Controlling the spread of interests and content in a content centric network

US 10,104,041 B2
Filed: 09/09/2016
Issued: 10/16/2018
Est. Priority Date: 05/16/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-executed method for controlling the spread of interests and content in a content centric network, comprising:

receiving a packet including a piece of content or an interest for the content, wherein the packet further includes a hierarchically structured name of the content;

identifying, using a longest-matching lookup of the hierarchically structured name of the content, a routing policy applicable to a longest matching prefix of the hierarchically structured name, wherein the routing policy specifies a condition associated with an originating entity or a destination entity of the packet, and a forwarding action corresponding to the condition;

in response to determining that the prefix matches the hierarchically structured name of the content and that the originating entity or the destination entity of the packet satisfies the condition in the routing policy, forwarding the packet according to the forwarding action specified in the routing policy;

in response to determining that the originating entity or the destination entity of the packet does not satisfy the condition in the routing policy, forwarding the packet according to a default forwarding action; and

defeating a denial-of-service attack against a policy enforcement system by greylisting a public key held by a signer of the content so that automatic retrieval of the public key is deferred.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention provides a system for controlling the spread of interests and content in a content centric network (CCN). During operation, the system maintains a routing policy for content data. The system also receives a packet associated with a piece of content or an interest for the content. Next, the system determines that the structured name included in the packet is within the namespace specified in the routing policy. The system further determines that the packet satisfies the condition in the routing policy. Subsequently, the system routes the packet based on in part the action corresponding to the condition as specified in the routing policy.

Citations

24 Claims

1. A computer-executed method for controlling the spread of interests and content in a content centric network, comprising:
- receiving a packet including a piece of content or an interest for the content, wherein the packet further includes a hierarchically structured name of the content;
  
  identifying, using a longest-matching lookup of the hierarchically structured name of the content, a routing policy applicable to a longest matching prefix of the hierarchically structured name, wherein the routing policy specifies a condition associated with an originating entity or a destination entity of the packet, and a forwarding action corresponding to the condition;
  
  in response to determining that the prefix matches the hierarchically structured name of the content and that the originating entity or the destination entity of the packet satisfies the condition in the routing policy, forwarding the packet according to the forwarding action specified in the routing policy;
  
  in response to determining that the originating entity or the destination entity of the packet does not satisfy the condition in the routing policy, forwarding the packet according to a default forwarding action; and
  
  defeating a denial-of-service attack against a policy enforcement system by greylisting a public key held by a signer of the content so that automatic retrieval of the public key is deferred.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the forwarding action comprises one or more of:
    - dropping content packets, thereby preventing creation of content with a certain name;
      
      dropping interest packets, thereby preventing interests from circulating;
      
      forwarding the packet to another node;
      
      copying or redirecting the packet; and
      
      deferring action on the packet.
  - 3. The method of claim 1, wherein determining that the originating entity or destination entity of the packet satisfies the condition comprises matching an identity of the signer of the content by using a credential held by the signer of the content.
  - 4. The method of claim 1, wherein determining that the originating entity or destination entity of the packet satisfies the condition comprises matching an identity of a node generating the interest by using the public key.
  - 5. The method of claim 1, wherein determining that the originating entity or destination entity of the packet satisfies the condition comprises matching a publisher of the content or a consumer of the content.
  - 6. The method of claim 1, wherein determining that the originating entity or destination entity of the packet satisfies the condition comprises matching one or more of:
    - a network interface on which the packet arrived; and
      
      a network address indicating where the packet is originated or destined.
  - 7. The method of claim 1, further comprising stochastically verifying the routing policy by router nodes, thus enabling an overall expected level of policy compliance and verification.
  - 8. The method of claim 1, further comprising propagating the routing policy to an upstream node, whereby the upstream node can optionally enforce the routing policy and filter content.

9. An apparatus for controlling the spread of interests and content in a content centric network, comprising:
- a processor; and
  
  a memory, wherein the processor is configured to;
  
  receive a packet including a piece of content or an interest for the content, wherein the packet further includes a hierarchically structured name of the content;
  
  identify, using a longest-matching lookup of the hierarchically structured name of the content, a routing policy applicable to a longest matching prefix of the hierarchically structured name, wherein the routing policy specifies a condition associated with an originating entity or a destination entity of the packet, and a forwarding action corresponding to the condition;
  
  in response to determining that the prefix matches the hierarchically structured name of the content and that the originating entity or destination entity of the packet satisfies the condition in the routing policy, forward the packet according to the forwarding action specified in the routing policy;
  
  in response to determining that the originating entity or the destination entity of the packet does not satisfy the condition in the routing policy, forward the packet according to a default forwarding action; and
  
  defeat a denial-of-service attack against a policy enforcement system by greylisting a public key held by a signer of the content so that automatic retrieval of the public key is deferred.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The apparatus of claim 9, wherein while forwarding the packet, the processor is configured to perform one or more of the following operations:
    - dropping content packets, thereby preventing creation of content with a certain name;
      
      dropping interest packets, thereby preventing interests from circulating;
      
      forwarding the packet to another node;
      
      copying or redirect the packet; and
      
      deferring action on the packet.
  - 11. The apparatus of claim 9, wherein while determining that the originating entity or destination entity of the packet satisfies the condition, the processor is configured to match an identity of the signer of the content by using a credential held by the signer of the content.
  - 12. The apparatus of claim 9, wherein while determining that the originating entity or destination entity of the packet satisfies the condition, the processor is configured to match an identity of a node generating the interest by using the public key.
  - 13. The apparatus of claim 9, wherein while determining that the originating entity or destination entity of the packet satisfies the condition, the processor is configured to match a publisher of the content or a consumer of the content.
  - 14. The apparatus of claim 9, wherein while determining that the originating entity or destination entity of the packet satisfies the condition, the processor is configured to match one or more of:
    - a network interface on which the packet arrived; and
      
      a network address indicating where the packet is originated or destined.
  - 15. The apparatus of claim 9, wherein while determining that the originating entity or destination entity of the packet satisfies the condition, the processor is configured to verify stochastically the routing policy by router nodes, thus enabling an overall expected level of policy compliance and verification.
  - 16. The apparatus of claim 9, wherein the processor is further configured to propagate the routing policy to an upstream node, whereby the upstream node can optionally enforce the routing policy and filter content.

17. A computer-readable storage device storing instructions that when executed by a computer cause the computer to perform a method for controlling the spread of interests and content in a content centric network, the method comprising:
- receiving a packet including a piece of content or an interest for the content, wherein the packet further includes a hierarchically structured name of the content;
  
  identifying, using a longest-matching lookup of the hierarchically structured name of the content, a routing policy applicable to a longest matching prefix of the hierarchically structured name, wherein the routing policy specifies a condition associated with an originating entity or a destination entity of the packet, and a forwarding action corresponding to the condition;
  
  in response to determining that the prefix matches the hierarchically structured name of the content and that the originating entity or destination entity of the packet satisfies the condition in the routing policy, forwarding the packet according to the forwarding action specified in the routing policy;
  
  in response to determining that the originating entity or destination entity of the packet does not satisfy the condition in the routing policy, forwarding the packet according to a default forwarding action; and
  
  defeating a denial-of-service attack against a policy enforcement system by greylisting a public key held by a signer of the content so that automatic retrieval of the public key is deferred.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The storage device of claim 17, wherein routing the packet comprises one or more of:
    - dropping content packets, thereby preventing creation of content with a certain name;
      
      dropping interest packets, thereby preventing interests from circulating;
      
      forwarding the packet to another node;
      
      copying or redirecting the packet; and
      
      deferring action on the packet.
  - 19. The storage device of claim 17, wherein determining that the originating entity or destination entity of the packet satisfies the condition comprises matching an identity of the signer of the content by using a credential held by the signer of the content.
  - 20. The storage device of claim 17, wherein determining that the originating entity or destination entity of the packet satisfies the condition comprises matching an identity of a node generating the interest by using the public key.
  - 21. The storage device of claim 17, wherein determining that the originating entity or destination entity of the packet satisfies the condition comprises matching a publisher of the content or a consumer of the content.
  - 22. The storage device of claim 17, wherein determining that the originating entity or destination entity of the packet satisfies the condition comprises matching one or more of:
    - a network interface on which the packet arrived; and
      
      a network address indicating where the packet is originated or destined.
  - 23. The storage device of claim 17, wherein the method further comprises stochastically verifying the routing policy by router nodes, thus enabling an overall expected level of policy compliance and verification.
  - 24. The storage device of claim 17, wherein the method further comprises propagating the routing policy to an upstream node, whereby the upstream node can optionally enforce the routing policy and filter content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Jacobson, Van L., Smetters, Diana K.
Primary Examiner(s)
Traore, Fatoumata

Application Number

US15/261,170
Publication Number

US 20160380970A1
Time in Patent Office

767 Days
Field of Search
US Class Current
CPC Class Codes

G06F 15/173   using an interconnection ne...

H04L 45/08   Learning-based routing, e.g...

H04L 45/74   Address processing for routing

H04L 47/20   Traffic policing

H04L 47/32   by discarding or delaying d...

H04L 63/0227   Filtering policies mail mes...

H04L 63/06   for supporting key manageme...

H04L 63/123   received data contents, e.g...

H04L 63/1458   Denial of Service

H04L 63/20   for managing network securi...

H04L 67/63   Routing a service request d...

H04L 9/006   involving public key infras...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3247   involving digital signatures

Controlling the spread of interests and content in a content centric network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling the spread of interests and content in a content centric network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links