1. Field
One or more embodiments of the present invention relate to a service for easily setting up channel setup information (a remote access transport agent (RATA) profile) for remote access. More specifically, the present invention relates to a universal plug and play (UPnP) apparatus and method for providing a remote access service by inputting product identification number (PIN) information about a UPnP remote access server (RAS) device, receiving channel setup information (a RATA profile) for remote access using a WiFi protected setup (WPS) protocol, and remotely accessing the UPnP RAS device.
2. Description of the Related Art
According to the popularity of home networks, a conventional PC network-oriented environment increasingly extends to an environment including home appliances using various lower network techniques. Therefore, a home network middleware technology, such as universal plug and play (UPnP), has been proposed in order to network these home appliances in a unified manner by using an IP protocol.
The UPnP technology enables home appliances to be peer-to-peer networked on the basis of a distributed and open networking structure instead of being under centralized control.
With regard to home network middleware, in general, a UPnP device models its service as an action and a state variable, and a UPnP control point (CP) automatically discovers the UPnP device to use its service.
The UPnP device architecture version 1.0 uses distributed and open networking to discover a UPnP device via an IP multicast in the home network. However, an IP multicast service is not guaranteed to be normally provided within the range of the Internet, making it impossible to control the UPnP device via the Internet since such control of the UPnP device needs information obtained by discovering the UPnP device.
Therefore, when the UPnP device or a CP device is physically separated and far from the home network, UPnP remote access architecture has been proposed so as to allow the UPnP device or the CP device to operate normally as if both were physically in the same network. The UPnP remote access architecture defines a remote access server (RAS) device within the home network and a remote access client (RAC) device within a remote network.
One or more embodiments of the present invention include a universal plug and play (UPnP) apparatus and method for providing a remote access service by easily setting up channel setup information (a remote access transport agent (RATA) profile) for remote access.
Additional aspects will be set forth in part in the description which follows and, in part, will be apparent from the description, or may be learned by practice of the invention.
To achieve the above and/or other aspects, one or more embodiments of the present invention may include a communication method of a universal plug and play (UPnP) remote access client (RAC) device for providing a remote access service, the method comprising: receiving product identification number (PIN) information that is an identifier provided to a remote access server (RAS) device when manufactured and a uniform resource locator (URL) of the RAS device from the outside; generating WPS messages including a credential ID and remote access transport agent (RATA) capability information, which are generated based on the PIN information; encapsulating an extensible authentication protocol (EAP) packet including the WPS messages as an IP based application protocol packet; and transmitting the IP based application protocol packet to the RAS device.
The method may further comprise receiving the IP based application protocol packet including RATA profiles for remote access; decapsulating the received IP based application protocol packet as the EAP packet; extracting the WPS messages including the RATA profiles for the remote access from the EAP packet; and establishing the RATA profiles for the remote access in the RAS device.
The IP based application protocol may be a remote authentication dial-in user service (RADIUS) protocol.
The method may further comprise: generating a credential by using the PIN information; and determining a credential ID of the generated credential.
To achieve the above and/or other aspects, one or more embodiments of the present invention may include a communication method of a UPnP RAS device for providing a remote access service, the method comprising: receiving an IP based application protocol packet including a credential ID and RATA capability information from a RAC device; decapsulating the received IP based application protocol packet as an EAP packet; extracting WPS messages including the credential ID and the RATA capability information from the EAP packet; and transmitting the credential ID and the RATA capability information to a management console device that subscribes to an event in advance.
The method may further comprise: receiving RATA profiles with regard to the RAC device and the RAS device from the management console device; and establishing the RATA profiles with regard to the RAS device in the RAS device.
The method may further comprise: generating WPS messages including the RATA profile with regard to the RAC device; encapsulating the EAP packet including the WPS messages as the IP based application protocol packet; and transmitting the IP based application protocol packet to the RAC device.
The IP based application protocol may be a RADIUS protocol.
To achieve the above and/or other aspects, one or more embodiments of the present invention may include a communication method of a management console device for providing a remote access service, the method comprising: receiving a credential ID and RATA capability information of a RAC device from a RAS device that subscribes to an event in advance; generating RATA profiles with regard to the RAC device and the RAS device; and transmitting the RATA profiles with regard to the RAC device and the RAS device to the RAS device.
The management console device may be separated from or is included in the RAS device.
To achieve the above and/or other aspects, one or more embodiments of the present invention may include a computer-readable recording medium having recorded thereon a computer program for executing the method.
To achieve the above and/or other aspects, one or more embodiments of the present invention may include a UPnP RAC device for providing a remote access service, the device comprising: a user interface unit receiving PIN information that is an identifier provided to a RAS device when manufactured and a URL of the RAS device from the outside; a WPS message generation unit generating WPS messages including a credential ID and RATA capability information, which are generated based on the PIN information; a protocol encapsulation unit encapsulating an EAP packet including the WPS messages as an IP based application protocol packet; and a transmission unit transmitting the IP based application protocol packet to the RAS device.
To achieve the above and/or other aspects, one or more embodiments of the present invention may include a UPnP RAS device for providing a remote access service, the device comprising: a reception unit receiving an IP based application protocol packet including a credential ID and RATA capability information from a RAC device; a protocol decapsulation unit decapsulating the received IP based application protocol packet as an EAP packet; a WPS message extraction unit extracting WPS messages including the credential ID and the RATA capability information from the EAP packet; and a management console device transmission interface unit transmitting the credential ID and the RATA capability information to a management console device that subscribes to an event in advance.
To achieve the above and/or other aspects, one or more embodiments of the present invention may include a management console device for providing a remote access service, the device comprising: a reception unit receiving a credential ID and RATA capability information of a RAC device from a RAS device that subscribes to an event in advance; a RATA profile generation unit generating RATA profiles with regard to the RAC device and the RAS device; and a transmission unit transmitting the RATA profiles with regard to the RAC device and the RAS device to the RAS device.
These and/or other aspects will become apparent and more readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
Reference will now be made in detail to embodiments, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the like elements throughout. In this regard, the present invention may be embodied in many different forms and should not be construed as being limited to the embodiments set forth herein. Accordingly, embodiments are merely described below, by referring to the figures, to explain aspects of the present invention.
The RAS device 150 and the RAC device 110 synchronize device list information discovered in each network over a remote access transport channel (RATC) established therebetween, so that the RAC device 110 of the remote network can discover UPnP devices of the home network. Thereafter, the RAS device 150 of the home network forwards a device control message received from the RAC device 110 of the remote network to a corresponding UPnP device over the RATC.
The management console device provides parameters necessary for establishing the RATC between the RAS device 150 and the RAC device 110 in the form of a remote access transport agent (RATA) profile. The management console device matches a plurality of protocols and pieces of capability information that are to be used by RATAs of the RAS device 150 and the RAC device 110, and generates each RATA profile with regard to the RAS device 150 and the RAC device 110 based on the matching information. The RAS device 150 and the RAC device 110 establish their own RATA profiles within themselves, so that the RATC can be established between the RAS device 150 and the RAC device 110. When the RAS device 150 and the RAC device 110 are within the same network, the RATA profile may be dynamically established according to the UPnP device architecture version 1.0.
In the present embodiment, when the RAC device 110 that does not establish the RATA profile is within the remote network, the RAC device 110 receives and establishes the RATA profile from the RAS device 150 of the home network including the management console device.
In operation 121, the RAC device 110 receives product identification number (PIN) information that is an identifier provided to the RAS device 150 when manufactured and a uniform resource locator (URL) of the RAS device 150 from the outside. An RAS operates as a dynamic domain name system (DNS) client and thus the RAC device 110 may receive a domain name of the RAS device 150 form the outside instead of receiving an IP address of the RAS device 150.
In operations 122 through 127, 129, and 131, the RAC device 110 and the RAS device 150 authenticate each other by exchanging WiFi protected setup (WPS) messages (M1 through M8). The WPS messages M1 through M6 follow the Wi-Fi simple config specification. The WPS messages M1 through M8 are defined in the specification and thus a detailed description thereofwill not be repeated here.
In operations 122 and 123, the RAC device 110 transmits the WPS message M1 and receives the WPS message M2 from the RAS device 150 to exchange and authenticate a public key therebetween and generate a temporal encryption key.
In operations 124 through 127 and 129, the RAC device 110 and the RAS device 150 exchange hash values E-Hash1, E-Hash2, R-Hash1, and R-Hash2 that are generated using PIN values and random values E-S1, E-S2, R-S1, and R-S2, and authenticate whether the PIN values are identical to each other (the WPS messages M1 through M7), enabling the RAC device 110 and the RAS device 150 to authenticate each other.
In operation 128, the RAC device 110 generates a credential and a credential ID using the PIN information. The credential establishes the identity of the RAC device 110 in the form of the cryptographic key issued by the PIN information. The management console device needs the RATA capability information and the credential ID of the RAC device 110 so as to generate the RATA profile. Thus, the RAC device 110 generates the credential using the PIN information and the credential ID with regard to the generated credential.
In operation 129, the RAC device 110 generates the WPS message M7 including the credential ID and the RATA capability information and transmits the WPS message M7 to the RAS device 150.
In operation 130, the management console device included in the RAS device 150 receives the credential ID and the RATA capability information of the RAC device 110. The management console device matches the protocols and capability information that are to be used by RATAs of the RAS device 150 and the RAC device 110, and generates each RATA profile with regard to the RAS device 150 and the RAC device 110 based on the matching information.
In operation 131, the RAS device 150 establishes the RATA profile therein.
In operation 132, the RAC device 110 receives the WPS message M8 including the RATA profile with regard to the RAC device 110 from the RAS device 150.
In operation 133, the RAC device 110 establishes the RATA profile therein and establishes the RATC between the RAS device 150 and the RAC device 110 using the RATA profile.
In the present embodiment, the RATA profile may be dynamically provided to the RAC device 110 of the remote network that does not establish the RATA profile in advance in the home network including the RAS device 150 including the management console device. Therefore, the RAC device 110 receives only the PIN information and URL information of the RAS device 150 from the outside, thereby enabling an easy remote access channel setup.
Also, in the present embodiment, a WPS protocol that is used in the same physical network is extended to an IP layer protocol (for example, a remote authentication dial-in user service (RADIUS), so that devices of physically different networks can use the WPS protocol.
In operations 222 through 229, EAP packets including the WPS messages M1 through M8 are encapsulated in the RADIUS packets and are transmitted/received between the RAC device 210 and the RAS device 250.
In operations 312 through 317, 319, and 324, the RAC device 310 and the RAS device 340 authenticate each other by exchanging the WPS messages M1 through M8. The WPS messages M1 through M6 follow the Wi-Fi simple config specification. The WPS messages M1 through M8 are defined in the specification and thus a detailed description thereof will not be repeated here.
In operations 312 and 313, the RAC device 310 transmits the WPS message M1 and receives the WPS message M2 from the RAS device 340 to exchange a public key therebetween and authenticate each other and generate a temporal encryption key.
In operations 314 through 317 and 319, the RAC device 310 and the RAS device 340 exchange the WPS messages M1 through M7, and authenticate whether the PIN values are identical to each other, enabling the RAC device 310 and the RAS device 340 to authenticate each other.
In operation 318, the RAC device 310 generates a credential and a credential ID using the PIN information. The management console device 360 needs the RATA capability information and the credential ID of the RAC device 310 so as to generate a RATA profile. Thus, the RAC device 310 generates the credential using the PIN information and the credential ID with regard to the generated credential.
In operation 319, the RAC device 310 generates the WPS message M7 including the credential ID and the RATA capability information and transmits the WPS message M7 to the RAS device 340.
In operation 320, the management console device 360 receives an event message from the RAS device 340 that subscribes an event in advance (operation 361) indicting that the RAS device 340 receives the credential ID and the RATA capability information of the RAC device 310.
In operations 321 and 322, the management console device 360 receives the credential ID and the RATA capability information of the RAC device 310 through a UPnP action.
In operation 323, the management console device 360 matches protocols and capability information that are to be used by RATAs of the RAS device 340 and the RAC device 310, generates each RATA profile with regard to the RAS device 340 and the RAC device 310 based on the matching information, and transmits the RATA profiles to the RAS device 340 through the UPnP action.
In operation 324, the RAS device 340 establishes the RATA profile therein.
In operation 325, the RAC device 310 receives the WPS message M8 including the RATA profile with regard to the RAC device 310 from the RAS device 340.
In operation 326, the RAC device 310 establishes the RATA profile therein and establishes a RATC between the RAS device 340 and the RAC device 310 using the RATA profile.
In the present embodiment, the RATA profile may be dynamically provided to the RAC device 310 of the remote network that does not establish the RATA profile in advance in the home network including the RAS device 340 and the management console device 360. Therefore, the RAC device 310 receives only the PIN information and URL information of the RAS device 340 from the outside, thereby enabling an easy remote access channel setup.
Also, in the present embodiment, a WPS protocol that is used in the same physical network is extended to an IP layer protocol (for example, a RADIUS), so that devices of physically different networks can use the WPS protocol.
The user interface unit 410 receives PIN information that is an identifier provided to an RAS device when manufactured and a URL of the RAS device from the outside.
The RATA credential management unit 420 comprises a credential generating unit (not shown) that generates a credential using the PIN information and a credential ID determining unit (not shown) that determines a credential ID of the generated credential.
The WPS message generation unit 431 generates WPS messages including the credential ID and RATA capability information. The protocol encapsulation unit 433 encapsulates an EAP packet generated by using the WPS messages in an IP based application protocol. A RADIUS protocol may be the IP based application protocol packet. The transmission unit 435 transmits the IP based application protocol packet to the RAS device.
The receiving unit 475 receives the IP based application protocol packet including the RATA profile for remote access with regard to the RAC device 400. The protocol decapsulation unit 473 decapsulates from the received IP based application protocol packet, the EAP packet. The WPS message extraction unit 471 extracts the WPS messages including the RATA profile for the remote access from the EAP packet.
The RATA profile configuration unit 450 establishes the RATA profile for the remote access in the RAC device 400. Thereafter, the RAC device 400 establishes a RATC With the RAS device using the RATA profile.
The receiving unit 575 receives an IP based application protocol packet including a credential ID and RATA capability information from a RAC device. The protocol decapsulation unit 573 decapsulates from the received IP based application protocol packet, an EAP packet. A RADIUS protocol may be the IP based application protocol. The WPS message extraction unit 571 extracts WPS messages including the credential ID and the RATA capability information for the remote access from the EAP packet.
The management console device interface unit 510 comprises a management console device transmission interfacing unit (not shown) that transmits the credential ID and the RATA capability information to a management console device that subscribes to an event in advance and a management console device receiving interfacing unit (not shown) that receives RATA profiles with regard to the RAC device and the RAS device 500 from the management console device.
The RATA profile configuration unit 520 establishes the RATA profiles with regard to the RAS device 500 in the RAS device 500.
The WPS message generation unit 531 generates WPS messages including the RATA profile with regard to the RAC device. The protocol encapsulation unit 533 encapsulates the EAP packet generated by using the WPS messages as the IP based application protocol packet. The transmission unit 535 transmits the IP based application protocol packet to the RAC device.
Meanwhile, the management console device 600 may be physically separate from or may be included in the RAS device.
In addition to the above described embodiments, embodiments of the present invention can also be implemented through computer readable code/instructions in/on a medium, e.g., a computer readable medium, to control at least one processing element to implement any above described embodiment. The medium can correspond to any medium/media permitting the storage and/or transmission of the computer readable code.
The computer readable code can be recorded/transferred on a medium in a variety of ways, with examples of the medium including recording media, such as magnetic storage media (e.g., ROM, floppy disks, hard disks, etc.) and optical recording media (e.g., CD-ROMs, or DVDs). In other exemplary embodiments, the medium may include transmission media such as media carrying or including carrier waves, as well as elements of the Internet. Thus, the medium may be such a defined and measurable structure including or carrying a signal or information, such as a device carrying a bitstream according to embodiments of the present invention.
While aspects of the present invention have been particularly shown and described with reference to differing embodiments thereof, it should be understood that these exemplary embodiments should be considered in a descriptive sense only and not for purposes of limitation. Descriptions of features or aspects within each embodiment should typically be considered as available for other similar features or aspects in the remaining embodiments.
Thus, although a few embodiments have been shown and described, it would be appreciated by those of ordinary skill in the art that changes may be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the claims and their equivalents.
Number | Date | Country | Kind |
---|---|---|---|
10-2008-0084049 | Aug 2008 | KR | national |
This application claims the benefit of U.S. Provisional Application No. 61/038,113 filed on Mar. 20, 2008 in the USPTO and Korean Patent Application No. 10-2008-0084049, filed on Aug. 27, 2008, in the Korean Intellectual Property Office, the disclosures of which are incorporated herein in their entirety by reference.
Number | Date | Country | |
---|---|---|---|
61038113 | Mar 2008 | US |