1. Field of the Invention
The present invention relates to the field of security in distributed systems. More specifically, the present invention relates to methods and systems associated with enforcing access privileges and restrictions in decentralized networks, and their applications to the secure publication of content in peer-to-peer networks.
2. Background Information
Recent advances in broadband technology are prompting a shift from the established client-server model of the World Wide Web to a paradigm in which end-user machines can interact directly with each other. In this new model, called peer-to-peer computing, interactions between users are no longer constrained to go through a centralized server, but can take place directly between end-user machines themselves.
Interactions that are better carried out in a peer-to-peer fashion include the transfer of large volumes of data (such as images, music files, or video clips) or highly volatile information (such as office documents being edited by several people at once), and distributed applications that run on multiple machines (such as real-time distributed games where nodes use Web services to interact with each other, or business-to-business applications that are built around a Web services interaction model). Peer-to-peer computing enables three novel aspects that are not appropriately supported by the World Wide Web:                Frictionless publication of content: In a peer-to-peer system, every peer machine is both a consumer and a publisher of information. Publishing information in such a system can be as easy as creating a new file.        Low barrier to revision and synchronization: Published files can be edited and updated by their author or any person having write permission on the file, either on the local machine or remotely. Synchronization is achieved transparently by the peer-to-peer infrastructure by keeping track of the current version of the published resources, and of which peer machines are caching the correct version.        Active role of peer machines: While on the World Wide Web user machines are mainly passive participants, in a peer-to-peer environment those machines can become an active part of distributed applications that span many peers. For instance, in a distributed game application, every participant machine runs a copy of the game software.        
One of the most promising benefits of the peer-to-peer model is the ability to seamlessly “cache” resources on multiple machines, both to provide robustness against one particular source of content going off-line, and to maximize the download performance by transparently selecting the fastest and closest possible source(s) of a download.
However, this model poses a series of difficulties for distributing restricted content. This is due to the multiplicity of peer providers for any given content, and the fact that those peer providers are operated by users and thus escape the direct control of a central trusted administration authority. The traditional approach to access control, based on centralized authorities (such as directory servers), would lose most of the efficiency benefits provided by the peer-to-peer model.
The main challenges of the peer-to-peer model with respect to access control include the following issues:                Distributed operation: In large peer-to-peer systems, it is necessary that most of the effort be performed by the providers and consumers of information, thereby involving centralized servers as little as possible. An access control infrastructure for a peer-to-peer network must be mostly distributed, while at the same time being both secure and efficient.        Compatibility with caching: As one of the main benefits of the peer-to-peer model is the ability to replicate resources to distribute the load, it is necessary that the access control infrastructure integrate seamlessly with the content replication and caching.        High volume scalability: To accommodate extensible networks with potentially hundreds of millions of users, it is necessary that the access control mechanism be highly scalable.        
Traditional approaches to distributed or semi-centralized access control are based on an “authentication-based” model, in which users are authenticated, and access lists are checked, before access requests may be granted. The authentication schemes vary, but are usually based on either of:                The Kerberos model, in which trusted servers vouch for the authenticity of a consumer to a producer.        The Public Key Infrastructure (PKI) model, in which peers are authenticated using a hierarchy of certificates rooted in a trusted authority.        
Unfortunately, authentication quickly becomes impractical and inefficient when the size of the network grows. It also raises concerns when used with a large-scale caching mechanism, as it behooves to all the cachers of a resource to enforce the same access rights as specified by its original publisher. This approach has a number of other problems, which are recapitulated below:                All cachers need to be trusted that they correctly enforce authentication and access control policies. A single compromised cacher can damage the security of the entire system.        Cachers will need to maintain up-to-date access lists for all cached resources, and enforce a strict policy of checking credentials before granting any content.        Cachers can only cache resources which they are themselves granted access to.        The burden of enforcing access properties lies with the publisher and all cachers of a resource, as opposed to the recipient.        It is difficult to verify the legitimacy of a user's request, when such legitimacy derives from the user's membership to a group (or chain of groups).        There is a feeling of inadequacy to have a large number of cachers maintain clear-text copies of restricted material.        Finally, it is necessary to establish a secure communication channel between requestor and cacher, for every download request. This could be achieved either via a Kerberos-like protocol (which would require extra communications to a heavy duty central ticket server), or an SSL-like protocol between clients (which is computationally expensive and incurs a large set-up time). Either approach would cause undesirable overhead in the communication process.        