote Device

Any device with an embedded Web server can be used with VPI.

Web servers can be implemented in many different ways, as fully
integrated, as add
-
on solution or gateway solution, depending on the
requirements. p@ac is a comprehensive system solution for embedded
internet connectivity, it supports multiple platforms and uses SpiderControl
software and is fully VPI compatible. (See next pages)

For examples of applications for remote maintenance and control see the
various System Solutions @ Impact


Requirements of the embedded Web server for VPI


All services implemented on HTTP


Remote Procedure Calls, for reading and writing variables


File transfer over HTTP (POST, GET)


No absolute URL addresses to the server itself



System Solutions @ Impact:

Vending Machine

Utility meter

Remote Heating Control

POS Terminal

Biometric Access Control

Patient Monitoring

Data logger

Software

Remote Device

Web Server

HTML pages

Java Applets

Application

Application

Application

Software

Data Server

Network

PPP

RTOS

Webserver

Application

Modem

Ethernet

GSM/GPRS

TCP/IP

TCP/IP

VPI


Virtual Private Infrastructure

Solutions@Impact


www.impact.eu.memec.com

Remote Device

Connectivity Card/Box

Remote Device

Remote Device

Network
Interface

Interfaces

Micro

Controller

Network

Network
Interface

Host Micro

Controller

Network

Micro

controller

Integrated Solution

Add
-
on Solution

The Integrated Solution uses one Microcontroller
for both, the connectivity and the application. A
Real Time Operating System handles the
application and communication task. The Network
Interface can be integrated in the controller or
externally, for example a GSM interface would be
externally and Ethernet can could be integrated.

Power
Supply

Interfaces

Power
Supply

Remote Device

Comm.
Interface

Micro

controller

Interfaces

Power
Supply

Remote Device

Comm.
Interface

Micro

controller

Gateway

Network
Interface

Comm.
Interface

Micro

Controller

Network

Interfaces

Power
Supply

Remote Device

Comm.
Interface

Micro

Controller

Gateway Solution

Serial line, Bluetooth, Modem, GSM, GPRS, …

Interfaces

Power
Supply

In a Gateway Solution the resource intensive tasks like Network Interface, TCP/IP Stack and common data is handled by the gat
ewa
y.
Multiple Devices can be connected to the gateway over wired or wireless connection. On the gateway are the device dependent d
ata

and the
application code. In the gateway approach the SpiderControl Distributed Webserver is used, which allows to use Java
-
Applet and H
TML
pages to control also for small Remote Devices with limited resources.

The add on solution uses a connectivity card or
box plugged in or hooked up to the Remote
Device, which has its on micro controller. The
micro controller on the connectivity card handles
the network protocols and the web server. The two
controllers are connected over a serial or parallel
link and use a simple protocol to communicate.

VPI


Virtual Private Infrastructure

Solutions@Impact


www.impact.eu.memec.com

Remote Device

Software

Hardware

pacNET

pacNETweb

WEB
-
Server

TCP/IP

embOS

Drivers

The NEC micro controllers are well suited for embedded Internet connectivity. NEC has a wide range of micro controllers
from 8
-

64Bit and Impact can offer multiple solutions and reference design for embedded Internet connectivity.

Micro Controller
Family
Type
Connectivity Application
Reference Designs
K0, K0S
8-Bit
Nodes with Gateway, low cost devices, add-on
78K-Hopper
K-Line
8-Bit, 32-Bit
Nodes with Gateway, low cost devices, add-on
78K-Hopper, V850Ethernet, p@ac
V850
32-Bit
Medium-, high-performance Device, embedded Gateway, add-on
p@ac, V850Ethernet
F-Line
32-Bit
Medium-, high-performance Device, embedded Gateway, add-on
p@ac, V850Ethernet
S-Line
32-Bit
Medium-, high-performance Device, embedded Gateway, add-on
p@ac, V850Ethernet
VR
64-Bit
High-performance Device, embedded Gateway, add-on
V850NetChip
32-Bit
Ready to go module for add-on solution
The pacNET software packages are optimised for embedded applications with NEC
micro controllers. They contain SpiderControl software and are fully VPI compatible.
The pacNETweb includes the embOS Realtime Operating System (Segger), TCP/IP
stack, Web server (SpiderControl, iniNet) and Drivers. Multiple protocol stacks and
software packages are available, optimised for different requirements.

Contact Impact for details.

Contact Impact for details on the NEC micro controller and micro controllers from Analog Devices and Xilinx Solutions.

VPI


Virtual Private Infrastructure

Solutions@Impact


www.impact.eu.memec.com

Control
-

/ Service
-
Station

The control station for remote controlling the devices can be any PC, Workstation, Notebook, PDA with a
Webbrowser. With the browser you access the remote device via the VPI Portal. Java Applets are loaded from
the device, providing a user friendly interface to control the device.

Any service technician can access the VPI Portal from anywhere. For example from his home, office, car ….

Of course it is also possible to use an automated process to control the remote devices, exchange data with the
devices, store it in a database, generate alarm messages, initiate firmware upgrades, etc.



Features


Only webbrowser needed for remote contrlol


Access remote device via VPI Portal


Interactive or automated control of remote devices


Easy to use


VPI


Virtual Private Infrastructure

Solutions@Impact


www.impact.eu.memec.com

VPI Initiative

Members of VPI Initiative

iniNet AG

Impact, Memec AG

Aartec AG

Ascom Systec AG

Dätwyler Electronics AG

emazy corporation

Mitsubishi International GmbH

Rolitec AG

SAIA
-
Burgess Controls AG

Selectron Systems AG

SSV Software Systems GmbH

Syslogic Datentechnik AG

Tixi.Com GmbH

TRUMPF Laser Marking Systems AG

TRUMPF Laser GmbH + Co. KG

unimontis AG

The list of members is rapidly growing

VPI
-
initiative: An industry initiative for the secure
accessibility of Embedded systems over the Internet

The Virtual Private Infrastructure (VPI)
-

Initivative is an industry initiative for
instrument manufacturer, service provider, software manufacturer, machine
manufacturer and engineering companies. The purpose of the association is the
promotion of the VPI
-
standard, to achieve a homogeneous accessibility of
systems to Internet for remote control, maintenance and service solutions in the
industrial environment.


Goal and benefits of the VPI
-
initiative

The aim of the initiative is to make several companies from different sectors
pursuit the same vision and communicate it to the market. Customers should be
offered an open, seminal concept that is supported by many independent
companies which are anchored within their respective markets.

The companies benefit from their involvement


by offering VPI compatible
solutions for their existing products they can open up new markets and thus
enlarge their market potential.


http://www.vpi
-
initiative.com

VPI


Virtual Private Infrastructure

Solutions@Impact


www.impact.eu.memec.com


ISP



Firewall



Internet





WAN



Intranet



LAN



VPI


URL




IP




IP address


TCP



UDP


Acronyms 1/2

Internet Service Provider, a company or organization that provides connections to the Internet to companies or
individuals via dial
-
up, ISDN, leased lines, or other connections.

System designed to defend against unauthorized access to or from a private network. Firewalls can be implemented in
both hardware and software, or a combination of both.

A worldwide interconnection among or between private, industrial or governmental computer networks.
-
> WAN

Note
-

The Internet originally served to interconnect laboratories engaged in government research, and has now been
expanded to serve millions of users and a multitude of purposes, such as interpersonal messaging, computer
conferences, file transfer, and consulting of files containing documents.

Wide Area Network connects LANs together. The networks that make up a WAN can be located throughout a country
or even around the world. The Internet is currently the largest WAN.

Any private network that uses the internet protocols. The intranet may be connected to The Internet via firewalls, or it
may be totally separate.

Local Area Network, connects computers and devices close to each other such as on one floor of a building, one
building, or a campus.

Virtual Private Infrastructure

Uniform Resource Locator, a character string describing the location and access method of a resource on the Internet.
Example, the URL http://www.impact.ch.memec.com/pac describes the type of access method being used (http) and
the server location which hosts the Web site.

Internet Protocol, standard protocol for transmission of data from source to destinations in packet
-
switched
communications networks and interconnected systems of such networks. Sources and destinations are hosts identified
by an IP address.

A device’s or resource’s numerical address as expressed in the format specified in the Internet Protocol.

Transmission Control Protocol, standard, connection
-

oriented, full
-
duplex, host
-
to
-
host protocol used over packet
-
switched computer communications networks.

User Datagram Protocol, a standard, low
-

overhead, connectionless, host
-
to
-
host protocol that is used over packet
-
switched computer communications networks.

VPI


Virtual Private Infrastructure

Solutions@Impact


www.impact.eu.memec.com


HTTP



HTTPS



SSL




SMTP


DHCP





FTP


TELNET



PPP



DNS



SNMP

Acronyms 2/2

Hypertext Transfer Protocol is a widely used protocol to transfer information over the Internet. Typically, it is used to
transfer information from Web Servers to Web Browsers.

Secure HyperText Transfer Protocol is a protocol to transfer information securely over the Internet. HTTPS encrypts
and decrypts information exchanged between a Web server and a Web browser using Secure Socket Layer (SSL).

Secure Socket Layer, a method to encrypt communications between two parties over the Internet, by means of
authentication, privacy and integrity services that are inserted between the Sockets interface and the TCP/IP stack.
SSL uses symmetric or asymmetric (public key) cryptography for peer authentication.

Simple Mail Transfer Protocol, a protocol used to transfer e
-
mail.

Dynamic Host Configuration Protocol allows communication between network devices and a server that administers IP
addresses. A DHCP server leases IP addresses and other TCP/IP information to DHCP client that requests them.
Typically, a DHCP client leases an IP address for a period of time from a DHCP server which allows a larger number of
clients to use a set pool of IP addresses.

File Transfer Protocol, is used to transfer documents between different types of computers on a TCP/IP network.

Terminal Emulation Protocol, is used for remote terminal connection service and that allows a user at one site to
interact with systems at other sites as if that user terminal were directly connected to computers at those sites.

Point to Point Protocol, is the communication protocol that works with a modem and allows a computer to communicate
with the ISP's server.

Domain Name Server, a server within the Internet network that performs translation between fully qualified domain
names and IP addresses according to the domain name system.

Simple Network Management Protocol, a standard protocol that is used to manage and control IP gateways and the
networks to which they are attached.