Schematized access control in a content centric network
First Claim
1. A computer system for facilitating schematized access control to content objects in a content centric network, the computer system comprising:
- a processor; and
a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising;
performing a setup function which outputs a master secret key associated with a content producing device and public parameters, and limits a set of schema regular expression symbols for a schema based on an alphabet and that is associated with a user;
generating, by the content producing device, a secret key for the user in the content centric network based on (i) the master secret key associated with the content producing device, and (ii) the schema associated with the user, wherein the schema is a regular expression which corresponds to one or more names associated with content objects and allows the user access to the content objects associated with the one or more names, wherein a name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level and which uniquely identifies a specific content object, wherein the generating is performed in response to each of adding the user in the content centric network, changing a permission of the user, and determining a need to rotate one or more secret keys of the user;
receiving an interest from the user that includes a name that matches the schema associated with the user;
in response to receiving the interest from the user, encrypting a payload of a responsive content object that is unencrypted at the content producing device until the encrypting based on (i) the name included in the interest that matches the schema associated with the user, and (ii) the public parameters; and
transmitting the responsive content object with the encrypted payload to the user, wherein the encrypted payload is configured such that it can only be decrypted by the secret key of the user and wherein the encrypted payload is configured such that it cannot be decrypted by the user if the name included in the interest does not match the schema associated with the user, thereby facilitating schematized access control to content objects in the content centric network.
3 Assignments
0 Petitions
Accused Products
Abstract
A system performs a setup function which outputs a master secret key associated with a content producing device and public parameters. The system generates a secret key for a user in a content centric network (CCN) based on a master secret key associated with the content producing device, and a schema associated with the user. In response to an interest from the user that includes a name that matches the schema, the system encrypts a payload of a content object based on the name and the public parameters. The system transmits the content object to the user. The encrypted payload is configured such that it can only be decrypted by the secret key of the user and cannot be decrypted by the user if the name in the interest does not match the schema, thereby facilitating schematized access control to content objects in the CCN.
517 Citations
20 Claims
-
1. A computer system for facilitating schematized access control to content objects in a content centric network, the computer system comprising:
-
a processor; and a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising; performing a setup function which outputs a master secret key associated with a content producing device and public parameters, and limits a set of schema regular expression symbols for a schema based on an alphabet and that is associated with a user; generating, by the content producing device, a secret key for the user in the content centric network based on (i) the master secret key associated with the content producing device, and (ii) the schema associated with the user, wherein the schema is a regular expression which corresponds to one or more names associated with content objects and allows the user access to the content objects associated with the one or more names, wherein a name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level and which uniquely identifies a specific content object, wherein the generating is performed in response to each of adding the user in the content centric network, changing a permission of the user, and determining a need to rotate one or more secret keys of the user; receiving an interest from the user that includes a name that matches the schema associated with the user; in response to receiving the interest from the user, encrypting a payload of a responsive content object that is unencrypted at the content producing device until the encrypting based on (i) the name included in the interest that matches the schema associated with the user, and (ii) the public parameters; and transmitting the responsive content object with the encrypted payload to the user, wherein the encrypted payload is configured such that it can only be decrypted by the secret key of the user and wherein the encrypted payload is configured such that it cannot be decrypted by the user if the name included in the interest does not match the schema associated with the user, thereby facilitating schematized access control to content objects in the content centric network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method for facilitating schematized access control to content objects in a content centric network, the computer-implemented method comprising:
-
performing a setup function which outputs a master secret key associated with a content producing device and public parameters, and limits a set of schema regular expression symbols for a schema based on an alphabet and that is associated with a user; generating, by the content producing device, a secret key for the user in the content centric network based on (i) the master secret key associated with the content producing device, and (ii) the schema associated with the user, wherein the schema is a regular expression which corresponds to one or more names associated with content objects and allows the user access to the content objects associated with the one or more names, wherein a name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level and which uniquely identifies a specific content object, wherein the generating is performed in response to each of adding the user in the content centric network, changing a permission of the user, and determining a need to rotate one or more secret keys of the user; receiving an interest from the user that includes a name that matches the schema associated with the user; in response to receiving the interest from the user, encrypting a payload of a responsive content object that is unencrypted at the content producing device until the encrypting based on (i) the name included in the interest that matches the schema associated with the user, and (ii) the public parameters; and transmitting the responsive content object with the encrypted payload to the user, wherein the encrypted payload is configured such that it can only be decrypted by the secret key of the user and wherein the encrypted payload is configured such that it cannot be decrypted by the user if the name included in the interest does not match the schema associated with the user, thereby facilitating schematized access control to content objects in the content centric network. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium encoded with instructions that, when executed by a processor of a computer system for facilitating schematized access control to content objects in a content centric network, cause the processor to perform:
-
performing a setup function which outputs a master secret key associated with a content producing device and public parameters, and limits a set of schema regular expression symbols for a schema based on an alphabet and that is associated with a user; generating, by the content producing device, a secret key for the user in the content centric network based on (i) the master secret key associated with the content producing device, and (ii) the schema associated with the user, wherein the schema is a regular expression which corresponds to one or more names associated with content objects and allows the user access to the content objects associated with the one or more names, wherein a name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level and which uniquely identifies a specific content object, wherein the generating is performed in response to each of adding the user to the computer system, changing a permission of the user, and determining a need to rotate one or more secret keys of the user; receiving an interest from the user that includes a name that matches the schema associated with the user; in response to receiving the interest from the user, encrypting a payload of a responsive content object that is unencrypted at the content producing device until the encrypting based on (i) the name included in the interest that matches the schema associated with the user, and (ii) the public parameters; and transmitting the responsive content object with the encrypted payload to the user, wherein the encrypted payload is configured such that it can only be decrypted by the secret key of the user and wherein the encrypted payload is configured such that it cannot be decrypted by the user if the name included in the interest does not match the schema associated with the user, thereby facilitating schematized access control to content objects in the content centric network. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification