1. Field
This disclosure is generally related to securing digital content. More specifically, this disclosure is related to a Key Resolution Service that resolves keys for Content Objects.
2. Related Art
Advancements in computing and networking technologies have made it possible for people to incorporate electronics into their daily lives. People typically use computers to perform online banking, to interact with others, and to search for and consume information published by others. More recently, advancements in machine-to-machine communications has made it possible for people's appliances to automate tasks for their users. For example, some digital thermostats can interact with a central controller that can generate an optimized schedule for the thermostat, and which configures the thermostat to use this schedule to control a heating, ventilation, and air conditioning (HVAC) unit.
The convenience provided by these advancements is built upon the underlying networking protocols used to exchange communication packets between user's devices and with application servers. In many cases, these communication packets can include sensitive information about the users and their daily habits; information that the users may not intend to share with the general public. Hence, in the Web today, application developers typically use Hypertext Transfer Protocol Secure (HTTPS) as the primary protocol to provide secure content delivery.
However, HTTPS requires the content server to provide to a client a certificate signed by a trusted Certificate Authority (CA). The client verifies the certificate through a Public Key Infrastructure (PKI), and uses the certificate to generate a symmetric key. The client then uses this key to encrypt and decrypt all information for the duration of the communication session with the content server. Unfortunately, there exists many CAs that can sign digital certificates, and it's up to the user to decide which CAs are trustworthy. Typically, a user needs to specify which CAs are trustworthy, and uses these CAs as “root” CAs. Other CAs function as intermediate CAs when they are trusted by the root CA directly, or indirectly via a chain of trust.
Recent developments in computer networking include Content Centric Networking (CCN), which allows clients to obtain data by disseminating an “Interest” that specifies a unique name for the data. Any peer CCN device that is storing this data can provide the data to the client, regardless of where this peer CCN device is located. However, allowing any peer network device to satisfy an Interest for a piece of data from a trusted publisher makes it difficult to ensure the data has actually originated from the trusted publisher. For example, HTTPS uses digital certificates to map a server to a person or organization that publishes data from this server. The client device uses HTTPS and the CAs to verify that they received the data from the organization they expect the data to arrive from. Unfortunately, a CCN client device cannot use HTTPS to verify that a piece of data originated from a given publisher when the client obtains this data from a different source, such as from a peer CCN device that has obtained and cached the same data in the past.