Method and system for verifying renamed content using manifests in a content centric network

US 9,536,059 B2
Filed: 12/15/2014
Issued: 01/03/2017
Est. Priority Date: 12/15/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for authenticating content, comprising:

determining, by a content publishing device, an original manifest which includes an original manifest name and indicates at least an original content name associated with a content object, wherein a name is a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level;

encapsulating the original manifest based on an encapsulation name for the original manifest;

renaming the content object with a new content name; and

creating a new manifest which includes a new manifest name and indicates the new content name, wherein the new manifest further includes original authentication information associated with the original manifest, wherein the original authentication information includes the encapsulation name for the original manifest, thereby facilitating redistribution of content objects with a different name without requiring re-computation of the original authentication information.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment provides a system that facilitates redistribution of content objects with a different name without requiring re-computation of the original authentication information. During operation, the system determines, by a content producing device, an original manifest which indicates at least an original name associated with a content object, wherein the name is a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level. The system renames the content object with a new name. The system also creates a new manifest which indicates the new name, wherein the new manifest includes original authentication information associated with the original manifest.

398 Citations

25 Claims

1. A computer-implemented method for authenticating content, comprising:
- determining, by a content publishing device, an original manifest which includes an original manifest name and indicates at least an original content name associated with a content object, wherein a name is a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level;
  
  encapsulating the original manifest based on an encapsulation name for the original manifest;
  
  renaming the content object with a new content name; and
  
  creating a new manifest which includes a new manifest name and indicates the new content name, wherein the new manifest further includes original authentication information associated with the original manifest, wherein the original authentication information includes the encapsulation name for the original manifest, thereby facilitating redistribution of content objects with a different name without requiring re-computation of the original authentication information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the original authentication information indicates one or more of:
    - an identity of a producer of the original manifest; and
      
      a digital signature of the producer of the original manifest.
  - 3. The method of claim 1, wherein the original authentication information is one or more of:
    - information embedded in the new manifest;
      
      information derived from the original manifest; and
      
      a linked object that is derived from the original manifest, wherein the linked object is an object which is distinct from the original manifest.
  - 4. The method of claim 1, wherein renaming the content object involves one or more of:
    - adding a prefix to the original content name;
      
      replacing a part of the original content name with a part of the new content name; and
      
      any function that creates a one-to-one mapping of the new content name to the original content name.
  - 5. The method of claim 1, wherein the original authentication information indicates a self-certifying name based on the original content name, wherein the self-certifying name uniquely identifies the content object.
  - 6. The method of claim 5, wherein the self-certifying name includes a cryptographic digest of the content object.
  - 7. The method of claim 1, wherein the new manifest indicates a self-certifying name based on the new content name, and wherein the self-certifying name uniquely identifies the content object.

8. A computer-implemented method comprising:
- receiving, by a content consuming device, a new manifest which includes a new manifest name and indicates at least a new content name associated with a content object, wherein a name is a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level, wherein the new manifest further includes original authentication information associated with an original manifest which indicates an original content name associated with the content object, and wherein the original authentication information includes an encapsulation name for the original manifest;
  
  retrieving the content object based on the new content name;
  
  retrieving the original manifest based on the encapsulation name; and
  
  verifying the retrieved content object by;
  
  replacing the new content name with the original content name; and
  
  authenticating the retrieved content object with the original content name based on the original authentication information from the retrieved original manifest, thereby facilitating redistribution of content objects with different names without requiring re-computation of the original authentication information.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, wherein the original authentication information indicates one or more of:
    - an identity of a producer of the original manifest; and
      
      a digital signature of the producer of the original manifest.
  - 10. The method of claim 8, wherein the original authentication information is one or more of:
    - information embedded in the new manifest;
      
      information derived from the original manifest; and
      
      a linked object that is derived from the original manifest, wherein the linked object is an object which is separate from the original manifest.
  - 11. The method of claim 8,wherein the original authentication information indicates a self-certifying name based on the original content name, and wherein the self-certifying name uniquely identifies the content object.
  - 12. The method of claim 8, further comprising:
    - verifying the original manifest by authenticating a digital signature of a producer of the original manifest based on a public key of the producer.
  - 13. The method of claim 8, wherein verifying the retrieved content object further comprises:
    - calculating a self-certifying name for the content object based on the original content name;
      
      comparing the calculated self-certifying name with a self-certifying name indicated in the original authentication information; and
      
      responsive to determining that the calculated self-certifying name matches the self-certifying name indicated in the original authentication information, authenticating the retrieved content object.

14. A computer system for authenticating content, the computer system comprising:
- a processor; and
  
  a storage device coupled to the processor and storing instructions that when executed by the processor cause the computer system to perform a method, the method comprising;
  
  determining, by a content publishing device, an original manifest which includes an original manifest name and indicates at least an original content name associated with a content object, wherein a name is a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level;
  
  encapsulating the original manifest based on an encapsulation name for the original manifest;
  
  renaming the content object with a new content name; and
  
  creating a new manifest which includes a new manifest name and indicates the new content name, wherein the new manifest further includes original authentication information associated with the original manifest, wherein the original authentication information includes the encapsulation name for the original manifest, thereby facilitating redistribution of content objects with a different name without requiring re-computation of the original authentication information.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The computer system of claim 14, wherein the original authentication information indicates one or more of:
    - an identity of a producer of the original manifest; and
      
      a digital signature of the producer of the original manifest.
  - 16. The computer system of claim 14, wherein the original authentication information is one or more of:
    - information embedded in the new manifest;
      
      information derived from the original manifest; and
      
      a linked object that is derived from the original manifest, wherein the linked object is an object which is distinct from the original manifest.
  - 17. The computer system of claim 14, wherein renaming the content object involves one or more of:
    - adding a prefix to the original content name;
      
      replacing a part of the original content name with a part of the new content name; and
      
      any function that creates a one-to-one mapping of the new content name to the original content name.
  - 18. The computer system of claim 14, wherein the original authentication information indicates a self-certifying name based on the original content name, wherein the self-certifying name includes a cryptographic digest of the content object.
  - 19. The computer system of claim 14, wherein the new manifest indicates a self-certifying name based on the new content name, and wherein the self-certifying name uniquely identifies the content object.

20. A computer system for authenticating content, the computer system comprising:
- a processor; and
  
  a storage device coupled to the processor and storing instructions that when executed by the processor cause the computer system to perform a method, the method comprising;
  
  receiving, by a content consuming device, a new manifest which includes a new manifest name and indicates at least a new content name associated with a content object, wherein a name is a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level, wherein the new manifest further includes original authentication information associated with an original manifest which indicates an original content name associated with the content object, and wherein the original authentication information includes an encapsulation name for the original manifest;
  
  retrieving the content object based on the new content name;
  
  retrieving the original manifest based on the encapsulation name; and
  
  verifying the retrieved content object by;
  
  replacing the new content name with the original content name; and
  
  authenticating the retrieved content object with the original content name based on the original authentication information from the retrieved original manifest, thereby facilitating redistribution of content objects with different names without requiring re-computation of the original authentication information.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The computer system of claim 20, wherein the original authentication information indicates one or more of:
    - an identity of a producer of the original manifest; and
      
      a digital signature of the producer of the original manifest.
  - 22. The computer system of claim 20, wherein the original authentication information is one or more of:
    - information embedded in the new manifest;
      
      information derived from the original manifest; and
      
      a linked object that is derived from the original manifest, wherein the linked object is an object which is separate from the original manifest.
  - 23. The computer system of claim 20,wherein the original authentication information indicates a self-certifying name based on the original content name, and wherein the self-certifying name uniquely identifies the content object.
  - 24. The computer system of claim 20, wherein the method further comprises:
    - verifying the original manifest by authenticating a digital signature of a producer of the original manifest based on a public key of the producer.
  - 25. The computer system of claim 20, wherein verifying the retrieved content object further comprises:
    - calculating a self-certifying name for the content object based on the original content name;
      
      comparing the calculated self-certifying name with a self-certifying name indicated in the original authentication information; and
      
      responsive to determining that the calculated self-certifying name matches the self-certifying name indicated in the original authentication information, authenticating the retrieved content object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Palo Alto Research Center, Inc. (Xerox Holdings Corp.)
Inventors
Solis, Ignacio, Mosko, Marc E., Uzun, Ersin
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
RUPRECHT, CHRISTOPHER S

Application Number

US14/571,083
Publication Number

US 20160171184A1
Time in Patent Office

750 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/1086   Superdistribution

G06F 21/44   Program or device authentic...

H04L 67/1068   Discovery involving direct ...

H04L 67/1097   for distributed storage of ...

Method and system for verifying renamed content using manifests in a content centric network

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

398 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for verifying renamed content using manifests in a content centric network

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

398 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links