Method and system for mutating and caching content in a content centric network
First Claim
1. A computer system, the system comprising an intermediate node in a computer network, the intermediate node including:
- a processor;
a storage device coupled to the processor and storing instructions that when executed by the processor cause the processor to perform;
receiving, by the intermediate node, a content object that indicates an encrypted payload, a signature, and a parameter for a group to which the content object belongs, wherein the content object includes a name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level;
re-encrypting the encrypted payload based on the parameter to obtain a new encrypted payload and generating a new signature for a re-encrypted content object, wherein re-encrypting is not based on a private key or a public key associated with the encrypted payload; and
transmitting the re-encrypted content object to a client computing device, thereby allowing the client computing device to decrypt the re-encrypted content object, verify the new signature, and avoid a correlation attack, wherein transmitting the re-encrypted content object to the client computing device further includes;
transmitting the re-encrypted content object to a previous-hop node based on an entry in a pending interest table, wherein the entry indicates an interest name that corresponds to the content object name, a list of incoming interfaces at which the interest is received, and a list of outgoing interfaces from which the interest is forwarded; and
removing from the entry a first interface from the list of incoming interfaces, wherein the first interface corresponds to the previous-hop node.
4 Assignments
0 Petitions
Accused Products
Abstract
One embodiment provides a system that facilitates mutating and caching content in a CCN. During operation, the system receives, by an intermediate node, a content object that indicates an encrypted payload, a signature, and a parameter for a group to which the content object belongs, wherein the content object includes a name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level. The system re-encrypts the content object based on the encrypted payload and the parameter to obtain a new encrypted payload and a new signature, wherein re-encrypting is not based on a private key or a public key associated with the encrypted payload. The system transmits the re-encrypted content object to a client computing device, thereby allowing the client computing device to decrypt the re-encrypted content object and verify the new signature.
644 Citations
20 Claims
-
1. A computer system, the system comprising an intermediate node in a computer network, the intermediate node including:
-
a processor; a storage device coupled to the processor and storing instructions that when executed by the processor cause the processor to perform; receiving, by the intermediate node, a content object that indicates an encrypted payload, a signature, and a parameter for a group to which the content object belongs, wherein the content object includes a name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level; re-encrypting the encrypted payload based on the parameter to obtain a new encrypted payload and generating a new signature for a re-encrypted content object, wherein re-encrypting is not based on a private key or a public key associated with the encrypted payload; and transmitting the re-encrypted content object to a client computing device, thereby allowing the client computing device to decrypt the re-encrypted content object, verify the new signature, and avoid a correlation attack, wherein transmitting the re-encrypted content object to the client computing device further includes; transmitting the re-encrypted content object to a previous-hop node based on an entry in a pending interest table, wherein the entry indicates an interest name that corresponds to the content object name, a list of incoming interfaces at which the interest is received, and a list of outgoing interfaces from which the interest is forwarded; and removing from the entry a first interface from the list of incoming interfaces, wherein the first interface corresponds to the previous-hop node. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method, comprising:
-
receiving, by an intermediate node in a computer network, a content object that indicates an encrypted payload, a signature, and a parameter for a group to which the content object belongs, wherein the content object includes a name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level; re-encrypting the encrypted payload based on the parameter to obtain a new encrypted payload and generating a new signature for a re-encrypted content object, wherein re-encrypting is not based on a private key or a public key associated with the encrypted payload; and transmitting the re-encrypted content object to a client computing device, thereby allowing the client computing device to decrypt the re-encrypted content object, verify the new signature, and avoid a correlation attack, wherein transmitting the re-encrypted content object to the client computing device further includes; transmitting the re-encrypted content object to a previous-hop node based on an entry in a pending interest table, wherein the entry indicates an interest name that corresponds to the content object name, a list of incoming interfaces at which the interest is received, and a list of outgoing interfaces from which the interest is forwarded; and removing from the entry a first interface from the list of incoming interfaces, wherein the first interface corresponds to the previous-hop node. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium encoded with software comprising computer executable instructions which, when executed by a processor of an intermediate node in a computer network, cause the processor to:
-
receive a content object that indicates an encrypted payload, a signature, and a parameter for a group to which the content object belongs, wherein the content object includes a name that is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level; re-encrypt the encrypted payload based on the parameter to obtain a new encrypted payload and generate a new signature for a re-encrypted content object, wherein re-encrypting is not based on a private key or a public key associated with the encrypted payload; and transmit the re-encrypted content object to a client computing device, thereby allowing the client computing device to decrypt the re-encrypted content object, verify the new signature, and avoid a correlation attack, wherein the instructions cause the processor to transmit the re-encrypted content object to the client computing device by; transmitting the re-encrypted content object to a previous-hop node based on an entry in a pending interest table, wherein the entry indicates an interest name that corresponds to the content object name, a list of incoming interfaces at which the interest is received, and a list of outgoing interfaces from which the interest is forwarded; and removing from the entry a first interface from the list of incoming interfaces, wherein the first interface corresponds to the previous-hop node. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification