CN102891836A - UPnP (Universal Plug And Play) access control method, server and client - Google Patents
UPnP (Universal Plug And Play) access control method, server and client Download PDFInfo
- Publication number
- CN102891836A CN102891836A CN201110206689XA CN201110206689A CN102891836A CN 102891836 A CN102891836 A CN 102891836A CN 201110206689X A CN201110206689X A CN 201110206689XA CN 201110206689 A CN201110206689 A CN 201110206689A CN 102891836 A CN102891836 A CN 102891836A
- Authority
- CN
- China
- Prior art keywords
- upnp
- client
- server
- upnp client
- log
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a UPnP (Universal Plug And Play) access control method comprises the steps that a UPnP server receives a login request of a UPnP client, verifies if the UPnP client has the access right according to the login information carried in the login request, and returns the verification result to the UPnP client. The invention also provides the UPnP server and the UPnP client. According to the UPnP access control method disclosed by the invention, only the specified UPnP client can access related content of the UPnP server, so that the server resource security and the user privacy are protected.
Description
Technical field
The present invention relates to the security control field, relate in particular to a kind of UPnP (Universal Plug and Play, UPnP) access control method, UPnP server and client side.
Background technology
At present, realize that the technology that media resource is shared has a lot, and UPnP AV (UPnP Audio/Video, UPnP audio/video) is wherein comparatively easy to be a kind of.Only need the server and client side all to support the UPnP agreement, and access in the same local area network (LAN), do not need to carry out extra operation and configuration, client just can connect server easily, and can online browse and broadcast media content.Be exactly a kind of specific implementation of UPnP AV technology such as DLNA (DIGITAL LIVING NETWORK ALLIANCE, the DLNA) agreement that heats up gradually in the recent period.
UPnP AV provides a kind of media contribution mechanisms of plug and play, and is easy to use, but has larger hidden danger simultaneously aspect fail safe.Because according to the realization of this agreement, the media resource on the media server in the unrestricted access consolidated network of the equal energy of media player of all support UPnP AV agreements.This will cause user's individual privacy very likely to leak out in own unwitting situation.
Fig. 1 is the interaction flow of existing UPnP AV media server and client, comprising:
Step 101 after media server starts, sends declaration (NOTIFY) message, the notice media player.
Step 102 after media player receives announcement message, is initiated service-seeking to media server, understands the service content that media server provides, and media server is presented in the source of media tabulation, for user selection.
Step 103, after the user chose some media servers, media player sent to media server and browses (browse) request, obtains the descriptor of the media content on the media server, and playlist is presented to the user.
Step 104, the user specifies when playing a certain media file, and media player sends the http request to media server, obtains this media file, and plays.
In this handling process, any media player that is in the same local area network (LAN) can both be checked all the elements on the media server.This will cause user's individual privacy very likely to leak out in own unwitting situation.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of UPnP access control method, UPnP server and client side, prevents that the UPnP resource is by unauthorized access.
In order to address the above problem, the invention provides a kind of UPnP access control method, comprising:
UPnP (UPnP) server receives the registration request of UPnP client, according to the log-on message that carries in the described registration request whether described UPnP client is had access rights and carry out verification, and check results is returned to described UPnP client.
Further, said method also can have following characteristics, and described log-on message comprises user name and/or password.
Further, said method also can have following characteristics, and described method also comprises:
Described UPnP server is judged when described UPnP client has access rights, also records described identity information with UPnP client of access rights;
When described UPnP server receives the resource access request of described UPnP client, judge according to the identity information of described UPnP client whether described UPnP client belongs to the UPnP client with access rights of local record, if, then carry out this resource access request, otherwise, ignore this resource access request.
Further, said method also can have following characteristics, and described identity information is universal unique identifier (UUID).
The present invention also provides a kind of UPnP access control method, comprising:
The UPnP client sends registration request to the UPnP server of choosing, and carries log-on message in the described registration request, and receives the check results that described UPnP server returns; Be verification when passing through in described check results, send resource access request to described UPnP server.
Further, said method also can have following characteristics, and described log-on message comprises user name and/or password.
The present invention also provides a kind of UPnP server, and described UPnP server comprises verification unit and response unit, wherein:
Described verification unit is used for: receive the registration request of UPnP client, according to the log-on message that carries in the described registration request whether described UPnP client is had access rights and carry out verification, and check results is sent to described response unit;
Described response unit is used for described check results is returned to described UPnP client.
Further, above-mentioned UPnP server also can have following characteristics, and described log-on message comprises user name and/or password.
Further, above-mentioned UPnP server also can have following characteristics, and described UPnP server also comprises access control unit, wherein:
Described verification unit also is used for: judge when described UPnP client has access rights, also record described identity information with UPnP client of access rights;
Described access control unit is used for: when receiving the resource access request of described UPnP client, judge according to the identity information of described UPnP client whether described UPnP client belongs to the UPnP client with access rights of local record, if, then carry out this resource access request, otherwise, ignore this resource access request.
Further, above-mentioned UPnP server also can have following characteristics, and described identity information is universal unique identifier (UUID).
The present invention also provides a kind of UPnP client, and described UPnP client comprises registering unit and addressed location, wherein:
Described registering unit is used for: send registration request to the UPnP server of choosing, carry log-on message in the described registration request, and receive the check results that described UPnP server returns;
Described addressed location is used for: the check results that receives in described registering unit is verification when passing through, and sends resource access request to described UPnP server.
Further, above-mentioned UPnP client also can have following characteristics, and described log-on message comprises user name and/or password.
Method provided by the invention, UPnP client-access UPnP server is registered, and verification so that the UPnP client of appointment could be accessed the related content of UPnP server, has been protected server resource safety and privacy of user by rear just execution subsequent operation.
Description of drawings
Accompanying drawing described herein is used to provide a further understanding of the present invention, consists of the application's a part, and illustrative examples of the present invention and explanation thereof are used for explaining the present invention, do not consist of improper restriction of the present invention.In the accompanying drawings:
Fig. 1 is UPnP AV server and client side's basic interaction models;
Fig. 2 is embodiment of the invention UPnP access control method flow chart;
Fig. 3 is embodiment of the invention media server and media player interaction diagrams;
Fig. 4 is embodiment of the invention UPnP server block diagram;
Fig. 5 is embodiment of the invention UPnP client block diagram.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, hereinafter in connection with accompanying drawing embodiments of the invention are elaborated.Need to prove that in the situation of not conflicting, the embodiment among the application and the feature among the embodiment be combination in any mutually.
The embodiment of the invention provides a kind of UPnP access control method, and wherein, the UPnP server is carried out following operation:
The UPnP server receives the registration request of UPnP client, judges according to the log-on message that carries in the described registration request whether described UPnP client has access rights, and judged result is returned to described UPnP client.
Wherein, described log-on message comprises user name and/or password.
Wherein, described method also comprises:
Described UPnP server is judged when described UPnP client has access rights, also records described identity information with UPnP client of access rights;
When described UPnP server receives the resource access request of described UPnP client, judge according to the identity information of described UPnP client whether described UPnP client is the UPnP client with access rights of local record, if, then checking is passed through, carry out this resource access request, otherwise, ignore this resource access request.
Wherein, described identity information is universal unique identifier (UUID), the invention is not restricted to this, and also other unique identification informations are such as MAC Address.
The UPnP access control method that the embodiment of the invention provides, by the following operation of UPnP client executing:
The UPnP client sends registration request to the UPnP server of choosing, and carries log-on message in the described registration request, and receives the check results that described UPnP server returns; Be verification when passing through in described check results, send resource access request to described UPnP server.
Wherein, described log-on message comprises user name and/or password.
As shown in Figure 2, be embodiment of the invention UPnP access control method flow chart, comprise:
Above-mentioned UPnP server and client side can be the various device of having used the UPnP agreement, such as PC, and portable terminal, electronic equipment, media device etc.
The below is take the UPnP server as media server, and the UPnP client is that media player (UPnP AV Player) further specifies the present invention for example.
Media player is by MSEARCH (search) active searching or pass through to monitor the interior media server of NOTIFY Active Learning home network, and the user is presented in the media server tabulation;
When the user chose certain media server to conduct interviews operation, media player needed initiatively to initiate registration (register) request to media server, carries username and password in this registration request;
Media server carries out verification to the content of this registration request, namely judge according to username and password whether media player has access rights, and the back-checking result is to media player;
Media player just sends the resource access request media server after receiving the answer that verification is passed through.
Below by a concrete example of using the present invention is described.
First-selection, the newly-increased X_Register action of the control directory services in present UPnP AV solution.
In order to finish the mutual of this action, need the newly-increased state variable listed such as table 1:
Table 1
| Name variable | Data type | Span | Default value |
| X_Username | String | Length 32 with interior visible ascii character string | |
| X_SPassword | String | Length 32 with interior visible ascii character string | |
| X_RegResult | BOOL | 0: registration failure; 1: succeed in registration. |
X_Username: this state variable is used for the user's name that record has access rights;
X_Password: this state variable is used for record associated user's access code;
X_RegResult: this state variable is used for the result of identifying user registration request.
X_Register is used for registering and obtain check results to media server.The parameter list of this action sees Table 2:
Table 2
| Parameter name | I/O | Associated variable |
| Username | IN | X_Username |
| Password | IN | X_Password |
| RegResult | OUT | X_RegResult |
As shown in Figure 3, be embodiment of the invention UPnP access control method, a newly-increased cover checking process between the step 102 of existing handling process mentioned above and step 103, the implementation step is:
Step 301-302 is with step 101-102;
Step 303, after the user chooses some media servers, media player ejects the username and password that dialog box requires user's input reference media server, after the user inputs username and password, media player is with the content encapsulation of user's input, by the X_Register request, initiate registration to media server.
Step 304, media server judges according to the username and password in the X_Register request whether media player has access rights, and with the verification result feedback to media player, simultaneously with UUID (the Universally Unique Identifier of the media player by verification, universal unique identifier) is recorded to and has in the access rights media player tabulation (in the present embodiment, being called white list).
Step 305, during the non-registered requests such as media player initiation browse, search, whether the UUID of this media player of request is initiated in the media server inspection, be present in the white list, if exist, then carries out association requests; If there is no, then ignore this request.
The embodiment of the invention also provides a kind of UPnP server, and as shown in Figure 4, described UPnP server comprises verification unit and response unit, wherein:
Described verification unit is used for: receive the registration request of UPnP client, according to the log-on message that carries in the described registration request whether described UPnP client is had access rights and carry out verification, and check results is sent to described response unit;
Described response unit is used for described check results is returned to described UPnP client.
Wherein, described log-on message comprises user name and/or password.
Wherein, described UPnP server also comprises access control unit, wherein:
Described verification unit also is used for: judge when described UPnP client has access rights, also record described identity information with UPnP client of access rights;
Described access control unit is used for: when receiving the resource access request of described UPnP client, judge according to the identity information of described UPnP client whether described UPnP client belongs to the UPnP client with access rights of local record, if, then carry out this resource access request, otherwise, ignore this resource access request.
Wherein, described identity information is universal unique identifier (UUID).
The embodiment of the invention also provides a kind of UPnP client, and as shown in Figure 5, described UPnP client comprises registering unit and addressed location, wherein:
Described registering unit is used for: send registration request to the UPnP server of choosing, carry log-on message in the described registration request, and receive the check results that described UPnP server returns;
Described addressed location is used for: the check results that receives in described registering unit is verification when passing through, and sends resource access request to described UPnP server.
Wherein, described log-on message comprises user name and/or password.
One of ordinary skill in the art will appreciate that all or part of step in the said method can come the instruction related hardware to finish by program, described program can be stored in the computer-readable recording medium, such as read-only memory, disk or CD etc.Alternatively, all or part of step of above-described embodiment also can realize with one or more integrated circuits.Correspondingly, each the module/unit in above-described embodiment can adopt the form of hardware to realize, also can adopt the form of software function module to realize.The present invention is not restricted to the combination of the hardware and software of any particular form.
Claims (12)
1. a UPnP access control method is characterized in that, comprising:
UPnP (UPnP) server receives the registration request of UPnP client, according to the log-on message that carries in the described registration request whether described UPnP client is had access rights and carry out verification, and check results is returned to described UPnP client.
2. the method for claim 1 is characterized in that, described log-on message comprises user name and/or password.
3. method as claimed in claim 1 or 2 is characterized in that, described method also comprises:
Described UPnP server is judged when described UPnP client has access rights, also records described identity information with UPnP client of access rights;
When described UPnP server receives the resource access request of described UPnP client, judge according to the identity information of described UPnP client whether described UPnP client belongs to the UPnP client with access rights of local record, if, then carry out this resource access request, otherwise, ignore this resource access request.
4. method as claimed in claim 3 is characterized in that, described identity information is universal unique identifier (UUID).
5. a UPnP access control method is characterized in that, comprising:
The UPnP client sends registration request to the UPnP server of choosing, and carries log-on message in the described registration request, and receives the check results that described UPnP server returns; Be verification when passing through in described check results, send resource access request to described UPnP server.
6. method as claimed in claim 5 is characterized in that, described log-on message comprises user name and/or password.
7. a UPnP server is characterized in that, described UPnP server comprises verification unit and response unit, wherein:
Described verification unit is used for: receive the registration request of UPnP client, according to the log-on message that carries in the described registration request whether described UPnP client is had access rights and carry out verification, and check results is sent to described response unit;
Described response unit is used for described check results is returned to described UPnP client.
8. UPnP server as claimed in claim 7 is characterized in that, described log-on message comprises user name and/or password.
9. such as claim 7 or 8 described UPnP servers, it is characterized in that described UPnP server also comprises access control unit, wherein:
Described verification unit also is used for: judge when described UPnP client has access rights, also record described identity information with UPnP client of access rights;
Described access control unit is used for: when receiving the resource access request of described UPnP client, judge according to the identity information of described UPnP client whether described UPnP client belongs to the UPnP client with access rights of local record, if, then carry out this resource access request, otherwise, ignore this resource access request.
10. UPnP server as claimed in claim 9 is characterized in that, described identity information is universal unique identifier (UUID).
11. a UPnP client is characterized in that, described UPnP client comprises registering unit and addressed location, wherein:
Described registering unit is used for: send registration request to the UPnP server of choosing, carry log-on message in the described registration request, and receive the check results that described UPnP server returns;
Described addressed location is used for: the check results that receives in described registering unit is verification when passing through, and sends resource access request to described UPnP server.
12. UPnP client as claimed in claim 11 is characterized in that described log-on message comprises user name and/or password.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110206689XA CN102891836A (en) | 2011-07-22 | 2011-07-22 | UPnP (Universal Plug And Play) access control method, server and client |
| PCT/CN2012/075483 WO2013013529A1 (en) | 2011-07-22 | 2012-05-15 | Upnp access control method, server and client |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110206689XA CN102891836A (en) | 2011-07-22 | 2011-07-22 | UPnP (Universal Plug And Play) access control method, server and client |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102891836A true CN102891836A (en) | 2013-01-23 |
Family
ID=47535203
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110206689XA Pending CN102891836A (en) | 2011-07-22 | 2011-07-22 | UPnP (Universal Plug And Play) access control method, server and client |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102891836A (en) |
| WO (1) | WO2013013529A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104426888A (en) * | 2013-09-05 | 2015-03-18 | 上海斐讯数据通信技术有限公司 | Digital media server restricted access method, server and system |
| CN105554116A (en) * | 2015-12-17 | 2016-05-04 | Tcl集团股份有限公司 | Remote interconnection method and system for UPnP (Universal Plug and Play) equipment |
| CN111212090A (en) * | 2020-02-20 | 2020-05-29 | 上海聚力传媒技术有限公司 | Terminal list acquisition method and device, computer equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1780234A (en) * | 2004-11-23 | 2006-05-31 | 三星电子株式会社 | System and method for establishing secured connection between home network devices |
| WO2007122577A1 (en) * | 2006-04-24 | 2007-11-01 | Nokia Corporation | Methods, devices and modules for secure remote access to home networks |
| CN101493867A (en) * | 2008-01-25 | 2009-07-29 | 希姆通信息技术(上海)有限公司 | Method and system for mutually transmitting shared data safely between mobile phone and computer |
| CN101523801A (en) * | 2006-10-13 | 2009-09-02 | 微软公司 | UPnP authentication and authorization |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007148915A1 (en) * | 2006-06-21 | 2007-12-27 | Lg Electronics Inc. | Method and apparatus for supporting multicast of media data in a network |
-
2011
- 2011-07-22 CN CN201110206689XA patent/CN102891836A/en active Pending
-
2012
- 2012-05-15 WO PCT/CN2012/075483 patent/WO2013013529A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1780234A (en) * | 2004-11-23 | 2006-05-31 | 三星电子株式会社 | System and method for establishing secured connection between home network devices |
| WO2007122577A1 (en) * | 2006-04-24 | 2007-11-01 | Nokia Corporation | Methods, devices and modules for secure remote access to home networks |
| CN101523801A (en) * | 2006-10-13 | 2009-09-02 | 微软公司 | UPnP authentication and authorization |
| CN101493867A (en) * | 2008-01-25 | 2009-07-29 | 希姆通信息技术(上海)有限公司 | Method and system for mutually transmitting shared data safely between mobile phone and computer |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104426888A (en) * | 2013-09-05 | 2015-03-18 | 上海斐讯数据通信技术有限公司 | Digital media server restricted access method, server and system |
| CN104426888B (en) * | 2013-09-05 | 2017-11-28 | 上海斐讯数据通信技术有限公司 | Method, server and the system that a kind of digital media server limitation accesses |
| CN105554116A (en) * | 2015-12-17 | 2016-05-04 | Tcl集团股份有限公司 | Remote interconnection method and system for UPnP (Universal Plug and Play) equipment |
| CN105554116B (en) * | 2015-12-17 | 2019-12-10 | Tcl集团股份有限公司 | remote interconnection method and system for UPnP equipment |
| CN111212090A (en) * | 2020-02-20 | 2020-05-29 | 上海聚力传媒技术有限公司 | Terminal list acquisition method and device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2013013529A1 (en) | 2013-01-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101109232B1 (en) | Server architecture for network resource information routing | |
| US7840688B2 (en) | Information processing device, server client system, method, and computer program | |
| KR101019974B1 (en) | Apparatus authentication device, apparatus authentication method, information processing device, information processing method, and a computer-readable medium | |
| US8185949B2 (en) | UPnP CDS user profile | |
| KR101105581B1 (en) | Information-Processing Apparatus and Information-Processing Method | |
| CN100448198C (en) | Information-processing method, information-processing apparatus and computer program | |
| EP3080963A1 (en) | Methods, devices and systems for dynamic network access administration | |
| US20050197965A1 (en) | Information processing apparatus, information processing method, and computer program | |
| KR101359599B1 (en) | Method for configuring access rights, control point, device and communication system | |
| JP5826399B2 (en) | Method and apparatus for controlling contents of digital living network alliance | |
| CN102572832B (en) | Secure sharing method and mobile terminal | |
| CN102177676A (en) | System and method for setting up security for controlled device by control point in a home network | |
| EP2843881B1 (en) | Method and apparatus for media information access control , and digital home multimedia system | |
| CN104683320A (en) | Home network multimedia content sharing access control method and device | |
| US8359636B2 (en) | Method and system for modeling options for opaque management data for a user and/or an owner | |
| CN102891836A (en) | UPnP (Universal Plug And Play) access control method, server and client | |
| WO2014176957A1 (en) | Multimedia management method and dlna device | |
| US20140089963A1 (en) | Method of managing multiple content servers | |
| CN104320718A (en) | Method and device for avoiding conflict of a plurality of DMC push media players | |
| EP2591574B1 (en) | Method and system for securing access to configuration information stored in universal plug and play data models | |
| CN101622827B (en) | Method for operating a network as well as a local network and network component | |
| KR102003816B1 (en) | Subscriber device authenticating apparatus and control method thereof | |
| EP2484056A1 (en) | Service contracting by means of upnp | |
| CN114710375A (en) | Network distribution method, intelligent gateway and computer readable storage medium | |
| JP2006331128A (en) | Authentication server, authentication method and authentication program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130123 |