Method and system for mutating and caching content in a content centric network

US 10,320,760 B2
Filed: 04/01/2016
Issued: 06/11/2019
Est. Priority Date: 04/01/2016
Status: Active Grant

First Claim

Patent Images

1. A computer system, the system comprising an intermediate node in a computer network, the intermediate node including:

a processor;

a storage device coupled to the processor and storing instructions that when executed by the processor cause the processor to perform;

receiving, by the intermediate node, a content object that indicates an encrypted payload, a signature, and a parameter for a group to which the content object belongs, wherein the content object includes a name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level;

re-encrypting the encrypted payload based on the parameter to obtain a new encrypted payload and generating a new signature for a re-encrypted content object, wherein re-encrypting is not based on a private key or a public key associated with the encrypted payload; and

transmitting the re-encrypted content object to a client computing device, thereby allowing the client computing device to decrypt the re-encrypted content object, verify the new signature, and avoid a correlation attack, wherein transmitting the re-encrypted content object to the client computing device further includes;

transmitting the re-encrypted content object to a previous-hop node based on an entry in a pending interest table, wherein the entry indicates an interest name that corresponds to the content object name, a list of incoming interfaces at which the interest is received, and a list of outgoing interfaces from which the interest is forwarded; and

removing from the entry a first interface from the list of incoming interfaces, wherein the first interface corresponds to the previous-hop node.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment provides a system that facilitates mutating and caching content in a CCN. During operation, the system receives, by an intermediate node, a content object that indicates an encrypted payload, a signature, and a parameter for a group to which the content object belongs, wherein the content object includes a name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level. The system re-encrypts the content object based on the encrypted payload and the parameter to obtain a new encrypted payload and a new signature, wherein re-encrypting is not based on a private key or a public key associated with the encrypted payload. The system transmits the re-encrypted content object to a client computing device, thereby allowing the client computing device to decrypt the re-encrypted content object and verify the new signature.

644 Citations

20 Claims

1. A computer system, the system comprising an intermediate node in a computer network, the intermediate node including:
- a processor;
  
  a storage device coupled to the processor and storing instructions that when executed by the processor cause the processor to perform;
  
  receiving, by the intermediate node, a content object that indicates an encrypted payload, a signature, and a parameter for a group to which the content object belongs, wherein the content object includes a name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level;
  
  re-encrypting the encrypted payload based on the parameter to obtain a new encrypted payload and generating a new signature for a re-encrypted content object, wherein re-encrypting is not based on a private key or a public key associated with the encrypted payload; and
  
  transmitting the re-encrypted content object to a client computing device, thereby allowing the client computing device to decrypt the re-encrypted content object, verify the new signature, and avoid a correlation attack, wherein transmitting the re-encrypted content object to the client computing device further includes;
  
  transmitting the re-encrypted content object to a previous-hop node based on an entry in a pending interest table, wherein the entry indicates an interest name that corresponds to the content object name, a list of incoming interfaces at which the interest is received, and a list of outgoing interfaces from which the interest is forwarded; and
  
  removing from the entry a first interface from the list of incoming interfaces, wherein the first interface corresponds to the previous-hop node.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer system of claim 1, wherein the processor is further configured to perform:
    - including the new encrypted payload and the new signature in the re-encrypted content object.
  - 3. The computer system of claim 1, wherein the encrypted payload and the signature indicated in the received content object are encrypted based on a public key of a content producing device, a private key of the client computing device, and two integers that are generated randomly based on the parameter.
  - 4. The computer system of claim 1, wherein re-encrypting the encrypted payload further comprises:
    - in response to determining that a copy of a content object with a same name as the content object name exists in a cache of the intermediate node, re-encrypting the encrypted payload.
  - 5. The computer system of claim 1, wherein the processor is further configured to perform:
    - in response to determining that a copy of a content object with a same name as the content object name does not exist in a cache of the intermediate node;
      
      storing a copy of the received content object in the cache; and
      
      transmitting the received content object to the client computing device.
  - 6. The computer system of claim 1, wherein the processor is further configured to perform:
    - receiving an interest with an interest name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level; and
      
      wherein re-encrypting the encrypted payload further comprises;
      
      in response to determining that a copy of a content object with a same name as the interest name does exist in a cache of the intermediate node, re-encrypting the encrypted payload.
  - 7. The computer system of claim 1, wherein the processor is configured to re-encrypt the encrypted payload using a re-encryption algorithm based on multiplication.

8. A computer-implemented method, comprising:
- receiving, by an intermediate node in a computer network, a content object that indicates an encrypted payload, a signature, and a parameter for a group to which the content object belongs, wherein the content object includes a name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level;
  
  re-encrypting the encrypted payload based on the parameter to obtain a new encrypted payload and generating a new signature for a re-encrypted content object, wherein re-encrypting is not based on a private key or a public key associated with the encrypted payload; and
  
  transmitting the re-encrypted content object to a client computing device, thereby allowing the client computing device to decrypt the re-encrypted content object, verify the new signature, and avoid a correlation attack, wherein transmitting the re-encrypted content object to the client computing device further includes;
  
  transmitting the re-encrypted content object to a previous-hop node based on an entry in a pending interest table, wherein the entry indicates an interest name that corresponds to the content object name, a list of incoming interfaces at which the interest is received, and a list of outgoing interfaces from which the interest is forwarded; and
  
  removing from the entry a first interface from the list of incoming interfaces, wherein the first interface corresponds to the previous-hop node.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising:
    - including the new encrypted payload and the new signature in the re-encrypted content object.
  - 10. The method of claim 8, wherein the encrypted payload and the signature indicated in the received content object are encrypted based on apublic key of a content producing device, a private key of the client computing device, and two integers that are generated randomly based on the parameter.
  - 11. The method of claim 8, wherein re-encrypting the encrypted payload further comprises:
    - in response to determining that a copy of a content object with a same name as the content object name exists in a cache of the intermediate node, re-encrypting the encrypted payload.
  - 12. The method of claim 8, further comprising:
    - in response to determining that a copy of a content object with a same name as the content object name does not exist in a cache of the intermediate node;
      
      storing a copy object in the cache; and
      
      transmitting the received content object to the client computing device.
  - 13. The method of claim 8, further comprising:
    - receiving an interest with an interest name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level; and
      
      wherein re-encrypting the encrypted payload further comprises;
      
      in response to determining that a copy of a content object with a same name as the interest name does exist in a cache of the intermediate node, re-encrypting the encrypted payload.
  - 14. The method of claim 8, wherein re-encrypting the encrypted payload further comprises:
    - re-encrypting the encrypted payload using a re-encryption algorithm based on multiplication.

15. A non-transitory computer-readable storage medium encoded with software comprising computer executable instructions which, when executed by a processor of an intermediate node in a computer network, cause the processor to:
- receive a content object that indicates an encrypted payload, a signature, and a parameter for a group to which the content object belongs, wherein the content object includes a name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level;
  
  re-encrypt the encrypted payload based on the parameter to obtain a new encrypted payload and generate a new signature for a re-encrypted content object, wherein re-encrypting is not based on a private key or a public key associated with the encrypted payload; and
  
  transmit the re-encrypted content object to a client computing device, thereby allowing the client computing device to decrypt the re-encrypted content object, verify the new signature, and avoid a correlation attack, wherein the instructions cause the processor to transmit the re-encrypted content object to the client computing device by;
  
  transmitting the re-encrypted content object to a previous-hop node based on an entry in a pending interest table, wherein the entry indicates an interest name that corresponds to the content object name, a list of incoming interfaces at which the interest is received, and a list of outgoing interfaces from which the interest is forwarded; and
  
  removing from the entry a first interface from the list of incoming interfaces, wherein the first interface corresponds to the previous-hop node.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable storage medium of claim 15, wherein the encrypted payload and the signature indicated in the received content object are encrypted based on a public key of a content producing device, a private key of the client computing device, and two integers that are generated randomly based on the parameter.
  - 17. The non-transitory computer-readable storage medium of claim 15, wherein the instructions cause the processor to re-encrypt the encrypted payload by:
    - in response to determining that a copy of a content object with a same name as the content object name exists in a cache of the intermediate node, re-encrypting the encrypted payload.
  - 18. The non-transitory computer-readable storage medium of claim 15, wherein the instructions further cause the processor to:
    - in response to determining that a copy of a content object with a same name as the content object name does not exist in a cache of the intermediate node;
      
      store a copy of the content object in the cache; and
      
      transmit the received content object to the client computing device.
  - 19. The non-transitory computer-readable storage medium of claim 15, wherein the instructions further cause the processor to:
    - receive an interest with an interest name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level; and
      
      in response to determining that a copy of a content object with a same name as the interest name does exist in a cache of the intermediate node, re-encrypt the encrypted payload.
  - 20. The non-transitory computer-readable storage medium of claim 15, wherein the instructions cause the processor to re-encrypt the encrypted payload using a re-encryption algorithm based on multiplication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Wood, Christopher A., Scott, Glenn C.
Primary Examiner(s)
Naghdali, Khalil

Application Number

US15/089,042
Publication Number

US 20170289114A1
Time in Patent Office

1,166 Days
Field of Search

713154
US Class Current
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/72   Signcrypting, i.e. digital ...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/0471   applying encryption by an i...

H04L 67/1097   for distributed storage of ...

H04L 67/568   Storing data temporarily at...

H04L 67/63   Routing a service request d...

H04L 9/16   the keys or algorithms bein...

H04L 9/3013   involving the discrete loga...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

Method and system for mutating and caching content in a content centric network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

644 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for mutating and caching content in a content centric network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

644 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links