Content security at service layer

US 10,637,836 B2
Filed: 06/30/2016
Issued: 04/28/2020
Est. Priority Date: 07/02/2015
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising a processor, a memory, and communication circuitry, the apparatus being connected to a network via its communication circuitry, the apparatus further comprising computer-executable instructions stored in the memory of the apparatus which, when executed by the processor of the apparatus, cause the apparatus to perform operations comprising:

sending, to a common services entity, a request for one or more credentials that encrypt or integrity protect application content when stored at rest on a hosting common services entity, the request based on one or more security parameters associated with the application content;

in response to the request, obtaining, from the common services entity, the one or more credentials;

using the one or more credentials to encrypt or integrity protect the application content; and

sending, to the hosting common services entity, a request to create a resource that stores the encrypted or integrity protected content.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Existing approaches to security within network, for instance one M2M networks, are limited. For example, content might only be protected while the content is in transit between entities that trust each other. Here, the integrity and the confidentiality of content in an M2M network are protected. Such content may be “at rest,” such that the content is stored at a hosting node. Only authorized entities may store and retrieve the data that is stored at the hosting node, and the data may be protected from a confidentiality perspective and an integrity perspective.

8 Citations

18 Claims

1. An apparatus comprising a processor, a memory, and communication circuitry, the apparatus being connected to a network via its communication circuitry, the apparatus further comprising computer-executable instructions stored in the memory of the apparatus which, when executed by the processor of the apparatus, cause the apparatus to perform operations comprising:
- sending, to a common services entity, a request for one or more credentials that encrypt or integrity protect application content when stored at rest on a hosting common services entity, the request based on one or more security parameters associated with the application content;
  
  in response to the request, obtaining, from the common services entity, the one or more credentials;
  
  using the one or more credentials to encrypt or integrity protect the application content; and
  
  sending, to the hosting common services entity, a request to create a resource that stores the encrypted or integrity protected content.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The apparatus as recited in claim 1, wherein the one or more credentials comprise a master key for symmetric key confidentiality protection.
  - 3. The apparatus as recited in claim 1, the apparatus further comprising computer-executable instructions that cause the apparatus to perform further operations comprising:
    - generating an authentication tag associated with the content, wherein the authentication tag indicates an integrity and authenticity of the content for hosting at the hosting common services entity.
  - 4. The apparatus as recited claim 1, wherein the apparatus is an application entity, and the credentials are obtained from a trust enablement function.
  - 5. The apparatus as recited in claim 4, wherein a second application entity that is authorized to obtain the content can obtain the one or more credentials from the trust enablement function.
  - 6. The apparatus as recited in claim 1, wherein the encrypted or integrity protected content can be decrypted by a second apparatus if the second apparatus has the one or more credentials.

7. An apparatus comprising a processor, a memory, and communication circuitry, the apparatus being connected to a network via its communication circuitry, the apparatus further comprising computer-executable instructions stored in the memory of the apparatus which, when executed by the processor of the apparatus, cause the apparatus to perform operations comprising:
- based on security requirements associated with content, generating one or more credentials that encrypt or integrity protect application content when stored at rest on a hosting node;
  
  using the one or more credentials to encrypt or integrity protect the application content; and
  
  sending, to the hosting node, a request that the hosting node store the encrypted or integrity protected content, such that only an authorized client can decrypt the content from the hosting node.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The apparatus as recited in claim 7, the apparatus further comprising computer-executable instructions that cause the apparatus to perform further operations comprising:
    - registering the one or more credentials with a trust enablement function.
  - 9. The apparatus as recited in claim 8, wherein the one or more credentials are generated by bootstrapping an association between the apparatus and a trust enablement function.
  - 10. The apparatus as recited in claim 8, the apparatus further comprising computer-executable instructions that cause the apparatus to perform further operations comprising:
    - in response to the request, receiving a credential identity from the trust enablement function, wherein the request comprises a credential associated with the credential identity, and the request seeks a registration of the credential.
  - 11. The apparatus as recited in claim 10, wherein the credential identity is unique to a common services entity.
  - 12. The apparatus as recited in claim 7, the apparatus further comprising computer-executable instructions that cause the apparatus to perform further operations comprising:
    - receiving a success message if the hosting node determines that the apparatus is authorized to create a resource at the hosting node.

13. A method comprising:
- sending, from an apparatus and to a common services entity, a request for one or more credentials that encrypt or integrity protect application content when stored at rest on a hosting common services entity, the request based on one or more security parameters associated with the application content;
  
  in response to the request, obtaining, from the common services entity, the one or more credentials;
  
  using the one or more credentials to encrypt or integrity protect the application content; and
  
  sending, from the apparatus and to the hosting common services entity, a request to create a resource that stores the encrypted or integrity protected content.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method as recited in claim 13, wherein the one or more credentials comprise a master key for symmetric key confidentiality protection.
  - 15. The method as recited in claim 13, further comprising:
    - generating an authentication tag associated with the content, wherein the authentication tag indicates an integrity and authenticity of the content for hosting at the hosting common services entity.
  - 16. The method as recited claim 13, wherein the apparatus is an application entity, and the credentials are obtained from a trust enablement function.
  - 17. The method as recited in claim 16, wherein a second application entity that is authorized to obtain the content can obtain the one or more credentials from the trust enablement function.
  - 18. The method as recited in claim 13, wherein the encrypted or integrity protected content can be decrypted by a second apparatus if the second apparatus has the one or more credentials.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Convida Wireless LLC
Original Assignee
Convida Wireless LLC
Inventors
Choyi, Vinod Kumar, Shah, Yogendra C., Seed, Dale N., Starsinic, Michael F., Rahman, Shamim Akbar, Ly, Quang, Chen, Zhuo, Flynn, IV, William Robert
Primary Examiner(s)
Hoffman, Brandon S

Application Number

US15/198,984
Publication Number

US 20170005999A1
Time in Patent Office

1,398 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/101   Access control lists [ACL]

H04W 12/06   Authentication

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

H04W 12/086   using security domains

H04W 4/70   Services for machine-to-mac...

Content security at service layer

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

8 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Content security at service layer

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others