[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2011039179A1 - Service contracting by means of upnp - Google Patents

Service contracting by means of upnp Download PDF

Info

Publication number
WO2011039179A1
WO2011039179A1 PCT/EP2010/064351 EP2010064351W WO2011039179A1 WO 2011039179 A1 WO2011039179 A1 WO 2011039179A1 EP 2010064351 W EP2010064351 W EP 2010064351W WO 2011039179 A1 WO2011039179 A1 WO 2011039179A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
services
subscription
user
control point
Prior art date
Application number
PCT/EP2010/064351
Other languages
French (fr)
Inventor
José Manuel PALACIOS VALVERDE
Original Assignee
Telefonica, S.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonica, S.A. filed Critical Telefonica, S.A.
Priority to BR112012007059A priority Critical patent/BR112012007059A2/en
Priority to EP10759636A priority patent/EP2484056A1/en
Publication of WO2011039179A1 publication Critical patent/WO2011039179A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2807Exchanging configuration information on appliance services in a home automation network
    • H04L12/2809Exchanging configuration information on appliance services in a home automation network indicating that an appliance service is present in a home automation network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2803Home automation networks
    • H04L12/2816Controlling appliance services of a home automation network by calling their functionalities
    • H04L12/2821Avoiding conflicts related to the use of home appliances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Definitions

  • the invention belongs to the field of communications, specifically, to online service contracting.
  • Online service contracting is typically done using web applications hosted in Internet locations. These web applications are typically indexed by the main Internet search engines such that a user has to "open" an Internet browser, type in the keywords concerning the services he wants to contract and, as a response to said search, a series of results indicating the online service contracting web applications are displayed. It is also possible for the user to know the URL for accessing said web applications, but this is not very common. Once the user obtains the links to the "online shops” comprising the services, he can browse thorough their catalogs and contract what he wants.
  • the present invention provides a mechanism by means of which the services of a determined company can be announced in the devices of the user (television, mobile telephone, computer, etc.) such that the latter can quickly and securely contract the service.
  • the UPnP Universal Plug and
  • the invention provides an online service contracting system comprising UPnP devices and a control point, and further comprises a UPnP device of a new category referred to as subscription server.
  • the control point is capable of connecting with the subscription server and providing the user with an interface for subscribing to services.
  • the subscription service is preferably capable of getting services to be subscribed to, subscribing to and unsubscribing from said services. It optionally comprises a security service capable of setting up a secure association between the control point and the device such that the identity of the control point cannot be supplanted.
  • the security service preferably allows managing device access control lists such that only the authorized control points can access the device services.
  • the subscription service can incorporate a subscription database comprising a subscribed user list.
  • the control point must then be subscribed to the subscription database.
  • the subscription database can implement an event service referring to the subscription status of each service for each user.
  • This invention provides an effective and secure mechanism for making the offer for services of a determined company reach the typical devices that a user has (television, mobile telephone, computer, etc.) such that they can be contracted with full guarantees without having to look for the services in Internet search engines or knowing any URL. To that end it makes use of different existing technologies, the contribution of the invention being based on the modification of the UPnP standard as indicated below.
  • the UPnP standard has been designed to facilitate the inter-operation of the devices which a user may have in his home.
  • Said standard defines two types of components: control points and devices.
  • the devices are announced in the local network so that the control points discover them and can interact with them.
  • This standard is essentially implemented in devices for audiovisual contents, such that the typical scenario consists of the user being connected to the players and media servers network, and by means of the control points, he can locate the content he wants to see or hear in order to play it in the desired device.
  • This UPnP service and device discovery mechanism will be used for making the offer for services reach the users. To that end, a new type of
  • subscription server UPnP device called subscription server has been created. This device implements a subscription service which will allow getting the services offered as well as their subscription status. Two possible actions will be offered for each of the services: subscribing to the service or unsubscribing from the service.
  • the subscription database will be updated as a result of subscribing to or unsubscribing from the service. It is logically necessary to also create a new type of control point capable of interacting with the subscription service.
  • the service can be accessed from the actual control point if it is a UPnP service or from the specific client for the contracted service (possibly a web browser). In both cases, the implementation of the service must verify that the user accessing said service has the corresponding subscription stored in the subscription database. For the specific case of UPnP services, this verification involves performing a modification in the DeviceSecurity Service and in the control point.
  • Figure 1 describes the logic architecture of the system.
  • Figure 2 is a diagram of the entities existing in the subscription database.
  • Figure 1 shows the existence of a UPnP device referred to as subscription server in charge of offering the subscription control points the possibility of the user contracting services, which can be both UPnP services and non-UPnP services.
  • a UPnP device called a media server and another non-UPnP device called a game server, in which the services that must be implemented in order to be able to offer services in one subscription type are located.
  • the system is formed by the following elements:
  • Subscription server This is a UPnP device which essentially implements the service subscription service. It is a new type of device which does not exist in the UPnP standard. This server implements the following services:
  • Subscription service This is the service containing the offer of services to be contracted by the user. This service informs the user of the list of services he can subscribe to, including the subscription status for the user, and he can subscribe to and unsubscribe from such services. It is a service that does not exist in the UPnP standard. This service specifically consists of the following actions:
  • Unsubscribe service This action triggers unsubscribing from the service and eliminates said subscription from the subscription database.
  • DeviceSecurity Service This is the service which allows performing a secure association between a control point and a device.
  • This secure association allows the control points to sign the messages with a code negotiated with the device such that the identity of the control point cannot be supplanted, as well as to encrypt the function access messages so that no one who is listening in the network can find out what information is exchanged between the control point and the device. It further allows managing device access control lists (ACLs), such that only the authorized control points can access the device services.
  • ACLs device access control lists
  • Login a new action
  • This new action is in charge of verifying the credentials proposed by the user against an authentication server and if the verification is correct, it accesses the subscription database to see if the user has permission to access each of the services implemented by the device.
  • An ACL is automatically created for each of those services, denying or allowing access to the control point performing the Login according to the subscription status with respect to said service.
  • the control point naturally must always have access to the subscription service, so said service will always be subscribed to in the subscription database.
  • the subscription database must implement an event service referring to the subscription status of each service for each user, such that every time there is a change of status in the subscription to a service, an event is generated towards all the registered components in said service.
  • the DeviceSecurity Service must be modified so that it is registered in this event service and receives the corresponding events. With the arrival of a subscription status change event the ACLs will be updated accordingly, all the associated control points giving permissions in the event of subscribing and removing permissions in the event of unsubscribing.
  • Authentication server This is a standard authentication server for which access technology is not established, i.e., access technologies such as Radius, Diameter, LDAP, etc., could be used. Its purpose is to verify whether or not the credentials presented by the user are correct. Nor is the protocol used for verifying the credentials established. Examples of protocols can be: Basic authentication by means of user/password traveling over the network (PAP), authentication based on challenge response using different protocols to calculate the fingerprint, such as MD5 (CHAP), etc. It must generally be taken into account that the credentials which are available in the device are the user/password it has received from the control point through the Login action, so only those protocols complying with this restriction will be applicable.
  • Subscription database This is a service provided by the company offering the services.
  • the subscription status of the user for each of the services provided by the company is stored therein, and it provides methods for managing the subscriptions relating to each user.
  • the users stored in the authentication server and the users stored in the subscription database are logically the same.
  • Subscription control point This is a control point in charge of presenting an interface to the user so that he can subscribe to and unsubscribe from services. This type of control point does not exist in the UPnP standard. Both the control points of the UPnP standard and this new type of control point can co-exist in the same machine. In fact, the subscription control point and the standard control point can be combined in a single control point which provides all the functionality. For the case of UPnP service subscription it would be desirable to combine the control points in a single control point such that the user interface has both the subscription to the service and the use thereof integrated therein.
  • Standard control point This is the control point defined by the UPnP standard for controlling the audiovisual services of the home. This control point must implement all the logic relating to setting up a secure association with the devices of the home which implement the services which the user has contracted. In the event that the services offered were not UPnP audiovisual services, this type of control point would not be necessary. In addition to implementing all the logic necessary for a secure association with the device which implements the service, it is necessary to perform a modification in the standard so that it can invoke the new Login service which has been defined for the DeviceSecurity Service. The control point must Login to the service and to that end it must request the credentials from the user (as does the subscription control point). Once the Login is done, the use of the services continues to be standard.
  • UPnP devices (Example: media server): This is the device containing the service which the user has subscribed to. This device must implement the DeviceSecurity Service in order to allow setting up a secure association with the control point of the user.
  • the DeviceSecurity Service which it must implement must be modified as indicated in the section corresponding to the subscription server. In other words, it must implement a Login action which validates the credentials of the user and which is connected to the subscription database in order to check whether the user subscribes to each and every one of the services implemented by the device.
  • An ACL which allows access to the control point being used by the user, will be created for all those services which the user subscribes to.
  • UPnP services of a device implement a single service to be subscribed to by the user, such as, for example, the case of a media server which usually implements the Content Directory, Connection Manager and Audio/Video Transport services.
  • a media server which usually implements the Content Directory, Connection Manager and Audio/Video Transport services.
  • Non-UPnP devices (Example: game server): These are devices which are not accessed by means of UPnP technology, but rather clients of another type must be used to access them. They are typically web services, so a standard web browser will normally be used, although they can be services of any other type. The requirement applied to these services is that they must have an authentication service such that they are capable of securely obtaining (for example by TLS) the credentials of the user, which are authenticated against the authentication server and which are connected to the contracting database to find out whether or not the user has contracted the service.
  • TLS Secure Digital Security
  • Clients for non-UPnP services (Example: game client): For the case of non-UPnP services, they will normally have a particular client, such as, for example, a client of an online game service, or a more standardized client, such as a web browser. In both cases, the requirement that is applied for clients of this type is that they must be able to capture the credentials of the user and use them to be authenticated in the service.
  • a user starts up in his computer his subscription control point application.
  • Said application finds the subscription server by means of the UPnP discovery system.
  • An association is set up between the subscription control point and the subscription server such that after this time no other control point can pass itself off as the control point which the user has started.
  • the control point requests the credentials from the user and invokes the Login action on the DeviceSecurity Service.
  • the DeviceSecurity Service verifies the credentials received in the Login action against an external authentication server. It is assumed that the credentials are correct and the system continues.
  • the DeviceSecurity Service consults the UPnP services which the user subscribes to for this type of device (subscription server) in the subscription database.
  • the database always responds to it with the subscription service, because the user always subscribes to this service.
  • the DeviceSecurity Service will create an ACL to allow access from the control point to subscription service and will further be registered to receive subscription status change events.
  • the security service of the subscription server it would not be necessary to access the subscription database to see whether or not the user subscribes to the service, but this method is applied because it will be the standard method for devices of any type.
  • the subscription control point accesses the subscription service in order to subscribe to a UPnP service (for example, an on-demand content service).
  • a UPnP service for example, an on-demand content service.
  • the subscription service stores the subscription to the service by the user in the subscription database.
  • the DeviceSecurity Service had to be accessed in order to find out which user performed the Login.
  • the user decides to access the recently contracted service. To that end, he starts up a UPnP control point and discovers the media server. The first thing he must do is set up an association with said media server in the same way he did in step 1 ) between the subscription control point and the subscription server. The control point thus requests the credentials from the user and performs the Login.
  • step 2) the DeviceSecurity Service verifies the credentials.
  • the security service obtains the UPnP services to which it must give permission.
  • the subscription database indicates that it must give permission to the Content Directory, Connection Manager and Audio/Video Transport services.
  • the user is subscribed to a Game Service, the subscription for which was done following steps 1 ), 2), 3), 4) and 5).
  • the user accesses the service and the latter requests his credentials.
  • the service verifies the credentials against the authentication server.
  • the authentication server responds favorably.
  • the service obtains the list of services to which it must grant permission. In this case, it is the Game Service.
  • the services which can be subscribed to by the user and which are offered by means of UPnP technology will be made up of one or several UPnP services. For those services which are not offered by means of UPnP services, the previous relationship will not exist. On the other hand, when a user subscribes to a service a relationship is generated between said user and the subscribed service.

Landscapes

  • Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Transfer Between Computers (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)

Abstract

The present invention provides an online service contracting system comprising UPnP devices and a control point, and further comprising a UPnP device of a new category referred to as subscription server. The control point is capable of connecting with the subscription server and providing the user with an interface for subscribing to services. The subscription service is preferably capable of getting services to be subscribed to, subscribing to and unsubscribing from said services. The invention provides an effective and secure mechanism for making the offer for services of a determined company reach the typical devices that a user has (television, mobile telephone, computer, etc.) such that they can be contracted with full guarantees without having to look for the services in Internet search engines or knowing any URL.

Description

SERVICE CONTRACTING BY MEANS OF UPNP
Field of the Invention The invention belongs to the field of communications, specifically, to online service contracting.
Background of the Invention
Online service contracting is typically done using web applications hosted in Internet locations. These web applications are typically indexed by the main Internet search engines such that a user has to "open" an Internet browser, type in the keywords concerning the services he wants to contract and, as a response to said search, a series of results indicating the online service contracting web applications are displayed. It is also possible for the user to know the URL for accessing said web applications, but this is not very common. Once the user obtains the links to the "online shops" comprising the services, he can browse thorough their catalogs and contract what he wants.
There is a wide variety of means through which a client knows about the services provided by a determined company: advertising in any form, direct marketing (calls to the user), Internet service catalogs, etc. However, there is not a fast and secure mechanism by means of which the services of a determined company are displayed automatically and without the user needing to search in the typical devices he has (television, mobile telephone, computer, etc.) in order to contract such services.
Object of the Invention
The present invention provides a mechanism by means of which the services of a determined company can be announced in the devices of the user (television, mobile telephone, computer, etc.) such that the latter can quickly and securely contract the service. The UPnP (Universal Plug and
Play) standard is modified to that end. In particular, the invention provides an online service contracting system comprising UPnP devices and a control point, and further comprises a UPnP device of a new category referred to as subscription server. The control point is capable of connecting with the subscription server and providing the user with an interface for subscribing to services. The subscription service is preferably capable of getting services to be subscribed to, subscribing to and unsubscribing from said services. It optionally comprises a security service capable of setting up a secure association between the control point and the device such that the identity of the control point cannot be supplanted. The security service preferably allows managing device access control lists such that only the authorized control points can access the device services. The subscription service can incorporate a subscription database comprising a subscribed user list. The control point must then be subscribed to the subscription database. The subscription database can implement an event service referring to the subscription status of each service for each user. There can further be an additional service server for non-U PnP services and an authentication server capable of verifying the credentials of a user.
This invention provides an effective and secure mechanism for making the offer for services of a determined company reach the typical devices that a user has (television, mobile telephone, computer, etc.) such that they can be contracted with full guarantees without having to look for the services in Internet search engines or knowing any URL. To that end it makes use of different existing technologies, the contribution of the invention being based on the modification of the UPnP standard as indicated below.
The UPnP standard has been designed to facilitate the inter-operation of the devices which a user may have in his home. Said standard defines two types of components: control points and devices. The devices are announced in the local network so that the control points discover them and can interact with them. This standard is essentially implemented in devices for audiovisual contents, such that the typical scenario consists of the user being connected to the players and media servers network, and by means of the control points, he can locate the content he wants to see or hear in order to play it in the desired device.
This UPnP service and device discovery mechanism will be used for making the offer for services reach the users. To that end, a new type of
UPnP device called subscription server has been created. This device implements a subscription service which will allow getting the services offered as well as their subscription status. Two possible actions will be offered for each of the services: subscribing to the service or unsubscribing from the service. The subscription database will be updated as a result of subscribing to or unsubscribing from the service. It is logically necessary to also create a new type of control point capable of interacting with the subscription service.
Once the service has been subscribed to, the user will access the same. The service can be accessed from the actual control point if it is a UPnP service or from the specific client for the contracted service (possibly a web browser). In both cases, the implementation of the service must verify that the user accessing said service has the corresponding subscription stored in the subscription database. For the specific case of UPnP services, this verification involves performing a modification in the DeviceSecurity Service and in the control point.
Brief Description of the Drawings
For the purpose of aiding to better understand the features of the invention according to a preferred practical embodiment thereof, the following description of a set of drawings is attached in which the following has been depicted with an illustrative character:
Figure 1 describes the logic architecture of the system.
Figure 2 is a diagram of the entities existing in the subscription database.
Detailed Description of the Invention
Figure 1 shows the existence of a UPnP device referred to as subscription server in charge of offering the subscription control points the possibility of the user contracting services, which can be both UPnP services and non-UPnP services. There can also be an authentication server to assure that the user is who he says he is and a database in which the subscriptions to services contracted by the user are stored. Finally, two exemplary devices are shown, a UPnP device called a media server and another non-UPnP device called a game server, in which the services that must be implemented in order to be able to offer services in one subscription type are located.
The system is formed by the following elements:
• Subscription server: This is a UPnP device which essentially implements the service subscription service. It is a new type of device which does not exist in the UPnP standard. This server implements the following services: Subscription service: This is the service containing the offer of services to be contracted by the user. This service informs the user of the list of services he can subscribe to, including the subscription status for the user, and he can subscribe to and unsubscribe from such services. It is a service that does not exist in the UPnP standard. This service specifically consists of the following actions:
List services to be subscribed to/unsubscribed from. This action will return a list with the services that the user can subscribe to as well as the services he has already subscribed to.
Subscribe service. This action triggers the user's subscription to the service and stores it in the subscription database.
Unsubscribe service. This action triggers unsubscribing from the service and eliminates said subscription from the subscription database.
DeviceSecurity Service: This is the service which allows performing a secure association between a control point and a device. This secure association allows the control points to sign the messages with a code negotiated with the device such that the identity of the control point cannot be supplanted, as well as to encrypt the function access messages so that no one who is listening in the network can find out what information is exchanged between the control point and the device. It further allows managing device access control lists (ACLs), such that only the authorized control points can access the device services.
In the system architecture, in addition to allowing the secure association between the control point and the device, it implements a new action (called Login) which allows identifying the user who is contracting the service. This new action is in charge of verifying the credentials proposed by the user against an authentication server and if the verification is correct, it accesses the subscription database to see if the user has permission to access each of the services implemented by the device. An ACL is automatically created for each of those services, denying or allowing access to the control point performing the Login according to the subscription status with respect to said service. The control point naturally must always have access to the subscription service, so said service will always be subscribed to in the subscription database.
On the other hand, the subscription database must implement an event service referring to the subscription status of each service for each user, such that every time there is a change of status in the subscription to a service, an event is generated towards all the registered components in said service. The DeviceSecurity Service must be modified so that it is registered in this event service and receives the corresponding events. With the arrival of a subscription status change event the ACLs will be updated accordingly, all the associated control points giving permissions in the event of subscribing and removing permissions in the event of unsubscribing.
Authentication server: This is a standard authentication server for which access technology is not established, i.e., access technologies such as Radius, Diameter, LDAP, etc., could be used. Its purpose is to verify whether or not the credentials presented by the user are correct. Nor is the protocol used for verifying the credentials established. Examples of protocols can be: Basic authentication by means of user/password traveling over the network (PAP), authentication based on challenge response using different protocols to calculate the fingerprint, such as MD5 (CHAP), etc. It must generally be taken into account that the credentials which are available in the device are the user/password it has received from the control point through the Login action, so only those protocols complying with this restriction will be applicable.
Subscription database: This is a service provided by the company offering the services. The subscription status of the user for each of the services provided by the company is stored therein, and it provides methods for managing the subscriptions relating to each user. The users stored in the authentication server and the users stored in the subscription database are logically the same. Subscription control point: This is a control point in charge of presenting an interface to the user so that he can subscribe to and unsubscribe from services. This type of control point does not exist in the UPnP standard. Both the control points of the UPnP standard and this new type of control point can co-exist in the same machine. In fact, the subscription control point and the standard control point can be combined in a single control point which provides all the functionality. For the case of UPnP service subscription it would be desirable to combine the control points in a single control point such that the user interface has both the subscription to the service and the use thereof integrated therein.
Standard control point: This is the control point defined by the UPnP standard for controlling the audiovisual services of the home. This control point must implement all the logic relating to setting up a secure association with the devices of the home which implement the services which the user has contracted. In the event that the services offered were not UPnP audiovisual services, this type of control point would not be necessary. In addition to implementing all the logic necessary for a secure association with the device which implements the service, it is necessary to perform a modification in the standard so that it can invoke the new Login service which has been defined for the DeviceSecurity Service. The control point must Login to the service and to that end it must request the credentials from the user (as does the subscription control point). Once the Login is done, the use of the services continues to be standard.
UPnP devices (Example: media server): This is the device containing the service which the user has subscribed to. This device must implement the DeviceSecurity Service in order to allow setting up a secure association with the control point of the user. The DeviceSecurity Service which it must implement must be modified as indicated in the section corresponding to the subscription server. In other words, it must implement a Login action which validates the credentials of the user and which is connected to the subscription database in order to check whether the user subscribes to each and every one of the services implemented by the device. An ACL, which allows access to the control point being used by the user, will be created for all those services which the user subscribes to. It is possible that several UPnP services of a device implement a single service to be subscribed to by the user, such as, for example, the case of a media server which usually implements the Content Directory, Connection Manager and Audio/Video Transport services. In this case, there will be a relationship in the subscription database between the contracted service and the UPnP services which make it up, such that when a request is made to the subscription database, the latter will return the list of UPnP services with respect to which the ACLs must be created.
• Non-UPnP devices (Example: game server): These are devices which are not accessed by means of UPnP technology, but rather clients of another type must be used to access them. They are typically web services, so a standard web browser will normally be used, although they can be services of any other type. The requirement applied to these services is that they must have an authentication service such that they are capable of securely obtaining (for example by TLS) the credentials of the user, which are authenticated against the authentication server and which are connected to the contracting database to find out whether or not the user has contracted the service.
• Clients for non-UPnP services (Example: game client): For the case of non-UPnP services, they will normally have a particular client, such as, for example, a client of an online game service, or a more standardized client, such as a web browser. In both cases, the requirement that is applied for clients of this type is that they must be able to capture the credentials of the user and use them to be authenticated in the service.
Having described the architecture of the system, a preferred example of the system is described below based on Figure 1 .
1 ) A user starts up in his computer his subscription control point application. Said application finds the subscription server by means of the UPnP discovery system. An association is set up between the subscription control point and the subscription server such that after this time no other control point can pass itself off as the control point which the user has started. Next, the control point requests the credentials from the user and invokes the Login action on the DeviceSecurity Service.
2) The DeviceSecurity Service verifies the credentials received in the Login action against an external authentication server. It is assumed that the credentials are correct and the system continues.
3) Once the credentials are verified, the DeviceSecurity Service consults the UPnP services which the user subscribes to for this type of device (subscription server) in the subscription database. The database always responds to it with the subscription service, because the user always subscribes to this service. The DeviceSecurity Service will create an ACL to allow access from the control point to subscription service and will further be registered to receive subscription status change events. Actually, for the case of the security service of the subscription server it would not be necessary to access the subscription database to see whether or not the user subscribes to the service, but this method is applied because it will be the standard method for devices of any type.
4) The subscription control point accesses the subscription service in order to subscribe to a UPnP service (for example, an on-demand content service).
5) The subscription service stores the subscription to the service by the user in the subscription database. Logically, the DeviceSecurity Service had to be accessed in order to find out which user performed the Login.
6) The user decides to access the recently contracted service. To that end, he starts up a UPnP control point and discovers the media server. The first thing he must do is set up an association with said media server in the same way he did in step 1 ) between the subscription control point and the subscription server. The control point thus requests the credentials from the user and performs the Login.
7) As in step 2), the DeviceSecurity Service verifies the credentials.
8) As in step 3), the security service obtains the UPnP services to which it must give permission. In this case, the subscription database indicates that it must give permission to the Content Directory, Connection Manager and Audio/Video Transport services.
9) Once the Login is performed, the user can enjoy the service.
10) The user is subscribed to a Game Service, the subscription for which was done following steps 1 ), 2), 3), 4) and 5). The user accesses the service and the latter requests his credentials. 11 ) The service verifies the credentials against the authentication server. The authentication server responds favorably.
12) The service obtains the list of services to which it must grant permission. In this case, it is the Game Service.
13) The user accesses the Game Service.
As can be seen in Figure 2, the services which can be subscribed to by the user and which are offered by means of UPnP technology will be made up of one or several UPnP services. For those services which are not offered by means of UPnP services, the previous relationship will not exist. On the other hand, when a user subscribes to a service a relationship is generated between said user and the subscribed service.

Claims

1 . Online service contracting system comprising UPnP devices and a control point, characterized in that it further comprises a UPnP service subscription server and the control point is capable of connecting with the subscription server and providing the user with one or several services stored in the devices.
2. Online contracting system according to claim 1 , wherein the subscription server comprises a subscription service capable of getting services to be subscribed to, subscribing to and unsubscribing from said services.
3. Online contracting system according to any of the previous claims, further comprising a security server capable of setting up a secure association between the control point and the device such that the identity of the control point cannot be supplanted.
4. Online contracting system according to claim 3, wherein the security server allows managing device access control lists such that only the authorized control points can access the device services.
5. Online contracting system according to any of the previous claims wherein the subscription server incorporates a subscription database comprising a subscribed user list.
6. Online contracting system according to claim 5, wherein the control point is always subscribed to the subscription server.
7. Online contracting system according to claim 6, wherein the subscription database implements an event service referring to the subscription status of each service for each user.
8. Online contracting system according to any of the previous claims, further comprising an additional service server for non-UPnP services.
9. Online contracting system according to any of the previous claims, further comprising an authentication server capable of verifying the credentials of a user.
PCT/EP2010/064351 2009-09-29 2010-09-28 Service contracting by means of upnp WO2011039179A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
BR112012007059A BR112012007059A2 (en) 2009-09-29 2010-09-28 hiring services through upnp
EP10759636A EP2484056A1 (en) 2009-09-29 2010-09-28 Service contracting by means of upnp

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ES200930760 2009-09-29
ESP200930760 2009-09-29

Publications (1)

Publication Number Publication Date
WO2011039179A1 true WO2011039179A1 (en) 2011-04-07

Family

ID=42983832

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2010/064351 WO2011039179A1 (en) 2009-09-29 2010-09-28 Service contracting by means of upnp

Country Status (5)

Country Link
EP (1) EP2484056A1 (en)
AR (1) AR078480A1 (en)
BR (1) BR112012007059A2 (en)
UY (1) UY32906A (en)
WO (1) WO2011039179A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012140541A1 (en) * 2011-04-11 2012-10-18 Koninklijke Philips Electronics N.V. Media rendering device providing uninterrupted playback of content

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020078161A1 (en) * 2000-12-19 2002-06-20 Philips Electronics North America Corporation UPnP enabling device for heterogeneous networks of slave devices
WO2007004755A1 (en) * 2005-07-04 2007-01-11 Sk Telecom Co., Ltd. Home network system, method of controlling the same, method of setting residential gateway for the same, and method of processing event protocol for the same
EP1809005A2 (en) * 2006-01-16 2007-07-18 Nokia Corporation Remote access to local network
US20070223523A1 (en) * 2006-03-27 2007-09-27 Motorola, Inc. Method and apparatus for customization of network services and applications
EP2000915A2 (en) * 2006-03-07 2008-12-10 Sony Corporation Information processing device, information communication system, information processing method, and computer program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020078161A1 (en) * 2000-12-19 2002-06-20 Philips Electronics North America Corporation UPnP enabling device for heterogeneous networks of slave devices
WO2007004755A1 (en) * 2005-07-04 2007-01-11 Sk Telecom Co., Ltd. Home network system, method of controlling the same, method of setting residential gateway for the same, and method of processing event protocol for the same
EP1809005A2 (en) * 2006-01-16 2007-07-18 Nokia Corporation Remote access to local network
EP2000915A2 (en) * 2006-03-07 2008-12-10 Sony Corporation Information processing device, information communication system, information processing method, and computer program
US20070223523A1 (en) * 2006-03-27 2007-09-27 Motorola, Inc. Method and apparatus for customization of network services and applications

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012140541A1 (en) * 2011-04-11 2012-10-18 Koninklijke Philips Electronics N.V. Media rendering device providing uninterrupted playback of content
JP2014519631A (en) * 2011-04-11 2014-08-14 コーニンクレッカ フィリップス エヌ ヴェ Media rendering device that provides uninterrupted playback of content
RU2611491C2 (en) * 2011-04-11 2017-02-27 Конинклейке Филипс Н.В. Media imaging device providing uninterrupted content playback

Also Published As

Publication number Publication date
BR112012007059A2 (en) 2016-04-12
EP2484056A1 (en) 2012-08-08
AR078480A1 (en) 2011-11-09
UY32906A (en) 2011-04-29

Similar Documents

Publication Publication Date Title
US8185949B2 (en) UPnP CDS user profile
US9413762B2 (en) Asynchronous user permission model for applications
US9350725B2 (en) Enabling access to a secured wireless local network without user input of a network password
US9128782B2 (en) Consolidated data services apparatus and method
KR101109232B1 (en) Server architecture for network resource information routing
US10027638B2 (en) System for user-friendly access control setup using a protected setup
KR101951973B1 (en) Resource access authorization
WO2007131415A1 (en) System and method to manage home network
US20090113481A1 (en) Systems, methods and computer program products for providing presence based services
US20060070116A1 (en) Apparatus and method for authenticating user for network access in communication system
JP2004152249A (en) Method and device for authenticating apparatus, information processor, information processing method, and computer program
US9474011B2 (en) Method and apparatus for providing access controls for a resource
JP2008015936A (en) Service system and service system control method
WO2004105333A1 (en) Safe virtual private network
CN101076033B (en) Method and system for storing authentication certificate
CN102177676A (en) System and method for setting up security for controlled device by control point in a home network
CN104683320A (en) Home network multimedia content sharing access control method and device
EP2533464A1 (en) Method and system for subscribing to services via extended upnp standard and nass tispan authentication
US9275204B1 (en) Enhanced network access-control credentials
EP2979420A1 (en) Network system comprising a security management server and a home network, and method for including a device in the network system
WO2013097345A1 (en) Access control method and apparatus for digital living network alliance device
KR101702417B1 (en) Method and apparatus for monopolizing call session of transmitting/receiving call system using universal plug and play
JP4768761B2 (en) Service providing system, service providing method, and service providing program
EP2484056A1 (en) Service contracting by means of upnp
KR20140042049A (en) Method for managing multi content servers

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10759636

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2010759636

Country of ref document: EP

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112012007059

Country of ref document: BR

ENP Entry into the national phase

Ref document number: 112012007059

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20120329