1. Field of the Invention
The present invention relates to a system and method for establishing a secured connection between home network devices, and more particularly, to a system and method for establishing a secured connection between home network devices, in which a virtual Universal Plug and Play (UPnP) module is generated in a home network comprising a plurality of non-secured UPnP devices and a secured connection is established between any of the non-secured UPnP devices and a secured UPnP device that wishes to participate in the home network using the virtual UPnP module.
2. Description of the Related Art
Recently, various middleware technologies have been developed to control devices connected to a network. Of the middleware technologies, UPnP and Home Audio/Video Interoperability (HAVi) provide standards prescribing data communication between devices constituting a network, thereby facilitating adding devices to the network and controlling the same. The UPnP architecture is particularly well suited for networks associated with various types of devices, such as information home appliances, wireless devices, and personal computers (PCs), to one another by a standardized method of connecting devices to one another without efforts from users, administrators or manufacturers in a network associated with a local setting such as a home or a business, etc., providing a connection to the Internet to each of the devices.
UPnP is an extension of Plug and Play (PnP) and, unlike PnP that requires a PC to control the connection of devices to a network, does not require a user to carry out any specific operations to connect devices to a network. With UPnP, a device can dynamically join a network, obtain an Internet Protocol (IP) address, convey its capabilities, and learn about the presence and capabilities of other devices (that is, operate within a zero configuration device network architecture). Devices can subsequently communicate with each other directly, thereby enabling discovery and control of devices (that is, consolidate a peer-to-peer networking).
The process involved in UPnP networking includes addressing, discovery, description, control, eventing and presentation. A device is given an appropriate address, examines a list of services that it supports using a simple service discovery protocol, and provides the service list to a control point. The control point is a controller capable of examining the states of other devices and controlling the other devices based on the examined results. Whenever the service state of the device changes, an event server transmits an event message to the control point.
The control point obtains a general description of the device from a discovery message and a Uniform Resource Locator (URL) provided by the device in order to make the device interoperable with other devices.
For a better understanding of the services provided by the device, the control point secures detailed UPnP descriptions of the services and issues a request for performing of the services to the device in order to control the device. When the state of the device changes, the device notifies the control point of a change in its state by sending an event message to the control point, and thus, the control point can smoothly control the device with reference to the event message.
As the necessity of security in home networks grows, an increasing number of secured UPnP technologies have been developed. Secured UPnP, which is UPnP providing a security function, provides various standards regarding a secured control point and a secured controlled device that allow only a secured control point having a predetermined access right to access a secured controlled device, thereby establishing a secured connection between the secured control point and the secured controlled device.
For a secured connection between a secured control point and a secured controlled device, the secured controlled device must store an access control list (ACL) specifying detailed access right settings, and the secured control point must additionally perform management procedures for setting a connection to the secured controlled device and providing security during the controlling of the secured controlled device.
In detail, the ACL includes a plurality of setting values specifying the right to access the secured controlled device, and each of the setting values includes a description of a control point to which the right to access the secured controlled device is allotted, and a list of items accessible by the control point.
The secured control point includes authentication and encryption information for establishing a connection to the secured controlled device and communicates with the secured controlled device by transmitting/receiving data encrypted using a pair of symmetric keys to/from the secured controlled device.
FIG. 1 is a flowchart illustrating a conventional method of establishing a connection between two UPnP devices, i.e., a secured control point 120 and a secured controlled device 110.
Referring to FIG. 1, the secured control point 120 discovers the secured controlled device 110 (DISCOVERY), and the secured controlled device 110 transmits its description to the secured control point 120 (DESCRIPTION). The secured control point 120 receives a public key from the secured controlled device 110 and generates a session key required for transmitting/receiving a message to/from the secured controlled device 110 using the public key. The session key is used for signing or encrypting a message.
FIG. 2 is a flowchart illustrating a conventional method of establishing a connection between a secured control point 220 and a non-secured controlled device 210.
Referring to FIG. 2, in a home network comprising the secured control point 220 and the non-secured controlled device 210, the secured control point 220 is always allowed to access the non-secured controlled device 210 without the need to receive a public key from the non-secured controlled device 210 or to generate a session key, thereby making the entire home network non-secured. In other words, the connection between the secured control point 220 and the non-secured controlled device 210 is as non-secured as a connection between a non-secured control point (not shown) and the non-secured controlled device 210.
In recent years, various types of secured UPnP devices have been developed to meet the ever-growing demand for providing security in home networks.
Ever since the development of UPnP devices, there has been a need to establish a secured network between secured UPnP devices and non-secured UPnP devices, for example, to establish a secured network where a non-secured controlled device can be securely accessed by a non-secured external control point and where a secured controlled device can be securely accessed by a secured external control point. Therefore, it is necessary develop ways to establish a secured network between secured UPnP devices and non-secured UPnP devices.