1. Field of the Invention
Apparatuses and methods consistent with the present invention relate to home network devices, and more particularly, to providing a security service, by which, when a predetermined network device joins a network, internal network devices can be controlled within a limited authority or a limited service can be provided to the internal network devices without registering the predetermined network device.
2. Description of the Related Art
A home network includes at least two digital home devices that communicate with each other. Digital home devices include a circuit capable of processing digital data and examples thereof include a computer, a printer, a scanner, a pager, a digital camera, a facsimile, a digital duplicator, a personal digital assistant (PDA), a cellular phone, a digital telephone, a digital projector, a digital video recorder, a digital camcorder, a digital television (TV) broadcasting receiver, a set-top box, a digital refrigerator, a washing machine, a microwave oven, an electric rice cooker, a heater/cooler, illumination, a gas powered boiler, etc.
Various network devices on a home network are connected using middleware in a peer-to-peer fashion, the middleware enabling the network devices to communicate on the home network. Middleware examples include Home AV Interoperability (HAVI), Universal Plug and Play (UPnP), Java Intelligent Network Infra-structure (JINI), and LonWorks.
Network devices can be grouped into a network using middleware and each of the network devices on the network is connected to a temporary computing environment to provide various services to users according to its characteristic features.
In general, a home network system includes a control point (CP) for controlling other network devices, a controlled device (CD) for providing a specific service under the control of the CP, and a security console (SC) for providing a security service between the CP and the CD.
In an UPnP-based home network system, a CP can restrict the use of a service provided by a CD to provide a predetermined security service. More specifically, a CD stores an access control list (ACL) that includes information about an authority of a CP to access a CD or information about restrictions of an allowed service after the access. The ACL can be edited only by an SC to cause a CD to provide a designated service only to a predetermined CP.
A process of providing a security service in a conventional UPnP-based home network will be described in more detail with reference to FIG. 1.
In order for a CP to control a CD or for a CD to provide a specific service under the control of a CP within a predetermined network, information of a CP and a CD should be registered in an SC (S1000 and S2000).
Regarding the registration, when joining a predetermined network, a CP 30 generates and transmits a search message for searching for an SC 20 in operation S110.
Upon receiving the search message from the CP 30, the SC 20 generates a response message and transmits the same to the CP 30 in operation SI 20. Upon receiving the response message from the SC 20, the CP 30 generates a public key in operation S130 and transmits the same to the SC 20 in operation S140.
Upon receiving the public key from the CP 30, the SC 20 outputs the information received through a display unit (not shown). A user then selects the public key of the CP 30 to join the network from the output information and designates a name in operation S150, thereby completing the registration in the SC 20 in operation S160.
When joining a predetermined network, a CD 10 transmits a predetermined message to inform other network devices on the network of its existence in operation S210. Upon receiving the message from the CD 10, the SC 20 recognizes the CD 10 in operation S220 and requests a public key from the CD 10 as a response to the message in operation S230. Upon receiving the request for the public key from the SC 20, the CP 30 generates the public key in operation S240 and transmits the same to the SC 20 in operation S250.
Upon receiving the public key from the CP 30, the SC 20 outputs the information received through a display unit (not shown). A user then selects the public key of the CP 30 to join the network from the output information and designates a name in operation S260. The SC 20 requests control right in operation S270 and the CD 10 transmits the control right to the SC 20 in operation S280. Registration in the SC 20 is then completed in operation S290.
Upon completing the registration of the CD 10 and the CP 30 in the SC 20, a user can edit an ACL stored in the CD 10 through the SC 20 in operation S295. In other words, the public key of the registered CP 30 can be added to the ACL of the CD 10. At this time, a process of editing the ACL of the CD 10 complies with a conventional UPnP security mechanism.
Upon completing the editing of the ACL of the CD 10, the CP 30 can control the CD 10 in operation S297.
As described above, a conventional method of providing a UPnP security service is implemented by registering information of a PD and a CP in an SC.
As a result, when a new CD or CP desires to temporarily join a home network, the CD or CP should be registered in the SC. In other words, a CD or a CP (hereinafter, a guest device) whose information is not registered in an SC cannot join a network without registration.
In addition, in a conventional method of providing a UPnP security service authentication of a network device depends on an SC. As a result, when an SC does not exist or does not operate to authenticate the network device, authentication of a new network device cannot be performed.
PCT/KR01/022661 discloses a method for registering a device in a wireless home network. More specifically, when an ID code is received by an access point from a network device, an authorization key is transmitted to the network device according to a checking result, and the network device having the authorization key is registered in a home network.
However, PCT/KR01/022661 does not disclose a technique for authenticating a network device that desires to temporarily join a home network.