1. Field of the Invention
Apparatuses and methods consistent with the present invention relate to security setting in a home network environment, and, more particularly, to a mode-based access control method and device that enables security setting according to various modes by a user's (or an administrator's) decision, and allows user-specific access control, and that overcomes the inconvenience of a conventional method of operating security device by device in home network.
2. Description of the Related Art
A home network is characterized by frequent changes of access to home network devices by a host and guests. In general, except in the case of not needing a special security setting, different access levels have to be established according to type of user (e.g., parents, children and guests). For example, parents are allowed to use devices for adult content without limitation, but children have limited or no access to such content, which is decided by parents. Access control is also required for guests, so that some special devices or digital motion pictures limited to family members are not allowed access to. The conventional method for setting the security of a home network is illustrated in FIG. 1A and FIG. 1B.
FIG. 1A is a diagram illustrating the configuration of access control of home network devices according to the related art. A conventional mechanism is described in FIG. 1A, in which a controlled device (hereinafter, referred to as “CD”) 10 only allows a control point (hereinafter, referred to as “CP”) 20 to control its functions through an access control list (hereinafter, referred to as an “ACL”) 10a. A security console (hereinafter, referred to as an “SC”) 30 edits ACL 10a of the CD 10 and performs security setting.
FIG. 1B is a diagram illustrating the security operation of home network devices according to the related art. A UPnP system is used as an example of a home network, and a security operation between a secure CD 10 and a secure CP 20 for controlling the secure CD 10 will be described below.
First, a discovery process is performed between the secure CP 20 and the secure CD 10 (S10), which is classified into: an advertise process in which a new secure CD 10 is connected to the home network and introduces itself to other devices over the home network; and a discovery process in which a new secure CP 20 is connected to the home network and searches the secure CDs 10 operating in the home network.
Second, a description process is performed (S20). In this process, in order to control the secure CD 10, the secure CP 20 requests the secure CD 10 to transmit a service description XML file or a device description XML file. After receiving the requested description XML file (UPnP description of a device, UPnP description of a service) from the secure CD 10, the secure CP 20 parses the received file.
Meanwhile, the secure CP 20 acquires a public key from the secure CD 10 (S30), and then sets a session key (S40). Then, the two devices continue to perform their functions under such security conditions S50. That is, since security setting is performed for every device in the home network, the same security setting is maintained regardless of users.
According to the above-mentioned conventional home network security system, the security setting of every home network device has to be re-edited whenever a host having a right to set the services of devices is changed, which is very troublesome and time-consuming.
In addition, an additional process is required to allow home network devices to provide a specific service to a guest device through operative connection to the guest device. However, according to the related art, this process is also troublesome and inconvenient. There are various types of home devices capable of being operatively connected to a guest device. However, in this case, information of the guest device, which is changed whenever a guest accesses the device, has to be mapped to the home network devices in order to edit the ACLs of the devices.
Thus, according to the conventional system, it is difficult for home network users to individually perform security setting, and thus it is necessary to perform security setting such that every home network user can control all home network devices at the same time.