Skip to main content
  • Original Paper
  • Open access
  • Published:

A UPnP extension for enabling user authentication and authorization in pervasive systems


The Universal Plug and Play (UPnP) specification defines a set of protocols for promoting pervasive network connectivity of computers and intelligent devices or appliances. Nowadays, the UPnP technology is becoming popular due to its robustness to connect devices and the large number of developed applications. One of the major drawbacks of UPnP is the lack of user authentication and authorization mechanisms. Thus, control points, those devices acting as clients on behalf of a user, and UPnP devices cannot communicate based on user information. This paper introduces an extension of the UPnP specification called UPnP-UP, which allows user authentication and authorization mechanisms for UPnP devices and applications. These mechanisms provide the basis to develop customized and secure UPnP pervasive services, maintaining backward compatibility with previous versions of UPnP.


  1. Loureiro E, Ferreira G, Almeida H, Perkusich A (2007) Pervasive computing: what is it anyway? In: Lytras M, Naeve A (eds) Ubiquitous and pervasive knowledge and learning management: semantics, social networking and new media to their full potential, pp 1–34

    Chapter  Google Scholar 

  2. Weiser M (1999) The computer for the 21st century. SIGMOBILE Mob Comput Commun Rev 3(3):3–11. doi:10.1145/329124.329126

    Article  Google Scholar 

  3. Presser A, Farrel L (2008) UPnP device architecture. Last access on May, 2008

  4. Kumaran I, Kumaran SI (2001) Jini technology: an overview. Prentice-Hall PTR, Upper Saddle River

    Google Scholar 

  5. Consortium S (1999) Salutation architecture specification.

  6. Guttman E, Perkins C, Veizades J, Day M (1999) Service location protocol, version 2. RFC.

  7. W3C (2007) Simple object access protocol.

  8. Langille G et al. (2008) Mediaserver:3 device template version 1.01. Last access on May, 2009

  9. Guedes A, Santos D, do Nascimento J, Sales L, Perkusich A, Almeida H (2008) Set your multimedia application free with BRisa framework: an open source UPnP implementation for resource limited devices. In: 5th IEEE consumer communications and networking conference, 2008. CCNC 2008, pp 1257–1258 (10–12 January 2008). doi:10.1109/ccnc08.2007.297

    Chapter  Google Scholar 

  10. Lin JC, Chen JM, Liu CH (2008) An automatic mechanism for adjusting validation function. AINAW, pp 602–607. 10.1109/WAINA.2008.89

  11. Prakash Iyer UW (2001) Internetgatewaydevice:1 device template version 1.01. Last access on May, 2009

  12. Hengartner U, Steenkiste P (2004) Protecting access to people location information. In: Lecture notes in computer science, vol 2802. Springer, Berlin, pp 222–231

    Google Scholar 

  13. Robinson P, Beigl M (2004) Trust context spaces: an infrastructure for pervasive security in context-aware environments. In: Lecture notes in computer science, vol 2802. Springer, Berlin, pp 119–129

    Google Scholar 

  14. Kvarnstrom H, Hedbom H, Jonsson E (2004) Protecting security policies in ubiquitous environments using one-way functions. In: Lecture notes in computer science, vol 2802. Springer, Berlin, pp 71–85

    Google Scholar 

  15. Creese S, Goldsmith M, Roscoe B, Zakiuddin I (2004) Authentication for pervasive computing. In: Lecture notes in computer science, vol 2802. Springer, Berlin, pp 439–488

    Google Scholar 

  16. Klemets A, Da Costa B (2008) UPnP authentication and authorization patent.

  17. Karl J (2010) UPnP CDS USER PROFILE.

  18. Ellison C (2003) DeviceSecurity: 1 Service Template. Last access on December, 2008

  19. Ellison C (2003) SecurityConsole: 1 service template. Last access on December, 2008

  20. Nakajima T (2003) Pervasive servers: a framework for creating a society of appliances. Pers Ubiquitous Comput 7(3–4):182–188. doi:10.1007/s00779-003-0222-2

    Article  MathSciNet  Google Scholar 

  21. Chen W, Kuo SY, Chao HC (2009) Service integration with UPnP agent for an ubiquitous home environment. Inf Syst Front 11(5):483–490. doi:10.1007/s10796-008-9122-3

    Article  Google Scholar 

  22. Sahm C, Langels HJ (2003) Dimmable light device template. Last access on May, 2008

  23. Kim K, Ko H, Choi W, Lee E, Kim U (2008) A collaborative access control based on XACML in pervasive environments. In: International conference on convergence and hybrid information technology, 2008. ICHIT’08, pp 7–13

    Chapter  Google Scholar 

  24. Rahaman MA, Schaad A, Rits M (2006) Towards secure SOAP message exchange in a SOA. In: SWS’06: proceedings of the 3rd ACM workshop on secure web services. ACM, New York, pp 77–84. doi:10.1145/1180367.1180382

    Chapter  Google Scholar 

  25. Snyder RM (2007) Security programming using python: man-in-the-middle attacks. In: InfoSecCD’07: proceedings of the 4th annual conference on information security curriculum development. ACM, New York, pp 1–6. doi:10.1145/1409908.1409911

    Google Scholar 

  26. Hashemipour S, Ali M (2004) MPEG-21 & DIDL: dawn of a new multimedia EVA. In: IEEE international symposium on consumer electronics, 2004, pp 91–95

    Chapter  Google Scholar 

  27. Balabanovic M, Shoham Y (1997) FAB: content-based, collaborative recommendation. Commun ACM 40:66–72

    Article  Google Scholar 

  28. Im I, Hars A (2007) Does a one-size recommendation system fit all? The effectiveness of collaborative filtering based recommendation systems across different domains and search modes. ACM Trans Inf Syst TOIS 26(1):4. doi:10.1145/1292591.1292595

    Article  Google Scholar 

  29. Deshpande M, Karypis G (2004) Item-based top-n recommendation algorithms. ACM Trans Inf Syst 22(1):143–177. doi:10.1145/963770.963776

    Article  Google Scholar 

  30. Benesty J, Chen J, Huang Y (2008) On the importance of the Pearson correlation coefficient in noise reduction. IEEE Trans Audio Speech Lang Process 16(4):757–765. 10.1109/TASL.2008.919072

    Article  Google Scholar 

  31. Minker J (1977) Information storage and retrieval: a survey and functional description. SIGIR Forum 12(2):12–108. doi:10.1145/1095515.1095516

    Article  Google Scholar 

  32. Yantao Z, Jianbo T, Jiaqin W (2007) An improved TFIDF feature selection algorithm based on information entropy. In: Chinese control conference, 2007. CCC 2007, pp 312–315. doi:10.1109/CHICC.2006.4346845

    Google Scholar 

  33. Sherwin L (2009) UPnP specifications named international standard for device interoperability for IP-based network devices. innovation validated by record-breaking number of UPnP implementations in 2008. Last access on September, 2009

  34. Lamport L (1981) Password authentication with insecure communication. Commun ACM 24(11):770–772. doi:10.1145/358790.358797

    Article  MathSciNet  Google Scholar 

  35. Malladi S, Alves-Foss J, Heckendorn RB (2002) On preventing replay attacks on security protocols. In: Proc international conference on security and management. CSREA Press, pp 77–83

  36. Syverson P (1994) A taxonomy of replay attacks. In: Proceedings of the 7th IEEE computer security foundations workshop. Society Press, New York, pp 187–191

    Google Scholar 

  37. Yan Y, Zhang J, Yan M (2006) Ontology modeling for contract: using OWL to express semantic relations. In: 10th IEEE international enterprise distributed object computing conference, 2006. EDOC’06, pp 409–412. doi:10.1109/EDOC.2006.37

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Thiago Sales.

Rights and permissions

Open Access This article is distributed under the terms of the Creative Commons Attribution 2.0 International License ( ), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Reprints and permissions

About this article

Cite this article

Sales, T., Sales, L., Almeida, H. et al. A UPnP extension for enabling user authentication and authorization in pervasive systems. J Braz Comput Soc 16, 261–277 (2010).

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: