(19)
(11)EP 3 065 058 B1

(12)EUROPEAN PATENT SPECIFICATION

(45)Mention of the grant of the patent:
14.04.2021 Bulletin 2021/15

(21)Application number: 16397504.8

(22)Date of filing:  25.02.2016
(51)International Patent Classification (IPC): 
G06F 16/27(2019.01)
G06F 16/95(2019.01)

(54)

A METHOD AND A DEVICE FOR FLOWING DATA BETWEEN ENTITIES

METHODE UND GERÄT FÜR DIE DATENÜBERTRAGUNG ZWISCHEN ENTITÄTEN

PROCEDE ET DISPOSITIF DE TRANSFERT DE DONNEES ENTRE ENTITÉS


(84)Designated Contracting States:
AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

(30)Priority: 05.03.2015 FI 20155146

(43)Date of publication of application:
07.09.2016 Bulletin 2016/36

(73)Proprietor: Piceasoft Oy
33210 Tampere (FI)

(72)Inventor:
  • Väänänen, Jani
    36240 Kangasala (FI)

(74)Representative: Berggren Oy, Tampere 
Visiokatu 1
33720 Tampere
33720 Tampere (FI)


(56)References cited: : 
EP-A2- 2 690 555
US-A1- 2015 116 089
  
  • Anonymous: "Third-Party Signed SSL Certificate for localhost/127.0.0.1? - Stack Overflow", , 14 September 2014 (2014-09-14), XP055266793, Retrieved from the Internet: URL:https://web.archive.org/web/2014091419 4754/http://stackoverflow.com/questions/67 93174/third-party-signed-ssl-certificate-f or-localhost-127-0-0-1 [retrieved on 2016-04-19]
  • Anonymous: "Bump (application) - Wikipedia, the free encyclopedia", , 25 February 2015 (2015-02-25), XP055267163, Retrieved from the Internet: URL:https://en.wikipedia.org/w/index.php?t itle=Bump_(application)&oldid=648823875 [retrieved on 2016-04-20]
  • Anonymous: "Trust anchor - Wikipedia, the free encyclopedia", , 24 January 2015 (2015-01-24), XP055268475, Retrieved from the Internet: URL:https://en.wikipedia.org/w/index.php?t itle=Trust_anchor&oldid=643897047 [retrieved on 2016-04-25]
  
Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention).


Description

Field of the Invention



[0001] This invention relates to flowing of data from an entity to another entity.

Background of the Invention



[0002] Nowadays people typically have many electronic devices comprising memory, and in the memory various classes of data, such as data representing music, data representing images, and data representing videos. Music, images, and/or videos may have been recorded using a mobile electronic device, such as a mobile phone. A user may want to have the same, or at least substantially the same data in various devices, such as, in addition to the mobile phone, another mobile phone, a tablet computer, an mp3 player, or an electronic document reader.

[0003] A common situation for copying personal content from a first mobile device to second mobile device may happen when a user is buying a new mobile device. The old mobile device may comprise various kind of personal content, such as contact information, calendar data, messages, bookmarks, various files, such as music, photo and/or video files and documents, various applications, etc. The user may wish to copy all or a part of the personal content from the old device to the new device.

[0004] It would be convenient for the user if the personal content could be copied immediately at the store when buying the new mobile device. The known copying and synchronization methods typically involve copying the content from the old device to a computer or a server, managed e.g. by the store, and then copying the content from the computer or the server to the new device. However, people tend to be reluctant to allow their personal content to be copied to any external computer.

[0005] The same applies also, when the user brings his/her device to maintenance service; the user wants to be sure that the personal content on the device is not copied to any external computer. Therefore, there is a need for a more secure process for flowing data from an entity to another entity.

[0006] In the prior art, EP2690555 A2 was found, which discloses the following features
necessary for the definition of the claimed subject-matter: mangaging a
configuration of a first device, connecting the first device to a second device;
the second device comprising a local servier for managing network services
within the second device; controlling, by the web browser application
implemented on said second device, an operation of the local server
over a connection to the local server and managing the configuration
of the first device via the web browser application
over said connection to the local server; managing the configuration
of the first device via the web browser application over the connection
to the local servier.

[0007] U2015116089 A1 relates to control of the operation of a local server by a web browser application on another device over a HTTPS connection to a localhost address of the local server.

[0008] Document "Third-Party Signed SSL Certificate for localhost/127.0.0.1? - Stack Overflow", 14 September 2014 (2014-09-14), https://web.archive.org/ web/20140914194754/http://stackoverflow.com/ questions/6793174/third-party-signed-ssl-certificate-for-localhost-127-0-0-1,
refers to upon detection by a web browser that a device lacks an application
capable of reading tags, obtaining and installing an installation package.

[0009] Other prior art documents considered during examination include:

"Bump (application) - Wikipedia, the free encyclopedia", 25 February 2015 (2015-02-25), https://en.wikipedia.org/w/index.php?title=Bump_(application)&olidid=648823875

"Trust anchor - Wikipedia, the free encyclopedia", 24 January 2015 (2015-01-24), https://en.wikipedia.org/w/index.php?title=Trust_anchor&oldid=643897047


Summary of the Invention



[0010] Now an improved arrangement has been developed to alleviate the above-mentioned problems. As different aspects of the invention, there is provided a method, an apparatus and a computer program product, which are characterized in what will be presented in the independent claim. The dependent claims disclose advantageous embodiments of the invention.

[0011] The following embodiments merely define examples, only those falling within the scope of the claims are part of the invention.

[0012] According to a first aspect, there is provided a method for managing a configuration of a first device, the method comprising connecting the first device to a web browser application of a second device operating in an HTTPS domain, said second device comprising a local server for managing network services within the second device; controlling, by the web browser application implemented on said second device, an operation of the local server over a HTTPS connection to a localhost address of the local server, wherein the localhost address of the local server is mapped to a second network address in a domain name server; requesting, by said web browser application, an IP address of the second network address from the domain name server; obtaining the localhost address of the local server as the IP address of the second network address, wherein said second network address is provided with a certificate for a secure connection; requesting, by said web browser application, the secured connection to the local server; obtaining, by said web browser application, upon detecting by the web browser application that the local server lacks an application capable of HTTPS connections, an installation package for said application from a predefined network address; installing said application on said web browser application and on the local server; starting the local server; sending, to a certificate provider, a request to verify the certificate of the second network address; establishing, upon receiving a verification acknowledgement from the certificate provider, the secured connection to the second network address mapped to the localhost address of the local server using the certificate of the second network address; and managing the configuration of the first device via the web browser application over said HTTPS connection to the localhost address of the local server.

[0013] According to an embodiment, the managing the configuration of the first device comprises carrying out diagnostics on the first device or erasing a memory of the first device.

[0014] According to an embodiment, the method further comprises controlling, by the web browser, an operation of the local server such that a data flow from the first device is stored in a volatile memory of the second device; and controlling, by said web browser application, the local server to provide the data flow to a third device connected to the second device.

[0015] According to an embodiment, the local server controls drivers of said first and third device to provide the data flow between the first and third device via the volatile memory of the second device.

[0016] The second and the thirds aspect of the invention disclose an apparatus and a computer program product arranged to carry out the above method.

Description of the Drawings



[0017] 
Fig. 1a
shows an example of a configuration, wherein a management of a configuration of at least a first device is enabled from a second device;
Fig. 1b
shows an example of a configuration, wherein data flow is enabled between two entities;
Fig. 2a
shows a flow chart for an embodiment for enabling a management of a configuration of at least a first device;
Fig. 2b
shows a flow chart for an embodiment for enabling a data flow; and
Fig. 3
shows a signalling chart for an embodiment for enabling a data flow.

Detailed Description of the Embodiments



[0018] The examples of various embodiments described herein below relate to managing a configuration of at least a first device, such as a mobile device, connected to a second device, such as a computer. With an appropriate configuration of a web browser and a local server of the second device, explained further in detail below, a method with enhanced security and simplified implementation is provided for managing the configuration of at least the first device.

[0019] The embodiments and various use cases related thereto may be useful, for example, to retail sellers and maintenance services of various electronic devices, such as mobile phones, smart phones, tablets, cameras, etc.

[0020] One example use case may relate to carrying out diagnostics to a device. An old or a malfunctioning first device, such as a smartphone, may be connected to the second device, such as a laptop. The diagnostics may involve checking the configuration of the first device, such as versions of used software and applications, need for updates, whether any malware has been installed, etc. The diagnostics may also involve various tests to be performed on the first device to troubleshoot any malfunctions. A test routine may be run on the first device to check whether it needs a thorough service or if a minor malfunction can be repaired on-site.

[0021] Another use case may relate to erasing a memory of a used device. For example, when giving up the use of an old mobile device, the user of the mobile device may wish to make sure that all his/her personal data is permanently erased from the memory of the old mobile device. There are various methods for carrying out the actual low-level (deep) erasing procedure, such as overwriting the data several times, resets the values of every magnetic domain to zero, etc. The various embodiments described herein provide a secure and simplified framework for carrying out the erasing procedure.

[0022] Especially, one example use case of the embodiments relate to copying personal content from a first mobile device to second mobile device, for example when a user is buying a new mobile device. The old mobile device may comprise various kind of personal content, such as contact information, calendar data, messages, bookmarks, various files, such as music, photo and/or video files and documents, various applications, etc. The user may wish to copy, as a data flow, all or a part of the personal content from the first (old) device to the second (new) device.

[0023] It is, however, noted that the embodiments described herein below are by no means limited to copying personal content from a first mobile device to second mobile device, but the devices (or entities) and the data flow should be interpreted broadly. In this description, the term data flow refers to copying data from a first entity to a second entity. The data flow may optionally refer to copying data to a third entity, either from the first entity or the second entity. As is clear from this expression, an entity is arranged to at least receive data, store data, and send data. Moreover, as the roles of the first and second entities can be changed, data flow may be, in addition to being one directional, also two directional (i.e. also from the second entity to the first entity).

[0024] The term entity refers to a physical device or a virtual device. Examples of physical devices include a computer, a portable memory device, a camera, a video recorder, an audio recorder, a mobile phone, an audio player, a video player, a set-top unit (i.e. a set top box), a viewer for digital images, a GPS-logger, and a navigator. Examples of virtual device include a computer network accessible memory storage (e.g. Google drive, Skydrive, Dropbox, Cloud drive), a computer network accessible service (e.g. Flickr, Instagram), or a computer network accessible social network (e.g. Facebook, Twitter). The term entity may also refer to a combination of a physical and a virtual device. E.g. an entity may be a mobile phone that accesses a computer network accessible memory storage. Examples of such memory storages were given above. As is evident, also other physical devices, such as lap top computers, tablet computers, digital media boxes (set-top boxes, cable boxes, set-top units), may be connected to computer network services, whereby transferring data to/from the device might imply also data transfer to/from a computer network service.

[0025] In some embodiment described herein below, the data flow is carried out from the first entity to the second entity via another entity. Examples include a mobile phone and a USB memory stick, both attached to a computer (whereby the computer becomes a third entity); wherein the data flows from the mobile phone to the memory stick via the computer. Other examples include a digital camera connected to a computer, and the computer being further connected to a service provider, such as Flickr, Facebook, or Instagram, whereby data may flow from the camera to the service provider through the computer.

[0026] Currently many people have several devices where they store contacts, calendar data, and messages, for example a business phone and a phone for free time. The data flow, as described herein, may be used to keep this data synchronized (i.e. in synchronization or in sync) in all the specified devices.

[0027] Figure 1a shows an embodiment, wherein a management of a configuration of at least a first device from a second device is enabled. In particular, the computer 120 (second device) is arranged to manage the configuration of the first mobile device 110 (first device). The first device is connected to the computer through a wired connection, for example a USB (Universal Serial Bus) connection. Nevertheless, instead of the wired connection, a wireless connection, such a Bluetooth or a WiFi connection, may be used to connect the first device to the second device.

[0028] Figure 1b shows an embodiment, wherein a data flow between two entities (devices) is enabled. In particular, data flow from a first mobile device 110 (first entity) to a second mobile device 130 (third entity) is enabled. The computer 120 in between the first and the second entity form a second entity 120. In this example, the first and the third devices are connected to the computer through a wired connection, for example a USB (Universal Serial Bus) connection. Again, instead of the wired connection, a wireless connection, such a Bluetooth or a WiFi connection, may be used to connect the first and/or the third device to the second device. The wired/wireless connection enables data transfer from the first mobile device 110 to the computer 130, and from the computer 130 to the second mobile device 120.

[0029] Figure 2a shows a flow chart of the corresponding method, wherein a configuration of at least a first device is managed. With reference to Figure 2, an embodiment of the method comprises connecting (200) the first device to a second device comprising a local server for managing network services within the second device. A web browser application implemented on said second device controls (202) an operation of the local server such that the configuration of the first device is manageable via the web browser application.

[0030] The second device, such as a Windows-based computer, typically comprises a local server, i.e. an application for controlling local devices, i.e. devices internally or externally connected to computer's own network services. Thus, by arranging a web browser application of the second device to operate such that it is enabled to control the operation of the local server, the local server may be controlled to manage the configurations of the first device. Thus, the operations relating to managing the configurations may be advantageously carried out locally within the browser environment instead of a separate application carrying out operations. This provides a simplified implementation for the service and a more secured process for the data of the user. Managing the configurations may involve e.g. tasks relating to diagnostics or erasing the memory of the first device, as described above.

[0031] From the viewpoint of a service provider (e.g. retail seller, maintenance service, etc.) providing such configuration management services, the above arrangement provides the advantage that the services can be offered as an integral part of the service provider's own web site. In other words, no implementation of any application-specific software or hardware is required, but the service may be immediately offered to any customer of the service provider as a web-based service. No authentication keys are required for the service, and the service is always up-to-date; no software updates are required.

[0032] Figure 2b shows a flow chart of a method corresponding to embodiment of Figure 1b, wherein the data flow is provided from a first device to a third device. With reference to Figure 2b, an embodiment of the method comprises connecting (250) the first device to a second device comprising a local server for managing network services within the second device. A web browser application implemented on said second device controls (252) an operation of the local server such that the data flow from the first device is stored in a volatile memory of the second device. Then said web browser application controls (254) the local server to provide the data flow to the third device connected to the second device.

[0033] Herein, by arranging the web browser application of the second device to operate such that it is enabled to control the operation of the local server, the local server may be controlled to copy the data flow from the first device only to a volatile memory of the second device, and from there further to the third device. In other words, the data flow is not at any stage stored in permanently to a non-volatile memory of the second device or a network server. After the data flow copying process has been completed, the data will be erased from the volatile memory. Thereby, a more secured process of copying personal content is provided to users.

[0034] It is noted that the above data flow copying process may involve data conversion carried out in the second device (e.g. a computer). As known, all devices do not work with all types of files. For example, a device with the Windows operating system may work only with windows supported files. In a similar manner, a device with the Apple's operating system may work only with Apple OS supported filed. According to an embodiment, the second device may comprise a list of valid data formats for an entity is useful, and in an embodiment, a configuration database comprises, in association with the third device (i.e. an identity of the third device), the list of valid data formats for the third device. The list of valid data formats for the third device may depend of the operating system (OS) of the third device. For example other video formats are valid to a device with the Windows OS than to a device with the Apple OS. The configuration database may comprise, in association with the identity of the third device, information on the OS of the third device. The configuration database, or another database, may comprise the list of valid file formats for the OS of the third device. Therefore, in an embodiment of a method, a file (i.e. some data) from the first device is converted to converted data such that the format of the converted data is valid for the third device.

[0035] According to an embodiment, in the above process the first and third devices need not to be simultaneously connected to the second device. The first device may be connected first, and the data flow is then copied to the volatile memory of the second device. The third device may connected to the second device afterwards for copying the data flow from the volatile memory of the second device, regardless of the first device still being connected to the second device.

[0036] Said web browser application controls the operation of the local server over a HTTPS connection to a localhost address of the local server.

[0037] According to an embodiment, the local server controls drivers of said first and third device to provide the data flow between the first and third device via the volatile memory of the second device. Herein, the local server may have access to a file comprising driver specifications of the first and third device, such as a Setup Information file (INF file) for the installation of software and drivers, and the local server may control the drivers of the first and third device such that the data flow is enabled.

[0038] The localhost address of the local server is mapped to a second network address in a domain name server, the method further comprises requesting, by said web browser application, an IP address of the second network address from the domain name server; and obtaining the localhost address of the local server as the IP address of the second network address. Thus, for initiating the HTTPS connection, the browser is first controlled to contact to an external network address, and via the DNS mapping, the localhost IP address of the computer is returned to the browser.

[0039] This enables the browser to communicate to with HTTP localhost address even if operating in HTTPS domain

[0040] Said second network address is provided with a certificate for a secure connection, the method further comprises requesting, by said web browser application, a secured connection to the local server; sending, to a certificate provider, a request to verify the certificate of the second network address; and establishing, upon receiving a verification acknowledgement from the certificate provider, a secured connection to the local server using the certificate of the second network address.

[0041] The localhost IP address of the computer cannot typically be granted a certificate for a secured connection. Herein, the second (external) network address is utilized for providing a certificate for HTTPS connection to the localhost address via the DNS mapping. The browser presumes that it is communicating with the external HTTPS domain; in other words, the address field of the browser shows the second (external) network address, but the IP address of the connection is actually to 127.0.0.1.

[0042] Upon detecting by the web browser application that the local server lacks an application capable of HTTPS connections, the method further comprises obtaining, by said web browser application, an installation package for said application from a predefined network address; installing said application on said web browser application and on the local server; and starting the local server.

[0043] Thus, when starting the operation of the browser to control the local server for the first time, installation of an application enabling the communication between the browser and the local server may be needed. The installation may involve computer codes, such as javascripts, to be installed both on the browser and the local server for controlling the local server to listen to commands sent by the browser to the localhost address over an HTTPS connection. The local server may use any free TCP port for listening the incoming HTTP/HTTPS connections. Both the local server and the browser shall preferably know what TCP port is used.

[0044] Various embodiments described herein are now further illustrated by referring to a signaling chart of Figure 3. The signaling chart of Figure 3 shows an example how the browser 300 can be arranged to control local devices, i.e. devices internally or externally connected to computer's own network services. The arrangement comprises a Domain Name Server (DNS, 302) and a WWW server 304 provided with a first domain name (e.g. pos.piceasoft.com) according to an HTTP protocol. The DNS 302 and the WWW server 304 may be controlled by the same entity such that access to said servers may be restricted to only certain IP addresses. The same or another WWW server 304 may host a second domain name (e.g. pos.piceasoft.net), which may be a virtual domain name, for which a certificate, such as a SSL (Secure Sockets Layer) or a TLS (Transport Layer Security) certificate, may be obtained from a certificate provider in order to establish secure HTTPS connections.

[0045] For arranging the browser to get in control of the local devices, the browser first tries to connect the first domain name. Thus, the browser sends a request 306 for the IP address of the first domain name to the DNS, and receives 308 the IP address. The browser then send a request 310 for loading a particular web page associated to said first domain name, whereupon the requested web page 312 is loaded to the browser. The web page 312 may comprise a computer code 314, such as javascript, which may either prompt the user of the browser or control the browser directly to connect to the second (virtual) domain name using a secured (e.g. HTTPS) connection. The browser may initiate a new thread for the connection, and sends a request 316 for the IP address of the second domain name to the DNS. The second domain name has been mapped to the localhost address (typically 127.0.0.1) in the DNS, and the browser then receives 318 the IP address of the localhost of its own computer.

[0046] However, uncertified connections to a local HTTP server 320 cannot typically be established, and therefore establishing the connection 322 from the browser is failed 324. The script may now either prompt the user of the browser or control the browser directly to connect to the first domain name for requesting 326 loading of an installer for an application. An installer package 326 is returned to the browser.

[0047] The user of the computer may then run the installation 330 of the application, whereupon the application may install computer codes, such as javascripts, both on the browser 300 and the local HTTP server 320, which computer codes control the local HTTP server to listen to commands sent by the browser to the localhost address over an HTTPS connection. The latest web page may remain open in the browser, After the installation, the local HTTP server may be automatically (re-)started, and the browser starts to polls the predefined TCP port. The local HTTP server continues to listen to the TCP port, and the browser preferably notices that the local HTTP server is in the listening mode.

[0048] It is noted that in this embodiment the above steps are only needed when for the first time arranging the browser to control the local devices, and thereby installing the application. For the second and any subsequent time, the operation may start from the next steps.

[0049] The browser may start to establish a secured HTTPS connection by connecting 332 to the local HTTP server, which acknowledges 334 the successful initialization of the connection. The browser then starts to open 336 a certified connection, such a SSL/TLS connection for obtaining a verified certificate for the HTTPS connection. Herein, verification of the certificate of the second domain name is requested 338 from a SSL/TLS certificate provider, and upon receiving the verification of the certificate 340, the HTTPS connection between the browser and the local HTTP server has been successfully established 342.

[0050] Now the browser 300 may control the operation of the local HTTP server 320 by sending commands 344 to the localhost address over an HTTPS connection, and the local HTTP server responds 346 accordingly. In this respect, it is irrelevant what are the actual operations carried out by said commands. The examples disclosed herein relate to copying personal content from a first mobile device to second mobile device, but the operations may relate to any other corresponding operation.

[0051] When considering, for example, the process of copying personal content from a first mobile device to second mobile device, it is irrelevant for the above steps whether the first and/or the second device have been connected to the computer (server) carrying out the above steps. It is possible to connect first and/or the second device to the computer (server) only at this stage.

[0052] After carrying out all the necessary operation, the browser may disconnect 348 the HTTPS connection and the local server may confirm 350 that the HTTPS connection is successfully disconnected.

[0053] In the above process of providing a data flow between to devices, there may occur a situation where the driver of the first and/or the third device is unknown the second device. It is also possible that such situation may occur irrespective of any process of providing a data flow between two or more devices.

[0054] The second device, typically a computer, is most often a Windows-based device. Windows uses a Setup Information file (INF file) for the installation of software and drivers, for example for installing device drivers for hardware components. In the present case, if the first and/or the third device is using another operating system, such as Android, it may easily happen that the driver of the first and/or the third device is not recognized by the INF file of the third device.

[0055] According to an embodiment not part of the invention, which may be implemented combined with any of the above embodiments or as an independent method, the second device may be arranged to automatically generate a driver for an unknown device with a required USB interface.

[0056] A method according to such an embodiment may comprise connecting a first device to a computer, determining automatically at least a vendor identifier (vid) and a product identifier (pid) of the first device, and upon detecting that no driver exists for such combination of a vendor identifier (vid) and a product identifier (pid) in the computer, sending a request with at least the vendor identifier (vid) and the product identifier (pid) to a public driver generator server for obtaining the corresponding driver.

[0057] According to an embodiment not part of the invention, the computer may determine automatically an interface identifier (iid) of the first device, and the interface identifier (iid) may be sent along the request to the public driver generator server. The interface identifier may refer to the link layer identification (e.g. USB) used by the first device.

[0058] The identifiers may be determined e.g. such that when the first device is connected to the computer, for example via a USB connection, the first device is controlled to shift into a debugging mode, wherein the computer may determine the vendor identifier (vid), the product identifier (pid) and the interface identifier (iid) of the first device. For example, Android devices may be controlled into a debugging mode using an ADB (Android Debugging Bridge) client in the computer.

[0059] If the public driver generator server comprises the corresponding driver, it may send it to the computer, which may then update the INF file. However, if the public driver generator server does not comprise the corresponding driver, it may send a request for the driver to a private windows server.

[0060] According to an embodiment not part of the invention, the private server may generate an INF file based on the vendor identifier (vid), the product identifier (pid) and the interface identifier (iid) of the first device, generate a Windows catalog file and sign the catalog file.

[0061] In Windows, a signed catalog file (.cat) can be used as a digital signature for an arbitrary collection of files. A catalog file contains a collection of cryptographic hashes, where each hash in the catalog file corresponds to a file that is installed by the driver package.

[0062] According to an embodiment not part of the invention, a generic driver is used for an unknown device, and the INF file is generated on the basis of the generic driver. For example, for USB connection Windows comprises a generic winusb-driver, which can be used as a basis for the INF file generation.

[0063] The private windows server may then send the generated and signed INF file to the public driver generator server, and it may send it further to the computer. In the computer, a Windows enabler system service may be provided, which may automatically install the generated INF file. Thus, the new driver is automatically installed and shown in the application without any user intervention required.


Claims

1. A method for managing a configuration of a first device, the method comprising

connecting (200) the first device to a web browser application (300) of a second device operating in an HTTPS domain, said second device comprising a local server for managing network services within the second device;

controlling (202; 314), by the web browser application (300) implemented on said second device, an operation of the local server over a HTTPS connection to a localhost address of the local server, wherein the localhost address of the local server is mapped to a second network address in a domain name server,

requesting (316), by said web browser application, an IP address of the second network address from the domain name server;

obtaining (318) the localhost address of the local server as the IP address of the second network address, wherein said second network address is provided with a certificate for a secure connection;

requesting (322), by said web browser application, the secured connection to the local server;

obtaining (326, 328), by said web browser application, upon detecting (324) by the web browser application that the local server lacks an application capable of HTTPS connections, an installation package for said application from a predefined network address;

installing (330) said application on said web browser application and on the local server;

starting the local server;

sending (338), to a certificate provider, a request to verify the certificate of the second network address;

establishing (342), upon receiving (340) a verification acknowledgement from the certificate provider, the secured connection to the second network address mapped to the localhost address of the local server using the certificate of the second network address; and

managing (344, 346) the configuration of the first device via the web browser application over said HTTPS connection to the localhost address of the local server.


 
2. The method of claim 1, wherein the managing the configuration of the first device comprises carrying out diagnostics on the first device or erasing a memory of the first device.
 
3. The method of any preceding claim, further comprising

controlling, by the web browser, an operation of the local server such that a data flow from the first device is stored in a volatile memory of the second device; and

controlling, by said web browser application, the local server to provide the data flow to a third device connected to the second device.


 
4. The method of claim 3, wherein the local server controls drivers of said first and third device to provide the data flow between the first and third device via the volatile memory of the second device.
 
5. An apparatus comprising at least one processor, a memory including computer program code, and a local server for managing network services within the apparatus, the memory and the computer program code configured to, with the at least one processor, cause the apparatus to at least:

control, upon connecting an external device to a web browser application of the apparatus via an HTTPS connection, by a web browser application implemented on said apparatus, an operation of the local server over a HTTPS connection to a localhost address of the local server, wherein the localhost address of the local server is mapped to a second network address in a domain name server,

request, by said web browser application, an IP address of the second network address from the domain name server;

obtain the localhost address of the local server as the IP address of the second network address, wherein said second network address is provided with a certificate for a secure connection;
request, by said web browser application, the secured connection to the local server;

obtain, by said web browser application, upon detecting by the web browser application that the local server lacks an application capable of HTTPS connections, an installation package for said application from a predefined network address;

install said application on said web browser application and on the local server;

start the local server;

send, to a certificate provider, a request to verify the certificate of the second network address;

establish, upon receiving a verification acknowledgement from the certificate provider, the secured connection to the second network address mapped to the localhost address of the local server using the certificate of the second network address; and

manage the configuration of the external device via the web browser application over said HTTPS connection to the localhost address of the local server.


 
6. The apparatus of claim 5, wherein the managing the configuration of the first device comprises carrying out diagnostics on the external device or erasing a memory of the external device.
 
7. The apparatus of claim 5 or 6, further comprising computer program code configured to cause the apparatus to

control, by the web browser, an operation of the local server such that a data flow from a first external device is stored in a volatile memory of the apparatus; and

control, by said web browser application, the local server to provide the data flow to a second external device connected to the apparatus.


 
8. The apparatus of claim 7, wherein the local server is configured to control drivers of said first and second external devices to provide the data flow between the first and second external devices via the volatile memory of the apparatus.
 
9. A computer program product comprising computer program code embodied on a computer readable medium, wherein said computer program code is, when executed on a processor of a computer comprising a local server for managing network services within the computer, arranged to cause the computer to at least:

control, upon connecting an external device to a web browser application of the apparatus via an HTTPS connection, by a web browser application implemented on said apparatus, an operation of the local server over a HTTPS connection to a localhost address of the local server, wherein the localhost address of the local server is mapped to a second network address in a domain name server,

request, by said web browser application, an IP address of the second network address from the domain name server;

obtain the localhost address of the local server as the IP address of the second network address, wherein said second network address is provided with a certificate for a secure connection;

request, by said web browser application, the secured connection to the local server;

obtain, by said web browser application, upon detecting by the web browser application that the local server lacks an application capable of HTTPS connections, an installation package for said application from a predefined network address;

install said application on said web browser application and on the local server;

start the local server;

send, to a certificate provider, a request to verify the certificate of the second network address;

establish, upon receiving a verification acknowledgement from the certificate provider, the secured connection to the second network address mapped to the localhost address of the local server using the certificate of the second network address; and

manage the configuration of the external device via the web browser application over said HTTPS connection to the localhost address of the local server.


 


Ansprüche

1. Verfahren zum Verwalten einer Konfiguration eines ersten Geräts, wobei das Verfahren Folgendes umfasst Verbinden (200) des ersten Geräts mit einer Webbrowser-Anwendung (300) eines zweiten Geräts, das in einer HTTPS-Domäne arbeitet, wobei das zweite Gerät einen lokalen Server zum Verwalten von Netzwerkdiensten innerhalb des zweiten Geräts umfasst;
Steuern (202; 314) durch die auf dem zweiten Gerät implementierte Webbrowser-Anwendung (300) eines Betriebs des lokalen Servers über eine HTTPS-Verbindung zu einer lokalen Hostadresse des lokalen Servers, wobei die lokale Hostadresse des lokalen Servers einer zweiten Netzwerkadresse in einem Domänennamen-Server zugeordnet ist,
Anfordern (316) durch die Webbrowser-Anwendung eine IP-Adresse der zweiten Netzwerkadresse vom DomänennamenServer;
Erhalten (318) der lokalen Hostadresse des lokalen Servers als IP-Adresse der zweiten Netzwerkadresse, wobei die zweite Netzwerkadresse mit einem Zertifikat für eine sichere Verbindung versehen ist;
Anfordern (322) durch die Webbrowser-Anwendung die gesicherte Verbindung zum lokalen Server;
Erhalten (326, 328) durch die Webbrowser-Anwendung ein Installationspaket für die Anwendung von einer vordefinierten Netzwerkadresse nach dem Erkennen (324) durch die Webbrowser-Anwendung, dass dem lokalen Server eine Anwendung fehlt, die HIT-TPS-Verbindungen unterstützt;
Installieren (330) der Anwendung auf der Webbrowser-Anwendung und auf dem lokalen Server;
Starten des lokalen Servers;
Senden (338) an einen Zertifikatanbieter eine Anforderung zum Überprüfen des Zertifikats der zweiten Netzwerkadresse;
Herstellen (342) der gesicherten Verbindung zu der zweiten Netzwerkadresse, die der lokalen Hostadresse des lokalen Servers zugeordnet ist, unter Verwendung des Zertifikats der zweiten Netzwerkadresse nach Erhalten (340) einer Überprüfungsbestätigung vom Zertifikatanbieter; und
Verwalten (344, 346) der Konfiguration des ersten Geräts über die Webbrowser-Anwendung über die HTTPS-Verbindung zur lokalen Hostadresse des lokalen Servers.
 
2. Verfahren nach Anspruch 1, wobei das Verwalten der Konfiguration des ersten Geräts das Durchführen einer Diagnose an dem ersten Gerät oder das Löschen eines Speichers des ersten Geräts umfasst.
 
3. Verfahren nach einem der vorhergehenden Ansprüche, ferner umfassend
Steuern eines Betriebs des lokalen Servers durch den Webbrowser, so dass ein Datenfluss von dem ersten Gerät in einem flüchtigen Speicher des zweiten Geräts gespeichert wird; und
Steuern des lokalen Servers durch die Webbrowser-Anwendung, um den Datenfluss zu einem dritten Gerät bereitzustellen, das mit dem zweiten Gerät verbunden ist.
 
4. Verfahren nach Anspruch 3, wobei der lokale Server Treiber des ersten und dritten Geräts steuert, um den Datenfluss zwischen dem ersten und dem dritten Gerät über den flüchtigen Speicher des zweiten Geräts bereitzustellen.
 
5. Vorrichtung mit mindestens einem Prozessor, einem Speicher mit Computerprogrammcode und einem lokalen Server zum Verwalten von Netzwerkdiensten innerhalb der Vorrichtung, wobei der Speicher und der Computerprogrammcode konfiguriert sind, um mit dem mindestens einen Prozessor zu veranlassen, dass die Vorrichtung zumindest:

beim Anschließen eines externen Geräts an eine Webbrowser-Anwendung des Geräts über eine HTTPS-Verbindung, durch eine auf dem Gerät implementierte Webbrowser-Anwendung einen Betrieb des lokalen Servers über eine HTTPS-Verbindung zu einer lokalen Hostadresse des lokalen Servers steuert, wobei die lokale Hostadresse des lokalen Servers einer zweiten Netzwerkadresse in einem Domänennamen-Server zugeordnet ist;

eine IP-Adresse der zweiten Netzwerkadresse vom Domänennamenserver durch die Webbrowser-Anwendung anfordert;

die lokale Hostadresse des lokalen Servers als IP-Adresse der zweiten Netzwerkadresse erhält, wobei die zweite Netzwerkadresse mit einem Zertifikat für eine sichere Verbindung versehen ist;

die gesicherte Verbindung zum lokalen Server durch die Webbrowser-Anwendung anfordert;

ein Installationspaket für die Anwendung von einer vordefinierten Netzwerkadresse durch die Webbrowser-Anwendung erhält, nachdem die lokale Browser-Anwendung feststellt, dass dem lokalen Server eine Anwendung fehlt, die HTTPS-Verbindungen unterstützt;

die Anwendung auf der Webbrowser-Anwendung und auf dem lokalen Server installiert;

den lokalen Server startet;

an einen Zertifikatanbieter eine Anfrage zu senden, um das Zertifikat der zweiten Netzwerkadresse überprüft;

nach Erhalten einer Überprüfungsbestätigung vom Zertifikatanbieter, unter Verwendung des Zertifikats der zweiten Netzwerkadresse die gesicherten Verbindung zu der zweiten Netzwerkadresse herstellt, die der lokalen Hostadresse des lokalen Servers zugeordnet ist; und

die Konfiguration des externen Geräts über die Webbrowser-Anwendung über die HTTPS-Verbindung zur lokalen Hostadresse des lokalen Servers verwaltet.


 
6. Vorrichtung nach Anspruch 5, wobei das Verwalten der Konfiguration des ersten Geräts das Durchführen einer Diagnose an dem externen Gerät oder das Löschen eines Speichers des externen Geräts umfasst.
 
7. Vorrichtung nach Anspruch 5 oder 6, ferner umfassend einen Computerprogrammcode, der konfiguriert ist, um zu veranlassen, dass die Vorrichtung
eine Operation des lokalen Servers durch den Webbrowser steuert, so dass ein Datenfluss von einem ersten externen Gerät in einem flüchtigen Speicher der Vorrichtung gespeichert wird; und
den lokalen Server durch die Webbrowser-Anwendung zu steuern, um den Datenfluss zu einem zweiten externen Gerät bereitzustellen, das mit der Vorrichtung verbunden ist.
 
8. Vorrichtung nach Anspruch 7, wobei der lokale Server konfiguriert ist, um Treiber der ersten und zweiten externen Geräte zu steuern, um den Datenfluss zwischen dem ersten und dem zweiten externen Gerät über den flüchtigen Speicher der Vorrichtung bereitzustellen.
 
9. Computerprogrammprodukt, umfassend Computerprogrammcode, der auf einem computerlesbaren Medium ausgeführt ist, wobei der Computerprogrammcode angeordnet ist, wenn er auf einem Prozessor eines Computers ausgeführt wird, der einen lokalen Server zum Verwalten von Netzwerkdiensten innerhalb des Computers umfasst, um zu veranlassen, dass der Computer zumindest:

beim Anschließen eines externen Geräts an eine Webbrowser-Anwendung des Geräts über eine HTTPS-Verbindung, einen Betrieb des lokalen Servers über eine HTTPS-Verbindung zu einer lokalen Hostadresse des lokalen Servers durch eine auf dieser Vorrichtung implementierte Webbrowser-Anwendung steuert, wobei die lokale Hostadresse des lokalen Servers einer zweiten Netzwerkadresse in einem Domänennamen-Server zugeordnet wird,

von der Webbrowser-Anwendung eine IP-Adresse der zweiten Netzwerkadresse vom Domänennamenserver anfordert;

die lokale Hostadresse des lokalen Servers als IP-Adresse der zweiten Netzwerkadresse erhält, wobei die zweite Netzwerkadresse mit einem Zertifikat für eine sichere Verbindung versehen ist;

von der Webbrowser-Anwendung die gesicherte Verbindung zum lokalen Server anfordert;

ein Installationspaket für die Anwendung von einer vordefinierten Netzwerkadresse durch die Webbrowser-Anwendung erhält, nachdem die lokale Browser-Anwendung feststellt, dass dem lokalen Server eine Anwendung fehlt, die HTTPS-Verbindungen unterstützt;

die Anwendung auf der Webbrowser-Anwendung und auf dem lokalen Server installiert;

den lokalen Server startet;

an einen Zertifikatanbieter eine Anfrage sendet, um das Zertifikat der zweiten Netzwerkadresse zu überprüfen;

die gesicherte Verbindung zu der zweiten Netzwerkadresse unter Verwendung des Zertifikats der zweiten Netzwerkadresse nach Erhalt einer Bestätigungsbestätigung vom Zertifikatanbieter herstellt, die der lokalen Hostadresse des lokalen Servers zugeordnet ist; und

die Konfiguration des externen Geräts über die Webbrowser-Anwendung über die HTTPS-Verbindung zur lokalen Hostadresse des lokalen Servers verwaltet.


 


Revendications

1. Procédé de gestion d'une configuration d'un premier dispositif, le procédé comprenant
la connexion (200) du premier dispositif à une application de navigateur Web (300) d'un deuxième dispositif fonctionnant dans un domaine HTTPS, ledit deuxième dispositif comprenant un serveur local destiné à gérer des services de réseau dans le deuxième dispositif ;
la commande (202 ; 314), au moyen de l'application de navigateur Web (300) mise en œuvre sur ledit deuxième dispositif, d'une opération du serveur local sur une connexion HTTPS à une adresse d'hôte local du serveur local, dans lequel l'adresse d'hôte local du serveur local est mise en correspondance avec une seconde adresse réseau dans un serveur de noms de domaine,
la demande (316), au moyen de ladite application de navigateur Web, d'une adresse IP de la seconde adresse réseau au serveur de noms de domaine ;
l'obtention (318) de l'adresse d'hôte local du serveur local en tant qu'adresse IP de la seconde adresse réseau, dans lequel ladite seconde adresse réseau est fournie avec un certificat de connexion sécurisée ;
la demande (322), au moyen de ladite application de navigateur Web, de la connexion sécurisée au serveur local ;
l'obtention (326, 328), au moyen de ladite application de navigateur Web, lors de la détection (324) par l'application de navigateur Web que le serveur local ne dispose pas d'une application pouvant établir des connexions HTTPS, d'un progiciel d'installation pour ladite application à partir d'une adresse réseau prédéfinie ;
l'installation (330) de ladite application sur ladite application de navigateur Web et sur le serveur local ;
le démarrage du serveur local ;
l'envoi (338), à un fournisseur de certificat, d'une demande de vérification du certificat de la seconde adresse réseau ;
l'établissement (342), lors de la réception (340) d'un accusé de réception de vérification du fournisseur de certificat, de la connexion sécurisée à la seconde adresse réseau mise en correspondance avec l'adresse d'hôte local du serveur local au moyen du certificat de la seconde adresse réseau ; et
la gestion (344, 346) de la configuration du premier dispositif par l'intermédiaire de l'application de navigateur Web sur ladite connexion HTTPS à l'adresse d'hôte local du serveur local.
 
2. Procédé selon la revendication 1, dans lequel la gestion de la configuration du premier dispositif comprend la réalisation de diagnostics sur le premier dispositif ou l'effacement d'une mémoire du premier dispositif.
 
3. Procédé selon l'une quelconque des revendications précédentes, comprenant en outre
la commande, au moyen du navigateur Web, d'une opération du serveur local de sorte qu'un flux de données depuis le premier dispositif est stocké dans une mémoire volatile du deuxième dispositif ; et
la commande, au moyen de ladite application de navigateur Web, du serveur local pour fournir le flux de données à un troisième dispositif connecté au deuxième dispositif.
 
4. Procédé selon la revendication 3, dans lequel le serveur local commande des pilotes desdits premier et troisième dispositifs pour fournir le flux de données entre le premier et le troisième dispositifs par l'intermédiaire de la mémoire volatile du deuxième dispositif.
 
5. Appareil comprenant au moins un processeur, une mémoire comprenant un code de programme informatique et un serveur local destiné à gérer des services de réseau dans l'appareil, la mémoire et le code de programme informatique étant configurés, avec l'au moins un processeur, pour amener l'appareil au moins à :

commander, lors de la connexion d'un dispositif externe à une application de navigateur Web de l'appareil par l'intermédiaire d'une connexion HTTPS, au moyen d'une application de navigateur Web mise en œuvre sur ledit appareil, une opération du serveur local sur une connexion HTTPS à une adresse d'hôte local du serveur local, dans lequel l'adresse d'hôte local du serveur local est mise en correspondance avec une seconde adresse réseau dans un serveur de noms de domaine,

demander, au moyen de ladite application de navigateur Web, une adresse IP de la seconde adresse réseau au serveur de noms de domaine ;

obtenir l'adresse d'hôte local du serveur local en tant qu'adresse IP de la seconde adresse réseau, dans lequel ladite seconde adresse réseau est fournie avec un certificat de connexion sécurisée ;

demander, au moyen de ladite application de navigateur Web, la connexion sécurisée au serveur local ;

obtenir, au moyen de ladite application de navigateur Web, lors de la détection par l'application de navigateur Web que le serveur local ne dispose pas d'une application pouvant établir des connexions HTTPS, un progiciel d'installation pour ladite application à partir d'une adresse réseau prédéfinie ;

installer ladite application sur ladite application de navigateur Web et sur le serveur local ;

démarrer le serveur local ;

envoyer, à un fournisseur de certificat, une demande de vérification du certificat de la seconde adresse réseau ;

établir, lors de la réception d'un accusé de réception de vérification du fournisseur de certificat, la connexion sécurisée à la seconde adresse réseau mise en correspondance avec l'adresse d'hôte local du serveur local au moyen du certificat de la seconde adresse réseau ; et

gérer la configuration du dispositif externe par l'intermédiaire de l'application de navigateur Web sur ladite connexion HTTPS à l'adresse d'hôte local du serveur local.


 
6. Appareil selon la revendication 5, dans lequel la gestion de la configuration du premier dispositif comprend la réalisation de diagnostics sur le dispositif externe ou l'effacement d'une mémoire du dispositif externe.
 
7. Appareil selon la revendication 5 ou 6, comprenant en outre un code de programme informatique configuré pour amener l'appareil à
commander, au moyen du navigateur Web, une opération du serveur local de sorte qu'un flux de données depuis un premier dispositif externe est stocké dans une mémoire volatile de l'appareil ; et
commander, au moyen de ladite application de navigateur Web, le serveur local pour fournir le flux de données à un deuxième dispositif externe connecté à l'appareil.
 
8. Appareil selon la revendication 7, dans lequel le serveur local est configuré pour commander des pilotes desdits premier et deuxième dispositifs externes pour fournir le flux de données entre les premier et deuxième dispositifs externes par l'intermédiaire de la mémoire volatile de l'appareil.
 
9. Produit de programme informatique comprenant un code de programme informatique intégré dans un support lisible par ordinateur, dans lequel ledit code de programme informatique, lorsqu'il est exécuté sur un processeur d'un ordinateur comprenant un serveur local destiné à gérer des services de réseau dans l'ordinateur, est conçu pour amener l'ordinateur au moins à :

commander, lors de la connexion d'un dispositif externe à une application de navigateur Web de l'appareil par l'intermédiaire d'une connexion HTTPS, au moyen d'une application de navigateur Web mise en œuvre sur ledit appareil, une opération du serveur local sur une connexion HTTPS à une adresse d'hôte local du serveur local, dans lequel l'adresse d'hôte local du serveur local est mise en correspondance avec une seconde adresse réseau dans un serveur de noms de domaine,

demander, au moyen de ladite application de navigateur Web, une adresse IP de la seconde adresse réseau au serveur de noms de domaine ;

obtenir l'adresse d'hôte local du serveur local en tant qu'adresse IP de la seconde adresse réseau, dans lequel ladite seconde adresse réseau est fournie avec un certificat de connexion sécurisée ;

demander, au moyen de ladite application de navigateur Web, la connexion sécurisée au serveur local ;

obtenir, au moyen de ladite application de navigateur Web, lors de la détection par l'application de navigateur Web que le serveur local ne dispose pas d'une application pouvant établir des connexions HTTPS, un progiciel d'installation pour ladite application à partir d'une adresse réseau prédéfinie ;

installer ladite application sur ladite application de navigateur Web et sur le serveur local ;

démarrer le serveur local ;

envoyer, à un fournisseur de certificat, une demande de vérification du certificat de la seconde adresse réseau ;

établir, lors de la réception d'un accusé de réception de vérification du fournisseur de certificat, la connexion sécurisée à la seconde adresse réseau mise en correspondance avec l'adresse d'hôte local du serveur local au moyen du certificat de la seconde adresse réseau ; et

gérer la configuration du dispositif externe par l'intermédiaire de l'application de navigateur Web sur ladite connexion HTTPS à l'adresse d'hôte local du serveur local.


 




Drawing














Cited references

REFERENCES CITED IN THE DESCRIPTION



This list of references cited by the applicant is for the reader's convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard.

Patent documents cited in the description




Non-patent literature cited in the description