Aggregate signing of data in content centric networking
First Claim
1. A computer-implemented method comprising:
- receiving, by a client computing device, a secure content catalog that indicates a set of content objects and their corresponding digests, wherein the catalog is digitally signed with a private key of a content producing device of the catalog;
verifying the content producing device of the catalog based on a public key of the content producing device;
constructing an interest for a first content object based on the catalog, wherein the interest includes a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level and the corresponding digest for the first content object; and
in response to receiving the first content object, verifying the first content object by comparing a hash of the first content object with the corresponding digest included in the first content object,wherein the first content object is transmitted by the content producing device,wherein verifying the first content object involves using, by the client computing device and an intermediate router, the hash comparison in place of verifying a signature of the content producing device of the first content object, andwherein verifying the first content object causes the content producing device to avoid signing the first content object, and further causes the client computing device and the intermediate router to avoid verifying a signature of the content producing device of the first content object,facilitating efficient verification of content objects indicated in the signed catalog.
3 Assignments
0 Petitions
Accused Products
Abstract
One embodiment provides a system that facilitates routers in verifying content objects in a cost-effective manner by aggregating content objects into a secure content catalog. During operation, a client computing device receives a secure content catalog, which indicates a set of content objects and their corresponding digests. The catalog is digitally signed with the private key of a producer of the catalog. The client computing device constructs an interest for a content object, where the interest indicates a name for the content object and the corresponding digest for the content object, which is based on the secure content catalog. The name for the request content object is a hierarchically structured variable length identifier (HSVLI) which comprises name components ordered from a most general level to a most specific level.
-
Citations
22 Claims
-
1. A computer-implemented method comprising:
-
receiving, by a client computing device, a secure content catalog that indicates a set of content objects and their corresponding digests, wherein the catalog is digitally signed with a private key of a content producing device of the catalog; verifying the content producing device of the catalog based on a public key of the content producing device; constructing an interest for a first content object based on the catalog, wherein the interest includes a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level and the corresponding digest for the first content object; and in response to receiving the first content object, verifying the first content object by comparing a hash of the first content object with the corresponding digest included in the first content object, wherein the first content object is transmitted by the content producing device, wherein verifying the first content object involves using, by the client computing device and an intermediate router, the hash comparison in place of verifying a signature of the content producing device of the first content object, and wherein verifying the first content object causes the content producing device to avoid signing the first content object, and further causes the client computing device and the intermediate router to avoid verifying a signature of the content producing device of the first content object, facilitating efficient verification of content objects indicated in the signed catalog. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method comprising:
-
creating, by a content producing device, a secure content catalog that indicates a set of content objects and their corresponding digests, wherein a name for the content objects indicated in the catalog is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level; producing a digital signature for the catalog based on a private key of a content producing device of the catalog; in response to receiving from a client computing device a first interest for the catalog, wherein the first interest includes a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level, transmitting to the client computing device a first content object corresponding to the digitally signed catalog; and in response to receiving from the client computing device a second interest for one of the content objects indicated in the catalog, wherein the second interest includes the name for the requested content object, transmitting a second content object based on the name for the requested content object, wherein transmitting the second content object facilitates the client computing device and the intermediate router to verify the second content object by comparing a hash of the content object with the corresponding digest included in the second content object, wherein the hash comparison is used in place of verifying a signature of the content producing device of the second content object, and wherein transmitting the second content object causes the content producing device to avoid signing the second content object, and further causes the client computing device and the intermediate router to avoid verifying a signature of the content producing device of the second content object, facilitating efficient verification of content objects indicated in the secure content catalog. - View Dependent Claims (9, 10, 11)
-
-
12. A computer system for secure and efficient distribution of digital content, the system comprising:
-
a processor; a storage device coupled to the processor and storing instructions that when executed by a computer cause the computer to perform a method, the method comprising; receiving, by a client computing device, a secure content catalog that indicates a set of content objects and their corresponding digests, wherein the catalog is digitally signed with a private key of a content producing device of the catalog; verifying the content producing device of the catalog based on a public key of the content producing device; constructing an interest for a first content object based on the catalog, wherein the interest includes a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level and the corresponding digest for the first content object; and in response to receiving the first content object, verifying the first content object by comparing a hash of the first content object with the corresponding digest included in the first content object, wherein the first content object is transmitted by the content producing device, wherein verifying the content object involves using, by the client computing device and an intermediate router, the hash comparison in place of verifying a signature of the content producing device of the first content object, and wherein verifying the first content object causes the content producing device to avoid signing the first content object, and further causes the client computing device and the intermediate router to avoid verifying a signature of the content production device of the first content object, facilitating efficient verification of content objects indicated in the signed catalog. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A computer system for secure and efficient distribution of digital content, the system comprising:
-
a processor; a storage device coupled to the processor and storing instructions that when executed by a computer cause the computer to perform a method, the method comprising; creating, by a content producing device, a secure content catalog that indicates a set of content objects and their corresponding digests, wherein a name for the content objects indicated in the catalog is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level; producing a digital signature for the catalog based on a private key of a content producing device of the catalog; in response to receiving from a client computing device a first interest for the catalog, wherein the first interest includes a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level, transmitting to the client computing device a first content object corresponding to the digitally signed catalog; and in response to receiving from the client computing device a second interest for one of the content objects indicated in the catalog, wherein the second interest includes the name for the requested content object, transmitting a second content object based on the name for the requested content object, wherein transmitting the second content object facilitates the client computing device and the intermediate router to verify the second content object by comparing a hash of the second content object with the corresponding digest included in the second content object, wherein the hash comparison is used in place of verifying a signature of the content producing device of the second content object, and wherein transmitting the second content object causes the content producing device to avoid signing the second content object, and further causes the client computing device and the intermediate router to avoid verifying signature of the content producing device of the second content object, facilitating efficient verification of content objects indicated in the secure content catalog. - View Dependent Claims (20, 21, 22)
-
Specification