Field
This disclosure is generally related to distribution of digital content. More specifically, this disclosure is related to a method and system for providing an extension to CCN routing protocols that enables a consumer to generate routable prefix queries and determine the minimum number of cleartext name components necessary for an interest to reach a producer in a content centric network.
Related Art
The proliferation of the Internet and e-commerce continues to create a vast amount of digital content. Content centric network (CCN) architectures have been designed to facilitate accessing and processing such digital content. A CCN includes entities, or nodes, such as network clients, forwarders (e.g., routers), and content producers, which communicate with each other by sending interest packets for various content items and receiving content object packets in return. CCN interests and content objects are identified by their unique names, which are typically hierarchically structured variable length identifiers (HSVLI). An HSVLI can include contiguous name components ordered from a most general level to a most specific level.
A producer can encrypt the payload of a content object and only distribute keys to authorized consumers. For example, the producer can generate a random symmetric nonce key “k” for a content object “C,” encrypt the payload of C using k, and publish the encrypted content object C. The producer can also encrypt k under another key (so that only authorized users can perform decryption), and publish the encrypted nonce key. A consumer can request the content object C and the corresponding nonce key k, both of which are encrypted. The consumer may request or obtain additional information needed to decrypt the encrypted nonce key, based on the specific access control scheme. The consumer can then decrypt the encrypted nonce key using his private credentials (e.g., the additional information), and subsequently decrypt the encrypted payload of content object C using the decrypted nonce key. In such a hybrid encryption scheme, the producer must maintain the content object C (in both plaintext and encrypted form), the nonce key k in plaintext, and the nonce key k in encrypted form for each different access control group allowed to access the content object C. Additionally, the producer must also maintain authorization information that indicates which access control groups are permitted to access which content objects. This can result in system with decreased efficiency.
While a CCN brings many desired features to a network, some issues remain unsolved for a producer that encrypts content based on access control groups.