Low-cost authenticated signing delegation in content centric networking
First Claim
1. A computer-implemented method comprising:
- monitoring, by a first content producing device, one or more content objects created by a second content producing device, wherein a content object is identified by a name that is a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level;
retrieving the one or more content objects;
in response to determining that the retrieved content objects indicate a message authentication code, authenticating the message authentication code for the retrieved content objects based on a key shared by the first content producing device and the second content producing device;
in response to determining that the retrieved content objects do not indicate the message authentication code, authenticating the retrieved content objects based on one or more of;
a physical location of the first content producing device and the second content producing device; and
a network topology;
creating a manifest which indicates a name for the manifest and a content object hash (COH) value for each of the retrieved content objects;
producing a digital signature for the manifest based on a private key of the first content producing device; and
including the digital signature in the manifest, thereby facilitating delegation of signature production to the first content producing device for content objects created by the second content producing device.
5 Assignments
0 Petitions
Accused Products
Abstract
One embodiment provides a system that delegates signature production in a CCN. During operation, a first content producing device monitors content objects created by a second content producing device. A content object can be identified by a name that is a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level. The first device retrieves the content objects and authenticates a message authentication code for each content object based on a key shared by the first and second device. The first device creates a manifest with a name and a content object hash value for each content object, produces a digital signature for the manifest based on a private key of the first device, and includes the digital signature in the manifest, thereby delegating signature production to the first device for content objects created by the second device.
389 Citations
20 Claims
-
1. A computer-implemented method comprising:
-
monitoring, by a first content producing device, one or more content objects created by a second content producing device, wherein a content object is identified by a name that is a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level; retrieving the one or more content objects; in response to determining that the retrieved content objects indicate a message authentication code, authenticating the message authentication code for the retrieved content objects based on a key shared by the first content producing device and the second content producing device; in response to determining that the retrieved content objects do not indicate the message authentication code, authenticating the retrieved content objects based on one or more of; a physical location of the first content producing device and the second content producing device; and a network topology; creating a manifest which indicates a name for the manifest and a content object hash (COH) value for each of the retrieved content objects; producing a digital signature for the manifest based on a private key of the first content producing device; and including the digital signature in the manifest, thereby facilitating delegation of signature production to the first content producing device for content objects created by the second content producing device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method comprising:
- generating, by a second content producing device, a first set of one or more content objects which indicate a message authentication code, which is based on a key shared by the second content producing device and a first content producing device, wherein a content object is identified by a name that is a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level;
generating a second set of one or more content objects which do not indicate the message authentication code; delegating, to the first content producing device, a production of a digital signature for the one or more content objects of the first set; authenticating, by the first content producing device, the message authentication code for the first set of the one or more content objects based on the shared key; delegating, to the first content producing device, the production of the digital signature of the one or more content objects of the second set; and authenticating, by the first content producing device, the second set of the one or more content objects based on one or more of; a physical location of the first content producing device and the second content producing device; and a network topology. - View Dependent Claims (7, 8, 9, 10)
- generating, by a second content producing device, a first set of one or more content objects which indicate a message authentication code, which is based on a key shared by the second content producing device and a first content producing device, wherein a content object is identified by a name that is a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level;
-
11. A computer system comprising:
-
a processor; a storage device coupled to the processor and storing instructions that when executed by a computer cause the computer to perform a method, the method comprising; monitoring, by a first content producing device, one or more content objects created by a second content producing device, wherein a content object is identified by a name that is a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level; retrieving the one or more content objects; in response to determining that the retrieved content objects indicate a message authentication code, authenticating the message authentication code for the retrieved content objects based on a key shared by the first content producing device and the second content producing device; in response to determining that the retrieved content objects do not indicate the message authentication code, authenticating the retrieved content objects based on one or more of; a physical location of the first content producing device and the second content producing device; and a network topology; creating a manifest which indicates a name for the manifest and a content object hash (COH) value for each of the retrieved content objects; producing a digital signature for the manifest based on a private key of the first content producing device; and including the digital signature in the manifest, thereby facilitating delegation of signature production to the first content producing device for content objects created by the second content producing device. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A computer system comprising:
-
a processor; a storage device coupled to the processor and storing instructions that when executed by a computer cause the computer to perform a method, the method comprising; generating, by a second content producing device, a first set of one or more content objects which indicate a message authentication code, which is based on a key shared by the second content producing device and a first content producing device, and wherein a content object is identified by a name that is a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level; and generating a second set of one or more content objects which do not indicate the message authentication code; delegating, to the first content producing device, a production of a digital signature for the one or more content objects of the first set; authenticating, by the first content producing device, the message authentication code for the first set of the one or more content objects based on the shared key; delegating, to the first content producing device, the production of the digital signature of the one or more content objects of the second set; and authenticating, by the first content producing device, the second set of the one or more content objects based on one or more of; a physical location of the first content producing device and the second content producing device; and a network topology. - View Dependent Claims (17, 18, 19, 20)
-
Specification