EP2484056A1 - Service contracting by means of upnp - Google Patents

Service contracting by means of upnp

Info

Publication number
EP2484056A1
EP2484056A1 EP10759636A EP10759636A EP2484056A1 EP 2484056 A1 EP2484056 A1 EP 2484056A1 EP 10759636 A EP10759636 A EP 10759636A EP 10759636 A EP10759636 A EP 10759636A EP 2484056 A1 EP2484056 A1 EP 2484056A1
Authority
EP
European Patent Office
Prior art keywords
service
services
subscription
user
control point
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP10759636A
Other languages
German (de)
French (fr)
Inventor
José Manuel PALACIOS VALVERDE
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telefonica SA
Original Assignee
Telefonica SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonica SA filed Critical Telefonica SA
Publication of EP2484056A1 publication Critical patent/EP2484056A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2807Exchanging configuration information on appliance services in a home automation network
    • H04L12/2809Exchanging configuration information on appliance services in a home automation network indicating that an appliance service is present in a home automation network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2816Controlling appliance services of a home automation network by calling their functionalities
    • H04L12/2821Avoiding conflicts related to the use of home appliances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Definitions

  • Figure 1 shows the existence of a UPnP device referred to as subscription server in charge of offering the subscription control points the possibility of the user contracting services, which can be both UPnP services and non-UPnP services.
  • a UPnP device called a media server and another non-UPnP device called a game server, in which the services that must be implemented in order to be able to offer services in one subscription type are located.
  • Clients for non-UPnP services (Example: game client): For the case of non-UPnP services, they will normally have a particular client, such as, for example, a client of an online game service, or a more standardized client, such as a web browser. In both cases, the requirement that is applied for clients of this type is that they must be able to capture the credentials of the user and use them to be authenticated in the service.
  • the DeviceSecurity Service verifies the credentials received in the Login action against an external authentication server. It is assumed that the credentials are correct and the system continues.
  • the services which can be subscribed to by the user and which are offered by means of UPnP technology will be made up of one or several UPnP services. For those services which are not offered by means of UPnP services, the previous relationship will not exist. On the other hand, when a user subscribes to a service a relationship is generated between said user and the subscribed service.

Landscapes

  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Transfer Between Computers (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention provides an online service contracting system comprising UPnP devices and a control point, and further comprising a UPnP device of a new category referred to as subscription server. The control point is capable of connecting with the subscription server and providing the user with an interface for subscribing to services. The subscription service is preferably capable of getting services to be subscribed to, subscribing to and unsubscribing from said services. The invention provides an effective and secure mechanism for making the offer for services of a determined company reach the typical devices that a user has (television, mobile telephone, computer, etc.) such that they can be contracted with full guarantees without having to look for the services in Internet search engines or knowing any URL.

Description

SERVICE CONTRACTING BY MEANS OF UPNP
Field of the Invention The invention belongs to the field of communications, specifically, to online service contracting.
Background of the Invention
Online service contracting is typically done using web applications hosted in Internet locations. These web applications are typically indexed by the main Internet search engines such that a user has to "open" an Internet browser, type in the keywords concerning the services he wants to contract and, as a response to said search, a series of results indicating the online service contracting web applications are displayed. It is also possible for the user to know the URL for accessing said web applications, but this is not very common. Once the user obtains the links to the "online shops" comprising the services, he can browse thorough their catalogs and contract what he wants.
There is a wide variety of means through which a client knows about the services provided by a determined company: advertising in any form, direct marketing (calls to the user), Internet service catalogs, etc. However, there is not a fast and secure mechanism by means of which the services of a determined company are displayed automatically and without the user needing to search in the typical devices he has (television, mobile telephone, computer, etc.) in order to contract such services.
Object of the Invention
The present invention provides a mechanism by means of which the services of a determined company can be announced in the devices of the user (television, mobile telephone, computer, etc.) such that the latter can quickly and securely contract the service. The UPnP (Universal Plug and
Play) standard is modified to that end. In particular, the invention provides an online service contracting system comprising UPnP devices and a control point, and further comprises a UPnP device of a new category referred to as subscription server. The control point is capable of connecting with the subscription server and providing the user with an interface for subscribing to services. The subscription service is preferably capable of getting services to be subscribed to, subscribing to and unsubscribing from said services. It optionally comprises a security service capable of setting up a secure association between the control point and the device such that the identity of the control point cannot be supplanted. The security service preferably allows managing device access control lists such that only the authorized control points can access the device services. The subscription service can incorporate a subscription database comprising a subscribed user list. The control point must then be subscribed to the subscription database. The subscription database can implement an event service referring to the subscription status of each service for each user. There can further be an additional service server for non-U PnP services and an authentication server capable of verifying the credentials of a user.
This invention provides an effective and secure mechanism for making the offer for services of a determined company reach the typical devices that a user has (television, mobile telephone, computer, etc.) such that they can be contracted with full guarantees without having to look for the services in Internet search engines or knowing any URL. To that end it makes use of different existing technologies, the contribution of the invention being based on the modification of the UPnP standard as indicated below.
The UPnP standard has been designed to facilitate the inter-operation of the devices which a user may have in his home. Said standard defines two types of components: control points and devices. The devices are announced in the local network so that the control points discover them and can interact with them. This standard is essentially implemented in devices for audiovisual contents, such that the typical scenario consists of the user being connected to the players and media servers network, and by means of the control points, he can locate the content he wants to see or hear in order to play it in the desired device.
This UPnP service and device discovery mechanism will be used for making the offer for services reach the users. To that end, a new type of
UPnP device called subscription server has been created. This device implements a subscription service which will allow getting the services offered as well as their subscription status. Two possible actions will be offered for each of the services: subscribing to the service or unsubscribing from the service. The subscription database will be updated as a result of subscribing to or unsubscribing from the service. It is logically necessary to also create a new type of control point capable of interacting with the subscription service.
Once the service has been subscribed to, the user will access the same. The service can be accessed from the actual control point if it is a UPnP service or from the specific client for the contracted service (possibly a web browser). In both cases, the implementation of the service must verify that the user accessing said service has the corresponding subscription stored in the subscription database. For the specific case of UPnP services, this verification involves performing a modification in the DeviceSecurity Service and in the control point.
Brief Description of the Drawings
For the purpose of aiding to better understand the features of the invention according to a preferred practical embodiment thereof, the following description of a set of drawings is attached in which the following has been depicted with an illustrative character:
Figure 1 describes the logic architecture of the system.
Figure 2 is a diagram of the entities existing in the subscription database.
Detailed Description of the Invention
Figure 1 shows the existence of a UPnP device referred to as subscription server in charge of offering the subscription control points the possibility of the user contracting services, which can be both UPnP services and non-UPnP services. There can also be an authentication server to assure that the user is who he says he is and a database in which the subscriptions to services contracted by the user are stored. Finally, two exemplary devices are shown, a UPnP device called a media server and another non-UPnP device called a game server, in which the services that must be implemented in order to be able to offer services in one subscription type are located.
The system is formed by the following elements:
• Subscription server: This is a UPnP device which essentially implements the service subscription service. It is a new type of device which does not exist in the UPnP standard. This server implements the following services: Subscription service: This is the service containing the offer of services to be contracted by the user. This service informs the user of the list of services he can subscribe to, including the subscription status for the user, and he can subscribe to and unsubscribe from such services. It is a service that does not exist in the UPnP standard. This service specifically consists of the following actions:
List services to be subscribed to/unsubscribed from. This action will return a list with the services that the user can subscribe to as well as the services he has already subscribed to.
Subscribe service. This action triggers the user's subscription to the service and stores it in the subscription database.
Unsubscribe service. This action triggers unsubscribing from the service and eliminates said subscription from the subscription database.
DeviceSecurity Service: This is the service which allows performing a secure association between a control point and a device. This secure association allows the control points to sign the messages with a code negotiated with the device such that the identity of the control point cannot be supplanted, as well as to encrypt the function access messages so that no one who is listening in the network can find out what information is exchanged between the control point and the device. It further allows managing device access control lists (ACLs), such that only the authorized control points can access the device services.
In the system architecture, in addition to allowing the secure association between the control point and the device, it implements a new action (called Login) which allows identifying the user who is contracting the service. This new action is in charge of verifying the credentials proposed by the user against an authentication server and if the verification is correct, it accesses the subscription database to see if the user has permission to access each of the services implemented by the device. An ACL is automatically created for each of those services, denying or allowing access to the control point performing the Login according to the subscription status with respect to said service. The control point naturally must always have access to the subscription service, so said service will always be subscribed to in the subscription database.
On the other hand, the subscription database must implement an event service referring to the subscription status of each service for each user, such that every time there is a change of status in the subscription to a service, an event is generated towards all the registered components in said service. The DeviceSecurity Service must be modified so that it is registered in this event service and receives the corresponding events. With the arrival of a subscription status change event the ACLs will be updated accordingly, all the associated control points giving permissions in the event of subscribing and removing permissions in the event of unsubscribing.
Authentication server: This is a standard authentication server for which access technology is not established, i.e., access technologies such as Radius, Diameter, LDAP, etc., could be used. Its purpose is to verify whether or not the credentials presented by the user are correct. Nor is the protocol used for verifying the credentials established. Examples of protocols can be: Basic authentication by means of user/password traveling over the network (PAP), authentication based on challenge response using different protocols to calculate the fingerprint, such as MD5 (CHAP), etc. It must generally be taken into account that the credentials which are available in the device are the user/password it has received from the control point through the Login action, so only those protocols complying with this restriction will be applicable.
Subscription database: This is a service provided by the company offering the services. The subscription status of the user for each of the services provided by the company is stored therein, and it provides methods for managing the subscriptions relating to each user. The users stored in the authentication server and the users stored in the subscription database are logically the same. Subscription control point: This is a control point in charge of presenting an interface to the user so that he can subscribe to and unsubscribe from services. This type of control point does not exist in the UPnP standard. Both the control points of the UPnP standard and this new type of control point can co-exist in the same machine. In fact, the subscription control point and the standard control point can be combined in a single control point which provides all the functionality. For the case of UPnP service subscription it would be desirable to combine the control points in a single control point such that the user interface has both the subscription to the service and the use thereof integrated therein.
Standard control point: This is the control point defined by the UPnP standard for controlling the audiovisual services of the home. This control point must implement all the logic relating to setting up a secure association with the devices of the home which implement the services which the user has contracted. In the event that the services offered were not UPnP audiovisual services, this type of control point would not be necessary. In addition to implementing all the logic necessary for a secure association with the device which implements the service, it is necessary to perform a modification in the standard so that it can invoke the new Login service which has been defined for the DeviceSecurity Service. The control point must Login to the service and to that end it must request the credentials from the user (as does the subscription control point). Once the Login is done, the use of the services continues to be standard.
UPnP devices (Example: media server): This is the device containing the service which the user has subscribed to. This device must implement the DeviceSecurity Service in order to allow setting up a secure association with the control point of the user. The DeviceSecurity Service which it must implement must be modified as indicated in the section corresponding to the subscription server. In other words, it must implement a Login action which validates the credentials of the user and which is connected to the subscription database in order to check whether the user subscribes to each and every one of the services implemented by the device. An ACL, which allows access to the control point being used by the user, will be created for all those services which the user subscribes to. It is possible that several UPnP services of a device implement a single service to be subscribed to by the user, such as, for example, the case of a media server which usually implements the Content Directory, Connection Manager and Audio/Video Transport services. In this case, there will be a relationship in the subscription database between the contracted service and the UPnP services which make it up, such that when a request is made to the subscription database, the latter will return the list of UPnP services with respect to which the ACLs must be created.
• Non-UPnP devices (Example: game server): These are devices which are not accessed by means of UPnP technology, but rather clients of another type must be used to access them. They are typically web services, so a standard web browser will normally be used, although they can be services of any other type. The requirement applied to these services is that they must have an authentication service such that they are capable of securely obtaining (for example by TLS) the credentials of the user, which are authenticated against the authentication server and which are connected to the contracting database to find out whether or not the user has contracted the service.
• Clients for non-UPnP services (Example: game client): For the case of non-UPnP services, they will normally have a particular client, such as, for example, a client of an online game service, or a more standardized client, such as a web browser. In both cases, the requirement that is applied for clients of this type is that they must be able to capture the credentials of the user and use them to be authenticated in the service.
Having described the architecture of the system, a preferred example of the system is described below based on Figure 1 .
1 ) A user starts up in his computer his subscription control point application. Said application finds the subscription server by means of the UPnP discovery system. An association is set up between the subscription control point and the subscription server such that after this time no other control point can pass itself off as the control point which the user has started. Next, the control point requests the credentials from the user and invokes the Login action on the DeviceSecurity Service.
2) The DeviceSecurity Service verifies the credentials received in the Login action against an external authentication server. It is assumed that the credentials are correct and the system continues.
3) Once the credentials are verified, the DeviceSecurity Service consults the UPnP services which the user subscribes to for this type of device (subscription server) in the subscription database. The database always responds to it with the subscription service, because the user always subscribes to this service. The DeviceSecurity Service will create an ACL to allow access from the control point to subscription service and will further be registered to receive subscription status change events. Actually, for the case of the security service of the subscription server it would not be necessary to access the subscription database to see whether or not the user subscribes to the service, but this method is applied because it will be the standard method for devices of any type.
4) The subscription control point accesses the subscription service in order to subscribe to a UPnP service (for example, an on-demand content service).
5) The subscription service stores the subscription to the service by the user in the subscription database. Logically, the DeviceSecurity Service had to be accessed in order to find out which user performed the Login.
6) The user decides to access the recently contracted service. To that end, he starts up a UPnP control point and discovers the media server. The first thing he must do is set up an association with said media server in the same way he did in step 1 ) between the subscription control point and the subscription server. The control point thus requests the credentials from the user and performs the Login.
7) As in step 2), the DeviceSecurity Service verifies the credentials.
8) As in step 3), the security service obtains the UPnP services to which it must give permission. In this case, the subscription database indicates that it must give permission to the Content Directory, Connection Manager and Audio/Video Transport services.
9) Once the Login is performed, the user can enjoy the service.
10) The user is subscribed to a Game Service, the subscription for which was done following steps 1 ), 2), 3), 4) and 5). The user accesses the service and the latter requests his credentials. 11 ) The service verifies the credentials against the authentication server. The authentication server responds favorably.
12) The service obtains the list of services to which it must grant permission. In this case, it is the Game Service.
13) The user accesses the Game Service.
As can be seen in Figure 2, the services which can be subscribed to by the user and which are offered by means of UPnP technology will be made up of one or several UPnP services. For those services which are not offered by means of UPnP services, the previous relationship will not exist. On the other hand, when a user subscribes to a service a relationship is generated between said user and the subscribed service.

Claims

1 . Online service contracting system comprising UPnP devices and a control point, characterized in that it further comprises a UPnP service subscription server and the control point is capable of connecting with the subscription server and providing the user with one or several services stored in the devices.
2. Online contracting system according to claim 1 , wherein the subscription server comprises a subscription service capable of getting services to be subscribed to, subscribing to and unsubscribing from said services.
3. Online contracting system according to any of the previous claims, further comprising a security server capable of setting up a secure association between the control point and the device such that the identity of the control point cannot be supplanted.
4. Online contracting system according to claim 3, wherein the security server allows managing device access control lists such that only the authorized control points can access the device services.
5. Online contracting system according to any of the previous claims wherein the subscription server incorporates a subscription database comprising a subscribed user list.
6. Online contracting system according to claim 5, wherein the control point is always subscribed to the subscription server.
7. Online contracting system according to claim 6, wherein the subscription database implements an event service referring to the subscription status of each service for each user.
8. Online contracting system according to any of the previous claims, further comprising an additional service server for non-UPnP services.
9. Online contracting system according to any of the previous claims, further comprising an authentication server capable of verifying the credentials of a user.
EP10759636A 2009-09-29 2010-09-28 Service contracting by means of upnp Withdrawn EP2484056A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ES200930760 2009-09-29
PCT/EP2010/064351 WO2011039179A1 (en) 2009-09-29 2010-09-28 Service contracting by means of upnp

Publications (1)

Publication Number Publication Date
EP2484056A1 true EP2484056A1 (en) 2012-08-08

Family

ID=42983832

Family Applications (1)

Application Number Title Priority Date Filing Date
EP10759636A Withdrawn EP2484056A1 (en) 2009-09-29 2010-09-28 Service contracting by means of upnp

Country Status (5)

Country Link
EP (1) EP2484056A1 (en)
AR (1) AR078480A1 (en)
BR (1) BR112012007059A2 (en)
UY (1) UY32906A (en)
WO (1) WO2011039179A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9237323B2 (en) * 2011-04-11 2016-01-12 Koninklijke Philips N.V. Media rendering device providing uninterrupted playback of content

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020078161A1 (en) * 2000-12-19 2002-06-20 Philips Electronics North America Corporation UPnP enabling device for heterogeneous networks of slave devices
CN101218790A (en) * 2005-07-04 2008-07-09 Sk电信股份有限公司 Household network system and its controlling method, method for setting house gateway of household network system and method for processing event protocol of household network system
US20070168458A1 (en) * 2006-01-16 2007-07-19 Nokia Corporation Remote access to local network
JP2007272868A (en) * 2006-03-07 2007-10-18 Sony Corp Information processing device, information communication system, information processing method and computer program
US20070223523A1 (en) * 2006-03-27 2007-09-27 Motorola, Inc. Method and apparatus for customization of network services and applications

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2011039179A1 *

Also Published As

Publication number Publication date
UY32906A (en) 2011-04-29
AR078480A1 (en) 2011-11-09
WO2011039179A1 (en) 2011-04-07
BR112012007059A2 (en) 2016-04-12

Similar Documents

Publication Publication Date Title
US10637661B2 (en) System for user-friendly access control setup using a protected setup
US9350725B2 (en) Enabling access to a secured wireless local network without user input of a network password
US9413762B2 (en) Asynchronous user permission model for applications
US9128782B2 (en) Consolidated data services apparatus and method
KR101109232B1 (en) Server architecture for network resource information routing
CN101064628B (en) Household network appliance safe management system and method
KR101951973B1 (en) Resource access authorization
US20100125907A1 (en) UPnP CDS USER PROFILE
JP4551369B2 (en) Service system and service system control method
US20060070116A1 (en) Apparatus and method for authenticating user for network access in communication system
US20080148310A1 (en) Parental controls in a media network
US9474011B2 (en) Method and apparatus for providing access controls for a resource
JP2004152249A (en) Method and device for authenticating apparatus, information processor, information processing method, and computer program
CA2572532A1 (en) Method and apparatus for provisioning a device to access services in a universal plug and play (upnp) network
CN104683320A (en) Home network multimedia content sharing access control method and device
CN102177676A (en) System and method for setting up security for controlled device by control point in a home network
WO2006073008A1 (en) Login-to-network-camera authentication system
WO2014154660A1 (en) Network system comprising a security management server and a home network, and method for including a device in the network system
WO2013097345A1 (en) Access control method and apparatus for digital living network alliance device
US9275204B1 (en) Enhanced network access-control credentials
CN102884760A (en) Method and system for subscribing to services via extended UPNP standard and NASS TISPAN authentication
KR20060003318A (en) Terminal device authentication system
KR101702417B1 (en) Method and apparatus for monopolizing call session of transmitting/receiving call system using universal plug and play
JP4768761B2 (en) Service providing system, service providing method, and service providing program
WO2011039179A1 (en) Service contracting by means of upnp

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20120329

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO SE SI SK SM TR

DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20121211