Ericsson Review No.

2, 2008
58
Connecting users to their
home networks
TV sets, set-top boxes, game consoles, ste-
reos, cameras and other entertainment ap-
pliances now routinely come with built-in
communications capabilities that enable
them to upload, download, and display data
from other devices in the home. The Digi-
tal Living Network Alliance (DLNA), for
example, develops device interworking pro-
fles for home-based media-sharing services.
1

DLNA is based on the Universal Plug and
Play (UPnP) family of standards.
2
UPnP
also standardizes other services, such as the
control of home appliances. Now widely ac-
cepted in the industry, with more than 100
devices being certifed each month, DLNA
will soon enable interworking for all sorts of
devices across home networks.
Once users have their media devices con-
nected and running at home, they will soon
also want to access their content from remote
locations. A mobile phone with WiFi con-
nectivity can easily serve as a peer in a home
network, but connecting to this network
remotely is an entirely different matter. At
present, to access the home island from out-
side, users must either choose a proprietary,
service-specifc system or lower their security
and run the risk of making their home net-
works vulnerable to external attacks.
In our example scenarios (Box A) Mr. and
Mrs. Martin will expect specifc features of
the remote access service. Opening a connec-
tion into the home means opening a back
door into a network that is otherwise se-
cure by obscurity. And without end-to-end
bandwidth and delay guarantees, the user
experience suffers from contention in both
the home (LAN) and wide-area (WAN) net-
works. This can translate into poor sound
quality and pixellated artifacts in video sig-
nals. Over-provisioning the network is not
an option for operators; the only workable
solution is to manage the quality of service
(QoS) in the wide-area access and core net-
works, and all the way into the home net-
work and end devices.
Most users are unwilling to buy a separate
box just to enable remote access. By the same
token, separate boxes represent a signifcant
outlay to operators who would carry the bulk
of the costs and would need to further sub-
sidize users for making good use of invest-
ments in broadband infrastructure.
Consumer electronics companies prefer a
solution that extends the DLNA standard
outside the home via UPnP Remote Access.
Notwithstanding, this approach falls short
in terms of usability and quality of service.
What is more, it does not permit users to ac-
cess their home services from an unknown
peer to the home network, such as a friends
PC or via a hotel TV (Box A).
Ericssons target architecture for remote
access combines the strengths of
IMS (IP Multimedia Subsystem); and
UPnP and DLNA.
It takes the best of both worlds and molds
them into one coherent solution. This solu-
tion, which does not require additional boxes
in users homes, reuses existing operator IMS
infrastructure to authenticate users, to set up
secure media sessions, to perform routing,
and (optional) to ensure the establishment of
end-to-end QoS.
The core element in this architecture is the
Home IMS Gateway (HIGA, Box B), a func-
tional block in the residential gateway that
has been under development at Ericsson since
2005. HIGA is currently being standardized
in HGI, ETSI TISPAN and the Open IPTV
Forum.
3-5
As an interworking function that resides
in users homes, HIGA serves both as a ter-
mination point for IMS signaling from the
operator backend and as a UPnP peer to-
wards the home network (Figure 1). HIGA
provides control over the home network con-
nection and enables devices residing inside
the home to connect to peers and services in
the WAN using the IMS security and QoS.
By using HIGA for remote access, operators
can deliver trusted connections with main-
tained control over the managed network.
UPnP Remote Access
The UPnP Forum is in the process of stan-
dardizing the UPnP Remote Access architec-
ture. The specifcation is close to approval,
Your media everywhere, anytime. This summarizes end-user expectations
when ever-wider broadband and ever-lower fat-rate tariffs combine with
users thirst for digital content.
The authors describe Ericssons end-to-end solution for remote access
services, which builds on the IMS and UPnP families of standards, along
with the Home IMS Gateway (HIGA), which serves as an intermediary gate-
way for connecting the device-centric consumer electronics space with
the user-centric telecommunications world. The gateway approach leaves
the consumer electronics and telecommunications business models unaf-
fected, while at the same time creating synergies between the two.
Virtually at home: High-performance
access to personal media
Andreas Fasbender, Martin Gerdes, Johan Hjelm, Bo Kvarnstrm, Justus Petersson, Robert Skog
TERMS AND ABBREVIATIONS
CE Consumer equipment
CPE Customer premises equipment
DLNA Digital Living Network Alliance
DMC Digital media controller
DMR DLNA media renderer
DMS DLNA media server
DVR Digital video recorder
ETSI European Telecommunications
Standards Institute
HGI Home Gateway Initiative
HIGA Home IMS gateway
IGD Internet gateway device
IMPU IMS public user identity
IMS IP Multimedia Subsystem
ISIM IMS subscriber identity module
LAN Local area network
NAS Network-attached storage
NAT Network address translation
OIF Open IPTV Forum
QoS Quality of service
PCEF Policy control and enforcement
function
P-CSCF Proxy call session control function
RAA Remote access application
RAC Remote access client
RADA Remote access discovery agent
RAS Remote access server
RATA Remote access transport agent
RCEF Resource control and enforcement
function
RGW Residential gateway
RTP Real-time transport protocol
SDP Session description protocol
SIP Session initiation protocol
UE User equipment
UPnP Universal plug-and-play
VoIP Voice over IP
VPN Virtual private network
WAN Wide area network
WiFi Wireless LAN
Ericsson Review No. 2, 2008
59
but not presently included in the DLNA in-
teroperability guidelines.
UPnP Remote Access specifes mecha-
nisms that make it possible to extend the
home network so that it logically includes
remote devices outside the home LAN. De-
vices may thus communicate among them-
selves using UPnP procedures (specifed, for
example, in the UPnP Device Architecture).
The main functional components of the
UPnP Remote Access architecture are the
Remote Access Transport Agent (RATA);
and
Remote Access Discovery Agent (RADA).
These two components are applied in both
the Remote Access Server (RAS) and Re-
mote Access Client (RAC). The correspond-
ing RATAs establish secure communication
channels between remote devices and the
home network, while the RADAs synchro-
nize UPnP device information and content
exchanges between RACs and the home net-
work.
At present, UPnP Remote Access cannot
support QoS management over the wide-area
link. It can only support best-effort delivery
of media. Also, to exchange credentials dur-
ing the initial pairing process, the remote ac-
cess server and client must be attached to the
same LAN. This effectively prohibits remote
access devices in particular non-portable
ones from establishing a remote access ses-
sion with an arbitrary remote server.
Ericssons goal has been to enhance stan-
dard UPnP Remote Access functionality
with support for setting up an IMS-based
remote access tunnel. Non-IMS-enhanced
RASs and RACs may still use the tunnel
establishment as described in the UPnP ar-
chitecture. The proposed IMS enhancements
provide particular benefts in managed net-
work environments. Ericsson is also studying
additional extensions that use IMS provi-
sioning mechanisms to enable a remote pair-
ing process between client and server.
IMS-assisted remote
access
The main fow for establishing a remote-
access session is based on IMS and supports
the UPnP/DLNA 2-box model. The remote
access service is invoked between a Digital
Media Renderer (DMR implemented in our
scenario on a mobile device such as a mobile
phone or laptop) and a Digital Media Serv-
er (DMS) in the home network. The HIGA
functions as both the IMS User Agent and
termination point of the virtual private net-
work (VPN) tunnel in the home (Figure 2).
For the fow shown in Figure 3, the mo-
bile device and HIGA must already have
connected to and registered with the IMS
network. HIGA can therefore be reached
through its default IMPU (for instance,
sip:[email protected]). Further-
more, it is assumed that HIGA has, via
UPnP ceremonies in the RADA listener, col-
lected information about and built up a de-
vice database for DLNA-compatible devices
in the residential network. In our example
fow below, this database holds an entry for
the NAS, which is assumed to support a
DLNA DMS profle.
Phase 1: Connection request
Using his mobile phone, Mr. Martin wants
to access a video clip located on the NAS in
his home network. The remote-access ap-
plication on his mobile device sends an IMS
Figure 1
High-level Remote Access architecture.
volP
lnteractive
personalized Tv
Multimedia
telephony
Gaming
Residential
gateway
Residential
gateway
HlGA
HlGA
Home
automation
Music
Service network
lMS and communication
enablers
Multi-access edge
Fixed access Mobile access
Transport network
Figure 2
Functional architecture.
Remote UE DLNA
dev|ce
Res|dent|a|
gateway
(w|th HIGA|
UPnP RAC
D
L
N
A

D
M
R
D
L
N
A

D
M
P
D
L
N
A

D
M
S
D
L
N
A

D
M
R
D
L
N
A

D
M
P
D
L
N
A

D
M
S
UPnP RAS
UPnP QoS UPnP QoS
lMS UA/lSlM lMS UA/lSlM
vPN vPN
NAT/FW
DHCP
Media
Control
Network
Ericsson Review No. 2, 2008
60
BOX A, USE CASES
EaVna^hi
BnBZY^V
AZY OZeeZa^c
KVc =VaZc
HVciVcV
HZcYid
\Zi
H
i
V
^
g
l
V
n

i
d

]
Z
V
k
Z
c
8Vg hiZgZd
=dbZ hiZgZd
Oh,
packed again,
l sure need some
music.
>bV\Zh
BnBZY^V
L^ciZg '%%,
HjbbZg '%%,
HjbbZg '%%+
HZcYid
\Zi
Bn e]dcZ
=dbZ IK
9^\^iVa [gVbZ
>bV\Zh
B
nB
ZY^V
9^\^iVae]did[gVbZ
CZl^bV\Z
L^ciZg'%%,
HjbbZg'%%,
>aaWZdjiVa^iiaZadc\Zg i]Vc>ZmeZXiZY
HZcYid
hZcY
Bne]dcZ =dbZIK 9^\^iVa[gVbZ
8db^c\IKH]dlh
:aZXigdc^XEgd\gVb<j^YZ
DvR
l can't
miss the Champions
League final
8]Vbe^dchAZV\jZ[^cVa
:jgdk^h^dcHdc\8dciZhi
HjbbZgDanbe^Xh
GZXdgYVi
9KG
BncZildg`Yg^kZ
DeZgVidgbZY^VhidgZ
Hello Dad,
l forgot my keys,
can you unlock
the door for me?
6A6GB
9ddgh
=dbZXdcigda
;gdciYddg
7VX`Yddg
B^YYaZYddg
6Xi^dc
AdX`
JcadX`
D@ hZcY
E
aVna^hi9
K
G
B
n
B
Z
Y
^V
8
]Vb
e^dchAZ
9
^gin=
Vggn
?Vb
Zh7
dcY
H
ZcY
id
\
Zi
=
db
ZIK
;g^ZcYhIK
hZcY
3-box streaming:
Ordinarily, Mr. Martins commute to work takes about 30 minutes, but
today the roads are packed. He pulls out his phone and logs on to
his media portal. He then selects his home server as source and the
car stereo for output. Music from his favorite playlists is immediately
streamed to his car speakers.
2-box download:
Mrs. Martin unexpectedly runs into an old friend while shopping in
town. As the two begin talking about their summer vacations, Mrs.
Martin pulls up some images from her home media server and dis-
plays them on her phone.
2-box upload:
Having no recent photos of her friend, Mrs. Martin uses her phone to
take a snapshot of the two of them together. She then uploads the
image to a digital photo frame at home, annotating it with a message
to her husband: Ill be out a little longer than expected!
2-box remote control:
Mr. Martin, realizing that hes going to miss the Champions League
fnal due to a late customer meeting, logs on to his home server from
his laptop. With a few simple clicks, he programs his digital video
recorder (DVR) to record the match.
2-box remote control:
A few minutes later, Mr. Martin receives a message on his phone
indicating that somebody has rung the doorbell at home. Mr. Martin
connects to the door system to fnd that the visitor is his son, who
forgot his keys. Mr. Martin approves entry and the door opens.
3-box streaming:
Finishing work rather late, Mr. Martin and some colleagues decide
to watch the Champions League fnal at a friends place. Using his
mobile phone, Mr. Martin connects to his home server and directs the
recorded game to be played via his friends big-screen TV.
Ericsson Review No. 2, 2008
61
INVITE message to HIGA, which au-
thenticates the request by comparing the
P-Asserted-ID (inserted by the home opera-
tor in the INVITE message) with the values
of allowed user identities. In short, home ac-
cess control is delegated to established IMS
mechanisms, whereas the user (Mr. Martin)
maintains control of the access control list.
Optionally, the operator backend can man-
age access control and operation.
The session description protocol (SDP) in-
cluded in the IMS signaling, is used to in-
form the RAS and RAC of the IP addresses
and ports for the remote access tunnel. It is
also used to negotiate VPN profles and the
key management protocols used to establish
the tunnel. This negotiation ensures agree-
ment on a common secure mechanism sup-
ported by both HiGA and the remote client.
It also allows for continuous updates as new
security schemas emerge.
Phase 2: Peer-to-peer VPN setup over
the IMS media plane
Once Mr. Martin is successfully authenticat-
ed and authorized, the remote client sets up
a secure media control session between itself
and HIGA.
For tunnel setup, UPnP Remote Ac-
cess specifes an out-of-band connection-
establishment procedure. Ericssons solu-
tion employs a corresponding connection-
establishment profle based on operator-
managed IMS network procedures, with
HIGA functioning as the VPN server. After
tunnel setup, the connection between Mr.
Martins remote device and the NAS in the
home network appears as a local UPnP con-
nection.
Phase 3 UPnP discovery
Because UPnP was originally designed for
use in local area networks, there are some
challenges associated with extending it for
use in wide area networks. For example,
the UPnP device-discovery mechanisms are
based on the exchange of multicast mes-
sages that internet routers typically discard.
UPnP Remote Access solves this by fltering
relevant messages in the remote access server
and by forwarding them to remote peers via
unicast.
By applying the standard UPnP RADA
mechanism for synchronizing Mr. Martins
remote mobile client with the remote ac-
cess server (co-located with HIGA in Figure
2), the mobile device can retrieve a list of
home media servers and their UPnP service
BOX B, HOME IMS GATEWAY
The Home IMS Gateway (HIGA) is a logical function that collects information about users, de-
vices and services in the home, and manages IMS sessions on behalf of non-IMS-capable home
devices.
HIGA is registered to the IMS core based on secure authentication, for example, using a soft
or hard ISIM with a family identity. Through a back-to-back user agent (B2BUA) and a SIP user
agent (SIP UA), home devices can interact and interwork with the IMS core. SIP devices that con-
tain a SIP UA, such as a VoIP phone, can directly register with HIGA. The B2BUA then translates
SIP control signaling into IMS-specifc messages that it relays to the IMS core.
For IP devices, such as DLNA-compatible media servers and renderers, a SIP UA inside HIGA
acts as a proxy. To support remote access, HIGA deploys a Remote Access Server (RAS) and
(optionally) a UPnP control point for QoS policy control in the home network.
HIGA functionality can be deployed anywhere in a users home network. From a practical per-
spective, it is easiest to co-locate it with the users residential gateway (RGW) that is, with the
router in the home. While it is possible to manage network address translation (NAT) and frewall
control through the use of the UPnP internet gateway device (IGD) profle even when HIGA and
the gateway are not co-deployed, co-deployment avoids relying on this interface, which is con-
sidered insecure in IGD v1.0. It also makes provisioning and frewall management more natural,
since the HIGA-gateway combination serves both as operator termination and entry point.
Figure 3
Main fow for session set-up between remote device, HIGA and home NAS.
lMS core
Phase 1
Phase 2
Phase 3
Phase 4
Phase 5
Phase 6
Ericsson Review No. 2, 2008
62
descriptions. RADA is also used to dynami-
cally inform remote clients about device up-
dates, for example, when a media server is
switched on. Given the IMS identity of the
remote user, HIGA can be confgured to
perform additional fltering of UPnP devices
made available to the remote client.
Phase 4 Content selection
Mr. Martin selects his home NAS as content
source, browses through the list of available
media items (based on the UPnP Content
Directory Service profle), and selects a video
clip either for download or streaming. The
UPnP/DLNA control points manage all me-
dia access and trickplay functions. HTTP
(the default transport protocol in DLNA) as
well as RTP (optional in DLNA) can be used
to transport media through the VPN con-
nection over the IMS media plane.
Phase 5 IMS media plane QoS
upgrade
UPnP does not support QoS management
beyond the home LAN. However, one can
support the requirements that real-time-
critical media services put on delay and band-
width by applying standard IMS procedures,
which facilitate QoS control between the re-
mote client and HIGA (Figure 4).
In the example fow, Mr. Martins remote-
access application sees the need for a QoS
upgrade from the existing best-effort con-
nection and issues an IMS re-INVITE or a
session UPDATE to the IMS network and
Mr. Martins HIGA. Based on the session
description protocol (SDP) in this SIP mes-
sage and the confrmation from HIGA, the
IMS Core provides the policy and resource
control and enforcement functions (PCEF/
RCEF). Optionally, to ensure full end-to-end
quality of service, UPnP QoS management
may be applied in the residential network,
thereby bridging the QoS management pro-
cedures on the WAN and LAN sides through
HIGA.
Phase 6 Content playout
The video clip is played on Mr. Martins mo-
bile device.
Placeshift 3-box remote
access
Apart from setting up an authenticated, au-
thorized and secure tunnel with a mobile
remote device, HIGA can, in the same way,
facilitate connections between two homes,
effectively creating a peer-to-peer network
with managed QoS. Assisted by IMS, HIGA
can prevent unauthorized fle sharing and
unlawful access to content, since content re-
questors and providers can be identifed in a
trusted manner.
In a 3-box remote access or placeshift
scenario, remote DLNA media renderers
(DMR) are used as the endpoints of remote
access sessions for instance, when Mr. Mar-
tin accesses content from his friends TV (Box
A). While the secure control channel is es-
tablished just like in the 2-box case between
the mobile client (now functioning as a digi-
tal media controller, DMC) and HIGA, the
media session must now be set up between
the DMR in the TV and the home network.
In this case, the remote access client is only
used to authenticate and authorize the DMR,
and instructs HIGA to set up a VPN tunnel
that it can use to deliver the media.
Standardization
The UPnP Forum and DLNA have made
good progress in delivering standards for
interoperable consumer equipment. So far,
however, support is limited to services in
the home network. A standardized solution
that enables DLNA devices to access wide-
area services without the need for specialized
Figure 4
End-to-end QoS control for IMS-assisted
remote access.
lMS core
Cellular access
network
Fixed access
network
P-CSCF
1
PCEF
RCEF
RGW
Remote UE
UPnP traffic on an QoS
ensured lMS connection Home LAN
P-CSCF
2
HlGA
Ericsson Review No. 2, 2008
63
telecommunications software offers a signif-
cant value-add to the consumer equipment
industry and paves the way for economy of
scale and market uptake.
In Ericssons approach, the Home IMS
Gateway (HIGA) provides a generic mecha-
nism for connecting consumer equipment
to IMS-based operator infrastructure, and
via a virtual private network (VPN) to re-
mote user equipment. Although any type of
service can generally be supported through
such a tunnel, we outline how one can real-
ize UPnP Remote Access with the help of
IMS.
HIGA is currently being standardized
in the Home Gateway Initiative (HGI) and
ETSI TISPAN.
3-4
In TISPAN, Ericsson is ac-
tively engaged in the standardization of cus-
tomer premises network equipment that
supports, for example, IMS Multimedia
Telephony and IMS-based IPTV; and
defnes requirements and the architecture
for next-generation customer network
gateways and services, including remote
access.
HGI is defning requirements for coming
generations of residential gateways that will
serve as a hub between a home network and
a remote environment. Ericsson has a driving
role in HGI.
The UPnP Remote Access standard sup-
ports the coexistence of various tunnel-setup
mechanisms in the remote access server and
client. Ericsson is defning profles suitable
for IMS-based tunnel setup, allowing the
client and the server to negotiate security
schemas for the tunnel. For the solution to
be fully compliant with UPnP RA and
to ensure broad acceptance for IMS-based
tunnel establishment in the CE industry,
Ericsson is actively participating in UPnP
Forum and DLNA standardization.
Conclusion
In an all-connected world, remote access is
a key scenario. The simple user proposition
is that user-created and commercial content
will be available anywhere, anytime and on
any device. Remote access also applies to oth-
er application areas, such as home monitor-
ing & control and sensor networking.
Ericssons solution consists of an architec-
ture that enables secure remote access with
telecom-grade performance. The solution
builds on the IMS standard for user authenti-
cation and authorization, for routing remote
access control messages, and for negotiating
end-to-end QoS. What is more, the architec-
ture is fully compliant with the consumer
equipment industrys standards for media-
sharing services.
Ericsson has, together with Sony and Sony
Ericsson, demonstrated the described target
solution at leading industry events such as
GlobalComm 2006, IBC 2006, Broadband
World Forum 2007 and Mobile World Con-
gress 2008. The solution is now being pre-
pared for consumer trials with key operators
and leading consumer electronics and gate-
way partners. The architecture is also being
brought forward in standardization, in par-
ticular within ETSI TISPAN and the Home
Gateway Initiative.
REFERENCES
DLNA: http://www.dlna.org/en/industry/home 1.
UPnP Forum: http://www.upnp.org 2.
Home Gateway Initiative: http://www.homegatewayinitiative.org 3.
ETSI TISPAN: http://www.etsi.org/tispan 4.
Open IPTV Forum: http://www.openiptvforum.org 5.