System for a secure encryption proxy in a content centric network
First Claim
1. A computer system, comprising:
- a processor; and
a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising;
receiving, by an intermediate router from a content-consuming computing device, a first interest that includes a first name identifying a replica device storing content objects, signaling information encrypted based on a signaling key, an authentication token based on an authentication key, and an inner interest encrypted based on an encryption key, wherein the inner interest includes a name for a manifest that represents a collection of data stored at the replica device, wherein the intermediate router does not possess the encryption key;
authenticating the first interest by verifying the authentication token based on the authentication key;
generating one or more interests requesting the data represented by the manifest from the replica device, wherein each generated interest has a name that corresponds to a numbered chunk of the data represented by the manifest;
receiving from the replica device, a first content object in response to the first interest;
transmitting to the content-consuming computing device the first content object received in response to the first interest;
receiving from the replica device, one or more additional content objects corresponding to the one or more generated interests; and
transmitting the one or more additional content objects to the content-consuming device without receiving corresponding interests for the one or more additional content objects from the content-consuming device.
3 Assignments
0 Petitions
Accused Products
Abstract
One embodiment provides a system that facilitates a secure encryption proxy in a content centric network. During operation, the system receives, by an intermediate router from a content-consuming computing device, a first interest that includes a first name, signaling information encrypted based on a signaling key, and an inner interest encrypted based on an encryption key. The inner interest includes a name for a manifest that represents a collection of data. The intermediate router does not possess the encryption key. The system generates one or more interests for the data represented by the manifest. The system transmits to the content-consuming computing device a content object received in response to a generated interest, wherein the intermediate router transmits the responsive content object without receiving a corresponding interest from the content-consuming computing device, thereby facilitating reduced network between the content-consuming computing device and the intermediate router.
-
Citations
20 Claims
-
1. A computer system, comprising:
-
a processor; and a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising; receiving, by an intermediate router from a content-consuming computing device, a first interest that includes a first name identifying a replica device storing content objects, signaling information encrypted based on a signaling key, an authentication token based on an authentication key, and an inner interest encrypted based on an encryption key, wherein the inner interest includes a name for a manifest that represents a collection of data stored at the replica device, wherein the intermediate router does not possess the encryption key; authenticating the first interest by verifying the authentication token based on the authentication key; generating one or more interests requesting the data represented by the manifest from the replica device, wherein each generated interest has a name that corresponds to a numbered chunk of the data represented by the manifest; receiving from the replica device, a first content object in response to the first interest; transmitting to the content-consuming computing device the first content object received in response to the first interest; receiving from the replica device, one or more additional content objects corresponding to the one or more generated interests; and transmitting the one or more additional content objects to the content-consuming device without receiving corresponding interests for the one or more additional content objects from the content-consuming device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer system, comprising:
-
a processor; and a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising; generating, by a content-consuming computing device, a first interest that includes a first name identifying a replica device storing content objects, signaling information encrypted based on a signaling key, an authentication token based on an authentication key, and an inner interest encrypted based on an encryption key, wherein the inner interest includes a name for a manifest that represents a collection of data stored at the replica device; in response to transmitting the first interest to an intermediate router, receiving a first content object, wherein the first content object includes a name that corresponds to a first numbered chunk of the data represented by the manifest; and receiving one or more additional content objects without transmitting additional interests corresponding to the one or more additional content objects, the one or more additional content objects corresponding to one or more additional numbered chunks of data represented by the manifest in the first interest. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A computer system, comprising:
-
a processor; and a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising; receiving, by a replica device, a first interest that includes a first name identifying the replica device, signaling information encrypted based on a signaling key, an inner interest encrypted based on an encryption key, and an authentication token based on an authentication key, wherein the inner interest includes a name for a manifest that represents a collection of data; authenticating the first interest by verifying the authentication token based on the authentication key; and generating a first content object that includes signaling information encrypted based on the signaling key and that indicates an end chunk number that corresponds to a number of chunks comprising the data represented by the manifest, wherein the first content object further includes data represented by the manifest and that is encrypted based on the encryption key. - View Dependent Claims (19, 20)
-
Specification