Schematized access control in a content centric network

US 10,404,450 B2
Filed: 05/02/2016
Issued: 09/03/2019
Est. Priority Date: 05/02/2016
Status: Active Grant

First Claim

Patent Images

1. A computer system for facilitating schematized access control to content objects in a content centric network, the computer system comprising:

a processor; and

a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising;

performing a setup function which outputs a master secret key associated with a content producing device and public parameters, and limits a set of schema regular expression symbols for a schema based on an alphabet and that is associated with a user;

generating, by the content producing device, a secret key for the user in the content centric network based on (i) the master secret key associated with the content producing device, and (ii) the schema associated with the user, wherein the schema is a regular expression which corresponds to one or more names associated with content objects and allows the user access to the content objects associated with the one or more names, wherein a name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level and which uniquely identifies a specific content object, wherein the generating is performed in response to each of adding the user in the content centric network, changing a permission of the user, and determining a need to rotate one or more secret keys of the user;

receiving an interest from the user that includes a name that matches the schema associated with the user;

in response to receiving the interest from the user, encrypting a payload of a responsive content object that is unencrypted at the content producing device until the encrypting based on (i) the name included in the interest that matches the schema associated with the user, and (ii) the public parameters; and

transmitting the responsive content object with the encrypted payload to the user, wherein the encrypted payload is configured such that it can only be decrypted by the secret key of the user and wherein the encrypted payload is configured such that it cannot be decrypted by the user if the name included in the interest does not match the schema associated with the user, thereby facilitating schematized access control to content objects in the content centric network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system performs a setup function which outputs a master secret key associated with a content producing device and public parameters. The system generates a secret key for a user in a content centric network (CCN) based on a master secret key associated with the content producing device, and a schema associated with the user. In response to an interest from the user that includes a name that matches the schema, the system encrypts a payload of a content object based on the name and the public parameters. The system transmits the content object to the user. The encrypted payload is configured such that it can only be decrypted by the secret key of the user and cannot be decrypted by the user if the name in the interest does not match the schema, thereby facilitating schematized access control to content objects in the CCN.

517 Citations

20 Claims

1. A computer system for facilitating schematized access control to content objects in a content centric network, the computer system comprising:
- a processor; and
  
  a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising;
  
  performing a setup function which outputs a master secret key associated with a content producing device and public parameters, and limits a set of schema regular expression symbols for a schema based on an alphabet and that is associated with a user;
  
  generating, by the content producing device, a secret key for the user in the content centric network based on (i) the master secret key associated with the content producing device, and (ii) the schema associated with the user, wherein the schema is a regular expression which corresponds to one or more names associated with content objects and allows the user access to the content objects associated with the one or more names, wherein a name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level and which uniquely identifies a specific content object, wherein the generating is performed in response to each of adding the user in the content centric network, changing a permission of the user, and determining a need to rotate one or more secret keys of the user;
  
  receiving an interest from the user that includes a name that matches the schema associated with the user;
  
  in response to receiving the interest from the user, encrypting a payload of a responsive content object that is unencrypted at the content producing device until the encrypting based on (i) the name included in the interest that matches the schema associated with the user, and (ii) the public parameters; and
  
  transmitting the responsive content object with the encrypted payload to the user, wherein the encrypted payload is configured such that it can only be decrypted by the secret key of the user and wherein the encrypted payload is configured such that it cannot be decrypted by the user if the name included in the interest does not match the schema associated with the user, thereby facilitating schematized access control to content objects in the content centric network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer system of claim 1, wherein the instructions cause the processor to further perform the method comprising:
    - receiving a request from the user; and
      
      in response to the request, transmitting the secret key and the public parameters to the user or a client computing device of the user to enable the client computing device to decrypt the encrypted payload.
  - 3. The computer system of claim 1, wherein the instructions cause the processor to further perform the method comprising:
    - generating the responsive content object with the encrypted payload.
  - 4. The computer system of claim 1, wherein performing the setup function, generating the secret key, and encrypting the payload of the responsive content object are based on a functional encryption system.
  - 5. The computer system of claim 1, wherein the instructions cause the processor to further perform the method comprising:
    - delegating the generating of the secret key and the performing of the setup function to a trusted third party that is a key managing device,wherein the key managing device;
      
      performs the setup function which outputs the master secret key and the public parameters;
      
      generates the secret key for the user based on the schema;
      
      transmits the secret key to the user or a client computing device of the user; and
      
      transmits the public parameters to the content producing device.
  - 6. The computer system of claim 1, wherein the instructions cause the processor to further perform:
    - defining the schema based on the name and associating the schema with the user.
  - 7. The computer system of claim 1, wherein the responsive content object includes the name included in the interest.

8. A computer-implemented method for facilitating schematized access control to content objects in a content centric network, the computer-implemented method comprising:
- performing a setup function which outputs a master secret key associated with a content producing device and public parameters, and limits a set of schema regular expression symbols for a schema based on an alphabet and that is associated with a user;
  
  generating, by the content producing device, a secret key for the user in the content centric network based on (i) the master secret key associated with the content producing device, and (ii) the schema associated with the user, wherein the schema is a regular expression which corresponds to one or more names associated with content objects and allows the user access to the content objects associated with the one or more names, wherein a name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level and which uniquely identifies a specific content object, wherein the generating is performed in response to each of adding the user in the content centric network, changing a permission of the user, and determining a need to rotate one or more secret keys of the user;
  
  receiving an interest from the user that includes a name that matches the schema associated with the user;
  
  in response to receiving the interest from the user, encrypting a payload of a responsive content object that is unencrypted at the content producing device until the encrypting based on (i) the name included in the interest that matches the schema associated with the user, and (ii) the public parameters; and
  
  transmitting the responsive content object with the encrypted payload to the user, wherein the encrypted payload is configured such that it can only be decrypted by the secret key of the user and wherein the encrypted payload is configured such that it cannot be decrypted by the user if the name included in the interest does not match the schema associated with the user, thereby facilitating schematized access control to content objects in the content centric network.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-implemented method of claim 8, further comprising:
    - receiving a request from the user; and
      
      in response to the request, transmitting the secret key and the public parameters to the user or a client computing device of the user to enable the client computing device to decrypt the encrypted payload.
  - 10. The computer-implemented method of claim 8, further comprising:
    - generating the responsive content object with the encrypted payload.
  - 11. The computer-implemented method of claim 8, wherein performing the setup function, generating the secret key, and encrypting the payload of the responsive content object are based on a functional encryption system.
  - 12. The computer-implemented method of claim 8, further comprising:
    - delegating the generating of the secret key and the performing of the setup function to a trusted third party that is a key managing device,wherein the key managing device;
      
      performs the setup function which outputs the master secret key and the public parameters;
      
      generates the secret key for the user based on the schema;
      
      transmits the secret key to the user or a client computing device of the user; and
      
      transmits the public parameters to the content producing device.
  - 13. The computer-implemented method of claim 8, further comprising:
    - defining the schema based on the name and associating the schema with the user.
  - 14. The computer-implemented method of claim 8, wherein the responsive content object includes the name included in the interest.

15. A non-transitory computer readable medium encoded with instructions that, when executed by a processor of a computer system for facilitating schematized access control to content objects in a content centric network, cause the processor to perform:
- performing a setup function which outputs a master secret key associated with a content producing device and public parameters, and limits a set of schema regular expression symbols for a schema based on an alphabet and that is associated with a user;
  
  generating, by the content producing device, a secret key for the user in the content centric network based on (i) the master secret key associated with the content producing device, and (ii) the schema associated with the user, wherein the schema is a regular expression which corresponds to one or more names associated with content objects and allows the user access to the content objects associated with the one or more names, wherein a name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level and which uniquely identifies a specific content object, wherein the generating is performed in response to each of adding the user to the computer system, changing a permission of the user, and determining a need to rotate one or more secret keys of the user;
  
  receiving an interest from the user that includes a name that matches the schema associated with the user;
  
  in response to receiving the interest from the user, encrypting a payload of a responsive content object that is unencrypted at the content producing device until the encrypting based on (i) the name included in the interest that matches the schema associated with the user, and (ii) the public parameters; and
  
  transmitting the responsive content object with the encrypted payload to the user, wherein the encrypted payload is configured such that it can only be decrypted by the secret key of the user and wherein the encrypted payload is configured such that it cannot be decrypted by the user if the name included in the interest does not match the schema associated with the user, thereby facilitating schematized access control to content objects in the content centric network.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer readable medium of claim 15, wherein the instructions cause the processor to further perform:
    - receiving a request from the user; and
      
      in response to the request, transmitting the secret key and the public parameters to the user or a client computing device of the user to enable the client computer device to decrypt the encrypted payload.
  - 17. The non-transitory computer readable medium of claim 15, wherein the instructions cause the processor to further perform:
    - generating the responsive content object with the encrypted payload.
  - 18. The non-transitory computer readable medium system of claim 15, wherein performing the setup function, generating the secret key, and encrypting the payload of the responsive content object are based on a functional encryption system.
  - 19. The non-transitory computer readable medium of claim 15, wherein the instructions cause the processor to further perform:
    - delegating the generating of the secret key and the performing of the setup function to a trusted third party that is a key managing device,wherein the key managing device;
      
      performs the setup function which outputs the master secret key and the public parameters;
      
      generates the secret key for the user based on the schema;
      
      transmits the secret key to the user or a client computing device of the user; and
      
      transmits the public parameters to the content producing device.
  - 20. The non-transitory computer readable medium of claim 15, wherein the instructions cause the processor to further perform:
    - defining the schema based on the name and associating the schema with the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Wood, Christopher A., Scott, Glenn C.
Primary Examiner(s)
Shiferaw, Eleni A
Assistant Examiner(s)
Huang, Cheng-Feng

Application Number

US15/144,530
Publication Number

US 20170317821A1
Time in Patent Office

1,219 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/068   using time-dependent keys, ...

H04L 9/0819   Key transport or distributi...

H04L 9/083   involving central third par...

H04L 9/0847   involving identity based en...

H04L 9/0861   Generation of secret inform...

H04L 9/0891   Revocation or update of sec...

Schematized access control in a content centric network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

517 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Schematized access control in a content centric network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

517 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links