1.3 Overview

A common method for establishing a trust relationship between one device and another unknown device is for the devices to exchange and verify each other's certificate. However, if the devices are connected over an unsecure network, the success of this method is challenged by the fact that the exchanged information can be exposed to a third party or could even be tampered with. DTAG is designed to ensure the integrity of the SOAP message and to enable the establishment of a trust relationship between networked devices by means of a simple, one-time shared secret. The shared secret, called a one-time password (OTP), is transferred in an out-of-band manner, such as through user interaction.

DTAG is implemented as a UPnP service consisting of four actions that are performed in the following order:

  1. Exchange: The two endpoints exchange certificates and endpoint identifiers.

  2. Commit, then Validate: The two endpoints perform a series of authentications based on the OTP, the OTP substrings, the endpoint identifiers, and the certificates.

  3. Confirm: The two endpoints finalize the trust agreement process and store each other's certificate in secure storage.

Each action results in a pair of SOAP request and response messages in the network, as specified in [UPNPARCH1.1] section 3.1.1. The following diagram illustrates the flow of DTAG messages between the devices and control points until the trust agreement is established successfully.

DTAG message sequence to establish trust agreement

Figure 1: DTAG message sequence to establish trust agreement