At present, the DLNA is aimed at solving the problem of interconnection and interoperability between wired networks and wireless networks including Personal Computers (PC), consumption appliances and mobile devices.
An Universal Plug and Play (UPnP) is a core part of a “digital home” network protocol set designed for ease of use, is the most pervasive mode for a device to connect a “digital home” network and a common protocol for the device to communicate through the “digital home” network, and is established on widely accepted and universally applicable Internet Protocols (IP), therefore devices from different manufacturers can work together easily, thus realizing content sharing and computing anytime and anywhere. UPnP defines an interoperating mechanism among devices from five aspects, including addressing, searching, control, eventing, and presentation.
It is specified in UPnP that, after accessing a network and obtaining an IP address, a device broadcasts a service to a control point on the network by using Simple Service Discovery Protocol (SSDP), and after the control point accesses the network and obtains the IP address, an interested device is searched on the network by applying SSDP to send a searching request. Basic information exchange in the operation above is a discovery message which only includes little information of the device, e.g. a device type, a device name, and a pointer pointing to an Extensible Markup Language (XML) device description document.
After discovering a device, the control point still learns little about information of the device. At the moment, description files of the device are needed to be found according to a Uniform Resource Locator (URL) of the device description document in the discovery message to obtain more description information from these files. There is a wide range of description information which is generally provided by the manufacturer of the device. The description information of the device includes: a control mode name and mode number, a device serial number, a manufacturer name, a manufacturer WEB URL, and embedded device or server description information and device control, device events, and an URL expressed by the device. The information is generally stored in specific XML files.
After finding device description, the control pointer will extract operations to be performed from the description and learn all services. To control a certain device, a control behavior request needs to be sent first to request the device to start a service, then a corresponding message (the control message is information in a Simple Object Access Protocol (SOAP) format in an XML file) is sent according to an URL of the device. Finally, the device will return response information indicating a service success or a service failure.
A device supporting UPnP which is in lack of a security guarantee mechanism is totally unprotected, thus any control point in the same network segment with the UPnP device is able to perform operations allowed by all service points for the device. Therefore, it is a problem to be solved to find a way to guarantee the security of the UPnP device.