System and method for efficient and secure distribution of digital content
First Claim
1. A computer-implemented method for processing encrypted content, the method comprising:
- in response to a first interest packet for content based on a name included in the first interest packet, wherein the name is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level, receiving, by a client computing device, master-encrypted content which has been encrypted by a content producing device based on a master encryption key known only to the content producing device, wherein the client computing device and the content producing device communicate over a content centric network;
obtaining a user-specific re-encryption key that is generated for a user associated with the client computing device and is based on the name included in the first interest packet;
re-encrypting the master-encrypted content by using the user-specific re-encryption key to directly transform the master-encrypted content to user-specific encrypted content, which can only be decrypted by a user-specific decryption key; and
decrypting the transformed user-specific encrypted content by using the user-specific decryption key,wherein receiving the master-encrypted content involves transmitting, by the content producing device or a source other than the content producing device, the master encrypted content.
3 Assignments
0 Petitions
Accused Products
Abstract
One embodiment provides a system for processing encrypted content. During operation, a client computing device determines a request for content based on the identity of the user or the client computing device. Content is received which has been encrypted using a master encryption, where the master encryption key is not known to the client computing device. The client computing device generates an interest packet that includes a request for a user-specific re-encryption key, and, based on the information in the interest packet, receives a content object that includes the user-specific re-encryption key. The client computing device decrypts the master-encrypted content by: re-encrypting the master-encrypted content, using the user-specific re-encryption key to transform the master-encrypted content to a user-specific encrypted content; and decrypting the transformed user-specific encrypted content using a user-specific key. This thereby facilitates the secure distribution of user-specific content without requiring a content source to distribute user-specific encrypted content.
-
Citations
24 Claims
-
1. A computer-implemented method for processing encrypted content, the method comprising:
-
in response to a first interest packet for content based on a name included in the first interest packet, wherein the name is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level, receiving, by a client computing device, master-encrypted content which has been encrypted by a content producing device based on a master encryption key known only to the content producing device, wherein the client computing device and the content producing device communicate over a content centric network; obtaining a user-specific re-encryption key that is generated for a user associated with the client computing device and is based on the name included in the first interest packet; re-encrypting the master-encrypted content by using the user-specific re-encryption key to directly transform the master-encrypted content to user-specific encrypted content, which can only be decrypted by a user-specific decryption key; and decrypting the transformed user-specific encrypted content by using the user-specific decryption key, wherein receiving the master-encrypted content involves transmitting, by the content producing device or a source other than the content producing device, the master encrypted content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method, the method comprising:
-
in response to a first interest packet for content based on a name included in the first interest packet, wherein the name is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level, receiving, by a client computing device, master-encrypted content which has been encrypted by a content producing device based on a master encryption key known only to the content producing device, wherein the client computing device and the content producing device communicate over a content centric network; obtaining a user-specific re-encryption key that is generated for a user associated with the client computing device and is based on the name included in the first interest packet; re-encrypting the master-encrypted content by using the user-specific re-encryption key to directly transform the master-encrypted content to user-specific encrypted content, which can only be decrypted by a user-specific decryption key; and decrypting the transformed user-specific encrypted content by using the user-specific decryption key, wherein receiving the master-encrypted content involves transmitting, by the content producing device or a source other than the content producing device, the master encrypted content. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer system for processing encrypted content, the system comprising:
-
a processor; a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising; in response to a first interest packet for content based on a name included in the first interest packet, wherein the name is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level, receiving, by a client computing device, master-encrypted content which has been encrypted by a content producing device based on a master encryption key known only to the content producing device, wherein the client computing device and the content producing device communicate over a content centric network; obtaining a user-specific re-encryption key that is generated for a user associated with the client computing device and is based on the name included in the first interest packet; re-encrypting the master-encrypted content by using the user-specific re-encryption key to directly transform the master-encrypted content to user-specific encrypted content, which can only be decrypted by a user-specific decryption key; and decrypting the transformed user-specific encrypted content by using the user-specific decryption key, wherein receiving the master-encrypted content involves transmitting, by the content producing device or a source other than the content producing device, the master encrypted content. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification