CN103248616A - Method, device and system for identity verification in DLNA (digital living network alliance) network - Google Patents
Method, device and system for identity verification in DLNA (digital living network alliance) network Download PDFInfo
- Publication number
- CN103248616A CN103248616A CN2012100322699A CN201210032269A CN103248616A CN 103248616 A CN103248616 A CN 103248616A CN 2012100322699 A CN2012100322699 A CN 2012100322699A CN 201210032269 A CN201210032269 A CN 201210032269A CN 103248616 A CN103248616 A CN 103248616A
- Authority
- CN
- China
- Prior art keywords
- dlna
- checking
- equipment
- dlna equipment
- needs
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2803—Home automation networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for identity verification in DLNA network. The method comprises the steps as follows: receiving an access request initiated by DLNA equipment to be verified; and adopting an HTTP-EAP (hypertext transport protocol-extensible authentication protocol) manner to verify the identity of the DLNA equipment to be verified for an identity verification server RADIUS. Correspondingly, the invention further discloses a device and a system for identity verification in the DLNA network, so that the DLNA equipment in the DLNA network can perform identity verification for other DLNA equipment before other DLNA equipment accesses the DLNA network, and accordingly, the multimedia data safety and privacy safety of users can be guaranteed.
Description
Technical field
The present invention relates to technical field of domestic networks, relate in particular to the method for carrying out authentication in a kind of DLNA (DLNA, Digital Living Network Alliance) and device, system.
Background technology
In the DLNA network, various device types are arranged: the digital media server (DMS that provides digital media content to share, Digital Media Server), renderer (the DMR of Digital Media of passive broadcast DMS content, Digital Media Render), initiatively play the digital media player (DMP, Digital Media Player) of DMS content and the Digital Media controller (DMC, Digital Media Controller) of control DMS and DMR.These device types are widely used in consumer-elcetronics devices in the life, PC (PC), mobile phone, television set, set-top box, MIFI gateway, UFI equipment etc.
Various equipment types does not have unified auth method from different vendor in the DLNA network between them.In digital home network, the network coverage not only relates to certain user's oneself multimedia equipment, also can cover other user's equipment, owing to lack unified authentication mode, other user can be linked in certain user's oneself the DLNA network easily, thereby jeopardizes user's multi-medium data safety and privacy of user safety.Though DLNA provides the content protecting scheme of DTCP (DTCP, Digital Transmission Content Protection), do not have to solve how the various equipment types of DLNA is carried out authentication.
Summary of the invention
In view of this, main purpose of the present invention is to provide the method for carrying out authentication in a kind of DLNA network and device, system, guarantees user's multi-medium data safety and personal secrets.
For achieving the above object, technical scheme of the present invention is achieved in that
The invention provides the method for carrying out authentication in a kind of DLNA network, described method comprises:
Receive the access request that needs checking DLNA equipment to initiate;
Adopt HTTP expansion identity protocols authentication HTTP-EAP mode, to the described identity that needs checking DLNA equipment of Authentication server radius authentication.
In such scheme, described access request is HTTP GET/POST request.
In such scheme, described employing HTTP-EAP mode to the described identity that needs checking DLNA equipment of radius authentication, comprising:
Obtain the described identity information that needs checking DLNA equipment;
Local RADIUS addresses inquires to calculating to described identity information, and the inquiry result of calculation that will obtain is assembled into EAP and addresses inquires to EAP Challenge message, returns to the described checking DLNA equipment that needs;
The described checking DLNA equipment that needs is addressed inquires to calculating based on described EAP Challenge message, and the inquiry result of calculation that will obtain is returned;
Local RADIUS is with the described inquiry result of calculation that needs checking DLNA equipment to return, and the inquiry result of calculation that obtains with self compares, if consistent, then obtains the result of authentication success, if inconsistent, then obtains the result of authentication failure.
In such scheme, described employing HTTP-EAP mode to the described identity that needs checking DLNA equipment of radius authentication, comprising:
Obtain the described identity information that needs checking DLNA equipment, and send to the RADIUS that is positioned at the strange land;
Described RADIUS addresses inquires to calculating to described identity information, and the inquiry result of calculation that will obtain is assembled into EAP Challenge message and returns;
The described EAP Challenge message that described RADIUS is returned is transmitted to the described checking DLNA equipment that needs;
The described checking DLNA equipment that needs is addressed inquires to calculating based on described EAP Challenge message, and the inquiry result of calculation that will obtain is returned;
The described inquiry result of calculation that needs checking DLNA equipment to return is transmitted to described RADIUS;
Described RADIUS is with the described inquiry result of calculation that needs checking DLNA equipment to return, and the inquiry result of calculation that obtains with self compares, if consistent, then obtains the result of authentication success, if inconsistent, then obtains the result of authentication failure;
Receive the authentication result that described RADIUS returns.
In such scheme, obtain the described identity information that needs checking DLNA equipment, comprising:
To the described identity request Request Identity message that needs checking DLNA equipment to send EAP;
The described checking DLNA equipment that needs returns the identity response Response Identity message that self identity information is assembled into EAP;
Receive the described Response Identity message that needs checking DLNA EAP that equipment returns.
In such scheme, after the identity of the described need checking of checking DLNA equipment, described method also comprises:
According to the described result who needs checking DLNA equipment identities of checking, need whether to be allowed the result of checking DLNA device access self, and returned to the described checking DLNA equipment that needs.
In such scheme, described according to the described result who needs checking DLNA equipment identities of checking, need whether to be allowed the result of checking DLNA device access self, comprising:
Forbid the described checking DLNA device access that needs if verify the described result who needs checking DLNA equipment identities for authentication success and/or current showing without any setting, then obtain allowing the described result who needs checking DLNA equipment to conduct interviews; Allow the described checking DLNA device access that needs if verify the described result who needs checking DLNA equipment identities for authentication failure and/or current showing without any setting, then do not allowed the described result that verify that DLNA equipment conducts interviews of needing.
The present invention also provides a kind of device that carries out authentication for the DLNA network, and described device comprises:
Receiving element is used for receiving the access request that needs checking DLNA equipment to initiate;
Authentication unit is used for adopting the HTTP-EAP mode, to the described identity that needs checking DLNA equipment of radius authentication.
In such scheme, described authentication unit comprises:
Acquisition module is used for obtaining the described identity information that needs checking DLNA equipment;
Forwarding module, the identity information that is used for described acquisition module is obtained sends to described RADIUS, the EAP Challenge message that described RADIUS is returned is transmitted to the described checking DLNA equipment that needs, and the described inquiry result of calculation that needs checking DLNA equipment to return is sent to described RADIUS;
Receiver module is used for receiving the authentication result that described RADIUS returns.
In such scheme, described device also comprises: whether determining unit for the result who obtains according to authentication unit, need is allowed the result of checking DLNA device access self, and is returned to the described checking DLNA equipment that needs.
In such scheme, described device is the DLNA equipment with digital media server DMS and/or the renderer DMR of Digital Media.
In such scheme, described need checking DLNA equipment be the DLNA equipment with the controller DMC/ of Digital Media digital media player DMP/DMR.
The present invention also provides a kind of system that carries out authentication for the DLNA network, it is characterized in that described system comprises: as each described device of claim 8 to 11.
In such scheme, described system also comprises: the independent described RADIUS that disposes or be aggregated in described RADIUS on the described device.
In such scheme, described system also comprises as each described checking DLNA equipment that needs of claim 8 to 12.
Carry out the method for authentication and device, system in the DLNA network provided by the invention, when receiving the access request that needs the initiation of checking DLNA equipment, adopt the HTTP-EAP mode, to the described identity that needs checking DLNA equipment of Authentication server (RADIUS) checking, make that the DLNA equipment in the DLNA network can be before other DLNA device accesses self, other DLNA equipment are carried out authentication, thereby guarantee user's multi-medium data safety and personal secrets.
In addition, the present invention adopts the HTTP-EAP mode to realize authentication, more safer than the common authentication of traditional HTTP (HTTP Basic Auth) and HTTP abstract authentication (HTTP Digest Auth), can avoid the transmission of clear-text passwords and the fragility problem of MD5.
Description of drawings
Fig. 1 is for carrying out the realization flow figure of the method for authentication in the DLNA network of the present invention;
Fig. 2 is for carrying out the schematic diagram of authentication specific implementation flow process in the embodiment of the invention one DLNA network;
Fig. 3 is for carrying out the schematic diagram of authentication specific implementation flow process in the embodiment of the invention two DLNA networks.
Embodiment
Basic thought of the present invention is: adopt HTTP expansion identity protocols authentication (HTTP-EAP) mode that the various DLNA equipment that are linked in the DLNA network are carried out authentication, guarantee the safety of privacy of user and the access security of digital media content.
The method of carrying out authentication in the DLNA network of the present invention as shown in Figure 1, mainly can comprise the steps:
Step 101: receive the access request that needs checking DLNA equipment to initiate;
Here, described access request specifically can be HTTP GET/POST request.
Step 102: adopt the HTTP-EAP mode, to the described identity that needs checking DLNA equipment of radius authentication.
Accordingly, the present invention also provides a kind of device that carries out authentication for the DLNA network, and described device comprises: receiving element is used for receiving the access request that needs checking DLNA equipment to initiate; Authentication unit is used for adopting the HTTP-EAP mode, to the described identity that needs checking DLNA equipment of radius authentication.
In the practical application, a DLNA can comprise: device types such as DMS, DMR, DMC and DMP.Wherein, DMC can also be divided into two kinds: media server control point (MSCP) and media renderer control point (MRCP), DMP is equivalent to DMC in the DLNA network, therefore DMP can be used as a kind of special DMC, more two or more device types can be aggregated on the some concrete DLNA equipment, for example, DLNA TV and PC can occur with at least a device types such as DMR/DMP/DMC simultaneously.Under concrete condition, other combination can also be arranged.Here, described device is the DLNA equipment with DMS and/or DMR.Described need checking DLNA equipment be the DLNA equipment with DMC/DMP/DMR.RADIUS can independently dispose, and also can be aggregated to have the described device that carries out authentication for the DLNA network.Particularly, the DLNA equipment with DMS can have the identity of the DLNA equipment of DMC/DMP/DMR by radius authentication, and the DLNA equipment with DMR has the identity of the DLNA equipment of DMC/DMP by radius authentication.
Described RADIUS be aggregated in have described when carrying out the device of authentication for the DLNA network, described employing HTTP-EAP mode, to the described identity that needs checking DLNA equipment of Authentication server (RADIUS) checking, can comprise: obtain the described identity information that needs checking DLNA equipment; Local RADIUS addresses inquires to calculating to described identity information, and the inquiry result of calculation that will obtain is assembled into expansion identity protocols authentication (EAP) and addresses inquires to (Challenge) message, returns to the described checking DLNA equipment that needs; The described checking DLNA equipment that needs is addressed inquires to calculating based on described EAP Challenge message, and the inquiry result of calculation that will obtain is returned; Local RADIUS is with the described inquiry result of calculation that needs checking DLNA equipment to return, and the inquiry result of calculation that obtains with self compares, if consistent, then obtains the result of authentication success, if inconsistent, then obtains the result of authentication failure.
When described RADIUS is independent the deployment, described employing HTTP-EAP mode, to the described identity that needs checking DLNA equipment of Authentication server (RADIUS) checking, can comprise: obtain the described identity information that needs checking DLNA equipment, and send to the RADIUS that is positioned at the strange land; Described RADIUS addresses inquires to calculating to described identity information, and the inquiry result of calculation that will obtain is assembled into EAP Challenge message and returns; The described EAP Challenge message that described RADIUS is returned is transmitted to the described checking DLNA equipment that needs; The described checking DLNA equipment that needs is addressed inquires to calculating based on described EAP Challenge message, and the inquiry result of calculation that will obtain is returned; The described inquiry result of calculation that needs checking DLNA equipment to return is transmitted to described RADIUS; Described RADIUS is with the described inquiry result of calculation that needs checking DLNA equipment to return, and the inquiry result of calculation that obtains with self compares, if consistent, then obtains the result of authentication success, if inconsistent, then obtains the result of authentication failure; Receive the authentication result that described RADIUS returns.
Accordingly, described authentication unit can comprise: acquisition module is used for obtaining the described identity information that needs checking DLNA equipment; Forwarding module, the identity information that is used for described acquisition module is obtained sends to described RADIUS, the EAP Challenge message that described RADIUS is returned is transmitted to the described checking DLNA equipment that needs, and the described inquiry result of calculation that needs checking DLNA equipment to return is sent to described RADIUS; Receiver module is used for receiving the authentication result that described RADIUS returns.
After the described identity that needs checking DLNA equipment of checking, described method also comprises: according to the described result who needs checking DLNA equipment identities of checking, need whether to be allowed the result of checking DLNA device access self, and return to the described checking DLNA equipment that needs.
Particularly, forbid the described checking DLNA device access that needs if verify the described result who needs checking DLNA equipment identities for authentication success and/or current showing without any setting, then obtain allowing the described result who needs checking DLNA equipment to conduct interviews; Allow the described checking DLNA device access that needs if verify the described result who needs checking DLNA equipment identities for authentication failure and/or current showing without any setting, then do not allowed the described result that verify that DLNA equipment conducts interviews of needing.
Accordingly, described device also comprises: whether determining unit for the result who obtains according to authentication unit, need is allowed the result of checking DLNA device access self, and is returned to the described checking DLNA equipment that needs.
In addition, the present invention also provides a kind of system that carries out authentication for the DLNA network, and described system comprises the above-mentioned device that carries out authentication for the DLNA network.
Here, this system also comprises the independent RADIUS that disposes or is aggregated in described RADIUS on the described device that this RADIUS is used for carrying out authentication.This system also comprises above-mentioned need checking DLNA equipment.
Embodiment one
As shown in Figure 2, the specific implementation flow process of carrying out authentication in the present embodiment DLNA network can comprise the steps:
Step 201: the DLNA equipment in the DLNA network (as, DLMA equipment with DMC/DMR) need visit the 2nd DLNA equipment (as, DLMA equipment with DMR/DMS) some resource on or ask some when service, a DLNA equipment is initiated HTTP GET/POST request to the 2nd DLNA equipment;
Step 202: the 2nd DLNA equipment receives described HTTP GET/POST request, enable the authentication function, after identity request (Request Identity) message of EAP carried out BASE64 coding, be encapsulated into HTTP 401 not in the WWW-Authenticate header fields of authentication (HTTP 401Unauthorized) message (HTTP (RFC2613) definition a standard message head), and send described HTTP401 Unauthorized message to a DLNA equipment, the identity information of acquisition request the one DLNA equipment;
Step 203: a DLNA equipment receives described HTTP 401Unauthorized message, self identity information is assembled into identity response (Response Identity) message of EAP, carry out being put in the Authorization header fields (a standard message head of HTTP (RFC2613) definition) of HTTP-EAP message behind the BASE64 coding, and send described HTTP-EAP message to the 2nd DLNA equipment;
Step 204: the 2nd DLNA equipment receives described HTTP-EAP message, gets access to the Response Identity message of described EAP, if RADIUS then directly carry out step 205 on the 2nd DLNA equipment; Otherwise the 2nd DLNA equipment adopts radius protocol to pass through RADIUS after the Response Identity message of described EAP is carried out the BASE64 decoding, carry out step 205 again;
For example, the 2nd DLNA equipment can be put into the ResponseIdentity message of the decoded described EAP of BASE64 in the Access-Request message and send to RADIUS.
Step 205:RADIUS verifies that the identity information of a DLNA equipment in the Response Identity message of described EAP is legal, then the identity information of a DLNA equipment is addressed inquires to calculating, the inquiry result of calculation that obtains is assembled into EAP Challenge message, if RADIUS then directly carry out step 206 on the 2nd DLNA equipment; Otherwise, RADIUS is put into described EAP Challenge message in access-challenge (Access-Challenge) message and sends to the 2nd DLNA equipment, the 2nd DLNA equipment receives described Access-Challenge message and extracts described EAP Challenge message, carry out step 206 again;
Step 206: the 2nd DLNA equipment carries out being put in the WWW-Authenticate header fields of HTTP-EAP 401Unauthorized message behind the BASE64 coding to the described EAP Challenge message that gets access to, and described HTTP-EAP 401Unauthorized message is sent to a DLNA equipment;
Step 207: a DLNA equipment receives described HTTP-EAP 401Unauthorized message, therefrom extract described EAP Challenge message, address inquires to calculating based on the described EAP Challenge message of extracting, the inquiry result of calculation that obtains is assembled into the challenge response of EAP, and carry out putting into behind the BASE64 coding Authorization header fields of HTTP-EAP message, described HTTP-EAP message is sent to the 2nd DLNA equipment;
For example, described inquiry is calculated and can is: MD5-HASH computing, A3/A8/AKA computing etc.
Step 208: after the 2nd DLNA equipment receives described HTTP-EAP message, from its Authorization header fields, extract the challenge response of described EAP, if RADIUS then directly carry out step 209 on the 2nd DLNA equipment; Otherwise the 2nd DLNA equipment is encapsulated into the challenge response of described EAP in access response (Access-Request) message of radius protocol and sends to RADIUS, carry out step 209 again;
Step 209:RADIUS obtains the challenge response of described EAP, extract the inquiry result of calculation that a described DLNA equipment obtains, and the inquiry result of calculation that a described DLNA equipment is obtained with compare from the inquiry result of calculation that in step 205, obtains, if it is consistent, then address inquires to successfully, indication authentication success, can authorize user's visit, if RADIUS is on the 2nd DLNA equipment, then directly carry out step 210, otherwise RADIUS carry out step 210 after sending acceptance access (Access-Accept) message to the 2nd DLNA equipment again; If it is inconsistent, then address inquires to failure, indication authentication failure, the prompting user identity has problem, do not advise the granted access resource, if RADIUS then directly carry out step 210 on the 2nd DLNA equipment, otherwise RADIUS carries out step 210 again and sends message after sending refusal access (Access-Reject) message to the 2nd DLNA equipment;
Step 210: whether the 2nd DLNA equipment determines to allow a DLNA equipment that the content of multimedia of self sharing is conducted interviews according to the checking result of RADIUS; If allow, then return HTTP 200OK message and give a DLNA equipment, the words of authentication success this moment, can also in the WWW-Authenticate header fields of described HTTP 200OK message, carry eap authentication success (EAP-SUCCESS) message, indicate a DLNA equipment by authentication; If do not allow, return HTTP 403 inhibition request (HTTP 403Forbidden) message and give a DLNA equipment, the words of authentication failure this moment, can also in the WWW-Authenticate header fields of described HTTP 403Forbidden message, carry eap authentication failure (EAP-FAILURE) message, indicate a DLNA equipment not by authentication and authentication failure cause, current flow process finishes.
Here, the 2nd DLNA equipment is according to the checking result of RADIUS, determine whether to allow a DLNA equipment that the content of multimedia of self sharing is conducted interviews, can comprise: if the checking result of RADIUS forbids a DLNA device access at authentication success and/or current showing without any special setting, then allow a DLNA equipment that the content of multimedia of self sharing is conducted interviews; If the checking result of RADIUS fails for authentication and/or current showing without any special setting allows a DLNA device access, then do not allow a DLNA equipment that the content of multimedia of self sharing is conducted interviews.So, even the radius authentication failure, the user also can allow certain DLNA equipment to conduct interviews by the WEB configuration as required.
Because the otherness of eap authentication process, the inquiry stage of above-mentioned HTTP-EAP process (being that step 204 is to step 208) can occur repeatedly, and the user can dispose by WEB, changes the EAP identifying procedure of the 2nd DLNA equipment as required.
In the DLNA network, when between DLNA equipment, initiating HTTP GET/POST request, need carry out above-mentioned authentication.For same http session, after successfully by authentication, do not need to carry out again above-mentioned authentication when initiating HTTP GET/POST request between the DLNA equipment again, otherwise the each HTTP of initiation GET/POST asks to need to carry out above-mentioned identity re-examination card between the DLNA equipment.
Embodiment two
Below browse the media content of DMS and be example in the process that DMR plays described media content with DMC, the application of carrying out auth method in the DLNA network of the present invention is elaborated.In the present embodiment, do not consider the situation of DLNA device aggregation, DLNA comprises the DLNA equipment 1 with DMC, has the DLNA equipment 2 of DMS, has the DLNA equipment 3 of DMR, and DMP is as special DMC, i.e. MSCP, and therefore, DLNA equipment 1 also has DMP.
As shown in Figure 3, DMC browses the media content of DMS and the process of playing described media content at DMR, specifically can comprise:
Step 301: in the device discovery stage, the DLNA equipment 1 that has DMS in the DLNA network is communicated by letter with broadcast mechanism by SSDP agreement, employing IP multicast with the DLNA equipment 3 with DMR, DLNA equipment 1 sends the M-SEARCH multicast message of SSDP agreement in DLNA, have the DLNA equipment of DMS in the current DLNA network of active searching;
The DLNA equipment 2 that has DMS in the step 302:DLNA network returns response message to DLNA equipment 1, informs the device descriptive information position of DLNA equipment 1 oneself;
Step 303:DLNA equipment 1 sends HTTP GET request to DLNA equipment 2, obtains device descriptive information and the business description information of DMS in the DLNA equipment 2;
Here, step 303 specifically comprises following two sub-steps:
Step 303a: after getting access to the device descriptive information position of DLNA equipment 2, send HTTP GET request to DLNA equipment 2, the device descriptive information of DMS in the acquisition request DLNA equipment 2, DLNA equipment 2 receives described HTTP GET request, carry out above-mentioned HTTP-EAP authentication shown in Figure 2, if allow DLNA equipment 1 visit self, then DLNA equipment 1 obtains the device descriptive information of its DMS from DLNA equipment 2, and continuation step 303b, if do not allow DLNA equipment 1 visit self, then stop the current flow process in back, like this, can prevent unwarranted DLNA device access user's DMS resource, also meet corresponding DLNA standard;
Step 303b:DLNA equipment 1 is further initiated HTTP GET request, the business description information of DMS in the acquisition request DLNA equipment 2 to DLNA equipment 2 based on the device descriptive information of DMS in the DLNA equipment 2; DLNA equipment 2 receives described HTTP GET request, verify whether the HTTP GET request that receives among this HTTP GET request and the step 303a is same transmission control protocol (TCP, Transmission Control Protocol) connects, if, then do not need to verify again the identity of DLNA equipment 1, directly allow DLNA equipment 1 visit self, DLNA equipment 1 obtains the business description information of its DMS from DLNA equipment 2, and continuation step 305, if not, then need to verify again the identity of DLNA equipment 1, carry out above-mentioned HTTP-EAP authentication shown in Figure 2, if allow DLNA equipment 1 visit self, then DLNA equipment 1 obtains the business description information of its DMS from DLNA equipment 2, and continue step 304, if do not allow DLNA equipment 1 visit self, then stop the current flow process in back;
Step 304:DLNA equipment 1 sends the M-SEARCH multicast message of SSDP agreement in DLNA, have the DLNA equipment of DMR in the search DLNA network;
The DLNA equipment 3 that has DMR in the step 305:DLNA network returns response message to DLNA equipment 1, to the existence of DLNA equipment 1 announcement oneself and the device descriptive information position of self;
Step 306:DLNA equipment 1 sends HTTP GET request to DLNA equipment 3, obtains device descriptive information and the business description information of DMR in the DLNA equipment 3;
Here, step 306 specifically comprises following two sub-steps:
After step 306a:DLNA equipment 1 gets access to the device descriptive information position of DLNA equipment 3, send HTTP GET request to DLNA equipment 3, the device descriptive information of DMR in the acquisition request DLNA equipment 3, DLNA equipment 3 receives described HTTP GET request, carry out above-mentioned HTTP-EAP authentication shown in Figure 2, if allow DLNA equipment 1 visit self, then DLNA equipment 1 obtains the device descriptive information of its DMR from DLNA equipment 3, and continuation step 306b, if do not allow DLNA equipment 1 visit self, then stop the current flow process in back; Like this, can prevent unwarranted DLNA device access user's DMS resource, also meet corresponding DLNA standard;
Step 306b:DLNA equipment 1 is further initiated HTTP GET request, the business description information of DMR in the acquisition request DLNA equipment 3 to DLNA equipment 3 based on the device descriptive information of DMR in the DLNA equipment 3; DLNA equipment 3 receives described HTTP GET request, verify whether the HTTP GET that receives among this HTTP GET request and the step 306a asks is that same TCP is connected, if, then do not need to verify again the identity of DLNA equipment 1, directly allow DLNA equipment 1 visit self, DLNA equipment 1 obtains the business description information of its DMR from DLNA equipment 3, and continuation step 305, if not, then need to verify again the identity of DLNA equipment 1, carry out above-mentioned HTTP-EAP authentication shown in Figure 2, if allow DLNA equipment 1 visit self, then DLNA equipment 1 obtains the business description information of its DMR from DLNA equipment 3, and continues step 307, if do not allow DLNA equipment 1 visit self, then stop the current flow process in back;
Step 307: after finishing device discovery and device description, need control and show equipment, DLNA equipment 1 sends HTTP POST request to DLNA equipment 2,2 pairs of DLNA equipment 1 of DLNA equipment carry out the HTTP-EAP authentication again, if allow 1 visit of DLNA equipment, then continue step 308, if do not allow 1 visit of DLNA equipment, then stop the current flow process in back;
Here, when 2 pairs of DLNA equipment 1 of DLNA equipment carry out the HTTP-EAP authentication again, can at first use the quick re-authentication of EAP, if re-authentication passes through fast, then allow 1 visit of DLNA equipment, otherwise carry out HTTP-EAP authentication process itself shown in Figure 2, carry out authentication again.
According to various EAP methods, heavily demonstration is all not quite identical fast, has document separately to define.In principle, re-authentication utilizes the information of aforementioned EAP verification process fast, reduces message interaction and accelerates the authentication processing process.Here, the quick re-authentication of EAP is this area a kind of technology commonly used, and based on EAP verification process shown in Figure 2, those skilled in the art can directly obtain corresponding re-authentication process fast, repeat no more.
The WEB SERVICESOAP operation that step 308:DLNA equipment 1 provides by DMS in the DLNA equipment 2, DMS in the control DLNA equipment 2, obtain self interested content in music/picture/content of multimedia such as video that DMS shares from obtain DLNA equipment 2, and be put into that DMP plays or control DMR plays;
Step 309:DLNA equipment 1 sends HTTP POST request to DLNA equipment 3, in order to obtain the control mandate of DMR in the DLNA equipment 3,3 pairs of DLNA equipment 1 of DLNA equipment carry out the HTTP-EAP authentication again, if allow DLNA equipment 1 visit self, then continue step 310, if do not allow DLNA equipment 1 visit self, then stop the current flow process in back;
Here, the specific implementation process of this step is similar to step 307, repeats no more.
The content of multimedia that step 310:DLNA equipment 1 obtains in step 308 by the broadcast of DMR in the HTTP POST operation control DLNA equipment 3;
Step 311:DLNA equipment 3 sends HTTP GET request to DLNA equipment 2, the content of multimedia that DMS shares in the acquisition request DLNA equipment 2 is to play, the HTTP-EAP authentication that 2 pairs of DLNA equipment of DLNA equipment 3 carry out as shown in Figure 2 has the mandate of the shared content of DMS in the visit DLNA equipment 2 to guarantee DLNA equipment 3; If allow DLNA equipment 3 visits self, then continue step 312, if do not allow DLNA equipment 3 visits self, then stop the current flow process in back;
DMR in the step 312:DLNA equipment 3 begins to carry out the HTTP streaming video and plays.Here, can realize the control of whole playing progress rate, for example time-out, redirect, develop again, stop, next, operation such as last.
In the practical application, if there is the DLNA equipment that may have DMR and DMS simultaneously in the DLNA network, namely DLNA equipment 3 and DLNA equipment 2 may be same DLNA equipment in the above-mentioned flow process.At this moment, if DLNA equipment 3 and DLNA equipment 2 are same DLNA equipment, the DLNA equipment of the DMS that namely has is identical with its IP address of the DLNA equipment of the DMR that has or belong to same root device, and then the authentication in step 306, the step 309 and step 309 can be saved.
The above is preferred embodiment of the present invention only, is not for limiting protection scope of the present invention.
Claims (15)
1. the method for carrying out authentication in the DLNA DLNA network is characterized in that described method comprises:
Receive the access request that needs checking DLNA equipment to initiate;
Adopt HTTP expansion identity protocols authentication HTTP-EAP mode, to the described identity that needs checking DLNA equipment of Authentication server radius authentication.
2. according to the method for carrying out authentication in the described DLNA network of claim 1, it is characterized in that described access request is HTTP GET/POST request.
3. according to the method for carrying out authentication in the described DLNA network of claim 1, it is characterized in that described employing HTTP-EAP mode to the described identity that needs checking DLNA equipment of radius authentication, comprising:
Obtain the described identity information that needs checking DLNA equipment;
Local RADIUS addresses inquires to calculating to described identity information, and the inquiry result of calculation that will obtain is assembled into EAP and addresses inquires to EAP Challenge message, returns to the described checking DLNA equipment that needs;
The described checking DLNA equipment that needs is addressed inquires to calculating based on described EAP Challenge message, and the inquiry result of calculation that will obtain is returned;
Local RADIUS is with the described inquiry result of calculation that needs checking DLNA equipment to return, and the inquiry result of calculation that obtains with self compares, if consistent, then obtains the result of authentication success, if inconsistent, then obtains the result of authentication failure.
4. according to the method for carrying out authentication in the described DLNA network of claim 1, it is characterized in that described employing HTTP-EAP mode to the described identity that needs checking DLNA equipment of radius authentication, comprising:
Obtain the described identity information that needs checking DLNA equipment, and send to the RADIUS that is positioned at the strange land;
Described RADIUS addresses inquires to calculating to described identity information, and the inquiry result of calculation that will obtain is assembled into EAP Challenge message and returns;
The described EAP Challenge message that described RADIUS is returned is transmitted to the described checking DLNA equipment that needs;
The described checking DLNA equipment that needs is addressed inquires to calculating based on described EAP Challenge message, and the inquiry result of calculation that will obtain is returned;
The described inquiry result of calculation that needs checking DLNA equipment to return is transmitted to described RADIUS;
Described RADIUS is with the described inquiry result of calculation that needs checking DLNA equipment to return, and the inquiry result of calculation that obtains with self compares, if consistent, then obtains the result of authentication success, if inconsistent, then obtains the result of authentication failure;
Receive the authentication result that described RADIUS returns.
5. according to the method for carrying out authentication in claim 3 or the 4 described DLNA networks, it is characterized in that, obtain the described identity information that needs checking DLNA equipment, comprising:
To the described identity request Request Identity message that needs checking DLNA equipment to send EAP;
The described checking DLNA equipment that needs returns the identity response Response Identity message that self identity information is assembled into EAP;
Receive the described Response Identity message that needs checking DLNA EAP that equipment returns.
6. according to the method for carrying out authentication in each described DLNA network of claim 1 to 4, it is characterized in that after the identity of the described need checking of checking DLNA equipment, described method also comprises:
According to the described result who needs checking DLNA equipment identities of checking, need whether to be allowed the result of checking DLNA device access self, and returned to the described checking DLNA equipment that needs.
7. according to the method for carrying out authentication in the described DLNA network of claim 6, it is characterized in that, described according to the described result who needs checking DLNA equipment identities of checking, need whether to be allowed the result of checking DLNA device access self, comprising:
Forbid the described checking DLNA device access that needs if verify the described result who needs checking DLNA equipment identities for authentication success and/or current showing without any setting, then obtain allowing the described result who needs checking DLNA equipment to conduct interviews; Allow the described checking DLNA device access that needs if verify the described result who needs checking DLNA equipment identities for authentication failure and/or current showing without any setting, then do not allowed the described result that verify that DLNA equipment conducts interviews of needing.
8. one kind is used for the device that the DLNA network carries out authentication, it is characterized in that described device comprises:
Receiving element is used for receiving the access request that needs checking DLNA equipment to initiate;
Authentication unit is used for adopting the HTTP-EAP mode, to the described identity that needs checking DLNA equipment of radius authentication.
9. the described device that carries out authentication for the DLNA network according to Claim 8 is characterized in that described authentication unit comprises:
Acquisition module is used for obtaining the described identity information that needs checking DLNA equipment;
Forwarding module, the identity information that is used for described acquisition module is obtained sends to described RADIUS, the EAP Challenge message that described RADIUS is returned is transmitted to the described checking DLNA equipment that needs, and the described inquiry result of calculation that needs checking DLNA equipment to return is sent to described RADIUS;
Receiver module is used for receiving the authentication result that described RADIUS returns.
10. the described device that carries out authentication for the DLNA network according to Claim 8, it is characterized in that, described device also comprises: determining unit, for the result who obtains according to authentication unit, need whether to be allowed the result of checking DLNA device access self, and returned to the described checking DLNA equipment that needs.
11. the described device that carries out authentication for the DLNA network is characterized in that described device is the DLNA equipment with digital media server DMS and/or the renderer DMR of Digital Media according to Claim 8.
12. the described device that carries out authentication for the DLNA network is characterized in that according to Claim 8, described to need checking DLNA equipment be the DLNA equipment with the controller DMC/ of Digital Media digital media player DMP/DMR.
13. one kind is used for the system that the DLNA network carries out authentication, it is characterized in that described system comprises: as each described device of claim 8 to 11.
14. according to the described system that carries out authentication for the DLNA network of claim 13, it is characterized in that described system also comprises: the independent described RADIUS that disposes or be aggregated in described RADIUS on the described device.
15., it is characterized in that described system also comprises as each described checking DLNA equipment that needs of claim 8 to 12 according to the described system that carries out authentication for the DLNA network of claim 13.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100322699A CN103248616A (en) | 2012-02-14 | 2012-02-14 | Method, device and system for identity verification in DLNA (digital living network alliance) network |
| PCT/CN2012/075759 WO2013120328A1 (en) | 2012-02-14 | 2012-05-18 | Method, apparatus and system for identity authentication in dlna network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100322699A CN103248616A (en) | 2012-02-14 | 2012-02-14 | Method, device and system for identity verification in DLNA (digital living network alliance) network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103248616A true CN103248616A (en) | 2013-08-14 |
Family
ID=48927839
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012100322699A Pending CN103248616A (en) | 2012-02-14 | 2012-02-14 | Method, device and system for identity verification in DLNA (digital living network alliance) network |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN103248616A (en) |
| WO (1) | WO2013120328A1 (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103686436A (en) * | 2013-12-27 | 2014-03-26 | 乐视致新电子科技(天津)有限公司 | Television and method and device for acquiring shared file in DLNA (Digital Living Network Alliance) equipment |
| CN105323125A (en) * | 2014-07-25 | 2016-02-10 | 中兴通讯股份有限公司 | Cross-family network processing method, HTTP gateway, DLNA (digital living network alliance) apparatus |
| CN106031121A (en) * | 2014-05-29 | 2016-10-12 | 华为技术有限公司 | Media content sharing method and apparatus |
| CN107689964A (en) * | 2017-09-28 | 2018-02-13 | 深圳市友华通信技术有限公司 | The method of flush type WEB server anti-replay-attack |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217367A (en) * | 2007-01-04 | 2008-07-09 | 中国移动通信集团公司 | An operation right judgment system and method realized by introducing right judgment client end |
| CN101335647A (en) * | 2008-07-24 | 2008-12-31 | 中兴通讯股份有限公司 | Family network access method and family network management system |
| EP2194691A1 (en) * | 2008-12-02 | 2010-06-09 | General instrument Corporation | Remote access of protected internet protocol (IP)-based content over an IP multimedia subsystem (IMS)-based network |
| CN101764788A (en) * | 2008-12-23 | 2010-06-30 | 迈普通信技术股份有限公司 | Safe access method based on extended 802.1x authentication system |
| EP2249518A1 (en) * | 2009-05-04 | 2010-11-10 | Comcast Cable Communications, LLC | Personalized media server in a service provider network |
-
2012
- 2012-02-14 CN CN2012100322699A patent/CN103248616A/en active Pending
- 2012-05-18 WO PCT/CN2012/075759 patent/WO2013120328A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217367A (en) * | 2007-01-04 | 2008-07-09 | 中国移动通信集团公司 | An operation right judgment system and method realized by introducing right judgment client end |
| CN101335647A (en) * | 2008-07-24 | 2008-12-31 | 中兴通讯股份有限公司 | Family network access method and family network management system |
| EP2194691A1 (en) * | 2008-12-02 | 2010-06-09 | General instrument Corporation | Remote access of protected internet protocol (IP)-based content over an IP multimedia subsystem (IMS)-based network |
| CN101764788A (en) * | 2008-12-23 | 2010-06-30 | 迈普通信技术股份有限公司 | Safe access method based on extended 802.1x authentication system |
| EP2249518A1 (en) * | 2009-05-04 | 2010-11-10 | Comcast Cable Communications, LLC | Personalized media server in a service provider network |
Non-Patent Citations (1)
| Title |
|---|
| 张岩: "SIP协议及其安全机制的研究与实现", 《中国优秀硕士学位论文全文数据库》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103686436A (en) * | 2013-12-27 | 2014-03-26 | 乐视致新电子科技(天津)有限公司 | Television and method and device for acquiring shared file in DLNA (Digital Living Network Alliance) equipment |
| CN106031121A (en) * | 2014-05-29 | 2016-10-12 | 华为技术有限公司 | Media content sharing method and apparatus |
| US10547993B2 (en) | 2014-05-29 | 2020-01-28 | Huawei Technologies Co., Ltd. | Media content sharing method and apparatus |
| CN106031121B (en) * | 2014-05-29 | 2020-09-08 | 华为技术有限公司 | Media content sharing method and device |
| CN105323125A (en) * | 2014-07-25 | 2016-02-10 | 中兴通讯股份有限公司 | Cross-family network processing method, HTTP gateway, DLNA (digital living network alliance) apparatus |
| CN107689964A (en) * | 2017-09-28 | 2018-02-13 | 深圳市友华通信技术有限公司 | The method of flush type WEB server anti-replay-attack |
| CN107689964B (en) * | 2017-09-28 | 2020-10-23 | 深圳市友华通信技术有限公司 | Method for preventing replay attack of embedded WEB server |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2013120328A1 (en) | 2013-08-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10873580B2 (en) | System and method for delegated authentication and authorization | |
| CN1172485C (en) | Remote control of networked information household electrical appliances and safety authentication device as well as method | |
| US9413762B2 (en) | Asynchronous user permission model for applications | |
| US8276194B2 (en) | Methods and systems for user authentication | |
| CN101523801A (en) | UPnP authentication and authorization | |
| US9549318B2 (en) | System and method for delayed device registration on a network | |
| US20120137315A1 (en) | System for monetizing resources accessible to a mobile device server | |
| CN103067340A (en) | Authentication method for remote control network information domestic appliance, and system and internet domestic gateway | |
| US20100145859A1 (en) | Control device, reproducing device, permission server, method for controlling control device, method for controlling reproducing device, and method for controlling permission server | |
| WO2012058896A1 (en) | Method and system for single sign-on | |
| JP2013509123A (en) | System and method for accessing private digital content | |
| CN104683320A (en) | Home network multimedia content sharing access control method and device | |
| US20160057141A1 (en) | Network system comprising a security management server and a home network, and method for including a device in the network system | |
| CN103248616A (en) | Method, device and system for identity verification in DLNA (digital living network alliance) network | |
| CN117939209A (en) | Methods, systems, and media for presenting media content items using multiple devices | |
| WO2012126299A1 (en) | Combined authentication system and authentication method | |
| KR20130078842A (en) | Recording medium, server for 2-factor authentication use of image code and one time password | |
| KR102558821B1 (en) | System for authenticating user and device totally and method thereof | |
| CN101742507B (en) | System and method for accessing Web application site for WAPI terminal | |
| JP2009211529A (en) | Authentication processing device, authentication processing method and authentication processing program | |
| Yeh et al. | A robust NFC-based personalized IPTV service system | |
| CN101990771A (en) | Service reporting | |
| Alsaffar et al. | IPTV Service Framework Based on Secure Authentication and Lightweight Content Encryption for Screen‐Migration in Cloud Computing | |
| US11943349B2 (en) | Authentication through secure sharing of digital secrets previously established between devices | |
| US12074865B1 (en) | Techniques for signing into a user account using a trusted client device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130814 |
|
| RJ01 | Rejection of invention patent application after publication |