CONTENT SECURITY AT SERVICE LAYER

US 20170005999A1
Filed: 06/30/2016
Published: 01/05/2017
Est. Priority Date: 07/02/2015
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising a processor, a memory, and communication circuitry, the apparatus being connected to a network via its communication circuitry, the apparatus further comprising computer-executable instructions stored in the memory of the apparatus which, when executed by the processor of the apparatus, cause the apparatus to perform operations comprising:

receiving a first request, from a first application, to create a resource for hosting secured content associated with the first application;

determining whether the first application is authorized to create the resource at the apparatus; and

if the first application is authorized, hosting the secured content.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Existing approaches to security within network, for instance oneM2M networks, are limited. For example, content might only be protected while the content is in transit between entities that trust each other. Here, the integrity and the confidentiality of content in an M2M network are protected. Such content may be “at rest,” such that the content is stored at a hosting node. Only authorized entities may store and retrieve the data that is stored at the hosting node, and the data may be protected from a confidentiality perspective and an integrity perspective.

37 Citations

View as Search Results

20 Claims

1. An apparatus comprising a processor, a memory, and communication circuitry, the apparatus being connected to a network via its communication circuitry, the apparatus further comprising computer-executable instructions stored in the memory of the apparatus which, when executed by the processor of the apparatus, cause the apparatus to perform operations comprising:
- receiving a first request, from a first application, to create a resource for hosting secured content associated with the first application;
  
  determining whether the first application is authorized to create the resource at the apparatus; and
  
  if the first application is authorized, hosting the secured content.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The apparatus as recited in claim 1, wherein the first application is authorized, by a common services entity separate from the apparatus, to create the resource.
  - 3. The apparatus as recited in claim 2, wherein the request includes a credential identity generated by the common services entity.
  - 4. The apparatus as recited in claim 1, the apparatus further comprising computer-executable instructions that cause the apparatus to perform further operations comprising:
    - receiving a second request, from a second application, to access the secured content;
      
      determining whether the second application is authorized to access the secured content; and
      
      if the second application is authorized to access the secured content, sending the secured content to the second application.
  - 5. The apparatus as recited in claim 4, wherein the secured content can be decrypted when the common services entity sends one or more credentials associated with the secured content to the second application.
  - 6. The apparatus as recited in claim 4, wherein the second application is authorized to access the secured content by an access control policy of the first application.

7. An apparatus comprising a processor, a memory, and communication circuitry, the apparatus being connected to a network via its communication circuitry, the apparatus further comprising computer-executable instructions stored in the memory of the apparatus which, when executed by the processor of the apparatus, cause the apparatus to perform operations comprising:
- sending a request for one or more credentials that provide protection of content, the request based on one or more security parameters associated with the content;
  
  obtaining the one or more credentials; and
  
  using the one or more credentials to secure the content.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The apparatus as recited in claim 7, wherein the one or more credentials comprise a master key for symmetric key confidentiality protection.
  - 9. The apparatus as recited in claim 7, wherein the one or more credentials are for integrity protection and confidentiality protection.
  - 10. The apparatus as recited in claim 7, the apparatus further comprising computer-executable instructions that cause the apparatus to perform further operations comprising:
    - encrypting the content to create encrypted content.
  - 11. The apparatus as recited in claim 10, the apparatus further comprising computer-executable instructions that cause the apparatus to perform further operations comprising:
    - generating an authentication tag associated with the content, wherein the authentication tag indicates an integrity and authenticity of the content for hosting at a hosting common services entity.
  - 12. The apparatus as recited in claim 10, the apparatus further comprising computer-executable instructions that cause the apparatus to perform further operations comprising:
    - sending a request to a hosting common services entity to create a resource that contains the encrypted content and the security parameters.
  - 13. The apparatus as recited claim 7, wherein the apparatus is an application entity, and the credentials are obtained from a trust enablement function.
  - 14. The apparatus as recited in claim 13, wherein a second application entity that is authorized to obtain the content can obtain the one or more credentials from the trust enablement function.

15. An apparatus comprising a processor, a memory, and communication circuitry, the apparatus being connected to a network via its communication circuitry, the apparatus further comprising computer-executable instructions stored in the memory of the apparatus which, when executed by the processor of the apparatus, cause the apparatus to perform operations comprising:
- based on security requirements associated with content, generating one or more credentials;
  
  securing the content using the one or more credentials; and
  
  sending a request that a hosting node store the secured content, such that only an authorized client can retrieve the content from the hosting node.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus as recited in claim 15, the apparatus further comprising computer-executable instructions that cause the apparatus to perform further operations comprising:
    - registering the one or more credentials with a trust enablement function.
  - 17. The apparatus as recited in claim 16, wherein the one or more credentials are generated by bootstrapping an association between the apparatus and a trust enablement function.
  - 18. The apparatus as recited in claim 16, the apparatus further comprising computer-executable instructions that cause the apparatus to perform further operations comprising:
    - in response to the request, receiving a credential identity from the trust enablement function, wherein the request comprises a credential associated with the credential identity, and the request seeks a registration of the credential.
  - 19. The apparatus as recited in claim 18, wherein the credential identity is unique to the common services entity.
  - 20. The apparatus as recited in claim 15, the apparatus further comprising computer-executable instructions that cause the apparatus to perform further operations comprising:
    - receiving a success message if the hosting node determines that the apparatus is authorized to create a resource at the hosting node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Convida Wireless LLC
Original Assignee
Convida Wireless LLC
Inventors
Choyi, Vinod Kumar, Shah, Yogendra C., Seed, Dale N., Starsinic, Michael F., Rahman, Shamim Akbar, Ly, Quang, Chen, Zhuo, Flynn, William Robert IV

Granted Patent

US 10,637,836 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/101   Access control lists [ACL]

H04W 12/06   Authentication

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

H04W 12/086   using security domains

H04W 4/70   Services for machine-to-mac...

CONTENT SECURITY AT SERVICE LAYER

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CONTENT SECURITY AT SERVICE LAYER

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links