Method and system for interest encryption in a content centric network

US 10,305,864 B2
Filed: 01/25/2016
Issued: 05/28/2019
Est. Priority Date: 01/25/2016
Status: Active Grant

First Claim

Patent Images

1. A computer system for facilitating efficient content exchange, the system comprising:

a processor; and

a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising;

generating, by a client computing device, an interest with a name that includes a routable prefix and a first hash of one or more original name components of the name, wherein the name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level;

computing a key based on;

(1) a second hash of the original name components of the name, (2) at least one Diffie-Hellman parameter, and (3) a randomly generated first nonce;

encrypting a payload of the interest with the key, wherein the interest indicates the first nonce;

transmitting the interest to a receiving content producing device, wherein the interest allows the receiving content producing device to compute the key and decrypt the payload;

in response to transmitting the interest, receiving a content object with a payload encrypted based on the key, thereby reducing delay in interest encryption in a content centric network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment provides a system that facilitates efficient content exchange in a CCN. During operation, the system receives, generates, by a client computing device, an interest with a name that includes a routable prefix and a first hash of one or more original name components, wherein the name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level. The system computes a key based on a second hash of the original name components and a randomly generated first nonce. The system encrypts a payload of the interest with the key, wherein the interest indicates the first nonce. In response to transmitting the interest, wherein the interest allows a receiving content producing device to compute the key and decrypt the payload, the system receives receiving a content object with a payload encrypted based on the key.

Citations

20 Claims

1. A computer system for facilitating efficient content exchange, the system comprising:
- a processor; and
  
  a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising;
  
  generating, by a client computing device, an interest with a name that includes a routable prefix and a first hash of one or more original name components of the name, wherein the name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level;
  
  computing a key based on;
  
  (1) a second hash of the original name components of the name, (2) at least one Diffie-Hellman parameter, and (3) a randomly generated first nonce;
  
  encrypting a payload of the interest with the key, wherein the interest indicates the first nonce;
  
  transmitting the interest to a receiving content producing device, wherein the interest allows the receiving content producing device to compute the key and decrypt the payload;
  
  in response to transmitting the interest, receiving a content object with a payload encrypted based on the key, thereby reducing delay in interest encryption in a content centric network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer system of claim 1, wherein computing the key further involves:
    - determining a first value based on a first Diffie-Hellman parameter and a randomly generated second nonce;
      
      determining a second value based on the second hash, wherein the second hash is further based on a second Diffie-Hellman parameter; and
      
      computing the key based on the first value and the second value, wherein the interest further indicates the first value and the second Diffie-Hellman parameter.
  - 3. The computer system of claim 2, wherein the method further comprises:
    - appending the first value, the first nonce, and the second Diffie-Hellman parameter to the name for the interest.
  - 4. The computer system of claim 2, wherein computing the key is further based on a key derivation function performed on the first value and the second value.
  - 5. The computer system of claim 1, wherein the content object indicates configuration information to be used in subsequent communication between the client computing device and the content producing device, wherein the configuration information is indicated as one or more of:
    - embedded in the content object; and
      
      included as a link in the content object.
  - 6. The computer system of claim 1, wherein the method further comprises:
    - in response to receiving the content object, decrypting the payload based on the key.
  - 7. The computer system of claim 1, wherein encrypting the payload with the key is based on an authenticated encryption with associated data algorithm which outputs an authenticator tag, and wherein the interest further indicates the authenticator tag.

8. A computer system for facilitating efficient content exchange, the system comprising:
- a processor; and
  
  a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising;
  
  receiving, by a content producing device, an interest with a name that includes a routable prefix and a first hash of one or more original name components of the name, wherein the name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level, wherein the interest indicates a first nonce, and wherein a payload of the interest is encrypted based on a key;
  
  computing the key based on;
  
  (1) a second hash of the original name components of the name, (2) at least one Diffie-Hellman parameter, and (3) the first nonce;
  
  decrypting a payload of the interest based on the key; and
  
  generating a content object with a payload encrypted based on the key, thereby reducing delay in interest encryption in a content centric network.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer system of claim 8, wherein the interest further indicates a first value and a first Diffie-Hellman parameter, and wherein computing the key further involves determining a second value based on the second hash, wherein the second hash is further based on the first Diffie-Hellman parameter;
    - andcomputing the key based on a key derivation function performed on the first value and the second value.
  - 10. The computer system of claim 9, wherein the name for the interest includes the first value, the first nonce, and the first Diffie-Hellman parameter.
  - 11. The computer system of claim 8, wherein the method further comprises:
    - obtaining the original name components based on a previously stored mapping of the first hash to the original name components.
  - 12. The computer system of claim 8, wherein the method further comprises:
    - indicating in the content object configuration information to be used in subsequent communication between the client computing device and the content producing device, wherein indicating the configuration information further involves one or more of;
      
      embedding in the content object the configuration information; and
      
      including in the content object a link to the configuration information.
  - 13. The computer system of claim 8, wherein the payload is further encrypted based on an encryption with associated data algorithm which outputs an authenticator tag, wherein the interest further indicates the authenticator tag, andwherein decrypting the payload involves:
    - verifying the authenticator tag.

14. A computer-implemented method for facilitating efficient content exchange, the method comprising:
- generating, by a client computing device, an interest with a name that includes a routable prefix and a first hash of one or more original name components of the name, wherein the name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level;
  
  computing a key based on;
  
  (1) a second hash of the original name components of the name, (2) at least one Diffie-Hellman parameter, and (3) a randomly generated first nonce;
  
  encrypting a payload of the interest with the key, wherein the interest indicates the first nonce;
  
  transmitting the interest to a receiving content producing device, wherein the interest allows the receiving content producing device to compute the key and decrypt the payload;
  
  in response to transmitting the interest, receiving a content object with a payload encrypted based on the key, thereby reducing delay in interest encryption in a content centric network.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein computing the key further involves:
    - determining a first value based on a first Diffie-Hellman parameter and a randomly generated second nonce;
      
      determining a second value based on the second hash, wherein the second hash is further based on a second Diffie-Hellman parameter; and
      
      computing the key based on the first value and the second value,wherein the interest further indicates the first value and the second Diffie-Hellman parameter.
  - 16. The method of claim 15, further comprising:
    - appending the first value, the first nonce, and the second Diffie-Hellman parameter to the name for the interest.
  - 17. The method of claim 15, wherein computing the key is further based on a key derivation function performed on the first value and the second value.
  - 18. The method of claim 14, wherein the content object indicates configuration information to be used in subsequent communication between the client computing device and the content producing device, wherein the configuration information is indicated as one or more of:
    - embedded in the content object; and
      
      included as a link in the content object.
  - 19. The method of claim 14, further comprising:
    - in response to receiving the content object, decrypting the payload based on the key.
  - 20. The method of claim 14, wherein encrypting the payload with the key is based on an authenticated encryption with associated data algorithm which outputs an authenticator tag, and wherein the interest further indicates the authenticator tag.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Wood, Christopher A.
Primary Examiner(s)
Potratz, Daniel B

Application Number

US15/005,900
Publication Number

US 20170214661A1
Time in Patent Office

1,219 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/0819   Key transport or distributi...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/0861   Generation of secret inform...

H04L 9/0869   involving random numbers or...

Method and system for interest encryption in a content centric network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for interest encryption in a content centric network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links