Access control framework for information centric networking
First Claim
1. A computer-implemented method, comprising:
- obtaining, by a computing device, a Manifest object for a data collection, wherein the Manifest includes references to a set of encrypted Content Objects of the data collection, includes one or more Access Control Specification (ACS) that each specifies a decryption protocol for decrypting one or more Content Objects of the data collection, and includes a respective ACS by reference;
obtaining a respective encrypted Content Object listed in the Manifest over an Information Centric Network (ICN);
obtaining, by the computing device from the Manifest, an ACS associated with the respective encrypted Content Object, which involves;
obtaining, from the Manifest, a name prefix associated with the ACS;
disseminating, over ICN, an Interest whose name includes the name prefix; and
responsive to disseminating the Interest, receiving a Contact Object that includes the ACS; and
decrypting, by the computing device, the respective encrypted Content Object using the decryption protocol specified in the ACS.
3 Assignments
0 Petitions
Accused Products
Abstract
One embodiment provides an access-control framework for publishing and obtaining a collection of encrypted data in encrypted form. During operation, a content consumer can obtain a Manifest object for a data collection, such that the Manifest includes references to a set of encrypted Content Objects of the data collection, and includes one or more Access Control Specifications (ACS) that each specifies a decryption protocol for decrypting one or more Content Objects of the data collection. The consumer can disseminate Interest messages to receive encrypted Content Objects listed in the Manifest over an Information Centric Network (ICN). The client can also obtain, from the Manifest, an ACS associated with a respective encrypted Content Object, and decrypts the respective encrypted Content Object using the decryption protocol specified in the ACS.
-
Citations
18 Claims
-
1. A computer-implemented method, comprising:
-
obtaining, by a computing device, a Manifest object for a data collection, wherein the Manifest includes references to a set of encrypted Content Objects of the data collection, includes one or more Access Control Specification (ACS) that each specifies a decryption protocol for decrypting one or more Content Objects of the data collection, and includes a respective ACS by reference; obtaining a respective encrypted Content Object listed in the Manifest over an Information Centric Network (ICN); obtaining, by the computing device from the Manifest, an ACS associated with the respective encrypted Content Object, which involves; obtaining, from the Manifest, a name prefix associated with the ACS; disseminating, over ICN, an Interest whose name includes the name prefix; and responsive to disseminating the Interest, receiving a Contact Object that includes the ACS; and decrypting, by the computing device, the respective encrypted Content Object using the decryption protocol specified in the ACS. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method, comprising:
-
obtaining, by a computing device, an initiation Manifest object for a data collection, wherein the initiation Manifest includes an Access Control Specification (ACS) that specifies an end-to-end access control scheme for obtaining and decrypting one or more Content Objects of the data collection; obtaining a public key of a publisher from the ACS in the initiation Manifest; determining, by the computing device from the ACS, an encryption algorithm for a session with the publisher; disseminating a setup Interest message for the publisher, wherein the setup Interest message includes a temporary key encrypted using the determined encryption algorithm and the publisher'"'"'s public key; receiving a setup Content Object that satisfies the setup Interest message, wherein the setup Content Object includes a session key and a session identifier; disseminating a finish Interest message for the publisher, wherein the finish Interest message includes the session identifier; and receiving an in-session Manifest that satisfies the finish Interest message, wherein the in-session Manifest includes references to one or more Content Objects of the data collection that are encrypted using the session key. - View Dependent Claims (7, 8, 9)
-
-
10. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method, the method comprising:
-
obtaining a Manifest object for a data collection, wherein the Manifest includes references to a set of encrypted Content Objects of the data collection, includes one or more Access Control Specification (ACS) that each specifies a decryption protocol for decrypting one or more Content Objects of the data collection, and includes a respective ACS by reference; obtaining a respective encrypted Content Object listed in the Manifest over an Information Centric Network (ICN); obtaining, by the computing device from the Manifest, an ACS associated with the respective encrypted Content Object, which involves; obtaining, from the Manifest, a name prefix associated with the ACS; disseminating, over ICN, an Interest whose name includes the name prefix; and responsive to disseminating the Interest, receiving a Contact Object that includes the ACS; and decrypting the respective encrypted Content Object using the decryption protocol specified in the ACS. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method, the method comprising:
-
obtaining an initiation Manifest object for a data collection, wherein the initiation Manifest includes an Access Control Specification (ACS) that specifies an end-to-end access control scheme for obtaining and decrypting one or more Content Objects of the data collection; obtaining a public key of a publisher from the ACS in the initiation Manifest; determining, from the ACS, an encryption algorithm for a session with the publisher; disseminating a setup Interest message for the publisher, wherein the setup Interest message includes a temporary key encrypted using the determined encryption algorithm and the publisher'"'"'s public key; receiving a setup Content Object that satisfies the setup Interest message, wherein the setup Content Object includes a session key and a session identifier; disseminating a finish Interest message for the publisher, wherein the finish Interest message includes the session identifier; and receiving an in-session Manifest that satisfies the finish Interest message, wherein the in-session Manifest includes references to one or more Content Objects of the data collection that are encrypted using the session key. - View Dependent Claims (16, 17, 18)
-
Specification