×

UPnP authentication and authorization

  • US 7,882,356 B2
  • Filed: 10/13/2006
  • Issued: 02/01/2011
  • Est. Priority Date: 10/13/2006
  • Status: Active Grant
First Claim
Patent Images

1. A method for establishing a secure connection between a UPnP (Universal Plug and Play) device and a UPnP endpoint in an open network wherein the UPnP device and UPnP endpoint can dynamically join and leave said network, said method comprising:

  • receiving, by a UPnP device, a request for one or more UPnP services implemented by the UPnP device, said request being received from a UPnP endpoint via the network, said request including identification information and a digital signature associated with the UPnP endpoint, said identification information including a device model number and a serial number of the UPnP endpoint, said request further including a random number that is different for each received request, and a digital signature binding an initiator public key with said identification information;

    authenticating the UPnP endpoint by the UPnP device as a function of the received digital signature of the UPnP endpoint to verify the identity of the UPnP endpoint;

    determining, based on the received device model number and the received serial number of the UPnP endpoint, if any of the requested one or more UPnP services are compatible with the UPnP endpoint;

    authorizing, if at least one of the requested one or more UPnP services is determined to be compatible with the UPnP endpoint, the UPnP endpoint by the UPnP device to access the at least one of the requested one or more services implemented by the UPnP device;

    sending a response to the UPnP endpoint from the UPnP device indicating if the UPnP endpoint has been authenticated and authorized by the UPnP device, said response including;

    a responder message, said responder message including a responder certificate and a responder public key, said responder certificate being encrypted with the initiator public key; and

    a request identifier for matching, by the UPnP endpoint, subsequent requests from by the UPnP device to a previously successfully completed request, said request identifier being valid for a limited period of time; and

    transmitting a confirmation by the UPnP endpoint to the UPnP device that the UPnP endpoint was able to decrypt the responder certificate, said confirmation including the request identifier and a security token, said security token being a number known to the UPnP endpoint and to the UPnP device and encrypted using an encryption key derived from a shared secret generated from the random number of the received request, wherein the UPnP endpoint and the UPnP device increment the number known to the UPnP endpoint and to the UPnP device for each request and the security token is different for each request.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×