Aggregate signing of data in content centric networking

US 9,363,086 B2
Filed: 03/31/2014
Issued: 06/07/2016
Est. Priority Date: 03/31/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, by a client computing device, a secure content catalog that indicates a set of content objects and their corresponding digests, wherein the catalog is digitally signed with a private key of a content producing device of the catalog;

verifying the content producing device of the catalog based on a public key of the content producing device;

constructing an interest for a first content object based on the catalog, wherein the interest includes a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level and the corresponding digest for the first content object; and

in response to receiving the first content object, verifying the first content object by comparing a hash of the first content object with the corresponding digest included in the first content object,wherein the first content object is transmitted by the content producing device,wherein verifying the first content object involves using, by the client computing device and an intermediate router, the hash comparison in place of verifying a signature of the content producing device of the first content object, andwherein verifying the first content object causes the content producing device to avoid signing the first content object, and further causes the client computing device and the intermediate router to avoid verifying a signature of the content producing device of the first content object,facilitating efficient verification of content objects indicated in the signed catalog.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment provides a system that facilitates routers in verifying content objects in a cost-effective manner by aggregating content objects into a secure content catalog. During operation, a client computing device receives a secure content catalog, which indicates a set of content objects and their corresponding digests. The catalog is digitally signed with the private key of a producer of the catalog. The client computing device constructs an interest for a content object, where the interest indicates a name for the content object and the corresponding digest for the content object, which is based on the secure content catalog. The name for the request content object is a hierarchically structured variable length identifier (HSVLI) which comprises name components ordered from a most general level to a most specific level.

Citations

22 Claims

1. A computer-implemented method comprising:
- receiving, by a client computing device, a secure content catalog that indicates a set of content objects and their corresponding digests, wherein the catalog is digitally signed with a private key of a content producing device of the catalog;
  
  verifying the content producing device of the catalog based on a public key of the content producing device;
  
  constructing an interest for a first content object based on the catalog, wherein the interest includes a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level and the corresponding digest for the first content object; and
  
  in response to receiving the first content object, verifying the first content object by comparing a hash of the first content object with the corresponding digest included in the first content object,wherein the first content object is transmitted by the content producing device,wherein verifying the first content object involves using, by the client computing device and an intermediate router, the hash comparison in place of verifying a signature of the content producing device of the first content object, andwherein verifying the first content object causes the content producing device to avoid signing the first content object, and further causes the client computing device and the intermediate router to avoid verifying a signature of the content producing device of the first content object,facilitating efficient verification of content objects indicated in the signed catalog.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - verifying the signature based on a public key of the content producing device of the catalog.
  - 3. The method of claim 1, further comprising:
    - receiving the first content object;
      
      wherein verifying the first content object causes the transmittal, from the content producing device to the client computing device and the intermediate router, of the first content object.
  - 4. The method of claim 1, wherein a last component of the hierarchically structured variable length identifier of the first content object includes the digest of the constructed interest.
  - 5. The method of claim 1, wherein a digest for one of the content objects indicated in the catalog is a cryptographic hash of the respective content object.
  - 6. The method of claim 1, further comprising:
    - receiving, by the client computing device, a second content object that identifies the catalog based on a name for the catalog and indicates an index number that corresponds to one of the content objects indicated in the catalog; and
      
      constructing an interest for the catalog, wherein the interest indicates the name for the catalog, and wherein the name for the catalog is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level.
  - 7. The method of claim 6, further comprising:
    - verifying the signature in the catalog based on a public key of the content producing device of the catalog;
      
      wherein verifying the first content object further involves comparing a hash of the first content object with the digest for the content object corresponding to the index number in the catalog.

8. A computer-implemented method comprising:
- creating, by a content producing device, a secure content catalog that indicates a set of content objects and their corresponding digests, wherein a name for the content objects indicated in the catalog is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level;
  
  producing a digital signature for the catalog based on a private key of a content producing device of the catalog;
  
  in response to receiving from a client computing device a first interest for the catalog, wherein the first interest includes a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level, transmitting to the client computing device a first content object corresponding to the digitally signed catalog; and
  
  in response to receiving from the client computing device a second interest for one of the content objects indicated in the catalog, wherein the second interest includes the name for the requested content object, transmitting a second content object based on the name for the requested content object,wherein transmitting the second content object facilitates the client computing device and the intermediate router to verify the second content object by comparing a hash of the content object with the corresponding digest included in the second content object, wherein the hash comparison is used in place of verifying a signature of the content producing device of the second content object, andwherein transmitting the second content object causes the content producing device to avoid signing the second content object, and further causes the client computing device and the intermediate router to avoid verifying a signature of the content producing device of the second content object,facilitating efficient verification of content objects indicated in the secure content catalog.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, wherein a last component of the hierarchically structured variable length identifier of one of the content objects indicated in the catalog includes the digest of the respective content object.
  - 10. The method of claim 8, wherein a digest for one of the content objects indicated in the catalog is a cryptographic hash of the respective content object.
  - 11. The method of claim 8, further comprising:
    - transmitting, prior to creating the catalog, a third content object that identifies the catalog based on a name for the catalog and indicates an index number that corresponds to one of the content objects indicated in the catalog.

12. A computer system for secure and efficient distribution of digital content, the system comprising:
- a processor;
  
  a storage device coupled to the processor and storing instructions that when executed by a computer cause the computer to perform a method, the method comprising;
  
  receiving, by a client computing device, a secure content catalog that indicates a set of content objects and their corresponding digests, wherein the catalog is digitally signed with a private key of a content producing device of the catalog;
  
  verifying the content producing device of the catalog based on a public key of the content producing device;
  
  constructing an interest for a first content object based on the catalog, wherein the interest includes a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level and the corresponding digest for the first content object; and
  
  in response to receiving the first content object, verifying the first content object by comparing a hash of the first content object with the corresponding digest included in the first content object,wherein the first content object is transmitted by the content producing device,wherein verifying the content object involves using, by the client computing device and an intermediate router, the hash comparison in place of verifying a signature of the content producing device of the first content object, andwherein verifying the first content object causes the content producing device to avoid signing the first content object, and further causes the client computing device and the intermediate router to avoid verifying a signature of the content production device of the first content object,facilitating efficient verification of content objects indicated in the signed catalog.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The computer system of claim 12, wherein the method further comprises:
    - verifying the signature based on a public key of the content producing device of the catalog.
  - 14. The computer system of claim 12, wherein the method further comprises:
    - receiving the first content object;
      
      wherein verifying the first content object causes the transmittal, from the content producing device to the client computing device and the intermediate router, of the first content object.
  - 15. The computer system of claim 12, wherein a last component of the hierarchically structured variable length identifier of the first content object includes the digest of the constructed interest.
  - 16. The computer system of claim 12, wherein a digest for one of the content objects indicated in the catalog is a cryptographic hash of the respective content object.
  - 17. The computer system of claim 12, wherein the method further comprises:
    - receiving, by the client computing device, a second content object that identifies the catalog based on a name for the catalog and indicates an index number that corresponds to one of the content objects indicated in the catalog; and
      
      constructing an interest for the catalog, wherein the interest indicates the name for the catalog, and wherein the name for the catalog is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level.
  - 18. The computer system of claim 17, wherein the method further comprises:
    - verifying the signature in the catalog based on a public key of the content producing device of the catalog;
      
      wherein verifying the first content object further involves comparing a hash of the first content object with the digest for the content object corresponding to the index number in the catalog.

19. A computer system for secure and efficient distribution of digital content, the system comprising:
- a processor;
  
  a storage device coupled to the processor and storing instructions that when executed by a computer cause the computer to perform a method, the method comprising;
  
  creating, by a content producing device, a secure content catalog that indicates a set of content objects and their corresponding digests, wherein a name for the content objects indicated in the catalog is a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level;
  
  producing a digital signature for the catalog based on a private key of a content producing device of the catalog;
  
  in response to receiving from a client computing device a first interest for the catalog, wherein the first interest includes a hierarchically structured variable length identifier which comprises contiguous name components ordered from a most general level to a most specific level, transmitting to the client computing device a first content object corresponding to the digitally signed catalog; and
  
  in response to receiving from the client computing device a second interest for one of the content objects indicated in the catalog, wherein the second interest includes the name for the requested content object, transmitting a second content object based on the name for the requested content object,wherein transmitting the second content object facilitates the client computing device and the intermediate router to verify the second content object by comparing a hash of the second content object with the corresponding digest included in the second content object, wherein the hash comparison is used in place of verifying a signature of the content producing device of the second content object, andwherein transmitting the second content object causes the content producing device to avoid signing the second content object, and further causes the client computing device and the intermediate router to avoid verifying signature of the content producing device of the second content object,facilitating efficient verification of content objects indicated in the secure content catalog.
- View Dependent Claims (20, 21, 22)
- - 20. The computer system of claim 19, wherein a last component of the hierarchically structured variable length identifier of one of the content objects indicated in the catalog includes the digest of the content object.
  - 21. The computer system of claim 19, wherein a digest for one of the content objects indicated in the catalog is a cryptographic hash of the respective content object.
  - 22. The computer system of claim 19, wherein the method further comprises:
    - transmitting, prior to creating the catalog, a third content object that identifies the catalog based on a name for the catalog and indicates an index number that corresponds to one of the content objects indicated in the catalog.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Palo Alto Research Center, Inc. (Xerox Holdings Corp.)
Inventors
Uzun, Ersin, Mosko, Marc E., Plass, Michael F., Scott, Glenn C.
Primary Examiner(s)
Sholeman, Abu
Assistant Examiner(s)
LWIN, MAUNG T

Application Number

US14/231,515
Publication Number

US 20150280918A1
Time in Patent Office

799 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless

H04L 63/123   received data contents, e.g...

H04L 63/1441   Countermeasures against mal...

H04L 63/168   above the transport layer

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

Aggregate signing of data in content centric networking

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Aggregate signing of data in content centric networking

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links