Universal Plug and Play (UPnP) provides a network architecture that facilitates adding and removing devices from a network. For instance, the UPnP architecture allows a user to simply “plug” a new device into a network coupling; thereafter, the network will automatically determine the new device's characteristics and subsequently coordinate interaction between this new device and others in the network based on the determined characteristics. The UPnP architecture is particularly well suited for networks associated with a local setting, such as a home, a business, a school, etc. (Note that the term “Universal Plug and Play” derives from functionality provided in the earlier developed device Plug and Play (PnP); device PnP provides a flexible technique for automatically adding and removing peripherals to a standalone computer device, such as a PC).
FIG. 1 presents high level information regarding an exemplary UPnP architecture 100. By way of overview, the UPnP architecture 100 includes a plurality of devices (e.g., devices 102, 104, and 106) and control points (e.g., control points 108 and 110) coupled together via a network 112.
The UPnP devices (102, 104, and 106) can include a variety of electronic devices. Exemplary devices include computers of all types, CD/DVD players/jukeboxes, TVs, VCRs, MP3 players, stereo systems, electronic picture frames (EPFs), various types of still and video cameras, and so on. More specifically, a so-called UPnP device conceptually defines a container that can include actual devices, services, etc. A service, in turn, defines various functions performed by an UPnP device that are made available to other UPnP devices. For instance, one exemplary service might pertain to a chronological function provided by a clock. In general, a service models its functionality using state variables and exposes various actions associated with the model to other UPnP devices. In the exemplary case of FIG. 1, the UPnP device 102 includes an actual device 114 that provides a service 116. UPnP device 104 includes an actual device 118 that provides services 120 and 122. UPnP device 106 includes an actual root device 124 that provides services 126 and 128. The root device 124, in turn, includes an embedded device 130 that provides a service 132.
The network 112 can couple the devices (102, 104, 106) together using the Transmission Control Protocol and the Internet Protocol (TCP/IP). The network 112 can also freely draw from a number of other standard protocols, such as Hypertext Transfer Protocol (HTTP), Simple Object Access Protocol (SOAP), General Event Notification Architecture (GENA), and so on. The network 112 can be physically implemented using a variety of hardwired and/or wireless communication mechanisms, such as phone lines, power lines, Infrared Data Association (IrDa), Ethernet, Radio Frequency (RF) coupling, and so on.
Finally, the control points (108, 110) define agents that can discover and control other UPnP devices. A UPnP device may itself include one or more control points integrated therewith.
FIG. 2 illustrates conventional functions performed by the UPnP architecture 100 arranged in hierarchical layers. An addressing function 202 pertains to procedures whereby devices and control points receive addresses to interact with the network 112. More specifically, a device or control point can receive an address from a Dynamic Host Configuration Protocol (DHCP) server or using an Auto IP assignment procedure (e.g., if no DHCP server is available). The Auto IP procedure provides a technique for intelligently selecting an IP address from a set of private reserved addresses.
A discovery function 204 pertains to procedures whereby devices advertise their services to control points. Devices can perform this advertisement by sending out a multicast variant of HTTP (i.e., HTTP-MU). A control point subsequently responds using HTTPU (i.e., a unicast variant of HTTP). The discovery function 204 makes use of General Event Notification Architecture (GENA) and Simple Device Discovery Protocol (SSDP) to carry out the above-noted exchange between UPnP devices and control points. Further, a newly added control point can also search for UPnP devices and services coupled to the network.
A description function 206 pertains to a procedure whereby a control point that has discovered a UPnP device can determine more information regarding the UPnP device. The UPnP device responds by sending information to the control point, where such information is presented, using the extensible markup language (XML). Such information defines details regarding the type of UPnP device (e.g., manufacturer, model name and number, serial number, etc.), the services it offers, uniform resource locators (URLs) for interacting with the device, and so on.
A control function 208 involves transmitting a control message from the control point to the UPnP device. The UPnP architecture 100 uses SOAP to transmit this message. SOAP messages contain action requests. The UPnP device executes the action specified in the SOAP message and then responds to the control point. The response contains action-specific values or fault codes.
An eventing function 210 pertains to a procedure whereby a control point monitors events associated with services provided by the UPnP architecture 100. More specifically, a service can send an event when its model changes state. The process of “publishing” these state changes is referred to as eventing. The control point can subscribe to receive various events by sending a subscription message to a service of interest.
Finally, a presentation function 212 entails retrieving a page of information from a UPnP device using a presentation URL associated with this UPnP device. The control point can initiate the presentation process by issuing an HTTP GET request to the UPnP device. The presentation function 212 allows a user to view the status of the device and/or control the device.
The UPnP Forum's web site (i.e., http://upnp.org/) provides more detailed information regarding the UPnP architecture and related topics.
As mentioned above, UPnP devices are commonly used in relatively localized network environments, such as in a home or business. In the home environment, for instance, a network built in accordance with the UPnP architecture may interconnect a collection of media source devices and a collection of media rendering devices. An exemplary media source device might comprise a personal computer that stores a collection of music, video, pictures, etc., or may comprise various types of jukebox devices. An exemplary media rendering device might comprise a TV, stereo, personal computer, and so on. A control point (such as a personal computer) can then be used to route resource information from one of the media source devices to a selected media rendering device.
However, existing networks that include UPnP devices do not perform the above-described transfer of resource information in a well-controlled, secure, and responsible fashion. For instance, there exists the risk that an individual that is not affiliated with the network including UPnP devices might “tap” into the network in an unauthorized manner. For instance, the network may be implemented using wireless links (in whole or in part). In these networks, there exists the risk that an unauthorized individual might intentionally or inadvertently gain access to the resources provided by the UPnP architecture. Similar risks are present in other kinds of networks. Further, the functionality provided for networks that include UPnP devices is designed to ensure continuity with wide area IP network functionality. While this provides many advantages, it also introduces the risk that users in the wide area network environment might intentionally or inadvertently find a way to tap into the home network environment. Since the UPnP architecture does not provide a suitable mechanism for controlling or blocking the routing of information, there is a chance that these kinds of unauthorized users might gain access to the network's entire collection of media and informational resources or control the UPnP devices on the network.
Accordingly, there is an exemplary need in the art for a technique for safeguarding the resources of a network, such as a network including UPnP devices.