diff --git a/Makefile.am b/Makefile.am
index 3cbea55..f73d6d3 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -54,7 +54,7 @@
   ndn-cpp/name.cpp ndn-cpp/c/name.h ndn-cpp/name.hpp \
   ndn-cpp/node.cpp ndn-cpp/node.hpp \
   ndn-cpp/publisher-public-key-digest.hpp \
-  ndn-cpp/sha256-woth-rsa-signature.cpp ndn-cpp/sha256-woth-rsa-signature.hpp \
+  ndn-cpp/sha256-with-rsa-signature.cpp ndn-cpp/sha256-with-rsa-signature.hpp \
   ndn-cpp/c/encoding/binary-xml.h \
   ndn-cpp/c/encoding/binary-xml-decoder.h ndn-cpp/encoding/binary-xml-decoder.hpp \
   ndn-cpp/c/encoding/binary-xml-element-reader.h ndn-cpp/encoding/binary-xml-element-reader.cpp ndn-cpp/encoding/binary-xml-element-reader.hpp \
@@ -62,8 +62,10 @@
   ndn-cpp/c/encoding/binary-xml-structure-decoder.h ndn-cpp/encoding/binary-xml-structure-decoder.hpp \
   ndn-cpp/encoding/binary-xml-wire-format.cpp ndn-cpp/c/encoding/binary-xml-name.h ndn-cpp/encoding/binary-xml-wire-format.hpp \
   ndn-cpp/encoding/wire-format.cpp ndn-cpp/encoding/wire-format.hpp \
-  ndn-cpp/security/identity-manager.cpp ndn-cpp/security/identity-manager.hpp \
+  ndn-cpp/security/security-common.hpp \
   ndn-cpp/security/key-chain.cpp ndn-cpp/security/key-chain.hpp \
+  ndn-cpp/security/identity/identity-manager.cpp ndn-cpp/security/identity/identity-manager.hpp \
+  ndn-cpp/security/identity/private-key-storage.cpp ndn-cpp/identity/security/private-key-storage.hpp \
   ndn-cpp/c/transport/socket-transport.h ndn-cpp/c/transport/tcp-transport.h ndn-cpp/transport/tcp-transport.cpp ndn-cpp/transport/tcp-transport.hpp \
   ndn-cpp/transport/transport.cpp ndn-cpp/transport/transport.hpp \
   ndn-cpp/c/transport/socket-transport.h ndn-cpp/c/transport/udp-transport.h ndn-cpp/transport/udp-transport.cpp ndn-cpp/transport/udp-transport.hpp \
diff --git a/Makefile.in b/Makefile.in
index 260bf6a..71e2a1d 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -156,12 +156,12 @@
 am_libndn_cpp_la_OBJECTS = ndn-cpp/common.lo ndn-cpp/data.lo \
 	ndn-cpp/interest.lo ndn-cpp/key.lo ndn-cpp/face.lo \
 	ndn-cpp/forwarding-entry.lo ndn-cpp/name.lo ndn-cpp/node.lo \
-	ndn-cpp/sha256-woth-rsa-signature.lo \
+	ndn-cpp/sha256-with-rsa-signature.lo \
 	ndn-cpp/encoding/binary-xml-element-reader.lo \
 	ndn-cpp/encoding/binary-xml-wire-format.lo \
-	ndn-cpp/encoding/wire-format.lo \
-	ndn-cpp/security/identity-manager.lo \
-	ndn-cpp/security/key-chain.lo \
+	ndn-cpp/encoding/wire-format.lo ndn-cpp/security/key-chain.lo \
+	ndn-cpp/security/identity/identity-manager.lo \
+	ndn-cpp/security/identity/private-key-storage.lo \
 	ndn-cpp/transport/tcp-transport.lo \
 	ndn-cpp/transport/transport.lo \
 	ndn-cpp/transport/udp-transport.lo \
@@ -513,7 +513,7 @@
   ndn-cpp/name.cpp ndn-cpp/c/name.h ndn-cpp/name.hpp \
   ndn-cpp/node.cpp ndn-cpp/node.hpp \
   ndn-cpp/publisher-public-key-digest.hpp \
-  ndn-cpp/sha256-woth-rsa-signature.cpp ndn-cpp/sha256-woth-rsa-signature.hpp \
+  ndn-cpp/sha256-with-rsa-signature.cpp ndn-cpp/sha256-with-rsa-signature.hpp \
   ndn-cpp/c/encoding/binary-xml.h \
   ndn-cpp/c/encoding/binary-xml-decoder.h ndn-cpp/encoding/binary-xml-decoder.hpp \
   ndn-cpp/c/encoding/binary-xml-element-reader.h ndn-cpp/encoding/binary-xml-element-reader.cpp ndn-cpp/encoding/binary-xml-element-reader.hpp \
@@ -521,8 +521,10 @@
   ndn-cpp/c/encoding/binary-xml-structure-decoder.h ndn-cpp/encoding/binary-xml-structure-decoder.hpp \
   ndn-cpp/encoding/binary-xml-wire-format.cpp ndn-cpp/c/encoding/binary-xml-name.h ndn-cpp/encoding/binary-xml-wire-format.hpp \
   ndn-cpp/encoding/wire-format.cpp ndn-cpp/encoding/wire-format.hpp \
-  ndn-cpp/security/identity-manager.cpp ndn-cpp/security/identity-manager.hpp \
+  ndn-cpp/security/security-common.hpp \
   ndn-cpp/security/key-chain.cpp ndn-cpp/security/key-chain.hpp \
+  ndn-cpp/security/identity/identity-manager.cpp ndn-cpp/security/identity/identity-manager.hpp \
+  ndn-cpp/security/identity/private-key-storage.cpp ndn-cpp/identity/security/private-key-storage.hpp \
   ndn-cpp/c/transport/socket-transport.h ndn-cpp/c/transport/tcp-transport.h ndn-cpp/transport/tcp-transport.cpp ndn-cpp/transport/tcp-transport.hpp \
   ndn-cpp/transport/transport.cpp ndn-cpp/transport/transport.hpp \
   ndn-cpp/c/transport/socket-transport.h ndn-cpp/c/transport/udp-transport.h ndn-cpp/transport/udp-transport.cpp ndn-cpp/transport/udp-transport.hpp \
@@ -726,7 +728,7 @@
 	ndn-cpp/$(DEPDIR)/$(am__dirstamp)
 ndn-cpp/node.lo: ndn-cpp/$(am__dirstamp) \
 	ndn-cpp/$(DEPDIR)/$(am__dirstamp)
-ndn-cpp/sha256-woth-rsa-signature.lo: ndn-cpp/$(am__dirstamp) \
+ndn-cpp/sha256-with-rsa-signature.lo: ndn-cpp/$(am__dirstamp) \
 	ndn-cpp/$(DEPDIR)/$(am__dirstamp)
 ndn-cpp/encoding/$(am__dirstamp):
 	@$(MKDIR_P) ndn-cpp/encoding
@@ -748,11 +750,20 @@
 ndn-cpp/security/$(DEPDIR)/$(am__dirstamp):
 	@$(MKDIR_P) ndn-cpp/security/$(DEPDIR)
 	@: > ndn-cpp/security/$(DEPDIR)/$(am__dirstamp)
-ndn-cpp/security/identity-manager.lo:  \
-	ndn-cpp/security/$(am__dirstamp) \
-	ndn-cpp/security/$(DEPDIR)/$(am__dirstamp)
 ndn-cpp/security/key-chain.lo: ndn-cpp/security/$(am__dirstamp) \
 	ndn-cpp/security/$(DEPDIR)/$(am__dirstamp)
+ndn-cpp/security/identity/$(am__dirstamp):
+	@$(MKDIR_P) ndn-cpp/security/identity
+	@: > ndn-cpp/security/identity/$(am__dirstamp)
+ndn-cpp/security/identity/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) ndn-cpp/security/identity/$(DEPDIR)
+	@: > ndn-cpp/security/identity/$(DEPDIR)/$(am__dirstamp)
+ndn-cpp/security/identity/identity-manager.lo:  \
+	ndn-cpp/security/identity/$(am__dirstamp) \
+	ndn-cpp/security/identity/$(DEPDIR)/$(am__dirstamp)
+ndn-cpp/security/identity/private-key-storage.lo:  \
+	ndn-cpp/security/identity/$(am__dirstamp) \
+	ndn-cpp/security/identity/$(DEPDIR)/$(am__dirstamp)
 ndn-cpp/transport/$(am__dirstamp):
 	@$(MKDIR_P) ndn-cpp/transport
 	@: > ndn-cpp/transport/$(am__dirstamp)
@@ -881,6 +892,8 @@
 	-rm -f ndn-cpp/encoding/*.lo
 	-rm -f ndn-cpp/security/*.$(OBJEXT)
 	-rm -f ndn-cpp/security/*.lo
+	-rm -f ndn-cpp/security/identity/*.$(OBJEXT)
+	-rm -f ndn-cpp/security/identity/*.lo
 	-rm -f ndn-cpp/transport/*.$(OBJEXT)
 	-rm -f ndn-cpp/transport/*.lo
 	-rm -f ndn-cpp/util/*.$(OBJEXT)
@@ -898,7 +911,7 @@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/$(DEPDIR)/key.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/$(DEPDIR)/name.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/$(DEPDIR)/node.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/$(DEPDIR)/sha256-woth-rsa-signature.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/$(DEPDIR)/sha256-with-rsa-signature.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/c/$(DEPDIR)/errors.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/c/$(DEPDIR)/interest.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/c/$(DEPDIR)/name.Plo@am__quote@
@@ -920,8 +933,9 @@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/encoding/$(DEPDIR)/binary-xml-element-reader.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/encoding/$(DEPDIR)/binary-xml-wire-format.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/encoding/$(DEPDIR)/wire-format.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/security/$(DEPDIR)/identity-manager.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/security/$(DEPDIR)/key-chain.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/security/identity/$(DEPDIR)/identity-manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/security/identity/$(DEPDIR)/private-key-storage.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/transport/$(DEPDIR)/tcp-transport.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/transport/$(DEPDIR)/transport.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@ndn-cpp/transport/$(DEPDIR)/udp-transport.Plo@am__quote@
@@ -993,6 +1007,7 @@
 	-rm -rf ndn-cpp/c/util/.libs ndn-cpp/c/util/_libs
 	-rm -rf ndn-cpp/encoding/.libs ndn-cpp/encoding/_libs
 	-rm -rf ndn-cpp/security/.libs ndn-cpp/security/_libs
+	-rm -rf ndn-cpp/security/identity/.libs ndn-cpp/security/identity/_libs
 	-rm -rf ndn-cpp/transport/.libs ndn-cpp/transport/_libs
 	-rm -rf ndn-cpp/util/.libs ndn-cpp/util/_libs
 
@@ -1264,6 +1279,8 @@
 	-rm -f ndn-cpp/encoding/$(am__dirstamp)
 	-rm -f ndn-cpp/security/$(DEPDIR)/$(am__dirstamp)
 	-rm -f ndn-cpp/security/$(am__dirstamp)
+	-rm -f ndn-cpp/security/identity/$(DEPDIR)/$(am__dirstamp)
+	-rm -f ndn-cpp/security/identity/$(am__dirstamp)
 	-rm -f ndn-cpp/transport/$(DEPDIR)/$(am__dirstamp)
 	-rm -f ndn-cpp/transport/$(am__dirstamp)
 	-rm -f ndn-cpp/util/$(DEPDIR)/$(am__dirstamp)
@@ -1281,7 +1298,7 @@
 
 distclean: distclean-am
 	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
-	-rm -rf ndn-cpp/$(DEPDIR) ndn-cpp/c/$(DEPDIR) ndn-cpp/c/encoding/$(DEPDIR) ndn-cpp/c/transport/$(DEPDIR) ndn-cpp/c/util/$(DEPDIR) ndn-cpp/encoding/$(DEPDIR) ndn-cpp/security/$(DEPDIR) ndn-cpp/transport/$(DEPDIR) ndn-cpp/util/$(DEPDIR) tests/$(DEPDIR)
+	-rm -rf ndn-cpp/$(DEPDIR) ndn-cpp/c/$(DEPDIR) ndn-cpp/c/encoding/$(DEPDIR) ndn-cpp/c/transport/$(DEPDIR) ndn-cpp/c/util/$(DEPDIR) ndn-cpp/encoding/$(DEPDIR) ndn-cpp/security/$(DEPDIR) ndn-cpp/security/identity/$(DEPDIR) ndn-cpp/transport/$(DEPDIR) ndn-cpp/util/$(DEPDIR) tests/$(DEPDIR)
 	-rm -f Makefile
 distclean-am: clean-am distclean-compile distclean-generic \
 	distclean-hdr distclean-libtool distclean-tags
@@ -1329,7 +1346,7 @@
 maintainer-clean: maintainer-clean-am
 	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
 	-rm -rf $(top_srcdir)/autom4te.cache
-	-rm -rf ndn-cpp/$(DEPDIR) ndn-cpp/c/$(DEPDIR) ndn-cpp/c/encoding/$(DEPDIR) ndn-cpp/c/transport/$(DEPDIR) ndn-cpp/c/util/$(DEPDIR) ndn-cpp/encoding/$(DEPDIR) ndn-cpp/security/$(DEPDIR) ndn-cpp/transport/$(DEPDIR) ndn-cpp/util/$(DEPDIR) tests/$(DEPDIR)
+	-rm -rf ndn-cpp/$(DEPDIR) ndn-cpp/c/$(DEPDIR) ndn-cpp/c/encoding/$(DEPDIR) ndn-cpp/c/transport/$(DEPDIR) ndn-cpp/c/util/$(DEPDIR) ndn-cpp/encoding/$(DEPDIR) ndn-cpp/security/$(DEPDIR) ndn-cpp/security/identity/$(DEPDIR) ndn-cpp/transport/$(DEPDIR) ndn-cpp/util/$(DEPDIR) tests/$(DEPDIR)
 	-rm -f Makefile
 maintainer-clean-am: distclean-am maintainer-clean-generic
 
diff --git a/ndn-cpp/security/identity-manager.cpp b/ndn-cpp/security/identity/identity-manager.cpp
similarity index 100%
rename from ndn-cpp/security/identity-manager.cpp
rename to ndn-cpp/security/identity/identity-manager.cpp
diff --git a/ndn-cpp/security/identity-manager.hpp b/ndn-cpp/security/identity/identity-manager.hpp
similarity index 96%
rename from ndn-cpp/security/identity-manager.hpp
rename to ndn-cpp/security/identity/identity-manager.hpp
index 9ed42ef..2557a03 100644
--- a/ndn-cpp/security/identity-manager.hpp
+++ b/ndn-cpp/security/identity/identity-manager.hpp
@@ -6,7 +6,7 @@
 #ifndef NDN_IDENTITY_MANAGER_HPP
 #define	NDN_IDENTITY_MANAGER_HPP
 
-#include "../data.hpp"
+#include "../../data.hpp"
 
 namespace ndn {
 
diff --git a/ndn-cpp/security/identity/private-key-storage.cpp b/ndn-cpp/security/identity/private-key-storage.cpp
new file mode 100644
index 0000000..4f2d0aa
--- /dev/null
+++ b/ndn-cpp/security/identity/private-key-storage.cpp
@@ -0,0 +1,23 @@
+/**
+ * @author: Jeff Thompson
+ * See COPYING for copyright and distribution information.
+ */
+
+#include "private-key-storage.hpp"
+
+using namespace std;
+
+namespace ndn {
+
+PrivateKeyStorage::~PrivateKeyStorage()
+{
+}
+
+// TODO: Move to subclass.
+Blob 
+PrivateKeyStorage::sign(const Blob& blob, const string& keyName, DigestAlgorithm digestAlgorithm)
+{
+  return Blob();
+}
+
+}
diff --git a/ndn-cpp/security/identity/private-key-storage.hpp b/ndn-cpp/security/identity/private-key-storage.hpp
new file mode 100644
index 0000000..bb79753
--- /dev/null
+++ b/ndn-cpp/security/identity/private-key-storage.hpp
@@ -0,0 +1,95 @@
+/**
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Jeff Thompson
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_PRIVATE_KEY_STORAGE_HPP
+#define	NDN_PRIVATE_KEY_STORAGE_HPP
+
+#include <string>
+#include "../../util/blob.hpp"
+#include "../security-common.hpp"
+
+namespace ndn {
+
+class PrivateKeyStorage {
+  /**
+   * The virtual destructor
+   */    
+  virtual 
+  ~PrivateKeyStorage();
+
+#if 0
+  /**
+   * @brief generate a pair of asymmetric keys
+   * @param keyName the name of the key pair
+   * @param keyType the type of the key pair, e.g. RSA
+   * @param keySize the size of the key pair
+   */
+  virtual void 
+  generateKeyPair(const string & keyName, KeyType keyType = KEY_TYPE_RSA, int keySize = 2048) = 0;
+
+  /**
+   * @brief get the public key
+   * @param keyName the name of public key
+   * @return the public key
+   */
+  virtual Ptr<Publickey> 
+  getPublickey(const string & keyName) = 0;
+#endif
+  
+  /**
+   * Sign data blob.
+   * @param blob The blob to be signed.
+   * @param keyName The name of the signing key.
+   * @param digestAlgorithm the digest algorithm.
+   * @return The signature, or 0 if signing fails.
+   */  
+  virtual Blob 
+  sign(const Blob& blob, const std::string& keyName, DigestAlgorithm digestAlgorithm = DIGEST_ALGORITHM_SHA256);
+    
+#if 0
+  /**
+   * @brief decrypt data
+   * @param keyName the name of the decrypting key
+   * @param blob the blob to be decrypted
+   * @param sym if true symmetric encryption is used, otherwise asymmetric decryption is used.
+   * @return decrypted data
+   */
+  virtual Ptr<Blob> 
+  decrypt(const string & keyName, const Blob & data, bool sym = false) = 0;
+
+  /**
+   * @brief encrypt data
+   * @param keyName the name of the encrypting key
+   * @param blob the blob to be encrypted
+   * @param sym if true symmetric encryption is used, otherwise asymmetric decryption is used.
+   * @return encrypted data
+   */
+  virtual Ptr<Blob> 
+  encrypt(const string & keyName, const Blob & pData, bool sym = false) = 0;
+
+  /**
+   * @brief generate a symmetric key
+   * @param keyName the name of the key 
+   * @param keyType the type of the key, e.g. AES
+   * @param keySize the size of the key
+   */
+  virtual void 
+  generateKey(const string & keyName, KeyType keyType = KEY_TYPE_AES, int keySize = 256) = 0;
+
+  /**
+   * @brief check if a particular key exist
+   * @param keyName the name of the key
+   * @param keyClass the class of the key, e.g. public, private, or symmetric
+   * @return true if the key exists, otherwise false
+   */
+  virtual bool
+  doesKeyExist(const string & keyName, KeyClass keyClass) = 0;  
+#endif
+};
+
+}
+
+#endif
diff --git a/ndn-cpp/security/security-common.hpp b/ndn-cpp/security/security-common.hpp
new file mode 100644
index 0000000..2f2e660
--- /dev/null
+++ b/ndn-cpp/security/security-common.hpp
@@ -0,0 +1,46 @@
+/**
+ * @author: Yingdi Yu <yingdi@cs.ucla.edu>
+ * @author: Jeff Thompson
+ * See COPYING for copyright and distribution information.
+ */
+
+#ifndef NDN_SECURITY_COMMON_HPP
+#define	NDN_SECURITY_COMMON_HPP
+
+namespace ndn {
+
+enum KeyType {
+  KEY_TYPE_RSA,
+  // KEY_TYPE_DSA,
+  KEY_TYPE_AES,
+  // KEY_TYPE_DES,
+  // KEY_TYPE_RC4,
+  // KEY_TYPE_RC2
+};
+
+enum KeyClass {
+  KEY_CLASS_PUBLIC,
+  KEY_CLASS_PRIVATE,
+  KEY_CLASS_SYMMETRIC
+};
+  
+enum KeyFormat {
+  KEY_FORMAT_PUBLIC_OPENSSL,
+};
+
+enum DigestAlgorithm {
+  // DIGEST_ALGORITHM_MD2,
+  // DIGEST_ALGORITHM_MD5,
+  // DIGEST_ALGORITHM_SHA1,
+  DIGEST_ALGORITHM_SHA256
+};
+
+enum EncryptMode {
+  ENCRYPTION_MODE_DEFAULT,
+  ENCRYPTION_MODE_CFB_AES,
+  // ENCRYPTION_MODE_CBC_AES
+};
+
+}
+
+#endif