ACCESS CONTROL FOR NAMED DOMAIN NETWORKING

US 20170093752A1
Filed: 09/29/2015
Published: 03/30/2017
Est. Priority Date: 09/29/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

sending to a content provider of an ICN network, by a computing device, an access request for content in response to receiving a first content request from a client;

receiving from the content provider, by the computing device, access control information for the content;

sending to the client, by the computing device, a challenge;

receiving from the client, by the computing device, an authorization of the content provider, the authorization of the content provider including information obtained by the client from the content provider based on the challenge;

verifying, by the computing device, the authorization received from the client using the access control information received from the content provider; and

sending to the client, by the computing device, the content.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosure is directed to providing content access control in information centric networking (ICN) networks. Methods and systems include hardware and/or software that perform operations for sending to a content provider of an ICN network an access request for content in response to receiving a first content request from a client. The operations also include receiving from the content provider access control information for the content. The operations further include sending to the client a challenge. Additionally, the operations include receiving from the client an authorization of the content provider that includes information obtained by the client from the content provider based on the challenge. Furthermore, the operations include verifying the authorization received from the client using the access control information received from the content provider. Moreover, the operations include sending to the client the content.

9 Citations

View as Search Results

20 Claims

1. A method comprising:
- sending to a content provider of an ICN network, by a computing device, an access request for content in response to receiving a first content request from a client;
  
  receiving from the content provider, by the computing device, access control information for the content;
  
  sending to the client, by the computing device, a challenge;
  
  receiving from the client, by the computing device, an authorization of the content provider, the authorization of the content provider including information obtained by the client from the content provider based on the challenge;
  
  verifying, by the computing device, the authorization received from the client using the access control information received from the content provider; and
  
  sending to the client, by the computing device, the content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - determining that the content is not cached in a content store of the computing device; and
      
      determining the content provider of the content via the ICN network.
  - 3. The method of claim 2, further comprising:
    - sending, based on the verifying, a second content request to the content provider; and
      
      receiving, in response the second content request, the content from the content provider.
  - 4. The method of claim 3, further comprising storing the content in the content store.
  - 5. The method of claim 1, further comprising:
    - determining that the content is cached in a content store of the computing device;
      
      determining that the content cached in the content store is expired; and
      
      determining the content provider of the content via the ICN network.
  - 6. The method of claim 1, wherein the first content request lacks any information identifying the client.
  - 7. The method of claim 1, wherein the challenge includes a problem only solvable by the content provider.
  - 8. The method of claim 7, wherein the problem comprises a nonce encrypted with a key of the content provider.
  - 9. The method of claim 1, wherein the access control data comprises a key corresponding to encrypted information in the authorization.

10. A system comprising a processor, a data storage device, and program instruction stored on the data storage device that, when executed by the processor, control the system to perform operations comprising:
- sending to a content provider of an ICN network an access request for content in response to receiving a first content request from a client;
  
  receiving from the content provider access control information for the content;
  
  sending to the client a challenge;
  
  receiving from the client an authorization of the content provider, the authorization of the content provider including information obtained by the client from the content provider based on the challenge;
  
  verifying the authorization received from the client using the access control information received from the content provider; and
  
  sending to the client the content.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the operations further comprise:
    - determining that the content is not cached in a content store of the computing device; and
      
      determining the content provider of the content via the ICN network.
  - 12. The system of claim 11, wherein the operations further comprise:
    - sending, based on the verifying, a second content request to the content provider; and
      
      receiving, in response the second content request, the content from the content provider.
  - 13. The system of claim 12, wherein the operations further comprise storing the content in the content store.
  - 14. The system of claim 10, wherein the operations further comprise:
    - determining that the content is cached in a content store of the computing device;
      
      determining that the content cached in the content store is expired; and
      
      determining the content provider of the content via the ICN network.
  - 15. The system of claim 10, wherein the first content request lacks any information identifying the client.
  - 16. The system of claim 10, wherein the challenge includes a problem only solvable by the content provider.
  - 17. The system of claim 16, wherein the problem comprises a nonce encrypted with a key of the content provider.
  - 18. The system of claim 10, wherein the access control data comprises a key corresponding to encrypted information in the authorization.

19. An information centric networking (ICN) server communicatively linked to at least one client and at least one content provider by an ICN network, wherein the ICN server performs operations comprising:
- receiving from the client a first content request naming content;
  
  sending the content provider an access request for the content;
  
  receiving a key for the content from the content provider;
  
  storing the key in an access control database of the ICN server;
  
  sending a challenge to the client, the challenge including a problem only solvable by the content provider;
  
  receiving an authorization of the content provider from the client, the authorization of the content provider including a solution to the problem obtained from the content provider;
  
  verifying the authorization received from the client using the key received from the content provider;
  
  after the verifying, sending to the content provider a second content request naming the content;
  
  receiving the content from the provider in response to the second content request;
  
  storing the content in a content store of the ICN server; and
  
  sending to the client the content.
- View Dependent Claims (20)
- - 20. The ICN server of claim 19, wherein the first content request, the access request, and the authorization are anonymous with respect to the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VeriSign, Inc.
Original Assignee
VeriSign, Inc.
Inventors
Shirvanian, Maliheh, Mohaisen, Abedelaziz, Murray, G. Craig

Granted Patent

US 10,887,314 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 47/808   User-type aware

H04L 63/0428   wherein the data content is...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/0892   by using authentication-aut...

H04L 63/102   Entity profiles

H04L 63/1441   Countermeasures against mal...

H04L 65/1101   Session protocols

H04L 67/00   Network arrangements or pro...

H04L 9/3271   using challenge-response

H04W 12/08   Access security

ACCESS CONTROL FOR NAMED DOMAIN NETWORKING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ACCESS CONTROL FOR NAMED DOMAIN NETWORKING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links