Universal Plug and Play (UPnP) is increasing in importance as a standard for private area networking such as home networking. UPnP, however, does not account for remote access to devices in a private area network over other networks such as the Internet or another private area network.
Due to the physical limitations of wire and wireless connectivity bandwidth, the UPnP forum has also defined the Quality of Service (QoS) architecture for UPnP as described in UPnP QoS Architecture 1:0, for UPnP Version 1.0, by Daryl Hlasny et al., Mar. 10, 2005, incorporated herein by reference. The QoS architecture is used to provide a network quality of service in a private area network such as a local area network, wherein streams flowing in the local area network can have different treatments based on the stream classification. There are two important services in UPnP QoS architecture. The first is a QoSManager for setting up a QoS parameter for a stream from a source device to a sink device, including any devices in the path of the stream. The UPnP QoSManager includes a QoSManager service and a QoS management. A QoSManager service is a standard UPnP service in terms of a control point issuing a control command to the QoSManager service, wherein the QoSManager service responds to the control request. The QoS management acts as a UPnP control point by issuing QoS related commands to the UPnP devices directly in order to reserve and manage the QoS for each device. A QoSDevice is a service that responds to the QoSManager's request for the device's QoS capabilities, current QoS status, etc.
The Internet enables devices to be connected essentially anywhere at anytime. Utilizing the Internet, users desire to access content/services in private networks such as a home network, and control devices and services in such networks from anywhere (e.g., remotely) and at anytime. There are two types of remote access. The first type involves a remote device directly connecting to the private network including a gateway, via a secured link (e.g., a VPN connection). The gateway can be configured such that the remote device that connects to the private network via the secured link becomes a part of the private network (e.g., the remote device is temporarily assigned a private IP address such that it can communicate with other devices in the network via UDP and/or TCP communication directly).
The second type of remote access is to allow devices in one private network to connect to devices in another private network via a secured link (e.g., VPN). This is typically achieved by setting up a secured link between gateways in the two networks such that a gateway that initializes the secured link is temporarily assigned a private IP address by the other gateway. As a result, a gateway in one network can reach any device in the other network. In both cases, if the secured link is configured in such a way such that every device in a network can be reached by other devices locally or remotely, the current UPnP QoS architecture suffices. In essence, if a QoSManager (residing on a local network or a remote network reachable via the secured link) is to setup a QoS path from a source device to a sink device (regardless of the location of the sink and/or source), as long as the devices are reachable by the QoSManager, the QoSManager can issue commands to the devices to find a path between them. For each device on the path (including the source device and the sink device), the QoSManager can obtain the QoS capability of each device and setup a QoS parameter for the entire path. If the stream flows over the secured link, the QoSManager knows that there is a point-to-point link between the devices at the ends of the stream. The QoSManager can set up the QoS parameters on the devices on both ends of the secured link. The QoS Device services on these devices pass the request to the layer 2 (L2) interface, and set up the QoS accordingly (e.g., MPLS QoS, IPSec QoS, and etc.).
In the case of remote access, security must also be considered. For example, if a homeowner's own mobile device establishes a secured link back to the homeowner's home network, the homeowner would desire to “see” and control all available devices in the home network. However, if a guest's mobile device establishes a secured link to a home network, the homeowner would desire to control what devices, services and contents can be “seen” or controlled by the guest. The same security concern applies to a home-to-home scenario, where a home gateway establishes a secured link to a remote home network, such that the remote home network's owner desires to control which devices, services and contents can be seen by the guest.
As such, for security reasons, requests for devices, services and contents must be screened before they reach targets. Further, responses from devices, services, and contents must be also screened before they reach requesters. However, if devices in a private network are directly reachable by a UPnP control point on the Internet and/or in another private network via a secured link, such screening function cannot be applied because the IP forwarding does not analyze the payload of IP packets.
Conventional UPnP QoS architecture suffice for remote accessing of a private network (e.g., a home network) if the secured link enables direct reachability of every device in the private network. However, such QoS architecture breaks down if security must be enforced, because the QoSManager cannot obtain QoS capabilities from the involved devices, and cannot set QoS parameters on the devices. There is, therefore, a need for a method and system for QoS control for access to UPnP devices. There is also a need for such a method and system to provide QoS control for secure access to UPnP devices.