CN1859378A - Digital household network system and method for realizing safety backup - Google Patents
Digital household network system and method for realizing safety backup Download PDFInfo
- Publication number
- CN1859378A CN1859378A CN 200510101685 CN200510101685A CN1859378A CN 1859378 A CN1859378 A CN 1859378A CN 200510101685 CN200510101685 CN 200510101685 CN 200510101685 A CN200510101685 A CN 200510101685A CN 1859378 A CN1859378 A CN 1859378A
- Authority
- CN
- China
- Prior art keywords
- security control
- control console
- backup
- main
- console
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The present invention provides realizing safety backing up digit home network system and method. Said system includes security control platform used for security management to said system; backing up security control platform connected with said security control platform and synchronous backing up said security control platform safety data, in finding said security control platform stop operation switching to host security control platform state. The present invention can avoid security control platform existing single trouble point in home network, thereby ensuring home network safe operation.
Description
Technical field
The invention belongs to the digital home network field, relate in particular to digital family network system and method that security service is provided by security control console.
Background technology
Along with the development of digital home network technology, Internet enters home-ranges, how to guarantee the fail safe of resource-sharing between the equipment in the home network, is the key factor that can home network be used widely.UpnP (Universal Plug and Play, UPnP) and IGRS (Intelligent Grouping andResource Sharing, information equipment resource-sharing cooperation with service) is the advocate and the standard setter of digital home network technology, all the safety to home network has proposed relevant requirement, and corresponding implementation is provided.
UPnP is the structure that realizes that the smart machine end to end network connects, and is the distributed type open network configuration of a kind of framework on TCP/IP and HTTP technology, makes transmitting control information and data between the equipment in the network.In the UpnP network, equipment can be divided into 3 classes, and the conventional equipment of service promptly is provided, and controls the control point of other equipment and the security control console of the safe correlation function of execution.The security mechanism of UPnP is set up by centralized system, and centrostigma is the control point, will have the single fault point like this, promptly breaks down can not move the time when the control point, can influence the communication interconnect and the resource-sharing of whole home network.
The IGRS basic agreement has been described the process of setting up of device security mechanism, it realizes it being to set up safety corridor between equipment substantially, interacting message between the equipment all carries out in safety corridor, the message of transmitting in safety corridor uses session key to encrypt, to guarantee its confidentiality, use the key of signature to sign, to guarantee its authentication property.Identical with UpnP, the same existence can't be realized the problem of communication interconnect and resource-sharing because of the centralized control point Single Point of Faliure causes whole home network among the IGRS.
Summary of the invention
One object of the present invention is to provide a kind of digital family network system, is intended to avoid existing digital family network system to influence the problem of whole home network operation because of Single Point of Faliure when realizing security control.
Another object of the present invention is to provide the method that realizes carrying out safety backup in a kind of digital family network system.
For achieving the above object, the invention provides a kind of digital family network system of realizing carrying out safety backup, comprise security control console, be used for described system is carried out safety management, described system further comprises:
The backup security control console is connected with described security control console, and the secure data of described security control console is carried out backed up in synchronization, when the described security control console of discovery is stopped running, switches to main security control console state.
Described security control console stores device description file, includes backup security control console tenability information in the described device description file.
Realize finding mutually by the SSDP announcement message between described security control console and the backup security control console.
When finding that described security control console does not upgrade declaration in the term of validity of SSDP announcement message, described backup security control console switches to main security control console state.
When the search message of not receiving security control console in time-out time was responded, described backup security control console switched to main security control console state.
When exitting network during message of receiving that security control console sends, described backup security control console switches to main security control console state.
For achieving the above object, the present invention further provides the method that realizes carrying out safety backup in a kind of digital family network system, described system comprises security control console, is used for described system is carried out safety management, and described method comprises:
The backup security control console that is connected with described security control console is set;
By described backup security control console the secure data of security control console is carried out backed up in synchronization, when security control console is stopped running, described backup security control console is switched to main security control console state.
Described security control console stores device description file, includes backup security control console tenability information in the described device description file.
Realize finding mutually by simple service discovery protocol messages between described security control console and the backup security control console.
When finding that security control console does not upgrade declaration in the term of validity of SSDP announcement message, described backup security control console is switched to main security control console state.
When the search message of not receiving security control console in time-out time is responded, described backup security control console is switched to main security control console state.
When exitting network during message of receiving that security control console sends, described backup security control console is switched to main security control console state.
The step that realizes the secure data backed up in synchronization between described backup security control console and the security control console further comprises:
A. described backup security control console obtains the description document of described security control console by the resource locator that the SSDP announcement message provides;
B. described security control console is replied described description document to described backup security control console;
C. described backup security control console carries out event subscription according to the resource locator in the description document, and the data of subscription comprise all secure datas of described security control console;
D. described security control console is replied described event subscription, and sends initialization event message to described backup security control console;
E. described backup security control console calls the service of described security control console according to event notice;
F. described backup security control console proposes the secure data backup request to described security control console;
G. described security control console returns described secure data according to described secure data backup request to described backup security control console.
By the present invention, can avoid the security control console in the home network to have the single fault point, thereby guarantee the safe operation of home network.
Description of drawings
Fig. 1 is the structure chart of digital family network system provided by the invention;
Fig. 2 is the realization flow figure to the name of backup security control console;
Fig. 3 is the realization flow figure that backup security control console and main security control console carry out secure data backup;
Fig. 4 is the realization flow figure that the backup security control console switches to main security control console state;
Fig. 5 is main security control console sends realization flow figure from session key to the backup security control console.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, the present invention is further elaborated below in conjunction with drawings and Examples.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
As shown in Figure 1, digital family network system provided by the invention comprises main security control console (SecurityConsole, be called for short SC), backup security control console (Backup SC), control point (Control Point is called for short CP) and equipment (Device), wherein:
The function of main security control console is to find control point and equipment, determines the backup security control console according to device description file, to control point and equipment name and sign entitlement certificate etc.After main security control console adds home network, transmit SSDP (Simple Service DiscoveryProtocol by a normal address and port multiple access, SSDP) announcement message, broadcast to backup security control console, control point and equipment, the backup security control console is intercepted main security control console and whether is added home network on this port.
The backup security control console is to power up and online equipment always, is used for backing up the secure data of main security control console, comprises state variable and name, certificate, access to content control tabulation etc., keeps data sync with main security control console.When main security control console breaks down, during as power down, thrashing etc., can switch to main security control console state, as main security control console operation, and carry out the function of main security control console, the above-mentioned safety management function of main security control console is provided.
The control point is the equipment that is used to control other equipment, as user's personal computer (PC).Equipment is the conventional equipment that service is provided in the home network, as printer, digital camera etc.
In the present invention, all preserve device description file on the equipment in the home network, be used to describe the ability of equipment self and the service that externally provides, the description document of equipment is stored on the main security control console simultaneously.Include equipment in the device description file and whether support to back up the information of the ability of security control console, promptly device description file<device in newly-increased element<backupSCSupport:
Element term:<backupSCSupport 〉
Element type: character string type, optionally value has: " Yes " | " No "
| Value | Describe |
| Yes | Equipment support backup security control console function |
| No | Equipment does not support to back up the security control console function |
Fig. 2 shows the realization flow that the backup security control console is named, and details are as follows:
1. the user reads the SecurityID (secure ID) that backs up security control console by device label or other form of backup security control console.
2. after main security control console powered up and enters home network, the backup security control console was found main security control console by the SSDP announcement message.
3. back up the current key (PresentKey) that security control console provides by main security control console, the PKI of self is provided to main security control console.
4. main security control console calculates Hash (hash) value of backup security control console PKI, and is shown to the user.
5. two values obtaining of user's comparison step 1 and step 4, if consistent, then to the name of backup security control console.
After above-mentioned flow process is finished, main security control console will back up the managed together person (co-owner) that security control console is added to each equipment, when main security control console breaks down and need stop running the time, the backup security control console can switch to main security control console state the equipment of home network is carried out safety management.
After the backup security control console is found main security control console, the Description URL (description address) that provides by main security control console obtains the capacity of equipment and the function of main security control console, and subscribes to the variable amendment advice according to the event notice address that main security control console provides.If secure data changes, main security control console notice backup security control console, the backup security control console is fetched variables corresponding in view of the above, finishes the backed up in synchronization of secure data.
Fig. 3 shows the realization flow that backup security control console and main security control console carry out secure data backup:
1. the URL that provides in the SSDP announcement message of security control console by main security control console transmission is provided, obtains the Description (description document) of main security control console.
2. main security control console is replied the Description of self to the backup security control console.
3. the backup security control console carries out event subscription according to the URL among the Description (Uniform Resource Locator, resource locator), and the data of subscription comprise all secure datas of security control console.
4. main security control console is replied and is subscribed to, and sends initialization event message to the backup security control console.
5. the backup security control console is according to event notice, call the service of main security control console, for example call list of names version (GetNameListVersion), call current control point tabulation (GetPendingCPList), service key (PresentKey), call list of names (GetNameList), call the certificate of authority (GetMyCertificates), call content control tabular table (GetACLList) and call content control table (GetACL) etc.
6. the backup security control console is filed a request to main security control console, requires the backup secure data.
7. main security control console returns secure data according to the request of backup security control console to the backup security control console, finishes the backup of secure data.
After above-mentioned flow process is finished, main security control console will back up the managed together person that security control console is added to each equipment, when main security control console breaks down and need stop running the time, the backup security control console can switch to main security control console state the equipment of home network is carried out safety management.
In the present invention, set up customary heartbeat communication mechanism between main security control console and the backup security control console, in case main security control console breaks down with the heartbeat communication process of backup security control console, the backup security control console initiatively switches to main security control console state.
The backup security control console will switch to main security control console state under following three kinds of situations, as shown in Figure 4:
(1) comprised valid expiration date of message in the SSDP announcement message that main security control console sends, if main security control console surpasses the valid expiration date of SSDP announcement message and does not upgrade declaration, show that main security control console breaks down, the backup security control console will automatically switch to main security control console state, and the safety management function of main security control console is provided;
(2) whether effectively the backup security control console searches for the existence of main security control console by periodic polling, specifically can realize by search (search) message.If main security control console is not responded in regularly, show that then fault has appearred in main security control console, the backup security control console automatically switches to main security control console state;
(3) main security control console withdraws from home network by the declaration of " ssdp:byebye " SSDP message, and the backup security control console receives that this SSDP message automatically switches to main security control console state.
After the backup security control console becomes main security control console, broadcast to control point and equipment, show that the backup security control console switches to main security control console state, realizes the safety management function that main security control console provides by the SSDP announcement message.
When main security control console recovers normally to add network again, send the SSDP announcement message to backup security control console, control point and equipment, backup is after security control console receives this SSDP announcement message, by main security control console recovering state to original backup security control console state.Simultaneously, main security control console need obtain the secure data of backup security control console, and the flow process that implementation procedure and above-mentioned backup security control console back up main security control console secure data is similar, repeats no more.
In above-mentioned secure data backup and recovery backup procedure, except obtaining authority (takeownership) and being provided with the session key (setsessionkeys), all information are all encrypted.The generation of session key and assigning process be as shown in Figure 5:
1. main security control console obtains the PKI of backup security control console.
2. main security control console generates session key.
3. main security control console uses the public key encryption session key of backup security control console and sends to the backup security control console.
The above only is preferred embodiment of the present invention, not in order to restriction the present invention, all any modifications of being done within the spirit and principles in the present invention, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.
Claims (13)
1, a kind of digital family network system of realizing carrying out safety backup comprises security control console, is used for described system is carried out safety management, it is characterized in that described system further comprises:
The backup security control console is connected with described security control console, and the secure data of described security control console is carried out backed up in synchronization, when the described security control console of discovery is stopped running, switches to main security control console state.
2, domestic network system as claimed in claim 1 is characterized in that, described security control console stores device description file, includes backup security control console tenability information in the described device description file.
3, domestic network system as claimed in claim 1 is characterized in that, realizes finding mutually by the SSDP announcement message between described security control console and the backup security control console.
4, domestic network system as claimed in claim 1 is characterized in that, when finding that described security control console does not upgrade declaration in the term of validity of SSDP announcement message, described backup security control console switches to main security control console state.
5, domestic network system as claimed in claim 1 is characterized in that, when the search message of not receiving security control console in time-out time was responded, described backup security control console switched to main security control console state.
6, domestic network system as claimed in claim 1 is characterized in that, when exitting network during message of receiving that security control console sends, described backup security control console switches to main security control console state.
7, realize the method for carrying out safety backup in a kind of digital family network system, described system comprises security control console, is used for described system is carried out safety management, it is characterized in that, described method comprises:
The backup security control console that is connected with described security control console is set;
By described backup security control console the secure data of security control console is carried out backed up in synchronization, when security control console is stopped running, described backup security control console is switched to main security control console state.
8, the method for realization carrying out safety backup as claimed in claim 7 is characterized in that, described security control console stores device description file, includes backup security control console tenability information in the described device description file.
9, the method for realization carrying out safety backup as claimed in claim 7 is characterized in that, realizes finding mutually by simple service discovery protocol messages between described security control console and the backup security control console.
10, the method for realization carrying out safety backup as claimed in claim 7, it is characterized in that, when finding that security control console does not upgrade declaration in the term of validity of SSDP announcement message, described backup security control console is switched to main security control console state.
11, the method for realization carrying out safety backup as claimed in claim 7 is characterized in that, when the search message of not receiving security control console in time-out time is responded, described backup security control console is switched to main security control console state.
12, the method for realization carrying out safety backup as claimed in claim 7 is characterized in that, when exitting network during message of receiving that security control console sends, described backup security control console is switched to main security control console state.
13, the method for realization carrying out safety backup as claimed in claim 7 is characterized in that, realizes between described backup security control console and the security control console that the step of secure data backed up in synchronization further comprises:
A. described backup security control console obtains the description document of described security control console by the resource locator that the SSDP announcement message provides;
B. described security control console is replied described description document to described backup security control console;
C. described backup security control console carries out event subscription according to the resource locator in the description document, and the data of subscription comprise all secure datas of described security control console;
D. described security control console is replied described event subscription, and sends initialization event message to described backup security control console;
E. described backup security control console calls the service of described security control console according to event notice;
F. described backup security control console proposes the secure data backup request to described security control console;
G. described security control console returns described secure data according to described secure data backup request to described backup security control console.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510101685 CN1859378A (en) | 2005-11-19 | 2005-11-19 | Digital household network system and method for realizing safety backup |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200510101685 CN1859378A (en) | 2005-11-19 | 2005-11-19 | Digital household network system and method for realizing safety backup |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1859378A true CN1859378A (en) | 2006-11-08 |
Family
ID=37298240
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200510101685 Pending CN1859378A (en) | 2005-11-19 | 2005-11-19 | Digital household network system and method for realizing safety backup |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1859378A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101227290B (en) * | 2007-01-19 | 2010-09-22 | 华为技术有限公司 | Data transmission method of household network and system and device of household network building |
| CN101252472B (en) * | 2008-03-14 | 2013-06-05 | 华为终端有限公司 | Apparatus and method for processing digital household network fault |
| CN103763131A (en) * | 2013-12-28 | 2014-04-30 | 陕西理工学院 | Method for realizing backup of security consoles in gateway devices |
| WO2014190926A1 (en) * | 2013-05-31 | 2014-12-04 | 华为技术有限公司 | Recovery method and apparatus for safety controller |
-
2005
- 2005-11-19 CN CN 200510101685 patent/CN1859378A/en active Pending
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101227290B (en) * | 2007-01-19 | 2010-09-22 | 华为技术有限公司 | Data transmission method of household network and system and device of household network building |
| CN101252472B (en) * | 2008-03-14 | 2013-06-05 | 华为终端有限公司 | Apparatus and method for processing digital household network fault |
| WO2014190926A1 (en) * | 2013-05-31 | 2014-12-04 | 华为技术有限公司 | Recovery method and apparatus for safety controller |
| CN104219072A (en) * | 2013-05-31 | 2014-12-17 | 华为技术有限公司 | Recovery method and device of security controller SC |
| US10116639B2 (en) | 2013-05-31 | 2018-10-30 | Huawei Technologies Co., Ltd. | Security controller SC restoration method and apparatus |
| CN104219072B (en) * | 2013-05-31 | 2018-11-06 | 华为技术有限公司 | A kind of restoration methods and device of safety governor SC |
| US10764268B2 (en) | 2013-05-31 | 2020-09-01 | Huawei Technologies Co., Ltd. | Security controller (SC) restoration method and apparatus |
| CN103763131A (en) * | 2013-12-28 | 2014-04-30 | 陕西理工学院 | Method for realizing backup of security consoles in gateway devices |
| CN103763131B (en) * | 2013-12-28 | 2017-07-04 | 陕西理工学院 | A kind of method for realizing security control console backup in gateway device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1213567C (en) | Concentrated network equipment managing method | |
| CN1276368C (en) | Access limitation controlling device and method | |
| CN100340084C (en) | A method for implementing equipment group and intercommunication between grouped equipments | |
| CN108600376B (en) | Data transmission method and device based on LoRa, LoRa gateway, system and storage medium | |
| WO2012100677A1 (en) | Identity management method and device for mobile terminal | |
| EP1542399A1 (en) | The method for connecting devices in dynamic family networking | |
| US7401114B1 (en) | Method and apparatus for making a computational service highly available | |
| CN1949765A (en) | Method and system for obtaining SSH host computer public key of device being managed | |
| CN1859409A (en) | Method and system for improving network dynamic host configuration DHCP safety | |
| CN101039310A (en) | Link sharing service apparatus and communication method thereof | |
| CN1905518A (en) | Method for ensuring reliable transmission of data exhange | |
| CN1852328A (en) | Diskless workstation start system and method | |
| CN1190042C (en) | Network equipment management method based on ethernet technology | |
| CN1859378A (en) | Digital household network system and method for realizing safety backup | |
| CN1549501A (en) | Distributed central management method for special shaped network equipment in distributing network environment | |
| CN1835452A (en) | Computer network strategy management system and strategy management method | |
| CN1722664A (en) | Method for realizing high-usability of network security equipment under cluster mode | |
| JP2008113384A (en) | Communication system | |
| CN1852169A (en) | Method and system for centralized management of multiple functional units | |
| CN101083594A (en) | Method and system for managing network appliance | |
| CN1825853A (en) | Method for increasing LAN communication safety | |
| CN1561072A (en) | Method for sharing user IP address pool | |
| CN1738265A (en) | Monitoring system and method for Internet multimedia communication | |
| CN1761211A (en) | Method and system for managing and controlling network device of supporting wireless mobile communication | |
| CN114338383B (en) | Simplified configuration method and system for video equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20061108 |