throbber
UPnPT
`
`Des
`
`A Software Developer‘
`
`ign by Example
`I Plug and Play
`
`ide to Universe
`
`sGu
`
`M ichael Jeron rs; '
`
`imo and Jack Weast
`
`,8
`
`77w
`0,0
`1%
`.3,
`-:
`.m.
`ngr
`Eng
`meersb
`
`Ce
`
`Page 1 of 109
`
`LG EXHIBIT 1009
`
`Page 1 of 109
`
`LG EXHIBIT 1009
`
`

`

`
`
`A Software Developer’s Guide
`to Universal Plug and Play
`
`Michaei Jeronimo
`Jack Weosf
`
`
`INTEL
`
`PRESS
`
`Page 2 of 109
`
`Page 2 of 109
`
`

`

`Copyright © 2003 lntel Corporation. All rights reserved.
`lSBN 0-9717861-1-9
`
`No part of this publication may be reproduced, stored in a retrieval system or trans
`mitted in any form or by any means, electronic, mechanical, photocopying, recording,
`scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976
`United States Copyright Act, without either the prior written permission of the Pub-
`lisher or authorization through payment of the appropriate per-copy fee to the Copy-
`right Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750—8400,
`fax (978) 750—4744. Requests to the Publisher for permission should be addressed to
`the Publisher,
`lntel Press,
`lntel Corporation, 2111 NE 25th Avenue JF3~330, Hills-
`boro, OR 97124-5961. Email: intelpress@intel.com.
`
`This publication is designed to provide accurate and authoritative information in
`regard to the subject matter covered. it is sold with the understanding that the pub-
`lisher is not engaged in professional services. if professional advice or other expert
`assistance is required, the services of a competent professional person should be
`sought.
`
`trademarks,
`lntel Corporation may have patents or pending patent applications,
`copyrights, or other intellectual property rights that relate to the presented subject
`matter. The turnishing of documents and other materials and information does not
`provide any license, express or implied, by estoppel or otherwise, to any such pat»
`ents, trademarks, copyrights, or other intellectual property rights.
`
`lntel may make changes to specifications, product descriptions, and plans at any
`time, without notice.
`
`Fictitious names of companies, products, people, characters, and/or data mentioned
`herein are not intended to represent any real individual, company, product, or event.
`
`lntel products are not intended for use in medical, lite-saving, life—sustaining, critical
`control, or safety systems, or for use in nuclear facility applications.
`
`lntel and Pentium are registered trademarks of lntel Corporation.
`
`t Other names and brands may be claimed as the property of others.
`
`This book is printed on acid-free paper.
`
`Publisher: Richard Bowles
`
`Editor: David J. Clark
`
`Managing Editor: David B. Spencer
`
`Content Manager: Stuart Goldstein
`
`Text Design: Marianne Phelps
`
`Composition: Octal Publishing, incorporated
`
`Graphic Art: Donna Lawless (illustrations), Ted Cyrek (cover)
`
`Printed in the United States of America
`
`10 9 8 7 6 5 4 3 2 1
`
`First printing, April 2003
`
`Page 3 of 109
`
`Page 3 of 109
`
`

`

`To fenni. Thanks for believing in me. I appreciate your patience, sup-
`port, encouragement, and sacrifice during the many months it took
`to write this book.
`
`To Matty, Sean, and Portia. Thanksfor keeping me smiling. You ’re
`the best bunch of hefialumps a dad could have. ®
`To Jan andJohn (Nana and Papa). Thanks for taking care of the
`leids during those Sunday afternoon writing sessions andfor provid—
`ing a home away from home.
`
`—Michael
`
`To Papa. The original Weast engineer who started it all; it is your life
`story that has taught me the value of hard work and dedication
`against even the greatest q‘ odds.
`To Aaron, whose natural ability to do everything better than your
`older brother continues to provide inspiration and drive for my own
`success.
`
`-—]adc
`
`Page 4 of 109
`
`Page 4 of 109
`
`

`

`
`
`a“?
`
`
`
`Page 5 of 109
`
`Page 5 of 109
`
`

`

`5 Chapter
`
`It Just Works
`
`It’s kind offun to do the impossible.
`
`~Walt Disney
`
`eople expect that when they bring a television or DVD player
`home, they can just plug it in, hook up a few cables, and the device
`will “just work.” These devices perform their functions well and are easy
`for consumers to install. PC peripherals, on the other hand, have not
`been as easy to install. Users must be concerned with gory details such
`as device drivers to get devices to work properly. Recently, Universal
`
`Serial Bus (USB) and Plug~and~Play have improved the situation for PC
`peripherals so that devices can now be automatically detected and
`
`device drivers automatically installed. But networked devices, such as
`an Internet gateway or a networked printer, still require complicated
`manual setup and configuration.
`a
`The UPnP1 standard brings the PC peripheral Plug-and—Play concept
`to the home network, with the same ease of use and automatic configu-
`ration that users have come to expect with Plug-and—Play devices. Just
`
`1 UPnP is a certification mark of the UPnP Implementers Corporation,
`
`Page 6 of 109
`
`Page 6 of 109
`
`

`

`
`
`UPnP Design by Example
`
`as devices can be plugged into the PC and automatically detected and
`
`configured, consumers of home networking equipment can now easily
`add UPnP devices to their home networks and have them just work.
`
`
`
`Why the EM? Standard?
`
`When USB devices are plugged into a PC they are automatically
`detected by the operating system, which loads the appropriate software
`and makes the device available for applications to use.This automatic
`
`detection and configuration of devices makes it easy for the end user to
`‘ add and use new devices.
`Similar to a PC and its peripherals, there are various home network~
`ing devices, such as an Internet gateway or a networked printer, that
`the user may wish to connect to the local network. However, these
`
`devices usually require an administrator to configure them before they
`can he used. The difficulty of configuring home networking equipment
`
`has been a problem for consumers and a barrier to the adoption of
`home networking. With UPnP, users can add devices to the home net-
`
`work Without installing drivers or configuring the devices before using
`them.
`
`
`
`The Foundation for Home Networking
`
`UPnP technology, along with other emerging technologies such as wire-
`
`less networking and high-speed Internet connections, is transforming
`the home. Many devices, such as digital televisions and home audio
`
`equipment, are becoming UPnP technology-ambled. In time, other
`existing networks in the home, such as the power line, home entertain-
`ment, and telephone networks, will have bridging software that auto-
`matically makes devices on those networks appear as UPnP devices.The
`result will be a single, logical network of UPnP devices—a kind of
`
`“digital home platform” for entertainment, home automation, and other
`kinds of applications, as shown in Figure 1.1.
`
`Page 7 of 109
`
`Page 7 of 109
`
`

`

`
`Chapter 1: ”Just Works E 5
`
`
`
`
`Use devices
`
`
`UPnP network of devices
`
`
`
`
`
`
`
`Communications
`Power Line
`Entertainment
`Data
`Network
`Network
`Network
`Network
`
`
`Figure 1.! UPnP Technology Is the Foundation for Home Networking
`
`
`
`What Is the UPnP Standard?
`
`The UPnP architecture is designed to connect networked devices, such
`
`as PCs, entertainment equipment, and intelligent appliances. It defines a
`base set of standards for all devices to adhere to and conventions for
`
`describing devices and the services they provide.
`The UPnP architecture leverages existing standards such as TCP/IP,
`HTTP, and XML instead of inventing new underlying mechanismsThe
`architecture consists of a set of standardized protocols that each UPnP
`technology-enabled device implements to provide for discovery, con-
`trol, and data transfer between UPnP devices. UPnP technology can be
`
`‘
`
`supported on any common operating system or hardware platform, and
`it works with almost any type of physical networking media—wired or
`Wireless~providing maximum user and developer choice.
`The UPnP architecture provides:
`
`E Device Connectivity. The UPnP architecture defines the protocols
`for devices to interact with other devices. UPnP devices can join
`and leave the network transparently, advertise their services, dis-
`cover other devices and services, send events, and control other
`devices.
`
`Page 8 of 109
`
`Page 8 of 109
`
`

`

`
`
`UPnP Design by Example
`
`g AaJ-Ioc Networking. UPnP devices can come together to form a
`network dynamically, without the need for dedicated networking
`infrastructure services, such as a server to manage address assign-
`
`ment. These ad~boc networks are created on—the~fly and enable
`device connectivity without manual configuration.
`
`Zero-Configuration Networks. The UPnP architecture supports
`zero~configuration networking where the user is not required to
`
`configure devices before they are used on the networkThe non~
`technical user will find it simple to add and use devices.
`
`Standards-Based Architecture. The UPnP architecture is based on
`
`open standards, including a foundation of existing and proposed
`standard Internet Engineering Task Force (IETF) and World Wide
`Web Consortium (W3C) protocols such as IP, TCP, UDP, HTTP,
`XML, and SOAP. Leveraging existing Internet—based technologies
`simplifies the design of UPnP devices.
`
`Platform Independence. The UPnP architecture is primarily a set
`of protocols and is not an API definition. The UPnP architecture
`keeps the implementation of the protocols private and does not
`require vendors to develop their implementations on any specific
`operating system,
`language, or hardware. With this approach, '
`
`UPnP devices can be developed on any platformwa desirable trait
`in a network full of devices from many vendors, including con-
`
`sumer electronics companies.
`
`Media and Device Independence. UPnP technology can run on
`any medium for which there is an IP stack, including phone lines,
`power lines, Ethernet, RF, and IEEE 1394.
`
`Programmatic and Manual Device Control. The UPnP architec~
`ture enables applications to programmatically control home net-
`working devices. In addition, users can manually control devices
`using the device’s browser-based administrative interface.
`:
`
`
`
`User Stenurios
`
`Many futuristic automation scenarios can be developed using UPnP
`devices. Here are a couple of examples that illustrate the power and
`flexibility of UPnP technology in the home of the future.
`
`Page 9 of 109
`
`Page 9 of 109
`
`

`

`Chopierl: ltjustW'orks E 7
`
`Watching ti movie
`
`Arriving home after a long day at work, George decides to watch a
`movie. He happens to be in the kitchen getting a glass of juice from the
`fridge, so he calls up a list of recent movies on the screen near to him
`on the kitchen counter. George checks out some previews and then
`selects the movie to watchfl‘he movie selectiont program turns on the
`home theater system and automatically starts the movie.The controlling
`program also dims the lights and adjusts the volume of the speakers. Set-
`
`tling in, George watches the movie for a whileTwenty minutes later, an
`alert pops up on the home theater screen indicating activity in the front
`yard. George puts the porch camera on the screen and sees the local
`
`pizza delivery man walking up the path to his door, delivering the pizza
`ordered earlier. George meets the delivery man at the door, takes the
`
`pizza, pays him, including a generous tip, and returns to the home the-
`ater room. Some time after the delivery man leaves, the kitchen lights
`and porch lights turn themselves off to conserve energy, having not
`detected any motion.
`
`Heme Maintenance
`
`Every New Year’s Day, Shannon does home maintenance.With her wire-
`less PDA in hand, she walks through her house, examining the status of
`various systems and devices.The PDA displays the list of systems to be
`inspected in the house and tells Shannon what to look for, displaying
`instructions and pictures as needed.
`Shannon starts in the garage with the water heater. She uses her PDA
`to view the operational parameters of the water heater. Using that infor-
`mation, she optimizes the heater’s energy use, updating the heater’s set—
`tings to monitor activity over a period of time and anticipate peak loads
`
`and off periods.
`Shannon moves on to the kitchen where she uses the PDA to review
`
`the state of the dishwasher and the refrigerator. The dishwasher hasn’t
`
`been working very well lately, so she uses the PDA to invoke the dish-
`washer’s self-test.The test doesn’t turn up any problems, so she calls up
`
`the dishwasher manual.The manual has a troubleshooting section that
`
`Shannon reads to find out what might be the problem. Shannon doesn’t
`
`find any answers, so she uses the FDA to send an e-mail message to the
`manufacturer explaining the problem.
`Shannon continues through the house, inspecting, calibrating, and
`making notes of things that she needs to buy for the house. She eventu—
`ally completes this year’s maintenance inspection and goes to the store
`
`to pick up the items she needs.
`
`Page 10 of 109
`
`Page 10 of 109
`
`

`

`
`
`UPnP Design by Example
`
`Key Themes
`
`With a little playful daydreaming, you can probably envision many more
`scenarios like these that simplify life in the home, limited only by your
`imagination. Some key themes appear in many of the scenarios, such as
`automation, where devices automatically respond to events generated
`
`from other devices, and convenience, where the user is able to easily
`accomplish tasks.While the scenarios seem futuristic, one thing is cer—
`tain—«having a standard, open platform for home networking will
`inspire creativity. The UPnP standard is the underlying technology to
`help make scenarios like these real.
`Let’s take a step back from the future now and take a look at the
`UPnP Forum, the organization responsible for the UPnP standards.
`
`
`
`The UPnP Forum
`
`Microsoft Corporation introduced the UPnP initiative at the Consumer
`Electronics Show in January of 1999. The initiative was originally
`supported by companies such as Microsoft, Intel, Hewlett~Packard,
`Compaq, Dell, and many others, and was considered the next phase of
`the Plug—and—Play initiative introduced by Intel, Compaq, and Microsoft
`in 1992.
`
`To guide the creation of the standards, a cross~industry group, the
`UPnP Forum, was createdToday, the Forum consists of more than 550
`
`companies, including industry leaders in consumer electronics, comput
`ing, home automation, home security, appliances, printing, photography,
`
`computer networking, and mobile products.
`The primary activities of the UPnP Forum include:
`
`3 Defining device standards based on the UPnP architecture
`
`3 Providing for the certification of devices
`
`E Facilitating joint member promotion of UPnP
`
`Device descriptions are XML documents, based on a device description
`document schema, that describe a particular kind of device. By defining
`and publishing UPnP device descriptions, members of the UPnP Forum
`create standard building blocks for home networking. The standards
`defined by the UPnP Forum are platform—neutral. Membership and par~
`ticipation in the design of device schema templates are open to any
`member companies. Companies interested in standardizing particular
`device classes are encouraged to join the UPnP Forum and participate in
`working committees to design schema templates. for their devices.
`
`Page 11 of 109
`
`Page 11 of 109
`
`

`

`Chopierl: liJusi Works a 9
`
`Vendors can implement devices that conform to these standards, but
`they must then demonstrate that their devices pass the tests in order to
`
`receive a logo for their device.The UPnP Forum provides the means for
`vendors to certify their devices.
`The UPnP Forum also seeks to promote the UPnP standard in the
`industry and with the general public. It provides a framework for com-
`panies to get together and define building block standards: both techni-
`cal standards, like the UPnP architecture, and legal standards, such as a
`
`broadly signed and carefully scoped joint development agreement.
`These technical and marketing objectives are pursued to advance the
`entire home networking industry.
`
`A Brief History of UPnP
`
`The core UPnP architecture was originally developed by Microsoft and
`contributed to the UPnP Forum in the form of the \UPnP Device Archi-
`
`tecture specification. The specification was approved by UPnP Forum
`Technical Committee on June 13, 2000. Version 1 of the specification
`enumerates the UPnP core protocols and establishes the foundation that
`working committees use to develop their specific devices.
`
`Table 1.1 gives a timeline of activity in the UPnP Forum.
`
`Table 1.1 UPnP Timeline '
`
`
`
`Date Event
`
`1/99
`
`UPnP standard publicly announced
`
`
`10/99 UPnP :orum officially formed
`
`6/00
`
`UPnP version 1 architecture finalized
`
`6/00 Microsoft Windowsl ME with UPnP version 1 support ships ‘
`
`7/00
`
`intel’s open source UPnP SDK released
`
`5/01
`
`UPnP version 1 ‘toolkits announced
`
`10/01 Microsoft Windows XP with UPnP version 1 support ships
`
`11/01
`
`First UPnP device standard published
`
`12/01
`
`First UPnP-enabied devices ship
`
`1/02 Microsoft Windows CE with UPnP version 1 support ships
`
`Page 12 of 109
`
`Page 12 of 109
`
`

`

` UPnF Design by Example
`
`
`
`The Committees oi the We? Eaten:
`
`The UPnP Forum consists of four organizational elementsThree are per-
`
`manent committees: the Steering Committee, the Technical Committee,
`and. the Marketing CommitteeThe fourth is a set of Working Commit-
`tees formed as needed by participants to define standard device types.
`
`Steering Committee
`
`The UPnP Steering Committee is the high—level directing body of the
`UPnP Forum. It has about 20 members from various companies, includ-
`ing Microsoft. The composition of the Steering Committee can change
`over time as new members are addedThe Steering Committee provides
`business leadership and makes decisions for the UPnP Forum. As the
`organization’s management team, the Steering Committee oversees the
`working committees for defining device descriptions (DCPs). The Steer-
`ing Committee launched a separate company, the UPnP Implementer’s
`Corporation (UIC), responsible for the certification of devices.
`
`Technical Committee
`
`The UPnP Technical Committee is a group of technical representatives
`
`from various companies who process technical issues from working
`committees. The Technical Committee reviews these issues and pro-
`
`duces architectural requirements. They are responsible for the “big
`picture ” technically for the UPnP standard.
`
`Marketing Committee
`
`The UPnP Marketing Committee undertakes joint member promotion of
`the UPnP standard, including representing the UPnP Forum at industry
`trade shows.
`
`Working Committees
`
`The nitty—gritty technical work gets done in the Working Committees
`of the UPnP Forum. These groups define the device descriptions that
`describe the interfaces that
`the device provides to the network.
`The working committees define the syntax and semantics of a particular
`device type so that implementations of that device type will be inter—
`changeable.
`
`Page 13 of 109
`
`Page 13 of 109
`
`

`

`Chapter it ”Just Works E H
`
`To start a new working committee in the UPnP Forum, members
`
`must first make a proposal to the UPnP Steering Committee.The pro-
`
`posal consists of a set of user scenarios to demonstrate the usefulness of
`the new device type, a schedule of the proposed work, and a commit-
`ment from three independent groups to implement the device type.
`Having multiple independent implementations demonstrates interoper—
`ability of the new device type standardThe group is formed with a par-
`ticular charter, expressed as a set of objectives to be accomplished.
`Once the group satisfies their Charter, its work is complete and the
`group is disbanded. If the group decides to continue work on a sub—
`
`sequent version of the device type, the group must be re—chartered and
`meet the same requirements as any other new group to be chartered.
`This process is summarized in Figure 1.2.
`
`
`Working
`
`
`Committee
`Process
`
`
`
`
`
` Proposal
`“
`
`‘
`
`Yes
`
`OK’C/ by Steering
`Committee?
`
`
`
`
`Working
`
`
`Committee
`Chartered
` 45-day
`
`Review Period
`
`WC Creates
`Device and
`Service
`Descriptions
`
`1 _
`
`Pass Final
`. 7
`i so AUd!
`
`
`
`Approved
`Standard
`
`
`
`Figure L2 Standardization Process Flowchart for UPnP Device Descriptions
`
`Page 14 of 109
`
`Page 14 of 109
`
`

`

` UPnP Design by Example
`
`All working committees follow the same basic timelineThe working
`
`committee members first collaborate to design the device description.
`This process usually involves weekly conference calls and periodic face-
`to—face meetings as the group’s members work through the issues with
`the design for the device type. Once the device description is com~
`pletely designed, test suite development can begin. Sample implementa~
`tions are typically developed, tracking the development of the standard.
`Once the test suites are finalized, the implementations can be validated.
`
`Working committees often gather for interoperability events to test their
`independent implementations against one another. After the implemen-
`tations pass the test suites, the standard moves to the Steering Committee
`for a final audit. Upon passing this audit, the standard goes into a 45—day
`review period. At the close of this period, it becomes an approved
`standard of the UPnP Forum. Figure 1.2 illustrates the standardization
`process followed by working committees of the UPnP Forum.
`
`
`
`Currently, the UPnP Forum has many working committees, including
`
`Internet Gateways, Audio/Video, Home Automation, Printers and
`Imaging, Remote I/O, and Security. The committees are formed to meet
`specific objectives and then are disbanded when their work is done.
`They are often re~chartered to meet new objectives, but must meet the
`same criteria as a new working committee, including commitment from
`
`Page 15 of 109
`
`Page 15 of 109
`
`

`

`Chopterl: ltJUSiWorks E 13
`
`three independent groups to implement the device type. For a list of
`committees at any give time, visit the UPnP Forum web site at http://
`www.upnp.org.
`
`
`
`Security and the UPnP Arthiteciure
`
`UPnP technology helps to make networking automatic—people will
`bring home networking devices, turn them on, and have them just
`work, with no technical expertise required. One potential impediment
`
`to this vision, however, is the need for security. There is a trade-off
`between security and ease of use. Implementing security tends to
`
`require administration-setting up passwords, defining access control
`lists, and so on—which gets the user involved again and makes the pro~
`cess of using networked devices less automatic.
`In version I of the UPnP architecture, there is no built~in security: All
`UPnP devices on the network can be controlled by any control points.
`Recently though, a new working committee of the UPnP Forum has
`been established that is developing a standard security infrastructure
`compatible with current and future versions of the UPnP architecture.
`
`Ihe UPnP Security Working Committee
`
`The UPnP architecture enables simple networking in the home and
`small office. “Home and small office” can include many different set
`tings, from single~family homes, apartments, college dorms, and hotel
`
`rooms to a local coffee shop providing wireless Internet access for its
`customers. UPnP devices will enter and leave these dynamic network
`environments and, as always, unscrupulous people will look for oppor~
`tunities to take advantage of a lack of security.
`The UPnP Security working committee is a new group in the UPnP
`Forum that has been chartered to provide a security solution for the
`UPnP architecture that will be common to all device types. The Security
`working committee includes members from Intel, Microsoft, Siemens,
`IBM, Sony, and others. In early 2001, the group specified the require-
`ments for a UPnP security solution and defined the user scenarios it
`
`intends to support.
`Securing the UPnP architecture may eventually expand the use of
`UPnP technology to new fields, such as providing high—value services.
`The security solution developed by the working committee will give
`users choice and control over their network, but will introduce an
`
`Page 16 of 109
`
`Page 16 of 109
`
`

`

` UPnP Design by Example
`
`inevitable trade~offz security with configuration versus no security with
`
`no configuration.The group will undoubtedly try to strike a balance and
`minimize the configuration required in its security solution.
`
`Requirements of the Security Solution
`
`The UPnP security solution will use standard encryption and digital
`signature algorithms to protect all of the UPnP protocols. It will include
`a powerful trust model with non-public key infrastructure authorization
`certificates, avoiding the heavy infrastructure requirements associated
`with public key infrastructure (PKI) solutions. It will also be sensitive to
`the processing capabilities likely to be found on networking devices
`and will require only moderate processing power to implement.
`
`The UPnP Security working committee will introduce security con—
`cepts to the basic UPnP architectureThese additions will likely include
`
`principals, permissions, authorization certificates, and access control
`lists. In addition, the Security working committee will also specify how
`to secure the basic UPnP protocols, including discovery, control, event-
`ing, and presentation. For example, digital signatures and encryption
`will be used to maintain confidentiality and to enforce any access con-
`
`trol policy.
`
`The SSDP Service Bug
`
`Even with a system that has been designed to be secure, security vulner—
`abilities can arise from weaknesses in the implementationThese vulner~
`abilities can result in denial-of—service attacks, preventing systems from
`being able to offer their services, or provide on opening for an intruder
`to gain unauthorized access. Microsoft Windows ME and Windows XP
`
`contain an implementation of the UPnP protocols and a corresponding
`API that allows developers to create UPnP control points and devices.
`Microsoft’s Internet Gateway implementation, for example, uses this
`API to provide the services required of a UPnP Internet Gateway device.
`Unfortunately, there were two bugs discovered with the implementa—
`tion of the UPnP protocols shipped with these operating systems2
`(which since have been fixed with subsequent service packs). Both
`bugs involve how UPnP technology-capable computers handle the dis-
`covery of new UPnP devices on the network.
`
`2 The bugs are also present on Windows 98 and Windows 988E systems that have the Internet
`Connection Sharing client installed.
`
`Page 17 of 109
`
`Page 17 of 109
`
`

`

`Chapter 1: ltJustorks E 15
`
`The first bug is an unchecked buffer in the implementation of the
`Simple Service Discovery Protocol (SSDP). When the SSDP service
`receives a message from a device that has joined the network, the code
`processing the messages does not check the input for length. An
`unchecked buffer, one of the most common and most serious of imple-
`mentation flaws, allows an attacker to provide more data on an input
`channel (an SSDP socket in this case) than is expected, overwriting the
`program stack and allowing the attacker to run any arbitrary code in the
`context of the application. In this case, the attacker could cause code to
`be run in the context of the SSDP service, which has system privileges
`on Windows XP.
`
`The bug’s official title was: “Unchecked Buffer in Universal Plug and
`
`Play Can Lead to System Compromise” and was documented in
`Microsoft Security Bulletin MSOl—059, which was originally posted on
`December 20, 2001, at the following URL:
`
`http : //www.m'i crosoft . com/technet/t reevi ew/
`default . asp?u H =/ | technet/secu r1“ ty/bul l eti n/M501~@59 . asp.
`
`The second bug introduced by the implementation of the SSDP service
`
`provides an opportunity for attackers to use the service to perform two
`kinds of denial-of—service attacksma distributed denial-of-service attack
`
`where many hosts simultaneously request a device description docu-
`
`ment from a single host, and a simple denial-of—service attack where
`many devices may simultaneously request a device description from a
`single host. The details of these attacks are contained in the Security
`Bulletin.
`
` The UPnP lmplementer’s Corporation
`
`The UPnP Implementer’s Corporation (UIC) is an independent non—
`profit corporation created by the UPnP Steering Committee that admin-
`isters the UPnP device certification process.
`The UIC owns and licenses the UPnP certification mark. Companies
`with devices that pass conformance tests may license the UPnP logo
`for use with their deviceThe UIC licenses conformance tests to UIC mem-
`
`bers, reviews test results, and issues certificates of conformity to
`devices that pass the tests.The UIC tests cover the device-dependent
`features specified in the UPnP device standard and the device-
`independent features specified in the UPnP version 1.0 architecture.
`
`Page 18 of 109
`
`Page 18 of 109
`
`

`

`'35 g UPnP Design by Example
`
`
`
`Summary
`
`
`
`The UPnP standard helps to reduce complexity and simplify home
`networking for the end user.
`
`UPnP technology—based products “just work” when they are con—
`nected to the network.
`
`The UPnP architecture is the unifying device abstraction layer for
`
`the home of the future, with proxies and bridges spanning to
`other networks in the home, such as the power line, telephone
`line, and home entertainment networks.
`
`With the UPnP architecture, the same kind of open, standard
`
`design target we have enjoyed with PC peripherals is coming to
`the home networking platform.
`
`UPnP standards will allow devices from different vendors to inter~
`
`operate.
`
`UPnP Forum working committees define standard XML-based
`
`device and service types that devices may implement.
`
`Work has begun in the Security working committee of the UPnP
`Forum to define a security solution for the current and any future
`versions of the UPnP architecture.
`
`Page 19 of 109
`
`Page 19 of 109
`
`

`

` Chapter
`
`
`
`The mother art is architecture. Without an architecture of
`our own we have no soul of our own civilization.
`
`“Frank Lloyd Wright
`
`here are a few basic concepts introduced. by the UPnP architecture.
`This Chapter introduces these concepts and the underlying UPnP
`object model, describing each of the different UPnP entities and their
`corresponding roles and responsibilities. Once you understand this basic
`object model, you will see some of the common activities that occur on
`a network of UPnP devices, activities that form the building blocks for
`
`futuristic scenarios like those in the previous chapter. The chapter then
`delves a bit further into UPnP technology, reviewing the UPnP protocol
`stack and giving a quick overview of each protocol that is part of the
`UPnP device architecture.
`
` Terminology
`
`Devices, services, and control points are the basic abstractions of the
`UPnP device architecture. A UPnP device can be any entity on the net-
`work that implements the protocols required by the UPnP architecture.
`Because UPnP standardizes the protocols through which a device
`
`17
`
`Page 20 of 109
`
`Page 20 of 109
`
`

`

`
`
`UPnP Design by Example
`
`communicates rather than the‘APIs that a programmer uses, any entity
`that behaves as a UPnP device by speaking the required protocols is a
`UPnP deviceThus, a device either can be a dedicated physical device,
`such as an Internet gateway, or a logical device, such as a PC, that has
`
`implemented the functionality required of an Internet gateway
`A UPnP device contains zero or more services. A service is a unit of
`
`functionality implemented by a device. Each service has a set of meth~
`ods, or actions, each with a set of optional input and output parameters
`and an optional return ‘value, much like a function in the C program~
`ming languageThe specifics of a service, as defined by a UPnP Forum
`working committee, define each action in detail, listing its required
`input and output parameters and Whether the action returns a value.
`
`
`
`The services that a device must implement are determined by the
`
`device’s type.The working committees of the UPnP Forum standardize
`the set of services that particular device types must support. 1 For exam-
`ple, an audio rendering device, such as a CD player, might have a
`service that provides the ability to play, stop, and pause audio content.
`A controlpoz’nt is an entity on the network that works with the func-
`
`tionality provided by a device. In the terminology of client/server com-
`puting, the control point is the client and the device is the server.
`Control points can invoke actions on services, providing any required
`input parameters and receiving any output parameters and possibly a
`return value. Control points can also request that devices notify them
`when the device state changes. Figure 2.1 shows a control point invok~
`ing an action on a UPnP deviceThe device has implemented a single
`
`UPnP device type that contains two services.
`
`1 Nonstandard device types may have any set of services and methods as defined by their imple-
`menter, It is possible to create proprietary devices and s

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket