6 Networked Embedded Systems – Example Applications in the Educational Environment

In this chapter we present a network architecture and two field application examples involving the deployment of embedded systems for distributed applications in the educational environment. The main contribution intended for this chapter is the proposed network architecture, with emphasis in the specific distributed implementation of networked embedded systems. The contribution also includes the detailed description of the technology options, the choices for the hardware and the development tools, as well as the implementation steps required to achieve a successful fully working system.


Introduction
In this chapter we present a network architecture and two field application examples involving the deployment of embedded systems for distributed applications in the educational environment.The main contribution intended for this chapter is the proposed network architecture, with emphasis in the specific distributed implementation of networked embedded systems.The contribution also includes the detailed description of the technology options, the choices for the hardware and the development tools, as well as the implementation steps required to achieve a successful fully working system.
A very wide group of automation applications can benefit from embedded networked technology for more flexible and efficient implementations [1].This technology allows for better integrated communications, integrated local and global control, supervision and maintenance.The educational environment has a set of management requirements that can be fulfilled using networked embedded systems and a well defined communication concept [1,2,3,4].
In this chapter we will present an applied research work using embedded systems.The work targets applications in the educational environment, specifically in the automated access control, access management and course management areas.Two field applications are presented, that allow demonstrating the suitability of the proposed networked embedded system concept for applications in these areas.These applications are fully deployed and in service in a higher education institution.The developed system concept can find applications in other fields such the residential, infrastructure and industrial areas.
A first example application, to be presented in this chapter, is in the automated access control and access management area, where distributed and networked intelligent systems interface with remote sensors to validate user credentials, granting or denying individual access to premises.The presented system uses a microcontroller with a standard Ethernet interface, to validate users presenting a compatible Ibutton or RFID Card.The user credentials are validated locally or in a central database.Authorized users are given access to reserved areas.By using a powerful database, very flexible and complex high level administration and management functions can be implemented.By sharing the local IP network infrastructure, maximum 104 commonality and flexibility are achieved.Both microcontroller and database server software are fully implemented using Open Source developing tools.
A second example application to be described in this chapter deals with a Linux-based Embedded Identification Module (EIM), which is integrated in an Information System specifically tailored for course management.The Embedded Identification System allows for networked fingerprint and RFID reading and identification.The Information System permits ubiquitous network access to teachers and course directors, while tasks such as calendar and timetable setting and correction, student class attendance and class progress information are integrated and efficiently managed.Student and teacher identification is achieved through the networked Embedded Identification Systems with fingerprint and RFID sensors.This chapter is organized in five sections.The first section consists of this introduction, presenting the global objectives and shortly describing the two example applications to be detailed.The second section will present an application and technology review in the embedded systems area with especial emphasis on development tools and operating systems.The third section will detail the first application example, featuring the architecture and a field implementation for a flexible and scalable distributed access control and access management system.The fourth section of the chapter will present the second application example, describing the hardware and software developed to create an information system specifically tailored to be used as a distributed course management application.The last section concludes the chapter and includes a short discussion on the creation of specific firmware and the future use of real-time operating systems.

Applications and technology review
Embedded systems can find applications in a very wide group of automation environments.These include, in addition to the ones in the educational management area presented in Section 1, a whole set in the industrial, residential, medical, economic, consumer and sensor networks areas.
In the industrial field, embedded systems can be widely used for fault monitoring and diagnosis, with automated reports, scheduling, triggering and registering specialized maintenance actions [5].
In the residential area, many future applications are envisaged such as intelligent appliances with automated management capabilities as for example the signalling of missing or out-of-date items while creating and automatically emailing or SMS-forwarding shopping lists and other required tasks.A very active research topic in the joint medical and residential areas is the concept of Ambient Assisted Living [6].This research topic targets the home assistance to the elderly or autonomy impaired patients.The remote monitoring and interaction possibilities, allow for specialized individual care.The goal is to dramatically improve the autonomy and quality of life of these patients, by not requiring long and frequent hospital attendance.
The international tracking and quality control of goods can also be efficiently managed by using RFID Tags supported by a communication and information infrastructure.Border control and product taxing are examples of tasks that can highly benefit from the According to [8] "Many embedded systems have substantially different design constraints than desktop computing applications.No single characterization applies to the diverse spectrum of embedded systems.However, some combination of cost pressure, long life-cycle, real-time requirements, reliability requirements, and design culture dysfunction can make it difficult to be successful applying traditional computer design methodologies and tools to embedded applications.Embedded systems in many cases must be optimized for life-cycle and business-driven factors rather than for maximum computing throughput".
Other important issues to be faced by the embedded developer are: real-time components, adaptive real-time requirements, compilers and timing analysis, development and execution platforms, control for embedded systems, testing and verification tools and strategies [9].In what concerns the real-time components, which are one of the greatest implementation challenges, there are design tools in which systems are designed by putting together pieces that might be termed components.Examples are MetaH, Ptolemy and Metropolis tools [9].
In [10] and [11] the authors present the state of the art in Real-Time Operating Systems (RTOS) for embedded platforms.Definition of Hard versus Soft Real-Time Systems is presented, together with the scheduling policies -preemptive, non preemptive -and the typical design workflow of a real-time system.Some examples of RTOS are described such as QNX (POSIX compatibility), VxWorks, Kurt-Linux, Red-Linux and Windows.In these types of Operating Systems (OS), virtualization can also be used to allow different OS running in the same hardware: typically one RTOS and Windows.The characteristics regarding the handling of highly demanding deadlines can classify the types of RTOS to be used in: hard real-time system, critical real-time system and safety-critical real-time system.
The steps required to build a Linux Embedded System from scratch are presented in [12].The document shows how to build toolchains, how to use embedded bootloaders, how to perform setup and configuration among other required tasks.An important issue discussed in this reference is the recent advances in free and Open Source software for embedded systems.The author presents a comparison between the number of installed systems with Windows Embedded and Linux Embedded for different device categories such as PDAs, mobile phones, VoIP phones, robots, audio and video devices, thin client devices, gateways, tablets and Webpads.A slightly higher score is achieved by Linux, with about 51% against 49% for the number of devices at the time of analysis.This comparison is based on reports published by online sites linuxdevices.comand windowsfordevices.com.
In [13] and [14] the authors present the steps towards the installation and use of a toolchain compiler for ARM LPC based processors.The ARM/MIPS architecture has been steadily growing in the community for microcontroller firmware development and is now widely used.Other architectures for microcontrollers used in embedded systems are mostly based on RISC or CISC concepts.Example manufactures are ST, Infineon, Intel, Zilog, Texas, NXP and Microchip among others.
In another segment of tools are those related to HDL and VHDL circuit synthesizing.In these cases the real-time project is typically programmed in C and the tool will synthesize the HDL code to be uploaded to a FPGA circuit.This kind of systems uses RTOS that are highly hardware based and that make intensive use of hardware resources [15].
An important class within embedded systems groups includes those categorized as "little embedded systems" which exhibit small amount of memory usage.In this group are 8bit, 16 bit and 32 bit microcontrollers with memory sizes ranging from less than 25 kBytes up to 32 kBytes and low clock frequencies, with a typical value of 100 MHz.In this category small and light RTOS are necessary such as FreeRTOS, Contiki and SalvoRTOS.Other examples outside this segment are FreeOSEK, Toppers and Trampoline [15].
The development of complete embedded hardware and firmware solutions for specific applications is a very demanding task with many aspects to be considered.Generally speaking an embedded system should respect [15]:


Functional specifications: observing the physical values and collecting them in real-time.
Since the state of the controlled object is a function of real-time, the observed values are only temporarily present within a time-limited window.The update can be triggered in two possible ways: periodically -time-triggered observation; events -change of state observation or event-triggered;  Temporal specifications: guaranteeing that all tasks are performed within their defined relative time sequence and individual time constraints;  Reliability specifications: the most important attributes for the measurement of reliability are: fault tolerance, maintenance, availability and security.
When developing the hardware, firmware and software for the networked systems to be presented in Section 3 and Section 4, these global and other more specific aspects were thoroughly considered in the choices that were made.

Embedded access control and access management
Different technologies can be used when designing an automated access control and management system.See [16,17,18] and for commercial systems [19].A starting point is the decision on how individual users are identified.This identification can be based on the presentation of unique credentials such as manual codes or RFID Tags.The credentials can also be based on biometric patterns.The most common are fingerprints and iris prints.
Other forms of biometric data can be used for identification, such as gait, voice and face recognition.These latter forms, however, are much more processing intensive.The second step is the decision on how individual identification credentials are validated.This action aims to answer the question: "Does this user have the permission to access this location?"The developed system infers identity through the presentation of an RFID Card or an Ibutton.Both technologies have in chip, hard stored, unique serial numbers, which can be used as identification credentials.Validation is performed using IP connectivity for the tentative matching of presented credentials with those stored in a local table or in a central PostgreSQL database server [20].The complete architecture is shown in Figure 1.Noteworthy is the fact that the access system shares the local IP network infrastructure with existing services.This allows high hardware and software commonality, high flexibility, minimum deployment complexity and minimum cost.
In addition to the specific design of the DSClient hardware module, to be detailed in Section 3.1, the most significant decisions on the design of the presented distributed system are related to the communications infrastructure.Figure 1 includes a representation of the information flow between the various system components.The considered options for the IP communication architecture were the following:  TCP/IP networking with HTTP 1.0 support.In this option the embedded system represented by the DSClient would remotely execute a PHP [21] script on the FreeBSD server [22].This script would validate the user presented credentials.This simple setup has some advantages.In terms of the information flow only a TCP connection must be established.A disadvantage is the need to implement the TCP protocol.The HTTP protocol is not a difficulty in this approach, since it consists in the simple action of sending a read command, similar to a browser HTTP read;  Use of TCP/IP networking with an active service running in the FreeBSD server.The running service would receive the user data from the DSClient, query the database for a matching and would answer the request.A clear advantage would be the simple protocol implementation, only requiring a socket definition and simple read and write operations.Disadvantages are the need to implement the TCP protocol and the additional need to establish a running service on the server;  Use of UDP networking to send a validation request and wait for a probable answer in a defined timeframe.The main advantage of this solution is the simple UDP implementation and the fact that there is no need for the TCP implementation in firmware.A disadvantage is the absence of flow control.A service must also be setup on the server.
Given the above described options, a decision was made on the implementation of the simpler and faster UDP packet transmission when compared to TCP.Data encryption was also implemented with this approach.In addition, a simpler and faster DSClient can be built, without the need for the TCP firmware.In order to increase the security of the access control system, an additional packet identification technique was implemented, based on the positive matching between DSClient requests and server generated answers at the Layer 3 packet level.The request packet includes a security field computed using an elapsed time value and a generator polynomial.This field allows the positive identification of the server answer, guarantying the correspondence between the received packet and the sent UDP DSClient request.This technique avoids the non-authorized future use of the same answer packet, which may represent a positive validation, intended only for the ongoing query.
The high level administration of the system is accomplished using a Browser interface (Figure 2) (https://intranet.dee.isec.pt/SGAL_WEB_DEE).The interface consists of a set of WEB pages accessed through a secure connection.The pages are implemented using PHP language and an Apache server.The interface allows for the configuration and updating of the access database.With global administrator permissions the interface has the following main features: The main administration interface page is shown in Figure 2. It allows room administrator creation and editing; general user creation and editing; permission editing and general access management.SGAL relates to the initial name for the Web administration application which is, in Portuguese: "Sistema de Gestão de Acesso a Laboratórios".
It should be noted the intentional choice of Open Source software in this application, demonstrating the high potential of the available tools also in this field.The aforementioned embedded systems and many other small intelligent systems are also increasingly Linux based, with several examples previously given in Section 2.

Hardware and software implementation
The detailed implementation of the hardware considered a balance between the cost and dependability of the system.In a first prototype the Microchip 18F2685 microcontroller [23] was chosen, and was associated with the ENC28J60 Ethernet Controller chip, also from Microchip.The ENC28J60 implements the Ethernet physical layer at 10 Mbps in half or full-duplex modes.It has however some limitations negotiating with active network nodes such as some types of switches.The limitations reside on the speed and half/full duplex negotiation.It has a SPI control interface, available in most current microcontrollers, allowing very simple and cost effective solutions, which do not require high performance communications.The choice of the 18F2685 microcontroller was based on the availability of an on-chip CAN controller, which adds the flexibility to further associate hardware using the CAN interface.The simple hardware architecture for the DSClient module, presented in Figure 1, is shown in Figure 3.A second prototype implemented the DSClient module using the PIC18F67J60 microcontroller, which includes an internal 10Mbps Ethernet controller compatible with the external ENC28J60 controller.Both prototypes include an external memory, using the 25LC1024 chip.This memory can be used to store encrypted credentials for the local room, providing redundancy for a temporary non-operational network.A third prototype uses an ARM Cortex-M3 [24] Stellaris microcontroller with integrated 100Mbps Ethernet, fully compatible in terms of behaviour with the two previous versions (Figure 4).A detail that should be highlighted in the flowcharts of Figure 4    In a first step, the FreeBSD server decrypts the UDP packet in order to validate its origin and credentials.If the packet is not valid it is immediately discarded and no answer is generated.
A validated packet generates an UDP answer packet with the following information: pulse width to activate the electric locker (milliseconds), pulse width to activate the audio tone or BEEP (milliseconds), access authorization or access denial, date and time of authorization, and some other information associated with the security techniques.
The DSClient module, when receiving a server generated answer, verifies if it corresponds to its last request through the packet identification technique described in the in Section 3. If it does, the answer is validated if it was received in a time window of n seconds.Otherwise the answer is discarded.The information flow for packet exchange between DSClient modules and the database server is illustrated in Figure 5.
A total of three hardware prototypes for the DSClient module were built and tested.Two are the ones based on the Microchip microcontrollers and described above.The third is based on the ARM architecture.The Microchip versions were programmed using the MPLAB-C18 Tool [23].The ARM based version was programmed using the GCC compiler targeting the ARM architecture [24].List 1 shows the encrypted packet reception in the FreeBSD system.

An application to the educational environment
The described system, thanks to its distributed characteristics and modular implementation, has the flexibility for a large number of possible applications using RFID Tags or Ibutton technologies.Furthermore, it is highly hardware and software scalable, while exhibiting very robust security characteristics [25].Its robust security implementation allows for the use in sensitive applications.Based on the advanced configuration and administration of the system database, efficient and powerful information systems can be envisaged, with enough flexibility for a high number of secure distributed automation applications.
A field implementation of the described system is currently in service in the Electrical Engineering Department -"Instituto Superior de Engenharia de Coimbra" (Figure 6).A total of sixteen rooms are monitored and have access control installed.These include a general use printing room, a student project room, one general purpose classroom and ten specialized laboratories.Three experimental systems are also installed in other school departments, one in the Mechanical Engineering Department and two in the Physics and Mathematics Department.Common room access is the responsibility of the Head of Department while laboratories have dedicated administrators which are also responsible for the general use of the specific laboratory.Automated access control allows for high flexibility, maximizing resource availability and usage, while keeping a high degree of security and individual responsibility.A potential installation of 150 distributed modules exists.The current implementation is being expanded to all department rooms to allow global management applications that can support most of the academic activities.Work in progress addresses fully registration of student attendance, permitting precise and dynamic adjustment in the number and time-allocation of laboratory classes.Early identification and active signalling of students with specific attendance difficulties can trigger timely and effective pedagogic correction actions by the course director.
Other functionalities can be added to the system such as the local management of Campus transactions.These can include student restaurants and bars, bookstore, academic fees, library registering and fine management, post-office, etc.This is a more security sensitive application area [25].Some of these services are already deployed using other platforms.
Since there is a working Campus Access System, installed at Instituto Superior de Engenharia de Coimbra, which is managed by a private contractor (Figure 7), it is of most interest to interconnect both access networks and information processing applications, in order to maximize capabilities and comply with common security policies.Fig. 7. Campus Access control -Instituto Superior de Engenharia de Coimbra.Installed car park and building access, by a security contractor using HID RFID technology.

Quality of service
Preliminary simple testing was performed, targeting the evaluation of the quality of service that can be achieved.The main concerns addressed initially were those related to sharing the network infrastructure with existing network services in a UDP transmission scenario.
The Electrical Engineering Department is a three store building with a two-level tree, 100 Mbps network infrastructure, based on 20 main switches (24 port) and a 1 Gbps fiber connection to the School backbone.About 240 permanently connected personal computers and 2 network servers are installed in offices, classrooms and laboratories.A total of 650 class hours are allocated each week for the duration of 15 week semesters.A set of 16 devices is fully operational at the present time.Two preliminary tests were conducted: rate of lost packets and denial of service through severe network congestion.
One semester of access statistics was registered for the installed devices.A rate of 1% of lost packets was measured in normal working conditions.This corresponds to extreme congestion situations and Ethernet chip limitations.In these cases the identification card has to be presented twice for the validation of credentials.
To assess the performance of the service in continuous high traffic environments, a second test was performed using the transmission of multicast video with controlled bitrate.A video server and a set of 8 video clients were connected, one in the same switch as the video server, and 7 on different switches.The video was sent in UDP multicast at 2, 4, 6, 8, 10 and 12 Mbps constant bitrates.Multicast traffic was not filtered for the switches where the HID readers were installed, reaching equally all ports.
It was observed that the rate of lost packets remained very low (in the order of 1%) for all 10Mbps DSClient modules, until it dropped drastically for some of them.This drop corresponded to the video bitrate reaching 10 Mbps at the same switch and port where the HID reader was connected.This is because 10 Mbps is the upper limit operating bitrate for the DSClient Ethernet chip.The 100Mbps DSClient Modules were unaffected under 12 Mbps constant bitrate.Further testing is planned for different traffic profiles, network setup and a more comprehensive set of statistics.

Integrated information system for course management
This section presents an Integrated Information System for the management of Technology Specialization Courses (TSC).These courses are subject to a stringent set of legal requirements that regulate the scientific, pedagogic and functioning components.To meet these requirements the availability of an organizational support structure is essential.The developed information system accepts high-level definitions introduced by the Course Director, such as the teaching service allocation, the course calendar and schedule, as well as the individual student profile.Information relating to each class such as summary, individual student attendance, punctuality, participation and progress is dynamically managed by the teacher in each Training Unit.
Global information is continuously available online.Weekly reports are generated that allow the coordination of the course as well as the automatic sending of information required to generate all legal documentation.
According to Portuguese Law -Dec.-Lein.º 88/2006, May 23 [26], TSC are post-secondary, non-higher education training courses, that can be taught at Higher Education Institutions or with their collaboration.According to Dec.-Lei n.º 782/2009, July 23 [26], since the 1 st of October 2010, TSC are classified with the skill level 5 on a {1-8} scale, according to the European Qualifications Framework for life long learning [27].On the other hand, in the registration process they are as qualification level 4, on a {1 -5} scale, according to the Decision n.º 85/368/EEC, published in the Official Journal of the European Communities, n.º L199, 31 July 1985.In both cases, TSC are described as a Qualification at a post-secondary non-higher education level, where credits can be gathered for further higher studies.
In accordance with the applicable law, TSC are organized by time editions with very different rules from those normally applicable to BSc and Master Courses in terms of organization, assessment and attendance.This requires the teaching Institutions to strongly adapt their steady mechanisms commonly used for course management.Thus, in addition to the registration of the final classifications and updating of student individual records, Dec.-Lei Law n.º 88/2006 also establishes the need to create, update and register on file:


Records for the presence and punctuality of the students;  The summary for each lesson;  Justifications for not being present, validated by the TSC Director;  Information about each assessment element, including individual marks.
In this context, for each training unit, it is necessary to maintain an updated file with all the mentioned items as well as educational support material.For each student, in addition to the final assessment results, it is necessary to organize a personal file containing the relevant classification information and his personal and professional profile.In addition, it is mandatory, on a monthly basis, to inform the relevant government agency on the actual number of students with effective class attendance.
Overall, course management is a very demanding, data-intensive distributed task.It must be automated in order to guarantee that valuable human resources are used in the most noble activity that is the teaching itself.
Information technologies are a very powerful tool for the efficient management of activities that require the processing of large amounts of data in an intensive and distributed manner.
There are however security and confidentiality issues, including the management of the access to third parties and to individuals with administrative privileges.

Global architecture
An embedded system is used as the basis component of a distributed information system, specially developed to manage Technology Specialization Courses (TSC).In these courses, full control of student progress and student presence in classes is extremely important.The distributed information system for course management includes the functionality to record student attendance in class by using a specially developed module which is based on the Linux Embedded operating system [28] running on a ARM processor.This module permits to read fingerprints and RFID tags for student identification and further network transmission of relevant information -this module is hereafter named Embedded Identification Module (EIM).
The Embedded Identification Module is integrated in the whole course management information system as illustrated in Figure 8.The system consists of four hardware and software modules connected via TCP/IP over Ethernet: the Teacher Application, the Central Server, the Embedded Identification Module and the Management Interface.
The Teacher Application, developed in Microsoft Access (MS-Access) [29], is the teacher interface with the central server.It is based on a local database with forms allowing the management of information about class summaries, attendance, punctuality, participation and individual and collective progress.This application also permits the generation of local reports, by exporting in MS Excel format, information containing class syllabus, partial and The Teacher Application receives from the central server, managed by the TSC Director, the teaching service allocation, the course schedule and calendar as well as the student individual profile.Later, it sends back the information on class operation.This information will be the basis for the server generated global reports and to the final documentation about the course operation.The interconnection between the Teacher Application and the Central Server is achieved through a Website using WebServices technology [30].
The Embedded Identification Module communicates with the Teacher Application and with the Central Server.In the Teacher Application the user selects a search in the local network to find the Embedded Identification Module IP.The target test hardware for fingerprint validation uses a commercial router, the D100 from Huwaei, which is a very inexpensive hardware, with specific Linux-based firmware developed by the authors (see Figure 9).This router has an USB port allowing the connection of the fingerprint reader, a Microsoft model in this application.A custom Broadcom Chipset board is being developed for further use.
The fingerprint image acquisition is based on software derived from the libfprint library.The images are taken from the fingerprint reader, having been turned off the proprietary encryption mechanism of the device.The images are then processed to obtain the unique characteristics of each fingerprint.This unique features, consisting in a set of distances, are recorded in a USB-Pen attached to the D100, using an encryption mechanism.The data from each fingerprint is assigned an identification number.This number identifies the person in the central PostgreSQL database.
To build the Linux Embedded firmware, the buildroot, busybox and u-boot projects have contributed as a starting point -for more details see [12].
When using RFID authentication only, the system uses an ARM processor similar to the device explained in Section 3 -see Figure 1 for a hardware illustration and Figure 9 for an enclosure and test overview.The mechanism to send data to the central database is also similar to the method proposed for the RFID authentication method described in Section 3.
The Central Server is based on an Apache server [21] and a PostgreSQL database [20] installed on a FreeBSD operating system [21].WebServices implemented in PHP are used as communication technology [21].The teacher service allocation, the course calendar and course schedule, validation of missed class and the individual student profile, all are entered and updated by the TSC Director, using a Management Interface.This Management Interface uses MS-Excel, Visual Basic for Applications (VBA) [31] and WebServices to communicate with the Central Server.
The Central Server registers the information generated and validated locally by each teacher when using the Teacher Application, maintaining a global database.From this global database, the elements needed to the organization, operation and supervision of the course, in accordance with the legal requirements, are automatically generated and forwarded to the interested parties.Thus, the system ensures the data recording, edition and validation locally in the Teacher Application, with subsequent submission, registration and processing in the Central Server.

Teacher Application
The Teacher Application was developed in Microsoft Access allowing localized and autonomous management of information and, through a mechanism of communication and synchronization, the periodic transmission of teacher validated information to the Central Server.The local database in MS-Access consists of seventeen separate tables that are presented in Figure 10 -left.From the global set of tables, eleven are interconnected according to the structure in Figure 10 -right.
The Teacher Application communicates with the Central Server via WebServices.A set of functions in VBA and a set of forms were developed for this purpose.For interaction via  In terms of the local organization of files that support the implementation of the Teacher Application, the structure is shown in Figure 11 -right.In the templates folder is a spreadsheet developed in Excel, for which the application exports the information.This spreadsheet allows managing all the assessments for each training unit.
Each teacher is assigned a username and a password to access the system.After login, the teacher may choose to update the local database from the Central Server, which is mandatory the first time, or in a regular access, can use the application only locally with previous downloaded data.
When updating the local database with new information from the Central Server, the local information that has already been published is not modified.In both modes, local use only or server update, teacher lessons will be available for browsing and summary writing.After teacher identity validation, the Main Menu illustrated in Figure 12 will be available.The options shown in Figure 12 allow managing all information concerning the specific TSC training unit, namely: Edit summaries, consulting old class data, send data to the Central Server, report generation and deleting of the local database.Figure 13 shows the interface for summaries, assiduity, punctuality, participation and for student assessment.This information is transmitted to the Central Server only after the teacher indicates that the class reports are final.After validation and transmission, classes are marked as delivered and are signalled with a green background in the summaries interface, as can be seen in Figure 13 -right.Export option for specific training units can be generated as a set of spreadsheets for assiduity, participation, exam and final classifications.Class summaries, absence justifications and student progress can also be exported.
The Teacher Application performs the main functionality of the system, since it is the liaison between the Embedded Identification Module, the Central Server and the teachers themselves.In addition to the functions already described, the Teacher Application allows to connect to the Embedded Identification Module.This identification module will be described in the next section and its job is to read RFID tags and fingerprints.

Embedded identification module operation
Each student in the class is identified by the presentation of an HID RFID card or by his fingerprint.The association between the student and his RFID identification number is performed in the PostgreSQL database using the Central Server Management Interface.The card reader system, illustrated in Figure 9, was programmed using C language and embedded in a microcontroller with ARM architecture [22,23].The exchange of information between the Teacher Application and the Embedded Identification Module (EIM) is encrypted and carried through the UDP protocol.Figure 14 shows a diagram representing the bidirectional communication between the two systems.For classroom operation, the teacher uses the Teacher Application to search for identification modules in the local room network using broadcast messages.After getting a response, the connected equipment is captured using the interface shown in Figure 15.
After the EIM has been captured, students entering the classroom approach the HID card to the EIM, identifying them and recording the time-of-entry as illustrated in Figure 16.Time-of-entry is later used for presence related information in accordance with a start time reference defined by the TSC Director.
As an alternative to the HID reader, the identification from the fingerprint reader can be used.A Microsoft Fingerprint Reader with USB interface is used.The sensor is interfaced with a microcontroller containing embedded Linux, where the image processing algorithms leading to the identification are programmed.
For confidentiality reasons, associated with the collection and processing of biometric data, the entire processing software shall be contained and secured in the microcontroller.For identification, only a unique index is provided.Fingerprints are stored in-device, on an SD card, encrypted and associated to a student identification index.The widespread and final use of this sensor will be implemented only after all legal requirements associated with the protection of personal data are guaranteed.

Implementation details
For the RFID reader, the EIM is implemented with an ARM Cortex-M3 processor.All the programming tools for this microcontroller have been developed based on the GNU GCC toolchain for ARM Cortex-M3 version 4.3.3,Binutils-2.19.1 and newlib-1.18.0 under Gygwin with lwip TCP Stack.Information about setting up a free GCC toolchain is available from [13].
For the Fingerprint reader, as presented in Section 4.1, the D100 router from Huwaei with specific Linux-based firmware was used as test platform for the Broadcom Chipset.
By default, the EIM sends data to the Central Server (FreeBSD) but the Teacher Application can capture the device through a broadcast packet, informing the EIM where to send its data packets, that is to the Teacher Application.List 2 shows the VBA code that triggers the capture of the EIM device in the local network.
After the EIM has been informed where to send its UDP packets with RFID information, the Teacher Application waits for this information through a socket data reception event.List 3 shows the Teacher Application (MS-Access) code for encrypted packet reception.List 4 shows the firmware for the main state machine while a similar state machine is also used to control Ethernet communications as presented in Fig. 15.
Figure 17 shows the Common Firmware Environment (CFE) available from Broadcom.It is the first code that is executed when the router boots.It performs functions such as system initialization, setting up a basic environment, optionally providing a command line interface and loading and executing a kernel image.After this first code Linux will boot if it was initially programmed in the flash memory of the router.
Figure 18 illustrates the fingerprint test hardware setup, and results from the image processing algorithm, based on Linux Embedded.This system is compatible with the communication protocol used by the ARM RFID system.A custom board based on the Broadcom Chipset will be used for the long-term application.
Fig. 18.Left: Test hardware -Huwaei D100 router with Linux Embedded for fingerprint acquisition.Right: An example of a fingerprint and its processing.

Central server and management interface
The Central Server main function is to register and maintain the final course information in a central database.This information, associated with the management of the TSC, includes high level general information and specific information for each training unit.The server software also allows to automatically generate all the legally required documents for the operation of the course.E-mail alerts are also created and addressed to teachers who have not timely updated data in the Teacher Application.A further weekly report is generated and e-mailed to the TSC Director with information on the presence, punctuality, participation and progress of the students.This information allows an efficient supervision of the course operation.In addition, it permits to fulfill the legal information communication requirements such as the exact and actual number of students attending the course.
In terms of implementation technology, the Central Server is based on an Apache Server and on a PostgreSQL database.These software packages are installed on a FreeBSD operating system and use WebServices implemented in PHP as communication technology.In order to ensure maximum consistency and simplify synchronization between the local and central databases, the PostgreSQL tables in the Central Server and the MS-Access tables in the Teacher Application are identical.
The TSC Director, through the Management Interface, defines in the Central Server the common elements and top-level requirements for the course operation.The interface can be accessed through the Intranet or Internet and allows the introduction of all relevant information as for example the Teacher Service Allocation.This interface uses Excel spreadsheets, VBA programming and WebServices to communicate with the Central Server.

Discussion and conclusions
In this chapter we intended to present successful applications using networked embedded systems.For this purpose we described a network architecture and two application examples in the educational area, which are full implemented and successfully deployed.The first application consists in a campus automated access control and access management system while the second implements a full-featured distributed course management tool, tailored for a specific scientific environment.Both applications are in operation at the Electrical Engineering Department of the Instituto Superior de Engenharia de Coimbra.
Distributed control modules exhibit high programming flexibility, with the possibility of local and remote programming.The modules are very reliable and have powerful processing and interfacing capabilities.Furthermore, they are highly hardware and software scalable, while exhibiting very robust security characteristics [25].Open Source Software, both in the distributed modules and in the central database, guarantees flexibility and high evolution potential.
Real-Time Operating Systems (RTOS) are candidates for both applications described in this chapter and work is in progress to use FreeRTOS as a basic development environment for the ARM processor.Despite the fact that these are not real-time intensive applications, RTOS can greatly facilitate system development because multiple tasks can be programmed as if they were unique.
In this chapter we presented and detailed a set of engineering choices that can be used to develop successful networked embedded systems applications.These choices include network and communication architecture, hardware, development and programming tools for the embedded modules as well as communication technology and server operating system and basis software.
As a general conclusion we can state that networked embedded systems exhibit a great potential to serve as remote intelligent modules in high performance distributed applications such as those that can be developed for the educational and industrial fields.F u r t h e r m o r e , i t w a s d e m o n s t r a t e d t h a t i t i s p o s s i b l e t o c r e a t e a d v a n c e d n e t w o r k e d distributed applications using Open Source Software for the system infrastructure.

Fig. 1 .
Fig. 1.Architecture of the developed access control system.
Edit and Delete room administrators and associated fields;  Add, Edit and Delete general users and associated fields;  Add, Edit and Delete user permissions for individual rooms;  Browsing and Exporting of registered accesses if enabled.

Fig. 4 .
Fig. 4. Simplified flowchart illustrating the DSClient software.Left: initialization phase showing an ARP request that can be answered by the server or gateway, depending on the DSClient being on the same or on a different network.Right: main operation cycle for access control.A flowchart representation, describing the main software decision flow implemented in the DSClient programmed firmware, is presented in Figure 4.It illustrates the DSClient software, with the initialization phase showing an ARP request that can be answered by the server or gateway, depending on the DSClient being on the same or on a different network.It also shows the main operation cycle for access control.
The information provided by the DSClient modules is the following: Ibutton or RFID Card number, local time counter (nanosecond precision), number of valid HID or Ibutton readings, number of UDP requests without server answer, number of times the door was open, number of times access was not permitted, actual IP address of the module and some information associated with the security techniques.If local validation was not successful, the same information is sent to the server for registering and administration purposes.

Fig. 5 .
Fig. 5. Network flow for UDP packets, between a DSClient module and the database server, for central server validation.

Fig. 8 .
Fig. 8. Architecture of the integrated system: Teacher Application (MS-Access, Local); Central Server (Global Database); Management Interface and Embedded Identification Module (RFID, Fingerprint, Local).final classifications.It also allows the browsing of the planning and schedule for past and future classes.The application requires a login and password to identify the teacher.

Fig. 10 .
Fig. 10.Left: Structure of the local database in MS-Access.Right: Interconnection between the main tables.WebServices with the PostgreSQL database on the central server, a developed VBA class TSCARCIws exchanges information through a specific address on the Intranet, whose functions are presented in Figure 11 -left.

Fig. 11 .
Fig. 11.Left: WebServices developed for communication between MS-Access and the PostgreSQL.Right: Developed application structure in MS-Access.

Fig. 12 .
Fig. 12. Teacher Application Main menu.Editing and Browsing Summaries, Presence Management, Sending data to the Central Server and Reporting.

Fig. 13 .
Fig. 13.Teacher Application.Summaries edition.Data transmission to the Central Server includes data integrity check to detect transmission errors.Data transmitted without errors assumes a definitive state and can no longer be changed locally.Later edition is only possible for specific classes with the intervention of the TSC Director by setting an authorization in the Management Interface.

Fig. 14 .
Fig. 14.Communication between the Teacher Application and the EIM.

Fig. 15 .
Fig. 15.Operation of the Teacher Application in capture mode.Searches in the local network for EIM devices and informs them where to forward packets.

Figure 19 presents
Figure 19 presents an example of the Teacher Service Allocation and the course schedule for a set of training units.It also presents the VBA source code used to search in Excel spreadsheets for the Teacher Service Allocation, generating the SQL commands that are sent through WebServices to the PostgreSQL database.

Fig. 19 .
Fig. 19.Excel spreadsheet: Time and the Teacher Service Allocation for the course together with VBA programming using WebServices.
Networked Embedded Systems -Example Applications in the Educational Environment 105 implementation of such technologies.Another area of special interest is animal farming, where sub-dermal transponders are used for identification, health monitoring and management, registering and transport control.Embedded systems and embedded operating systems are now pervasive in consumer and network equipment such as mobile phones, PDAs, tablets, Webpads, VoIP phones, robots, audio and video appliances such as set-top-boxes, media players and televisions, thin client devices, switches and routers, among many other consumer examples.Another specific application area, which has received special interest recently, is the ubiquitous deploying of networked embedded systems for the global monitoring of large civil strategic buildings and infrastructures.These include forests, sensitive ecosystems, power plants and power grids, government buildings and communication infrastructures such as bridges, motorways, sea ports, railways and airports.Integrated with Identification, Wireless, Localization (GPS), and Internet technologies, networked embedded systems can be used to create true global monitoring, control and management solutions.A related and very prominent area of research in this field is the advanced concept of Sensor Networks [7]. www.intechopen.com is the intentional reset of the Ethernet chip.This action is required since the Ethernet interface can stop answering network packets.This situation can arise if there is a faulty non answering FreeBSD server, but can also result from excessive IP traffic -for instance, due to an intentional denial of service attack.This non-answering state is detected by noticing a non-answering server, during repetitive DSClient validation requests.Combining the Ethernet resetting action with a watchdog, full system functionality can be always restored, without noticeable service reduction.User credentials are first checked for tentative local validation.If the current credentials are not present in the local table, a tentative central server validation follows.The FreeBSD server implements a UDP service in a system communication port, receiving the validation requests from the set of all distributed DSClient modules.The presented www.intechopen.comNetworked Embedded Systems -Example Applications in the Educational Environment 111 credentials are matched with those on the database and an appropriate answer is generated, through an UDP packet sent to the same DSClient system port.