System for implementing a small computer systems interface protocol over a content centric network

US 10,547,589 B2
Filed: 05/09/2016
Issued: 01/28/2020
Est. Priority Date: 05/09/2016
Status: Active Grant

First Claim

Patent Images

1. A computer system, comprising:

a processor; and

a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising;

receiving, by a target device from an initiating device, a first interest which includes a name and information associated with a first protocol data unit that indicates a first command, of a small computer system interface protocol, to be executed by the target device to pull data from storage attached to the target device based on a first name, wherein the name includes a name prefix of the target device;

extracting the information to obtain the first command;

generating a first content object with a payload that includes data received in response to executing the first command, thereby facilitating use of the small computer system interface protocol over a content centric network;

generating a second interest with the first name and that indicates a request for the data and, in response to the second interest, receiving a second content object with the data; and

in response to receiving a third interest that includes an identifier of the initiating device and indicates an authentication challenge, authenticating the initiating device to the target device based on the identifier, wherein the authenticating includes generating an acknowledgement indicating results of the authenticating.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment provides a system that facilitates schematized access control in a content centric network. During operation, the system generates, by a content producing device, a secret key for a user based on a schema, wherein the schema is a regular expression which corresponds to one or more names and allows a user access to content associated with the names, wherein a name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level. The system receives an interest with a name that corresponds to the schema. The system encrypts a payload of a responsive content object based on the interest name. The system transmits the responsive content object with the encrypted payload to the user, which allows the user to decrypt the encrypted payload with the secret key.

Citations

20 Claims

1. A computer system, comprising:
- a processor; and
  
  a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising;
  
  receiving, by a target device from an initiating device, a first interest which includes a name and information associated with a first protocol data unit that indicates a first command, of a small computer system interface protocol, to be executed by the target device to pull data from storage attached to the target device based on a first name, wherein the name includes a name prefix of the target device;
  
  extracting the information to obtain the first command;
  
  generating a first content object with a payload that includes data received in response to executing the first command, thereby facilitating use of the small computer system interface protocol over a content centric network;
  
  generating a second interest with the first name and that indicates a request for the data and, in response to the second interest, receiving a second content object with the data; and
  
  in response to receiving a third interest that includes an identifier of the initiating device and indicates an authentication challenge, authenticating the initiating device to the target device based on the identifier, wherein the authenticating includes generating an acknowledgement indicating results of the authenticating.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer system of claim 1, wherein the first command is transmitted to the storage based on the small computer system interface protocol.
  - 3. The computer system of claim 1, wherein the first interest indicates the information associated with the first protocol data unit based on:
    - the first protocol data unit being encapsulated and inserted into a payload of the first interest;
      
      orthe information associated with the first protocol data unit being encoded in the name of the first interest.
  - 4. The computer system of claim 1, wherein a routable name prefix of the target device is obtained based on one or more of:
    - a catalog of routable name prefixes of target devices maintained by the initiating device;
      
      a manifest published by the target device which lists routable name prefixes for the target device and other target devices under a domain of the target device; and
      
      a directory of routable name prefixes for the target device and other target devices, wherein the target device and the other target devices publish their respective routable name prefixes to the directory, which is subsequently obtained and read by the initiating device.
  - 5. The computer system of claim 1, wherein the authenticating further includes:
    - verifying that the initiating device is permitted to access the storage;
      
      generating a third content object which includes a first random challenge variable in a payload of the third content object;
      
      receiving a fourth interest that indicates a first verification value computed by the initiating device;
      
      computing a first comparison value based on the identifier of the initiating device, the first random challenge variable, and a secret key of the initiating device; and
      
      in response to determining that the computed first comparison value matches the first verification value, generating, as the acknowledgement indicating the results of the authenticating, a fourth content object that indicates an acknowledgment of the fourth interest, thereby authenticating the initiating device.
  - 6. The computer system of claim 5, wherein the first verification value is computed by the initiating device based on the identifier of the initiating device, the first random challenge variable, and the secret key of the initiating device,wherein the secret key of the initiating device is previously exchanged with the target device based on a key exchange protocol.
  - 7. The computer system of claim 5, wherein the authenticating further comprises:
    - in response to determining that the computed first comparison value does not match the first verification value, generating, as the acknowledgement indicating the results of the authenticating, a negative acknowledgment of the fourth interest.
  - 8. The computer system of claim 5, wherein the payload of the third content object further includes an identifier of the target device, wherein a payload of the fourth interest includes a second random challenge variable generated by the initiating device, wherein the method further comprises authenticating the target device, which involves:
    - computing a second verification value based on the identifier of the target device, the second random challenge variable, and a secret key of the target device;
      
      including the second verification value in a payload of the fourth content objectin response to the initiating device successfully verifying the second verification value, receiving an acknowledgment of the fourth content object; and
      
      in response to the initiating device unsuccessfully verifying the second verification value, receiving a negative acknowledgment of the fourth content object.
  - 9. The computer system of claim 5, wherein the target device and the initiating device establish a security association based on one or more of:
    - a key exchange protocol;
      
      a key exchange protocol based on the content centric network; and
      
      a Diffie-Hellman key exchange protocol,wherein information needed for a key exchange protocol is included in a payload of an interest or a content object sent or received by the target device.

10. A computer system, comprising:
- a processor; and
  
  a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising;
  
  generating, by an initiating device, a first interest which includes a name and information associated with a first protocol data unit that indicates a first command, of a small computer system interface protocol, to be executed by a target device to pull data from storage attached to the target device based on a first name, wherein the name includes a name prefix of the target device;
  
  in response to the first interest, receiving a first content object with a payload that includes data received in response to the target device executing the first command, thereby facilitating use of the small computer system interface protocol over a content centric network;
  
  receiving a second interest with the first name and that indicates a request for the data and, in response to the second interest, generating a second content object with the data; and
  
  in response to generating a third interest that includes an identifier of the initiating device and indicates an authentication challenge, authenticating the initiating device to the target device based on the identifier, wherein the authenticating includes receiving an acknowledgement indicating results of the authenticating.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer system of claim 10, wherein the first command is transmitted to the storage based on the small computer system interface protocol.
  - 12. The computer system of claim 10, wherein the first interest indicates the information associated with the first protocol data unit based on:
    - encapsulating and inserting the first protocol data unit into a payload of the first interest;
      
      orencoding the information associated with the first protocol data unit in the name of the first interest.
  - 13. The computer system of claim 10, where the method further comprises obtaining a routable name prefix of the target device based on one or more of:
    - maintaining a catalog of routable name prefixes of target devices;
      
      a manifest published by the target device which lists routable name prefixes for the target device and other target devices under a domain of the target device; and
      
      a directory of routable name prefixes for the target device and other target devices, wherein the target device and the other target devices publish their respective routable name prefixes to the directory, wherein the initiating device obtains the routable name prefix from the directory.
  - 14. The computer system of claim 10, wherein the authenticating further includes:
    - in response to the target device verifying that the initiating device is permitted to access the, receiving a third content object which includes a first random challenge variable in a payload of the third content object;
      
      computing a first verification value based on the identifier of the initiating device, the first random challenge variable, and a secret key of the initiating device;
      
      generating a fourth interest that indicates the first verification value; and
      
      in response to the target device successfully verifying the first verification value, receiving, as the acknowledgement indicating the results of the authenticating, a fourth content object that indicates an acknowledgment of the fourth interest, thereby authenticating the initiating device.
  - 15. The computer system of claim 14, wherein the target device successfully verifying the first verification value involves:
    - computing, by the target device, a first comparison value based on the identifier of the initiating device, the first random challenge variable, and the secret key of the initiating device; and
      
      determining that the computed first comparison value matches the first verification value,wherein the secret key of the initiating device is previously exchanged with the target device based on a key exchange protocol.
  - 16. The computer system of claim 14, wherein the authenticating further comprises:
    - in response to the target device unsuccessfully verifying the first verification value, receiving, as the acknowledgement indicating the results of the authenticating, a negative acknowledgment of the fourth interest.
  - 17. The computer system of claim 14, wherein the payload of the third content object further includes an identifier of the target device, wherein a payload of the fourth interest includes a second random challenge variable generated by the initiating device, wherein the method further comprises authenticating the target device, which involves:
    - computing, by the target device, a second verification value based on the identifier of the target device, the second random challenge variable, and a secret key of the target device, wherein the second verification value is included in a payload of the fourth content object;
      
      computing, by the initiating device, a second comparison value based on the identifier of the target device, the second random challenge variable, and the secret key of the target device;
      
      in response to determining that the computed second comparison value matches the second verification value, generating an acknowledgment of the fourth content object; and
      
      in response to determining that the computed second comparison value does not match the second verification value, generating a negative acknowledgment of the fourth content object.
  - 18. The computer system of claim 14, wherein the target device and the initiating device establish a security association based on one or more of:
    - a key exchange protocol;
      
      a key exchange protocol based on the content centric network; and
      
      a Diffie-Hellman key exchange protocol,wherein information needed for a key exchange protocol is included in a payload of an interest or a content object sent or received by the target device.

19. A method, comprising:
- at a target device including a processor and a storage device, performing;
  
  receiving from an initiating device a first interest which includes a name and information associated with a first protocol data unit that indicates a first command, of a small computer system interface protocol, to be executed by the target device to pull data from storage attached to the target device based on a first name, wherein the name includes a name prefix of the target device;
  
  extracting the information to obtain the first command;
  
  generating a first content object with a payload that includes data received in response to executing the first command, thereby facilitating use of the small computer system interface protocol over a content centric network;
  
  generating a second interest with the first name and that indicates a request for the data and, in response to the second interest, receiving a second content object with the data; and
  
  in response to receiving a third interest that includes an identifier of the initiating device and indicates an authentication challenge, authenticating the initiating device to the target device based on the identifier, wherein the authenticating includes generating an acknowledgement indicating results of the authenticating.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein the first command is transmitted to the storage based on the small computer system interface protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Wood, Christopher A., Scott, Glenn C.
Primary Examiner(s)
Park, Jeong S

Application Number

US15/149,892
Publication Number

US 20170324704A1
Time in Patent Office

1,359 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2101/35   containing special prefixes

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

H04L 63/123   received data contents, e.g...

H04L 67/1097   for distributed storage of ...

H04L 67/565   Conversion or adaptation of...

H04L 69/08   Protocols for interworking;...

System for implementing a small computer systems interface protocol over a content centric network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System for implementing a small computer systems interface protocol over a content centric network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links