Transparent encryption in a content centric network
First Claim
1. A computer-implemented method for facilitating efficient and transparent encryption of packets, the method comprising:
- receiving, by a content producing device, an interest packet that includes a masked name which corresponds to an original name of a content object, wherein the original name is a hierarchically structured variable length identifier, wherein said hierarchically structured variable length identifier represents a location of a specific content object within a file system and is used to identify the specific content object, and wherein the interest packet includes an encrypted original name of the content object in a payload of the interest packet, wherein the original name is encrypted based on a public key of the content producing device to generate the encrypted original name;
obtaining the original name of the content object by decrypting the encrypted original name included in the payload of the interest packet based on a private key of the content producing device;
computing a symmetric key based on both;
(1) the original name of the content object, and (2) a generated nonce, wherein the generated nonce is a random string with a length of a predetermined size, and wherein the symmetric key has a length that is equal to the predetermined size of the generated nonce;
generating a content object packet that corresponds to the original name and includes the masked name, the nonce, and a payload including the content object corresponding to the original name, wherein the payload is encrypted based on the symmetric key, wherein the content object packet is received by a client computing device, thereby facilitating efficient and transparent content encryption between the content producing device and the client computing device; and
forwarding the content object packet to an entity that sent the interest packet.
0 Assignments
0 Petitions
Accused Products
Abstract
One embodiment provides a system that facilitates efficient and transparent encryption of packets between a client computing device and a content producing device. During operation, the system receives, by a content producing device, an interest packet that includes a masked name which corresponds to an original name, wherein the original name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level. The system obtains the original name based on the masked name. The system computes a symmetric key based on the original name and a generated nonce. The system generates a content object packet that corresponds to the original name and includes the masked name, the nonce, and a payload encrypted based on the symmetric key, wherein the content object packet is received by a client computing device.
384 Citations
20 Claims
-
1. A computer-implemented method for facilitating efficient and transparent encryption of packets, the method comprising:
-
receiving, by a content producing device, an interest packet that includes a masked name which corresponds to an original name of a content object, wherein the original name is a hierarchically structured variable length identifier, wherein said hierarchically structured variable length identifier represents a location of a specific content object within a file system and is used to identify the specific content object, and wherein the interest packet includes an encrypted original name of the content object in a payload of the interest packet, wherein the original name is encrypted based on a public key of the content producing device to generate the encrypted original name; obtaining the original name of the content object by decrypting the encrypted original name included in the payload of the interest packet based on a private key of the content producing device; computing a symmetric key based on both;
(1) the original name of the content object, and (2) a generated nonce, wherein the generated nonce is a random string with a length of a predetermined size, and wherein the symmetric key has a length that is equal to the predetermined size of the generated nonce;generating a content object packet that corresponds to the original name and includes the masked name, the nonce, and a payload including the content object corresponding to the original name, wherein the payload is encrypted based on the symmetric key, wherein the content object packet is received by a client computing device, thereby facilitating efficient and transparent content encryption between the content producing device and the client computing device; and forwarding the content object packet to an entity that sent the interest packet. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more non-transitory computer readable storage media encoded with instructions that, when executed by a processor of a content producing device, cause the processor to:
-
receive an interest packet that includes a masked name which corresponds to an original name of a content object, wherein the original name is a hierarchically structured variable length identifier, wherein said hierarchically structured variable length identifier represents a location of a specific content object within a file system and is used to identify the specific content object, and wherein the interest packet includes an encrypted original name of the content object in a payload of the interest packet, wherein the original name is encrypted based on a public key of the content producing device to generate the encrypted original name; obtain the original name of the content object by decrypting the encrypted original name included in the payload of the interest packet based on a private key of the content producing device; compute a symmetric key based on both;
(1) the original name of the content object, and (2) a generated nonce, wherein the generated nonce is a random string with a length of a predetermined size, and wherein the symmetric key has a length that is equal to the predetermined size of the generated nonce;generate a content object packet that corresponds to the original name and includes the masked name, the nonce, and a payload including the content object corresponding to the original name, wherein the payload is encrypted based on the symmetric key, wherein the content object packet is received by a client computing device, thereby facilitating efficient and transparent content encryption between the content producing device and the client computing device; and forward the content object packet to an entity that sent the interest packet. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. One or more non-transitory computer readable storage media encoded with instructions that, when executed by a processor of a client computing device, cause the processor to:
-
encrypt an original name of a content object to generate an encrypted original name, wherein the original name is encrypted based on a public key of a content producing device, wherein the original name is a hierarchically structured variable length identifier, wherein said hierarchically structured variable length identifier represents a location of a specific content object within a file system and is used to identify a specific content object; compute a masked name based on the original name; include the encrypted original name in a payload of an interest packet; in response to transmitting the interest packet with the masked name, receive a content object packet that includes the masked name, a nonce, and a payload including the content object corresponding to the original name, wherein the payload is encrypted based on a symmetric key to produce an encrypted payload, wherein the content object packet is generated by the content producing device; look up the masked name in a data structure stored at the client computing device to obtain the original name of the content object; compute the symmetric key based on both;
(1) the original name of the content object obtained based on the masked name, and (2) the nonce, wherein the nonce is a random string with a length of a predetermined size, and wherein the symmetric key has a length that is equal to the predetermined size of the nonce; anddecrypt the encrypted payload of the content object packet based on the symmetric key to produce a decrypted payload and to obtain the content object corresponding to the original name, thereby facilitating efficient and transparent content encryption between the client computing device and the content producing device. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification