Patent Grant
9462006
The subject matter of this application is related to the subject matter of the following applications:
1. Field
This disclosure is generally related to Content Centric Networks. More specifically, this disclosure is related to a security component of a transport stack that verifies a Content Object on behalf of an application.
2. Related Art
The proliferation of mobile computing and cellular networks is making digital content more mobile than ever before. People can use their smartphones to generate content, to consume content, or even to provide Internet access to other computing devices that generate or consume content. Oftentimes, a device's network location can change as a person takes this device to a new physical location. This can make it difficult to communicate with this device under a traditional computer network (e.g., the Internet) when the device's new network location is not known.
To solve this problem, information centric network (ICN) architectures have been designed to facilitate accessing digital content based on its name, regardless of the content's physical or network location. Content centric networking (CCN) is one example of an ICN. Unlike traditional networking, such as Internet Protocol (IP) networks where packets are forwarded based on an address for an end-point, the CCN architecture assigns a routable name to content itself so the that content can be retrieved from any device that hosts the content.
A typical CCN architecture forwards two types of packets: Interests and Content Objects. Interests include a name for a piece of named data, and serve as a request for the piece of named data. Content Objects, on the other hand, typically include a payload, and are only forwarded along a network path that has been traversed by an Interest with a matching name, and traverse this path in the reverse direction taken by the Interest packet. Typical CCN architectures only send Content Objects as a response to an Interest packet; Content Objects are not sent unsolicited.
CCN architectures can ensure content authenticity by allowing publishers to sign content, which allows consumers to verify content signatures. However, typical CCN routers do not perform content signature verification on Content Objects to avoid incurring additional network latency. Some CCN routers also maintain a Content Store that caches content to minimize the round-trip-delay, by returning a cached Content Object whenever possible. However, content caching in routers opens the door for denial-of-service (DoS) attacks.
One such DoS attack involves content poisoning, where an adversary injects fake content into a router's cache to flood the CCN network with fake content that blocks access to legitimate content of the same name. Applications can avoid becoming victim to content poisoning attacks by enforcing the use of self-certifying content names, or by verifying that the returned Content Objects is signed by a trusted entity. However, this is only possible if the application knows the content's hash value ahead of time, or has access to a set of digital certificates that bind the Content Object to a trusted entity. Implementing client applications that enforce CCN security measures can increase the complexity of client applications, which can require the application's developer or local user to maintain an up-to-date set of trusted root certificates that can be used to verify Content Objects. Hence, implementing client applications that enforce CCN security measures can require significant development costs and on-going maintenance costs for the developer and the user.
One embodiment provides a data verification system that facilitates verifying, on behalf of an application, whether a CCN Content Object is authentic or trustworthy. During operation, the system can obtain a stack requirement for a custom transport stack, which specifies at least a description for a verifier stack component that verifies Content Objects using publisher key identifiers (KeyIDs). The system instantiates the verifier stack component in the custom stack based on the stack requirement, and can use the custom stack to obtain a verified Content Object that has been verified by the verifier stack component. While using the custom stack, the system can push, to the custom stack, an Interest that includes a name for a piece of content and includes a KeyID associated with a content producer. The system then receives, from the custom stack, a Content Object which the verifier stack component has verified to be signed by the content producer associated with the KeyID.
In some embodiments, the verifier stack component can verify Content Objects or Named Data Objects (NDO's) received over an Information Centric Network (ICN) or a Content Centric Network (CCN). In ICNs, each piece of content is individually named, and each piece of data is bound to a unique name that distinguishes the data from any other piece of data, such as other versions of the same data or data from other sources. This unique name allows a network device to request the data by disseminating a request or an Interest that indicates the unique name, and can obtain the data independent from the data's storage location, network location, application, and means of transportation. Named-data networks (NDN) or content-centric networks (CCN) are examples of an ICN architecture; the following terms describe elements of an NDN or CCN architecture:
Content Object:
A single piece of named data, which is bound to a unique name. Content Objects are “persistent,” which means that a Content Object can move around within a computing device, or across different computing devices, but does not change. If any component of the Content Object changes, the entity that made the change creates a new Content Object that includes the updated content, and binds the new Content Object to a new unique name.
Unique Names:
A name in a CCN is typically location independent and uniquely identifies a Content Object. A data-forwarding device can use the name or name prefix to forward a packet toward a network node that generates or stores the Content Object, regardless of a network address or physical location for the Content Object. In some embodiments, the name may be a hierarchically structured variable-length identifier (HSVLI). The HSVLI can be divided into several hierarchical components, which can be structured in various ways. For example, the individual name components parc, home, ndn, and test.txt can be structured in a left-oriented prefix-major fashion to form the name “/parc/home/ndn/test.txt.” Thus, the name “/parc/home/ndn” can be a “parent” or “prefix” of “/parc/home/ndn/test.txt.” Additional components can be used to distinguish between different versions of the content item, such as a collaborative document.
In some embodiments, the name can include an identifier, such as a hash value that is derived from the Content Object's data (e.g., a checksum value) and/or from elements of the Content Object's name. A description of a hash-based name is described in U.S. patent application Ser. No. 13/847,814 (entitled “ORDERED-ELEMENT NAMING FOR NAME-BASED PACKET FORWARDING,” by inventor Ignacio Solis, filed 20 Mar. 2013), which is hereby incorporated by reference. A name can also be a flat label. Hereinafter, “name” is used to refer to any name for a piece of data in a name-data network, such as a hierarchical name or name prefix, a flat name, a fixed-length name, an arbitrary-length name, or a label (e.g., a Multiprotocol Label Switching (MPLS) label).
Interest:
A packet that indicates a request for a piece of data, and includes a name (or a name prefix) for the piece of data. A data consumer can disseminate a request or Interest across an information-centric network, which CCN/NDN routers can propagate toward a storage device (e.g., a cache server) or a data producer that can provide the requested data to satisfy the request or Interest.
In some embodiments, the ICN system can include a content-centric networking (CCN) architecture. However, the methods disclosed herein are also applicable to other ICN architectures as well. A description of a CCN architecture is described in U.S. patent application Ser. No. 12/338,175 (entitled “CONTROLLING THE SPREAD OF INTERESTS AND CONTENT IN A CONTENT CENTRIC NETWORK,” by inventors Van L. Jacobson and Diana K. Smetters, filed 18 Dec. 2008), which is hereby incorporated by reference.
In some embodiments, the system can process a Content Object using the verifier stack component of the custom stack. While processing the Content Object, the system can use a verifier module to verify whether Content Object is signed by the content producer associated with the KeyID. Then, responsive to determining that the verifier module does not validate or invalidate the Content Object, the system processes the Content Object using one or more trust checkers to determine whether the Content Object is trustworthy.
In some variations to these embodiments, the system accepts the Content Object responsive to determining that at least one trust checker has determined the Content Object to be trustworthy.
In some variations to these embodiments, the system rejects the Content Object responsive to determining that at least one trust checker has determined the Content Object to not be trustworthy.
In some embodiments, the description of the verifier stack component includes a list of trusted certificate authorities.
In some embodiments, the description of the verifier stack component includes a listing of one or more trust checkers to instantiate in the verifier stack component. A respective trust checker can analyze a Content Object to accept the Content Object, reject the Content Object, or defer verification of the Content Object to another trust checker.
In some embodiments, the description of the verifier stack component includes an ordering for the one or more trust checkers in the verifier stack component.
In some embodiments, the description of the verifier stack component includes an implementation for a respective trust checker.
In some variations to these embodiments, the set of trust checkers can include a trust checker that rejects Content Objects with stale data.
In some variations to these embodiments, the set of trust checkers can include a trust checker that rejects a public key which is not published under a white-list name prefix.
In some variations to these embodiments, the set of trust checkers can include a trust checker which verifies a Content Object using a Pretty Good Privacy (PGP) web of trust.
In some embodiments, the system can receive, from an application, a control statement for the custom stack. The control statement includes a set of trust checkers to enable in the verifier stack component. The system then enables the set of trust checkers responsive to receiving the control statement.
In some embodiments, the system can receive, from an application, a control statement for the custom stack. The control statement can include a set of trust checkers to disable in the verifier stack component. The system then disables the set of trust checkers responsive to receiving the control statement.
In the figures, like reference numerals refer to the same figure elements.
The following description is presented to enable any person skilled in the art to make and use the embodiments, and is provided in the context of a particular application and its requirements. Various modifications to the disclosed embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the present disclosure. Thus, the present invention is not limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features disclosed herein.
Overview
Embodiments of the present invention provide a security stack component that solves the problem of verifying, on behalf of an application, whether a CCN Content Object is authentic or trustworthy. The verifier stack component can be instantiated within a stack of the transport framework, and performs transparent enforcement of the trust on behalf of the application or operating environment, without requiring the application or operating environment to be involved in verifying the Content Object.
For example, an Interest message can facilitate verifying a Content Object by specifying a public key of a content producer or specifying a self-certifying name for the Content Object. The self-certifying name can include an exact hash digest of the Content Object, and can be obtained, for example, from a Content Object Manifest that references a collection of data. Any entity that disseminates or forwards the Interest can use the public key or the self-certifying name to determine a trustworthiness of a Content Object received as a response to the Interest. If the entity knows the self-certifying name of the Content Object, this entity may not need to verify the signature of their corresponding Content Object; the entity may just compute and compare the Content Object's hash value to the self-certifying name.
In some embodiments, if the client wants to obtain a secure Content Object, the client can disseminate an Interest that includes a key identifier (KeyID) associated with the Content Object's content producer, and/or includes a ContentObjectHash field with the Content Object's hash. The KeyID is a hash of a public key for the content producer. When the network stack receives such an Interest, the verifier component of the network stack can use the KeyID and/or the ContentObjectHash fields to verify the authenticity and legitimacy of Content Objects with.
An application can use a transport stack on the local computer to disseminate the Interest for the Content Object, and expects to receive a verified Content Object that was indeed published by the content producer associated with the KeyID. The transport stack disseminates the Interest, and the verifier component can use the Interest's KeyID to verify the signature of the Content Object it receives to make sure the Content Object was signed by the trusted content producer.
To verify the Content Object, the verifier component needs to have access to the public key required to verify the Content Object, either from a local keychain or from a trusted third party (e.g., a certificate authority). Also, to make sure the public key is valid, the verifier component computes the hash of the public key, and compares this hash to the KeyID. The public key is valid if the public key's hash matches the KeyID.
Hence, the verifier component of the transport stack implements a generalized trust model that can be bootstrapped or configured at runtime to implement any application-specific trust model. This verifier component allows application developers to implement any robust and unique trust models that satisfy their application's need, can leverage absolute trust anchors (e.g., a certification authority identity and public key).
Exemplary Network Environment
In CCN, a forwarder maintains a forwarder information base (FIB) to control how Interests are forwarded across the CCN, maintains a pending Interest table (PIT) to return Content Objects along a return path established by the corresponding Interest, and maintains a content store (CS) to cache Content Objects. With the addition of content-restriction fields such as the KeyID and the ContentObjectHash values, the forwarder can operate on upstream Interests as follows:
For downstream Content Objects, the forwarder uses information in the PIT and CS to determine if the Content Object can be satisfied by any entry in the PIT. With the addition of fields such as KeyID and ContentObjectHash in interest messages, the forwarder limits objects which can be returned by the following rules:
The CCN architecture also supports Manifest objects to encapsulate metadata for large chunks of content, as well as security and access control information. Manifest Content Objects have names that match the Interest, and can include a list of self-certifying Interest names (SCNs) for other pieces of content (e.g., for chunks of a large content file). Since the Manifest object is itself a Content Object and carries a signature, the list of SCNs can be trusted and used to issue a large number of interests with SCNs in parallel, thereby increasing throughput and removing the need for signature verification. A description of Manifests is described in U.S. patent application Ser. No. 14/337,026, entitled “System for Distributing Nameless Objects using Self-Certifying Names,” by inventor Marc E. Mosko, filed 21 Jul. 2014), which is hereby incorporated by reference.
Any device that disseminates an Interest for a Content Object can use the KeyID and/or the ContentObjectHash value. In embodiments of the present invention, the transport framework can verify a Content Object on behalf of an application that disseminated the corresponding Interest.
In the traditional IP architecture, a forwarder is an IP-based forwarder that looks at a packet's header to determine the source and the destination for the packet, and forwards the packet to the destination. The conventional stack performs TCP/UDP, and an application interacts with the stack via a socket. In contrast, device 104 of the present invention doesn't use such a conventional “stack.” Rather, device 104 implements a “transport framework” 106 which can dynamically configure a custom stack to satisfy an application's custom “environment execution context.”
Specifically, device 104 can include a transport framework 106 which can automatically create and/or update a custom stack 110 for a local application or the local operating environment (e.g., without intervention of a local user 116, the local operating environment, and/or any applications running on device 104). Device 104 can also include a forwarder 112 (e.g., a network interface card, or a router in a local area network), which can transfer packets between custom stacks of transport framework 106 and network 102. Custom stack 110 can process packets to and/or from forwarder 112 or any application running on device 104, and the stack's components can include any available components that can be organized in any order to satisfy the application's requirements.
In some embodiments, transport framework 106 can include a set of stack-configuring agents that can dynamically configure a stack on-demand. For example, transport framework 106 can include a set of transport API components 108 that implement functions accessible via a library and/or an API. An application can access an API implemented by transport framework 106 by issuing a call to transport framework 106. Transport framework 106 then maps the API call to a corresponding API component of components 108 that implements this specific function, and forwards the API call to this API component.
If a stack doesn't exist for processing the API call, the API component can configure or instantiates a custom stack that can perform the application's API call. For example, the API component can issue a request to transport framework 106, with a request describing the functionality of the custom stack. This functionality description can be high-level, such as to specify a pre-defined behavior or operation that is to be performed on data packets. Transport framework 106 then realizes this behavior or operation by organizing the necessary components into a custom stack 110 (e.g., in custom stack components) in an order that achieves the desired behavior or operation.
Alternatively, the functionality description can be low-level, such as to specify the specific stack components that are to be used, and can specify an order in which the stack components are to be arranged. Moreover, the functionality description can also be specific or generic with respect to the individual components, for example, to request a specific “security component” (e.g., a PKI verification component) or to request any “verification component.”
Each component in custom stack 110 has a tuple of input and output queues, such as an OutputQueueDown queue and an InputQueueDown queue for sending and receiving messages to/from the next lower component in the stack, respectively. The input and output queues also include an OutputQueueUp queue and an InputQueueUp queue for sending and receiving messages to/from the next higher component in the stack, respectively. Egress messages flow through components of tack 110 one at a time through the downward queues (e.g., from component 120 toward component 124), where each component reads, processes, and forwards the messages as needed. Ingress messages, on the other hand, flow through the stack 110 upward from component 124 toward component 120. The top stack component 120 in stack 110 interfaces with transport API components 108, and the bottom stack component 124 interfaces with forwarder 112.
In some embodiments, stack 110 can include a security component 122 that performs transparent enforcement of the trust on behalf of the application or operating environment, without requiring the application or operating environment to be involved in verifying the Content Object. For example, security component 122 can include a signer component 124 and a verifier component 126. When security component 122 receives an Interest from an application, signer 124 can store the Interest in a local repository to make the Interest's KeyID or ContentObjectHash value accessible by the verifier 126.
Verifier 126 performs the operations to obtain the necessary public key associated with an Interest's KeyID, verifying the public key, and verifying the Content Object whose name prefix matches the Interest's name. Verifier 126 can perform a remedial action when a public key fails verification (e.g., by requesting another public key), and can perform a remedial action when a Content Object fails verification (e.g., by disseminating the Interest to request another Content Object that may pass verification).
In some embodiments, the Content Object can include a Manifest. Manifests include a listing of one or more Content Objects that are part of a larger collection, such as a movie file. The Manifest itself can also include a signature that can be used to verify the Manifest against a publisher's public key or KeyID. Also, the Manifest includes any other information that is necessary for verifying the Manifest, such as a reference to a certificate that includes the public key that was used to sign the Manifest. Verifier 126 can perform PKI verification by using this reference to fetch the certificate from a trusted third party, and determining whether security component 122 can trust the certificate (e.g., by following a chain of trust from a trusted root certificate to the Manifest's certificate).
If verification of the Manifest's certificate is successful, verifier 126 obtains the public key from the certificate, and verifies the public key using the KeyID. If verification of the public key is successful, verifier 126 uses the public key to verify the Manifest's signature. If the Manifest's signature is successful, verifier 126 proceeds to send the Manifest to a higher stack component in transport stack 110 (e.g., to a Manifest-handling stack component, or to the application or operating environment that requested the Manifest).
Verifier 126 also includes a trust circuit that can verify the Content Object based on additional attributes of the Content Object. For example, if PKI verification cannot be used to accept or reject the Content Object (e.g., if verifier 126 cannot obtain the KeyID, the public key, or a certificate), verifier 126 can defer verification to the trust circuit. This trust circuit implements more complex trust verification techniques that are beyond the standard PKI verification framework. For example, the trust circuit can include a sequence of trust checkers that can be defined by the application or the operating environment via the transport framework API.
Some example trust checks can include:
In some embodiments, the application or the operating environment can provide the instructions that implement a trust checker to the API 108 of Transport Framework 106 when instantiating security component 122 in custom stack 110. The application can also provide a list of pre-defined checkers to instantiate for the trust circuit, and can provide an order in which these trust checkers are to be instantiated in security component 122.
Verifier 126 can include a Control Point Interface (CPI) agent, which accepts control statements from the application at runtime. The application can use the CPI to select, at runtime, which subset of trust checkers the application wants to enable or disable for a given Interest (and the matching Content Object), or for any future Interests and Content Objects. Hence, when a trust checker is turned off, the trust circuit can bypass the trust checker to forward all checks onto the next trust checker in the sequence of trust checkers.
On the other hand, if the API call includes a CCN message, the transport framework identifies a transport stack associated with the API call (operation 208), and forwards the CCN message to the identified transport stack (operation 210). Also, recall that a CCN message may include an Interest that serves as a request for a piece of data, or may include a data object that carries data for the local application (e.g., a CCN Content Object that includes data requested via an Interest). Hence, the transport framework may analyze the CCN message to determine whether the message includes an Interest (operation 212). If so, the transport framework may receive a verified Content Object from the transport stack (operation 214), which was verified by the verifier component of the transport stack. The transport framework then returns the verified Content Object to the application (operation 216).
During operation 206, when instantiating the transport stack, the application or the transport framework can bootstrap the verifier component to uphold a desired trust model. For example, a local web browser can be preconfigured with a set of root Certificate Authority (CA) certificates which the browser can use to validate the signed data it receives. The web browser can instantiate a custom transport stack that includes the verifier component, and bootstraps the verifier component to include this set of root CA certificates. Then, when establishing TLS sessions over HTTPS, the verifier can traverse the certificate chain starting at the target server and ending with a trusted CA certificate, which validates the legitimacy of the public-key used to encrypt and/or sign the data. If the target server's certificate chain is not rooted in one of the default root CA certificates, then the public key is not trusted, and the user is typically alarmed. The browser application no longer needs to traverse the certificate chain itself to validate signed or encrypted data packets.
Recall that the stack components can include a Control Plane Interface (CPI) that serves to configure components in the transport stack. In some embodiments, the local application can use the CPI to issue a CPI call directly to the security component or verifier component, to send configuration information that reconfigures or updates the trust model of the verifier component. The CPI call can include a CCN message can encapsulate JSON-encoded commands, and is sent asynchronously from the CPI to the target stack component (e.g., the security component or the verifier component) to modify the stack component's internal state.
The command in the CCN message includes an object with a command identifier (string) and payload (options) for the command. For example, to cancel a flow controller session for a particular namespace prefix, a JSON-encoded command wrapped in a CCN Message is sent to the FlowController component. An exemplary JSON-encoded CPI command is presented in Table 1.
When the transport framework receives a CPI call, the transport framework can asynchronously invoke the CPI event handler (CPI agent) that parses the CCN Message instance, extracts the command identifier and associated options payload from the JSON object, and performs a lookup to identify a stack component that has registered itself with the command identifier. The CPI event handler then forwards the CCN Message instance to the matching stack component that performs the command's operation (e.g., to cancel the flow session).
In some embodiments, the verifier component can register CPI commands with the CPI event handler. Two exemplary commands include a whitelist modification command and a blacklist modification command. The whitelist command (or blacklist command) can add (remove) a whitelist source and remove (add) a blacklist source from the trust circuit gate in the verifier component of the stack. The options payload for a whitelist command or a blacklist command can include a set of keys, and has for each key a list of namespace prefixes that are to be added or removed to/from the whitelist source or blacklist source.
In some embodiments, the default behavior for the last gate in the trust circuit may be set to automatically reject messages, since they have not been verified by any of the prior gates. However, application developers may wish to negate this behavior to be more trustworthy. Another exemplary CPI command registered by the verifier component can include a “set trust circuit end-gate defer action” command that configures the default behavior of the last trust checker in the verifier component's trust circuit.
Yet another exemplary command registered by the verifier component can include a “toggle advanced trust circuit gates” that enables or disables the trust circuit in the verifier component. When enabled, the verifier component forwards incoming messages into the test circuit if they pass the basic trust policy test. If disabled, only the basic trust policy test will be enforced and the verifier component does not forward messages to the trust circuit.
Network-Layer Security Component
Recall that an application can disseminate an Interest that includes a KeyID to request a Content Object which has been signed by an entity associated with the KeyID. For this reason, the security component stores Interest messages so that the security component can access their KeyID when verifying their matching Content Objects. Hence, while analyzing the message, the signer determines whether the message includes an Interest (operation 306), and if so, the signer can store the Interest in association with the application (operation 308). The signer then forwards the message to another component of the transport stack (operation 310).
On the other hand, if the message does not includes an Interest (e.g., the message include Content Object, or any other data object that needs to be transmitted over the computer network), the signer determines whether the message needs to be signed (operation 312). If the message does not need to be signed, the signer proceeds to forward the message to the next component of the transport stack (operation 310). Otherwise, the signer proceeds to sign the message (operation 314) before forwarding the message to the next component of the transport stack (operation 310).
Recall that the security component enforces trust management on pairs of Interests and Content Objects. For example, an ingress Content Object received by the verifier component needs to be associated with an egress Interest that was issued by an application. Because of this, packet analyzer 406 analyzes messages to detect Interests, and caches these Interests in an Interest repository 410 (e.g., a queue) as they flow through signer component 400. The verifier component can access Interest repository 410 to find a matching Interest to the Content Objects it receives.
In normal operation, Interest messages bypass packet signer 408. Hence, packet analyzer 406 forwards Interests to lower stack component input queue 404. On the other hand, when packet analyzer 406 detects a Content Object, packet analyzer 406 forwards the Content Object to packet signer 408 that signs the Content Object as it passes through signer component 400.
If a KeyID was found, the verifier component verifies whether the Content Object was signed by a content producer associated with the KeyID (operation 508). Also, if verification was successful, the verifier accepts the Content Object (operation 512), and proceeds to forward the verified Content Object to the application which disseminated the corresponding Interest (operation 514).
On the other hand, if a KeyID was not found (operation 506), or if verification was not conclusive (operation 510), the verifier can process the Content Object using one or more trust checkers to determine whether the Content Object is trustworthy (operation 514). Some example trust checks can include:
The verifier then determines whether the trustworthy checks determined that the Content Object is trustworthy (operation 516). If the Content Object is trustworthy, the verifier accepts the Content Object and forwards the Content Object to the application (operation 512). Otherwise, the verifier rejects the Content Object (operation 518), and may perform a remedial action. The remedial action can include, for example, writing the failed verification operation in a log file, informing the application of the failed verification check (and providing the Content Object to the application), and storing the Content Object in a repository of rejected Content Objects.
Another remedial action may include blacklisting the content producer which returned the Content Object, and/or re-submitting the Interest to obtain another matching Content Object from another content producer. This allows the verifier component to initiate additional attempts at obtaining a verifiable Content Object on behalf of the application.
Recall that the security component enforces trust management on pairs of Interests and Content Objects. When verifier component 600 receives an ingress Content Object, verifier component 604 performs a lookup operation in an Interest repository 604 to search for the corresponding egress Interest message that was issued by a local application. Verification checker 608 uses the KeyID and the ContentObjectHash of the egress Interest message to verify the Content Object.
Test circuit 610 can perform advanced trust policy enforcement on the Content Objects, which involves processing the Content Object using one or more trust checkers 612.
For example, a key namespace checker 612.1 can check whether the public key used to verify the signature of a Content Object was generated by a key belonging to a trusted namespace. For example, content published under the “/pax” namespace can be signed by a key belonging to the “/xerox” namespace, such that the “/xerox” namespace is a whitelisted namespace to trust any keys published under the “/xerox” namespace.
In some embodiments, verification checker 608 can use a flat trust model, which is a special case of a hierarchical PKI trust model. Specifically, in the flat trust model, an application explicitly identifies the certificates of Content Objects the application trust. Verification checker 608 only accepts Content Objects signed using these identified certificates, and as a result, does not need to perform certificate chain traversal.
A stale data checker 612.2 can check whether the signature of a Content Object is not older than a predetermined time range, such as a week, month, a year, etc.
A tail checker 612.n can perform a preconfigured operation, such as to accept messages by default or reject messages by default. An application can configure the default operation via the CLI for verifier component 600.
A web of Trust (WOT) checker (not shown in
The web-of-trust model is a decentralized alternative to the more centralized PKI model. The fundamental idea of the web-of-trust model is that nodes can independently elect to trust an identity and public-key binding certificate without the presence of a trusted CA. More specifically, nodes can vouch for the trustworthiness of certificates individually or as a group. Nodes can either be partially trusted or fully trusted. Fully trusted nodes which vouch for a certificate binding automatically extend the “web of trust.” Conversely, a group of nodes (e.g., three or more) must vouch for the same certificate binding before the “web of trust” is expanded.
For example, a movie streaming service running on CCN can categorize content hierarchically based on content type (e.g., movie, television), genre (e.g., action, comedy, romance), and year. To simplify key management, a hierarchy of keys for each name prefix may also be used. For example, the named data object (NDO) with name “/netflix/movie/action/2013/TheAvengers” may be signed by a key named “/netflix/movie/action/2013/key,” which is in turn signed by a key named “/netflix/movie/action/key,” and so on, up to the root key named “/netflix/key,” which is signed by a trusted CA. With this type of trust model, the Content Object associated with the name “/netflix/movie/action/2013/TheAvengers” is trusted if the key chain from “/netflix/movie/action/2013/key” to “/netflix/key” is verified successfully.
To implement and enforce this particular trust model in CCN, an application developer would only be required to complete the following two steps:
As a further optimization to avoid lengthy certificate chain traversal, the application developer could acquire and cache certificates associated with sub-namespaces within the Netflix naming hierarchy and add them to the trusted whitelist within the stack. For example, the certificates associated with the name prefix “/netflix/key,” “/netflix/movie/key,” and “/netflix/movie/action/key” could all be added in the trusted whitelist to circumvent certificate chain traversal for Content Objects belonging to the “/netflix/movie/action/” namespace.
As an alternate example, consider an application that implements a PGP-like web-of-trust model. As previously described, the set of trusted identities (e.g., public keys and self-signed certificates) expands in a user-based collaborative manner. Specifically, if more than three identities vouch for the trustworthiness of another previously untrusted identity, then the application can deem the identity to be trusted by consensus. In this example, we assume all identities are self-signed, which means that the organic growth of the set of trusted identities grows only by user group consensus.
To implement and abide by this particular type of trust model, an application developer need only instantiate verifier component 600 with a trust circuit 610 that contains a web-of-trust (WOT) checker. Then, the application can use the CPI to specify a preliminary set of trusted identities in the WOT checker. The WOT checker caches these trusted identities for future operation, which are each specified as hashes of their public keys.
In some embodiments, stack-interfacing module 702 can obtain a stack requirement for a custom stack, and can forward packets between an application and the custom stack. Stack-configuring module 704 can instantiate or configure a stack to satisfy the stack requirements.
Verifier module 706 can process a Content Object for the custom stack to verify whether the Content Object is signed by the content producer associated with a given KeyID. Forwarder module 708 can forward CCN Messages between a local stack and a computer network (e.g., a content centric network).
Data verification system 818 can include instructions, which when executed by computer system 802, can cause computer system 802 to perform methods and/or processes described in this disclosure. Specifically, data verification system 818 may include instructions for obtaining a stack requirement for a custom stack, and for forwarding packets between an application and the custom stack (stack-interfacing module 820). Further, data verification system 818 can include instructions for instantiating or configuring a stack to satisfy the stack requirements (stack-configuring module 822).
Data verification system 818 can include instructions for processing a Content Object for the custom stack to verify whether the Content Object is signed by the content producer associated with a given KeyID (verifier module 824). Data verification system 818 can also include instructions for forwarding CCN Messages between a local stack and a computer network (e.g., a content centric network) (forwarder module 826).
Data 828 can include any data that is required as input or that is generated as output by the methods and/or processes described in this disclosure.
The data structures and code described in this detailed description are typically stored on a computer-readable storage medium, which may be any device or medium that can store code and/or data for use by a computer system. The computer-readable storage medium includes, but is not limited to, volatile memory, non-volatile memory, magnetic and optical storage devices such as disk drives, magnetic tape, CDs (compact discs), DVDs (digital versatile discs or digital video discs), or other media capable of storing computer-readable media now known or later developed.
The methods and processes described in the detailed description section can be embodied as code and/or data, which can be stored in a computer-readable storage medium as described above. When a computer system reads and executes the code and/or data stored on the computer-readable storage medium, the computer system performs the methods and processes embodied as data structures and code and stored within the computer-readable storage medium.
Furthermore, the methods and processes described above can be included in hardware modules. For example, the hardware modules can include, but are not limited to, application-specific integrated circuit (ASIC) chips, field-programmable gate arrays (FPGAs), and other programmable-logic devices now known or later developed. When the hardware modules are activated, the hardware modules perform the methods and processes included within the hardware modules.
The foregoing descriptions of embodiments of the present invention have been presented for purposes of illustration and description only. They are not intended to be exhaustive or to limit the present invention to the forms disclosed. Accordingly, many modifications and variations will be apparent to practitioners skilled in the art. Additionally, the above disclosure is not intended to limit the present invention. The scope of the present invention is defined by the appended claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 817441 | Niesz | Apr 1906 | A |
| 4309569 | Merkle | Jan 1982 | A |
| 4921898 | Lenney | May 1990 | A |
| 5070134 | Oyamada | Dec 1991 | A |
| 5110856 | Oyamada | May 1992 | A |
| 5506844 | Rao | Apr 1996 | A |
| 5629370 | Freidzon | May 1997 | A |
| 5870605 | Bracho | Feb 1999 | A |
| 6052683 | Irwin | Apr 2000 | A |
| 6091724 | Chandra | Jul 2000 | A |
| 6173364 | Zenchelsky | Jan 2001 | B1 |
| 6226618 | Downs | May 2001 | B1 |
| 6233646 | Hahm | May 2001 | B1 |
| 6332158 | Risley | Dec 2001 | B1 |
| 6366988 | Skiba | Apr 2002 | B1 |
| 6574377 | Cahill | Jun 2003 | B1 |
| 6654792 | Verma | Nov 2003 | B1 |
| 6667957 | Corson | Dec 2003 | B1 |
| 6681220 | Kaplan | Jan 2004 | B1 |
| 6681326 | Son | Jan 2004 | B2 |
| 6769066 | Botros | Jul 2004 | B1 |
| 6772333 | Brendel | Aug 2004 | B1 |
| 6862280 | Bertagna | Mar 2005 | B1 |
| 6901452 | Bertagna | May 2005 | B1 |
| 6917985 | Madruga | Jul 2005 | B2 |
| 6968393 | Chen | Nov 2005 | B1 |
| 6981029 | Menditto | Dec 2005 | B1 |
| 7013389 | Srivastava | Mar 2006 | B1 |
| 7031308 | Garcia-Luna-Aceves | Apr 2006 | B2 |
| 7061877 | Gummalla | Jun 2006 | B1 |
| 7206860 | Murakami | Apr 2007 | B2 |
| 7257837 | Xu | Aug 2007 | B2 |
| 7287275 | Moskowitz | Oct 2007 | B2 |
| 7315541 | Housel | Jan 2008 | B1 |
| 7339929 | Zelig | Mar 2008 | B2 |
| 7350229 | Lander | Mar 2008 | B1 |
| 7382787 | Barnes | Jun 2008 | B1 |
| 7444251 | Nikovski | Oct 2008 | B2 |
| 7466703 | Arunachalam | Dec 2008 | B1 |
| 7472422 | Agbabian | Dec 2008 | B1 |
| 7496668 | Hawkinson | Feb 2009 | B2 |
| 7509425 | Rosenberg | Mar 2009 | B1 |
| 7523016 | Surdulescu | Apr 2009 | B1 |
| 7543064 | Juncker | Jun 2009 | B2 |
| 7552233 | Raju | Jun 2009 | B2 |
| 7555482 | Korkus | Jun 2009 | B2 |
| 7555563 | Ott | Jun 2009 | B2 |
| 7567547 | Mosko | Jul 2009 | B2 |
| 7567946 | Andreoli | Jul 2009 | B2 |
| 7580971 | Gollapudi | Aug 2009 | B1 |
| 7623535 | Guichard | Nov 2009 | B2 |
| 7647507 | Feng | Jan 2010 | B1 |
| 7660324 | Oguchi | Feb 2010 | B2 |
| 7685290 | Satapati | Mar 2010 | B2 |
| 7698463 | Ogier | Apr 2010 | B2 |
| 7769887 | Bhattacharyya | Aug 2010 | B1 |
| 7779467 | Choi | Aug 2010 | B2 |
| 7801177 | Luss | Sep 2010 | B2 |
| 7816441 | Elizalde | Oct 2010 | B2 |
| 7831733 | Sultan | Nov 2010 | B2 |
| 7908337 | Garcia-Luna-Aceves | Mar 2011 | B2 |
| 7924837 | Shabtay | Apr 2011 | B1 |
| 7953885 | Devireddy | May 2011 | B1 |
| 8000267 | Solis | Aug 2011 | B2 |
| 8010691 | Kollmansberger | Aug 2011 | B2 |
| 8074289 | Carpentier | Dec 2011 | B1 |
| 8117441 | Kurien | Feb 2012 | B2 |
| 8160069 | Jacobson | Apr 2012 | B2 |
| 8204060 | Jacobson | Jun 2012 | B2 |
| 8214364 | Bigus | Jul 2012 | B2 |
| 8224985 | Takeda | Jul 2012 | B2 |
| 8225057 | Zheng | Jul 2012 | B1 |
| 8271578 | Sheffi | Sep 2012 | B2 |
| 8312064 | Gauvin | Nov 2012 | B1 |
| 8386622 | Jacobson | Feb 2013 | B2 |
| 8467297 | Liu | Jun 2013 | B2 |
| 8553562 | Allan | Oct 2013 | B2 |
| 8572214 | Garcia-Luna-Aceves | Oct 2013 | B2 |
| 8654649 | Vasseur | Feb 2014 | B2 |
| 8665757 | Kling | Mar 2014 | B2 |
| 8667172 | Ravindran | Mar 2014 | B2 |
| 8688619 | Ezick | Apr 2014 | B1 |
| 8699350 | Kumar | Apr 2014 | B1 |
| 8750820 | Allan | Jun 2014 | B2 |
| 8761022 | Chiabaut | Jun 2014 | B2 |
| 8762477 | Xie | Jun 2014 | B2 |
| 8762570 | Qian | Jun 2014 | B2 |
| 8762707 | Killian | Jun 2014 | B2 |
| 8767627 | Ezure | Jul 2014 | B2 |
| 8817594 | Gero | Aug 2014 | B2 |
| 8826381 | Kim | Sep 2014 | B2 |
| 8832302 | Bradford | Sep 2014 | B1 |
| 8836536 | Marwah | Sep 2014 | B2 |
| 8862774 | Vasseur | Oct 2014 | B2 |
| 8903756 | Zhao | Dec 2014 | B2 |
| 8937865 | Kumar | Jan 2015 | B1 |
| 9071498 | Beser | Jun 2015 | B2 |
| 9112895 | Lin | Aug 2015 | B1 |
| 20020010795 | Brown | Jan 2002 | A1 |
| 20020048269 | Hong | Apr 2002 | A1 |
| 20020054593 | Morohashi | May 2002 | A1 |
| 20020077988 | Sasaki | Jun 2002 | A1 |
| 20020078066 | Robinson | Jun 2002 | A1 |
| 20020138551 | Erickson | Sep 2002 | A1 |
| 20020176404 | Girard | Nov 2002 | A1 |
| 20020188605 | Adya | Dec 2002 | A1 |
| 20020199014 | Yang | Dec 2002 | A1 |
| 20030046437 | Eytchison | Mar 2003 | A1 |
| 20030048793 | Pochon | Mar 2003 | A1 |
| 20030051100 | Patel | Mar 2003 | A1 |
| 20030074472 | Lucco | Apr 2003 | A1 |
| 20030097447 | Johnston | May 2003 | A1 |
| 20030140257 | Paterka | Jul 2003 | A1 |
| 20040024879 | Dingman | Feb 2004 | A1 |
| 20040030602 | Rosenquist | Feb 2004 | A1 |
| 20040039827 | Thomas | Feb 2004 | A1 |
| 20040073715 | Folkes | Apr 2004 | A1 |
| 20040139230 | Kim | Jul 2004 | A1 |
| 20040221047 | Grover | Nov 2004 | A1 |
| 20040225627 | Botros | Nov 2004 | A1 |
| 20040252683 | Kennedy | Dec 2004 | A1 |
| 20050003832 | Osafune | Jan 2005 | A1 |
| 20050028156 | Hammond | Feb 2005 | A1 |
| 20050043060 | Brandenberg | Feb 2005 | A1 |
| 20050050211 | Kaul | Mar 2005 | A1 |
| 20050074001 | Mattes | Apr 2005 | A1 |
| 20050149508 | Deshpande | Jul 2005 | A1 |
| 20050159823 | Hayes | Jul 2005 | A1 |
| 20050198351 | Nog | Sep 2005 | A1 |
| 20050249196 | Ansari | Nov 2005 | A1 |
| 20050259637 | Chu | Nov 2005 | A1 |
| 20050262217 | Nonaka | Nov 2005 | A1 |
| 20050289222 | Sahim | Dec 2005 | A1 |
| 20060010249 | Sabesan | Jan 2006 | A1 |
| 20060029102 | Abe | Feb 2006 | A1 |
| 20060039379 | Abe | Feb 2006 | A1 |
| 20060051055 | Ohkawa | Mar 2006 | A1 |
| 20060072523 | Richardson | Apr 2006 | A1 |
| 20060099973 | Nair | May 2006 | A1 |
| 20060129514 | Watanabe | Jun 2006 | A1 |
| 20060133343 | Huang | Jun 2006 | A1 |
| 20060173831 | Basso | Aug 2006 | A1 |
| 20060193295 | White | Aug 2006 | A1 |
| 20060206445 | Andreoli | Sep 2006 | A1 |
| 20060215684 | Capone | Sep 2006 | A1 |
| 20060223504 | Ishak | Oct 2006 | A1 |
| 20060256767 | Suzuki | Nov 2006 | A1 |
| 20060268792 | Belcea | Nov 2006 | A1 |
| 20070019619 | Foster | Jan 2007 | A1 |
| 20070073888 | Madhok | Mar 2007 | A1 |
| 20070094265 | Korkus | Apr 2007 | A1 |
| 20070112880 | Yang | May 2007 | A1 |
| 20070124412 | Narayanaswami | May 2007 | A1 |
| 20070127457 | Mirtorabi | Jun 2007 | A1 |
| 20070160062 | Morishita | Jul 2007 | A1 |
| 20070162394 | Zager | Jul 2007 | A1 |
| 20070189284 | Kecskemeti | Aug 2007 | A1 |
| 20070195765 | Heissenbuttel | Aug 2007 | A1 |
| 20070204011 | Shaver | Aug 2007 | A1 |
| 20070209067 | Fogel | Sep 2007 | A1 |
| 20070239892 | Ott | Oct 2007 | A1 |
| 20070240207 | Belakhdar | Oct 2007 | A1 |
| 20070245034 | Retana | Oct 2007 | A1 |
| 20070253418 | Shiri | Nov 2007 | A1 |
| 20070255699 | Sreenivas | Nov 2007 | A1 |
| 20070255781 | Li | Nov 2007 | A1 |
| 20070274504 | Maes | Nov 2007 | A1 |
| 20070276907 | Maes | Nov 2007 | A1 |
| 20070294187 | Scherrer | Dec 2007 | A1 |
| 20080005056 | Stelzig | Jan 2008 | A1 |
| 20080010366 | Duggan | Jan 2008 | A1 |
| 20080037420 | Tang | Feb 2008 | A1 |
| 20080043989 | Furutono | Feb 2008 | A1 |
| 20080046340 | Brown | Feb 2008 | A1 |
| 20080059631 | Bergstrom | Mar 2008 | A1 |
| 20080080440 | Yarvis | Apr 2008 | A1 |
| 20080101357 | Iovanna | May 2008 | A1 |
| 20080107034 | Jetcheva | May 2008 | A1 |
| 20080123862 | Rowley | May 2008 | A1 |
| 20080133583 | Artan | Jun 2008 | A1 |
| 20080133755 | Pollack | Jun 2008 | A1 |
| 20080151755 | Nishioka | Jun 2008 | A1 |
| 20080159271 | Kutt | Jul 2008 | A1 |
| 20080186901 | Itagaki | Aug 2008 | A1 |
| 20080200153 | Fitzpatrick | Aug 2008 | A1 |
| 20080215669 | Gaddy | Sep 2008 | A1 |
| 20080216086 | Tanaka | Sep 2008 | A1 |
| 20080243992 | Jardetzky | Oct 2008 | A1 |
| 20080256359 | Kahn | Oct 2008 | A1 |
| 20080270618 | Rosenberg | Oct 2008 | A1 |
| 20080271143 | Stephens | Oct 2008 | A1 |
| 20080287142 | Keighran | Nov 2008 | A1 |
| 20080288580 | Wang | Nov 2008 | A1 |
| 20080320148 | Capuozzo | Dec 2008 | A1 |
| 20090006659 | Collins | Jan 2009 | A1 |
| 20090013324 | Gobara | Jan 2009 | A1 |
| 20090022154 | Kiribe | Jan 2009 | A1 |
| 20090024641 | Quigley | Jan 2009 | A1 |
| 20090030978 | Johnson | Jan 2009 | A1 |
| 20090037763 | Adhya | Feb 2009 | A1 |
| 20090052660 | Chen | Feb 2009 | A1 |
| 20090067429 | Nagai | Mar 2009 | A1 |
| 20090077184 | Brewer | Mar 2009 | A1 |
| 20090092043 | Lapuh | Apr 2009 | A1 |
| 20090097631 | Gisby | Apr 2009 | A1 |
| 20090103515 | Pointer | Apr 2009 | A1 |
| 20090113068 | Fujihira | Apr 2009 | A1 |
| 20090144300 | Chatley | Jun 2009 | A1 |
| 20090157887 | Froment | Jun 2009 | A1 |
| 20090185745 | Momosaki | Jul 2009 | A1 |
| 20090193101 | Munetsugu | Jul 2009 | A1 |
| 20090222344 | Greene | Sep 2009 | A1 |
| 20090228593 | Takeda | Sep 2009 | A1 |
| 20090254572 | Redlich | Oct 2009 | A1 |
| 20090268905 | Matsushima | Oct 2009 | A1 |
| 20090285209 | Stewart | Nov 2009 | A1 |
| 20090287835 | Jacobson | Nov 2009 | A1 |
| 20090288163 | Jacobson | Nov 2009 | A1 |
| 20090292743 | Bigus | Nov 2009 | A1 |
| 20090293121 | Bigus | Nov 2009 | A1 |
| 20090300079 | Shitomi | Dec 2009 | A1 |
| 20090300407 | Kamath | Dec 2009 | A1 |
| 20090307333 | Welingkar | Dec 2009 | A1 |
| 20090323632 | Nix | Dec 2009 | A1 |
| 20100005061 | Basco | Jan 2010 | A1 |
| 20100027539 | Beverly | Feb 2010 | A1 |
| 20100046546 | Ram | Feb 2010 | A1 |
| 20100057929 | Merat | Mar 2010 | A1 |
| 20100088370 | Wu | Apr 2010 | A1 |
| 20100094767 | Miltonberger | Apr 2010 | A1 |
| 20100098093 | Ejzak | Apr 2010 | A1 |
| 20100100465 | Cooke | Apr 2010 | A1 |
| 20100103870 | Garcia-Luna-Aceves | Apr 2010 | A1 |
| 20100124191 | Vos | May 2010 | A1 |
| 20100125911 | Bhaskaran | May 2010 | A1 |
| 20100131660 | Dec | May 2010 | A1 |
| 20100150155 | Napierala | Jun 2010 | A1 |
| 20100165976 | Khan | Jul 2010 | A1 |
| 20100169478 | Saha | Jul 2010 | A1 |
| 20100169503 | Kollmansberger | Jul 2010 | A1 |
| 20100180332 | Ben-Yochanan | Jul 2010 | A1 |
| 20100182995 | Hwang | Jul 2010 | A1 |
| 20100185753 | Liu | Jul 2010 | A1 |
| 20100195653 | Jacobson | Aug 2010 | A1 |
| 20100195654 | Jacobson | Aug 2010 | A1 |
| 20100195655 | Jacobson | Aug 2010 | A1 |
| 20100217874 | Anantharaman | Aug 2010 | A1 |
| 20100232402 | Przybysz | Sep 2010 | A1 |
| 20100232439 | Dham | Sep 2010 | A1 |
| 20100235516 | Nakamura | Sep 2010 | A1 |
| 20100246549 | Zhang | Sep 2010 | A1 |
| 20100250497 | Redlich | Sep 2010 | A1 |
| 20100250939 | Adams | Sep 2010 | A1 |
| 20100268782 | Zombek | Oct 2010 | A1 |
| 20100272107 | Papp | Oct 2010 | A1 |
| 20100284309 | Allan | Nov 2010 | A1 |
| 20100284404 | Gopinath | Nov 2010 | A1 |
| 20100293293 | Beser | Nov 2010 | A1 |
| 20100322249 | Thathapudi | Dec 2010 | A1 |
| 20110013637 | Xue | Jan 2011 | A1 |
| 20110022812 | vanderLinden | Jan 2011 | A1 |
| 20110055392 | Shen | Mar 2011 | A1 |
| 20110055921 | Narayanaswamy | Mar 2011 | A1 |
| 20110090908 | Jacobson | Apr 2011 | A1 |
| 20110106755 | Hao | May 2011 | A1 |
| 20110145597 | Yamaguchi | Jun 2011 | A1 |
| 20110145858 | Philpott | Jun 2011 | A1 |
| 20110153840 | Narayana | Jun 2011 | A1 |
| 20110161408 | Kim | Jun 2011 | A1 |
| 20110202609 | Chaturvedi | Aug 2011 | A1 |
| 20110231578 | Nagappan | Sep 2011 | A1 |
| 20110239256 | Gholmieh | Sep 2011 | A1 |
| 20110258049 | Ramer | Oct 2011 | A1 |
| 20110264824 | Venkata Subramanian | Oct 2011 | A1 |
| 20110265174 | Thornton | Oct 2011 | A1 |
| 20110271007 | Wang | Nov 2011 | A1 |
| 20110286457 | Ee | Nov 2011 | A1 |
| 20110286459 | Rembarz | Nov 2011 | A1 |
| 20110295783 | Zhao | Dec 2011 | A1 |
| 20110299454 | Krishnaswamy | Dec 2011 | A1 |
| 20120011170 | Elad | Jan 2012 | A1 |
| 20120011551 | Levy | Jan 2012 | A1 |
| 20120036180 | Thornton | Feb 2012 | A1 |
| 20120047361 | Erdmann | Feb 2012 | A1 |
| 20120066727 | Nozoe | Mar 2012 | A1 |
| 20120106339 | Mishra | May 2012 | A1 |
| 20120114313 | Phillips | May 2012 | A1 |
| 20120120803 | Farkas | May 2012 | A1 |
| 20120136676 | Goodall | May 2012 | A1 |
| 20120136936 | Quintuna | May 2012 | A1 |
| 20120136945 | Lee | May 2012 | A1 |
| 20120137367 | Dupont | May 2012 | A1 |
| 20120141093 | Yamaguchi | Jun 2012 | A1 |
| 20120155464 | Kim | Jun 2012 | A1 |
| 20120158973 | Jacobson | Jun 2012 | A1 |
| 20120163373 | Lo | Jun 2012 | A1 |
| 20120166806 | Zhang | Jun 2012 | A1 |
| 20120179653 | Araki | Jul 2012 | A1 |
| 20120197690 | Agulnek | Aug 2012 | A1 |
| 20120198048 | Ioffe | Aug 2012 | A1 |
| 20120204224 | Wang | Aug 2012 | A1 |
| 20120221150 | Arensmeier | Aug 2012 | A1 |
| 20120224487 | Hui | Sep 2012 | A1 |
| 20120257500 | Lynch | Oct 2012 | A1 |
| 20120284791 | Miller | Nov 2012 | A1 |
| 20120290669 | Parks | Nov 2012 | A1 |
| 20120290919 | Melnyk | Nov 2012 | A1 |
| 20120291102 | Cohen | Nov 2012 | A1 |
| 20120314580 | Hong | Dec 2012 | A1 |
| 20120317307 | Ravindran | Dec 2012 | A1 |
| 20120331112 | Chatani | Dec 2012 | A1 |
| 20130041982 | Shi | Feb 2013 | A1 |
| 20130051392 | Filsfils | Feb 2013 | A1 |
| 20130060962 | Wang | Mar 2013 | A1 |
| 20130073552 | Rangwala | Mar 2013 | A1 |
| 20130074155 | Huh | Mar 2013 | A1 |
| 20130091539 | Khurana | Apr 2013 | A1 |
| 20130110987 | Kim | May 2013 | A1 |
| 20130111063 | Lee | May 2013 | A1 |
| 20130151584 | Westphal | Jun 2013 | A1 |
| 20130163426 | Beliveau | Jun 2013 | A1 |
| 20130166668 | Byun | Jun 2013 | A1 |
| 20130173822 | Hong | Jul 2013 | A1 |
| 20130182568 | Lee | Jul 2013 | A1 |
| 20130185406 | Choi | Jul 2013 | A1 |
| 20130197698 | Shah | Aug 2013 | A1 |
| 20130198119 | Eberhardt, III | Aug 2013 | A1 |
| 20130219038 | Lee | Aug 2013 | A1 |
| 20130219081 | Qian | Aug 2013 | A1 |
| 20130219478 | Mahamuni | Aug 2013 | A1 |
| 20130223237 | Hui | Aug 2013 | A1 |
| 20130227166 | Ravindran | Aug 2013 | A1 |
| 20130242996 | Varvello | Sep 2013 | A1 |
| 20130250809 | Hui | Sep 2013 | A1 |
| 20130282854 | Jang | Oct 2013 | A1 |
| 20130282860 | Zhang | Oct 2013 | A1 |
| 20130282920 | Zhang | Oct 2013 | A1 |
| 20130304937 | Lee | Nov 2013 | A1 |
| 20130329696 | Xu | Dec 2013 | A1 |
| 20130336323 | Srinivasan | Dec 2013 | A1 |
| 20130343408 | Cook | Dec 2013 | A1 |
| 20140003232 | Guichard | Jan 2014 | A1 |
| 20140006565 | Muscariello | Jan 2014 | A1 |
| 20140029445 | Hui | Jan 2014 | A1 |
| 20140032714 | Liu | Jan 2014 | A1 |
| 20140040505 | Barton | Feb 2014 | A1 |
| 20140074730 | Arensmeier | Mar 2014 | A1 |
| 20140075567 | Raleigh | Mar 2014 | A1 |
| 20140082135 | Jung | Mar 2014 | A1 |
| 20140089454 | Jeon | Mar 2014 | A1 |
| 20140096249 | Dupont | Apr 2014 | A1 |
| 20140129736 | Yu | May 2014 | A1 |
| 20140136814 | Stark | May 2014 | A1 |
| 20140140348 | Perlman | May 2014 | A1 |
| 20140143370 | Vilenski | May 2014 | A1 |
| 20140146819 | Bae | May 2014 | A1 |
| 20140149733 | Kim | May 2014 | A1 |
| 20140156396 | deKozan | Jun 2014 | A1 |
| 20140165207 | Engel | Jun 2014 | A1 |
| 20140172783 | Suzuki | Jun 2014 | A1 |
| 20140172981 | Kim | Jun 2014 | A1 |
| 20140173034 | Liu | Jun 2014 | A1 |
| 20140192717 | Liu | Jul 2014 | A1 |
| 20140195328 | Ferens | Jul 2014 | A1 |
| 20140195666 | Dumitriu | Jul 2014 | A1 |
| 20140233575 | Xie | Aug 2014 | A1 |
| 20140237085 | Park | Aug 2014 | A1 |
| 20140280823 | Varvello | Sep 2014 | A1 |
| 20140281489 | Peterka | Sep 2014 | A1 |
| 20140281505 | Zhang | Sep 2014 | A1 |
| 20140282816 | Xie | Sep 2014 | A1 |
| 20140289325 | Solis | Sep 2014 | A1 |
| 20140289790 | Wilson | Sep 2014 | A1 |
| 20140314093 | You | Oct 2014 | A1 |
| 20140365550 | Jang | Dec 2014 | A1 |
| 20150006896 | Franck | Jan 2015 | A1 |
| 20150018770 | Baran | Jan 2015 | A1 |
| 20150032892 | Narayanan | Jan 2015 | A1 |
| 20150063802 | Bahadur | Mar 2015 | A1 |
| 20150095481 | Ohnishi | Apr 2015 | A1 |
| 20150095514 | Yu | Apr 2015 | A1 |
| 20150188770 | Naiksatam | Jul 2015 | A1 |
| 20160014234 | Oran | Jan 2016 | A1 |
| 20160043963 | Oran | Feb 2016 | A1 |
| Number | Date | Country |
|---|---|---|
| 1720277 | Jun 1967 | DE |
| 19620817 | Nov 1997 | DE |
| 0295727 | Dec 1988 | EP |
| 0757065 | Jul 1996 | EP |
| 1077422 | Feb 2001 | EP |
| 1384729 | Jan 2004 | EP |
| 2124415 | Nov 2009 | EP |
| 2214357 | Aug 2010 | EP |
| 03005288 | Jan 2003 | WO |
| 03042254 | May 2003 | WO |
| 03049369 | Jun 2003 | WO |
| 03091297 | Nov 2003 | WO |
| 2007113180 | Oct 2007 | WO |
| 2007144388 | Dec 2007 | WO |
| 2011049890 | Apr 2011 | WO |
| Entry |
|---|
| Xie et al. “Collaborative Forwarding and Caching in Content Centric Networks”, Networking 2012. |
| Afanasyev, Alexander, et al. “Interest flooding attack and countermeasures in Named Data Networking.” IFIP Networking Conference, 2013. IEEE, 2013. |
| Cho, Jin-Hee, Ananthram Swami, and Ray Chen. “A survey on trust management for mobile ad hoc networks.” Communications Surveys & Tutorials, IEEE 13.4 (2011): 562-583. |
| Compagno, Alberto, et al. “Poseidon: Mitigating interest flooding DDoS attacks in named data networking.” Local Computer Networks (LCN), 2013 IEEE 38th Conference on. IEEE, 2013. |
| Conner, William, et al. “A trust management framework for service-oriented environments.” Proceedings of the 18th international conference on World wide web. ACM, 2009. |
| Fayazbakhsh, S. K., Lin, Y., Tootoonchian, A., Ghodsi, A., Koponen, T., Maggs, B., & Shenker, S. (Aug. 2013). Less pain, most of the gain: Incrementally deployable ICN. In ACM SIGCOMM Computer Communication Review (vol. 43, No. 4, pp. 147-158). ACM. |
| Gasti, Paolo, et al. “Dos and ddos in named data networking.” Computer Communications and Networks (ICCCN), 2013 22nd International Conference on. IEEE, 2013. |
| Ghali, Cesar, Gene Tsudik, and Ersin Uzun. “Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking.” Proceedings of NDSS Workshop on Security of Emerging Networking Technologies (SENT). 2014. |
| Ghodsi, Ali, et al. “Naming in content-oriented architectures.” Proceedings of the ACM SIGCOMM workshop on Information-centric networking. ACM, 2011. |
| Ghodsi, Ali, et al. “Information-centric networking: seeing the forest for the trees.” Proceedings of the 10th ACM Workshop on Hot Topics in Networks. ACM, 2011. |
| Koponen, Teemu, et al. “A data-oriented (and beyond) network architecture.” ACM SIGCOMM Computer Communication Review. vol. 37. No. 4. ACM, 2007. |
| Li, Wenjia, Anupam Joshi, and Tim Finin. “Coping with node misbehaviors in ad hoc networks: A multi-dimensional trust management approach.” Mobile Data Management (MDM), 2010 Eleventh International Conference on. IEEE, 2010. |
| Lopez, Javier, et al. “Trust management systems for wireless sensor networks: Best practices.” Computer Communications 33.9 (2010): 1086-1093. |
| Omar, Mawloud, Yacine Challal, and Abdelmadjid Bouabdallah. “Certification-based trust models in mobile ad hoc networks: A survey and taxonomy.” Journal of Network and Computer Applications 35.1 (2012): 268-286. |
| Zahariadis, Theodore, et al. “Trust management in wireless sensor networks.” European Transactions on Telecommunications 21.4 (2010): 386-395. |
| Jacobson, Van et al., “Content-Centric Networking, Whitepaper Describing Future Assurable Global Networks”, Palo Alto Research Center, Inc., Jan. 30, 2007, pp. 1-9. |
| Koponen, Teemu et al., “A Data-Oriented (and Beyond) Network Architecture”, SIGCOMM '07, Aug. 27-31, 2007, Kyoto, Japan, XP-002579021, p. 181-192. |
| Fall, K. et al., “DTN: an architectural retrospective”, Selected areas in communications, IEEE Journal on, vol. 28, No. 5, Jun. 1, 2008, pp. 828-835. |
| Gritter, M. et al., ‘An Architecture for content routing support in the Internet’, Proceedings of 3rd Usenix Symposium on Internet Technologies and Systems, 2001, pp. 37-48. |
| “CCNx,” http://ccnx.org/. downloaded Mar. 11, 2015. |
| “Content Delivery Network”, Wikipedia, Dec. 10, 2011, http://en.wikipedia.org/w/index.php?title=Content—delivery—network&oldid=465077460. |
| “Digital Signature” archived on Aug. 31, 2009 at http://web.archive.org/web/20090831170721/http://en.wikipedia.org/wiki/Digital—signature. |
| “Introducing JSON,” http://www.json.org/. downloaded Mar. 11, 2015. |
| “Microsoft PlayReady,” http://www.microsoft.com/playready/.downloaded Mar. 11, 2015. |
| “Pursuing a pub/sub internet (PURSUIT),” http://www.fp7-pursuit.ew/PursuitWeb/. downloaded Mar. 11, 2015. |
| “The FP7 4WARD project,” http://www.4ward-project.eu/. downloaded Mar. 11, 2015. |
| A. Broder and A. Karlin, “Multilevel Adaptive Hashing”, Jan. 1990, pp. 43-53. |
| Detti, Andrea, et al. “CONET: a content centric inter-networking architecture.” Proceedings of the ACM SIGCOMM workshop on Information-centric networking. ACM, 2011. |
| A. Wolman, M. Voelker, N. Sharma N. Cardwell, A. Karlin, and H.M. Levy, “On the scale and performance of cooperative web proxy caching,” ACM SIGHOPS Operating Systems Review, vol. 33, No. 5, pp. 16-31, Dec. 1999. |
| Ao-Jan Su, David R. Choffnes, Aleksandar Kuzmanovic, and Fabian E. Bustamante. Drafting Behind Akamai: Inferring Network Conditions Based on CDN Redirections. IEEE/ACM Transactions on Networking {Feb. 2009). |
| B. Ahlgren et al., ‘A Survey of Information-centric Networking’ IEEE Commun. Magazine, Jul. 2012, pp. 26-36. |
| B. Lynn$2E. |
| Bari, MdFaizul, et al. ‘A survey of naming and routing in information-centric networks.’ Communications Magazine, IEEE 50.12 (2012): 44-53. |
| Baugher, Mark et al., “Self-Verifying Names for Read-Only Named Data”, 2012 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Mar. 2012, pp. 274-279. |
| Brambley, Michael, A novel, low-cost, reduced-sensor approach for providing smart remote monitoring and diagnostics for packaged air conditioners and heat pumps. Pacific Northwest National Laboratory, 2009. |
| C. Gentry and A. Silverberg. Hierarchical ID-Based Cryptography. Advances in Cryptology—Asiacrypt 2002. Springer Berlin Heidelberg (2002). |
| C.A. Wood and E. Uzun, “Flexible end-to-end content security in CCN,” in Proc. IEEE CCNC 2014, Las Vegas, CA, USA, Jan. 2014. |
| Carzaniga, Antonio, Matthew J. Rutherford, and Alexander L. Wolf. ‘A routing scheme for content-based networking.’ INFOCOM 2004. Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies. vol. 2. IEEE, 2004. |
| Content Centric Networking Project (CCN) [online], http://ccnx.org/releases/latest/doc/technical/, Downloaded Mar. 9, 2015. |
| Content Mediator Architecture for Content-aware Networks (COMET) Project [online], http://www.comet-project.org/, Downloaded Mar. 9, 2015. |
| D. Boneh, C. Gentry, and B. Waters, 'Collusi. |
| D. Boneh and M. Franklin. Identity-Based Encryption from the Weil Pairing. Advances in Cryptology—Crypto 2001, vol. 2139, Springer Berlin Heidelberg (2001). |
| D.K. Smetters, P. Golle, and J.D. Thornton, “CCNx access control specifications,” PARC, Tech. Rep., Jul. 2010. |
| Dabirmoghaddam, Ali, Maziar Mirzazad Barijough, and J. J. Garcia-Luna-Aceves. ‘Understanding optimal caching and opportunistic caching at the edge of information-centric networks.’ Proceedings of the 1st international conference on Information-centric networking. ACM, 2014. |
| Detti et al., “Supporting the Web with an information centric network that routes by name”, Aug. 2012, Computer Networks 56, pp. 3705-3702. |
| Dijkstra, Edsger W., and Carel S. Scholten. ‘Termination detection for diffusing computations.’ Information Processing Letters 11.1 (1980): 1-4. |
| Dijkstra, Edsger W., Wim HJ Feijen, and A—J M. Van Gasteren. “Derivation of a termination detection algorithm for distributed computations.” Control Flow and Data Flow: concepts of distributed programming. Springer Berlin Heidelberg, 1986. 507-512. |
| E. Rescorla and N. Modadugu, “Datagram transport layer security,” IETF RFC 4347, Apr. 2006. |
| E.W. Dijkstra, W. Feijen, and A.J.M. Van Gasteren, “Derivation of a Termination Detection Algorithm for Distributed Computations,” Information Processing Letter, vol. 16, No. 5, 1983. |
| G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved Proxy Reencryption Schemes with Applications to Secure Distributed Storage. In the 12th Annual Network and Distributed System Security Sympo. |
| G. Tyson, S. Kaune, S. Miles, Y. El-Khatib, A. Mauthe, and A. Taweel, “A trace-driven analysis of caching in content-centric networks,” in Proc. IEEE ICCCN 2012, Munich, Germany, Jul.-Aug. 2012, pp. 1-7. |
| G. Wang, Q. Liu, and J. Wu, “Hierarchical attribute-based encryption for fine-grained access control in cloud storage services,” in Proc. ACM CCS 2010, Chicago, IL, USA, Oct. 2010, pp. 735-737. |
| G. Xylomenos et al., “A Survey of Information-centric Networking Research,” IEEE Communication Surveys and Tutorials, Jul. 2013. |
| Garcia, Humberto E., Wen-Chiao Lin, and Semyon M. Meerkov. “A resilient condition assessment monitoring system.” Resilient Control Systems (ISRCS), 2012 5th International Symposium on. IEEE, 2012. |
| Garcia-Luna-Aceves, Jose J. ‘A unified approach to loop-free routing using distance vectors or link states.’ ACM SIGCOMM Computer Communication Review. vol. 19. No. 4. ACM, 1989. |
| Garcia-Luna-Aceves, Jose J. ‘Name-Based Content Routing in Information Centric Networks Using Distance Information’ Proc ACM ICN 2014, Sep. 2014. |
| Gupta, Anjali, Barbara Liskov, and Rodrigo Rodrigues. “Efficient Routing for Peer-to-Peer to-Peer Overlays.” NSDI. vol. 4. 2004. |
| H. Xiong, X. Zhang, W. Zhu, and D. Yao. CloudSeal: End-to$2. |
| Heckerman, David, John S. Breese, and Koos Rommelse. “Decision-Theoretic Troubleshooting.” Communications of the ACM. 1995. |
| Heinemeier, Kristin, et al. “Uncertainties in Achieving Energy Savings from HVAC Maintenance Measures in the Field.” ASHRAE Transactions 118.Part 2 {2012). |
| Herlich, Matthias et al., “Optimizing Energy Efficiency for Bulk Transfer Networks”, Apr. 13, 2010, pp. 1-3, retrieved for the Internet: URL:http://www.cs.uni-paderborn.de/fileadmin/informationik/ag-karl/publications/miscellaneous/optimizing.pdf (retrieved on Mar. 9, 2012). |
| Hogue et al., ‘NLSR: Named-data Link State Routing Protocol’, Aug. 12, 2013, ICN 2013, pp. 15-20. |
| https://code.google.com/p/ccnx-trace/. |
| I. Psaras, R.G. Clegg, R. Landa, W.K. Chai, and G. Pavlou, “Modelling and evaluation of CCN-caching trees,” in Proc. IFIP Networking 2011, Valencia, Spain, May 2011, pp. 78-91. |
| Intanagonwiwat, Chalermek, Ramesh Govindan, and Deborah Estrin. ‘Directed diffusion: a scalable and robust communication paradigm for sensor networks.’ Proceedings of the 6th annual international conference on Mobile computing and networking. ACM, 2000. |
| J. Aumasson and D. Bernstein, “SipHash: a fast short-input PRF”, Sep. 18, 2012. |
| J. Bethencourt, A, Sahai, and B. Waters, ‘Ciphertext-policy attribute-based encryption,’ in Proc. IEEE Security & Privacy 2007, Berkeley, CA, USA, May 2007, pp. 321-334. |
| J. Hur, “Improving security and efficiency in attribute-based data sharing,” IEEE Trans. Knowledge Data Eng., vol. 25, No. 10, pp. 2271-2282, Oct. 2013. |
| J. Shao and Z. Cao. CCA-Secure Proxy Re-Encryption without Pairings. Public Key Cryptography. Springer Lecture Notes in Computer Sciencevolume 5443 (2009). |
| V. Jacobson et al., ‘Networking Named Content,’ Proc. IEEE CoNEXT '09, Dec. 2009. |
| Jacobson, Van et al. ‘VoCCN: Voice Over Content-Centric Networks.’ Dec. 1, 2009. ACM ReArch'09. |
| Jacobson et al., “Custodian-Based Information Sharing,” Jul. 2012, IEEE Communications Magazine: vol. 50 Issue 7 (p. 3843). |
| Ji, Kun, et al. “Prognostics enabled resilient control for model-based building automation systems.” Proceedings of the 12th Conference of International Building Performance Simulation Association. 2011. |
| K. Liang, L. Fang, W. Susilo, and D.S. Wong, “A Ciphertext-policy attribute-based proxy re-encryption with chosen-ciphertext security,” in Proc. INCoS 2013, Xian, China, Sep. 2013, pp. 552-559. |
| Katipamula, Srinivas, and Michael R. Brambley. “Review article: methods for fault detection, diagnostics, and prognostics for building systemsa review, Part I.” HVAC&R Research 11.1 (2005): 3-25. |
| Katipamula, Srinivas, and Michael R. Brambley. “Review article: methods for fault detection, diagnostics, and prognostics for building systemsa review, Part II.” HVAC&R Research 11.2 (2005): 169-187. |
| L. Wang et al., ‘OSPFN: An OSPF Based Routing Protocol for Named Data Networking,’ Technical Report NDN-0003, 2012. |
| L. Zhou, V. Varadharajan, and M. Hitchens, “Achieving secure role-based access control on encrypted data in cloud storage,” IEEE Trans. Inf. Forensics Security, vol. 8, No. 12, pp. 1947-1960, Dec. 2013. |
| M. Blaze, G. Bleumer, and M. Strauss, ‘Divertible protocols and atomic prosy cryptography,’ in Proc. Eurocrypt 1998, Espoo, Finland, May-Jun. 1998, pp. 127-144. |
| M. Green and G. Ateniese, “Identity-based proxy re-encryption,” in Proc. ACNS 2007, Zhuhai, China, Jun. 2007, pp. 288-306. |
| M. Ion, J. Zhang, and E.M. Schooler, “Toward content-centric privacy in ICN: Attribute-based encryption and routing,” in Proc. ACM SIGCOMM ICN 2013, Hong Kong, China, Aug. 2013, pp. 39-40. |
| M. Naor and B. Pinkas “Efficient trace and revoke schemes,” in Proc. FC 2000, Anguilla, British West Indies, Feb. 2000, pp. 1-20. |
| M. Nystrom, S. Parkinson, A. Rusch, and M. Scott, “PKCS#12: Personal information exchange syntax v. 1.1,” IETF RFC 7292, K. Moriarty, Ed., Jul. 2014. |
| M. Parsa and J.J. Garcia-Luna-Aceves, “A Protocol for Scalable Loop-free Multicast Routing.” IEEE JSAC, Apr. 1997. |
| M. Walfish, H. Balakrishnan, and S. Shenker, “Untangling the web from DNS,” in Proc. USENIX NSDI 2004, Oct. 2010, pp. 735-737. |
| Mahadevan, Priya, et al. “Orbis: rescaling degree correlations to generate annotated internet topologies.” ACM SIGCOMM Computer Communication Review. vol. 37. No. 4. ACM, 2007. |
| Mahadevan, Priya, et al. “Systematic topology analysis and generation using degree correlations.” ACM SIGCOMM Computer Communication Review. vol. 36. No. 4. ACM, 2006. |
| Matocha, Jeff, and Tracy Camp. ‘A taxonomy of distributed termination detection algorithms.’ Journal of Systems and Software 43.3 (1998): 207-221. |
| Matted Varvello et al., “Caesar: A Content Router for High Speed Forwarding”, ICN 2012, Second Edition on Information-Centric Networking, New York, Aug. 2012. |
| McWilliams, Jennifer A., and Iain S. Walker. “Home Energy Article: A Systems Approach to Retrofitting Residential HVAC Systems.” Lawrence Berkeley National Laboratory (2005). |
| Merindol et al., “An efficient algorithm to enable path diversity in link state routing networks”, Jan. 10, Computer Networks 55 (2011), pp. 1132-1140. |
| Mobility First Project [online], http://mobilityfirst.winlab.rutgers.edu/, Downloaded Mar. 9, 2015. |
| Narasimhan, Sriram, and Lee Brownston. “HyDE—A General Framework for Stochastic and Hybrid Modelbased Diagnosis.” Proc. DX 7 (2007): 162-169. |
| NDN Project [online], http://www.named-data.net/, Downloaded Mar. 9, 2015. |
| P. Mahadevan, E.Uzun, S. Sevilla, and J. Garcia-Luna-Aceves, “CCN-krs: A key resolution service for ccn,” in Proceedings of the 1st International Conference on Information-centric Networking, Ser. Inc 14 New York, NY, USA: ACM, 2014, pp. 97-106. [Online]. Available: http://doi.acm.org/10.1145/2660129.2660154. |
| R. H. Deng, J. Weng, S. Liu, and K. Chen. Chosen-Ciphertext Secure Proxy Re-Encryption without Pairings. CANS. Spring Lecture Notes in Computer Science vol. 5339 (2008). |
| Rosenberg, J. “Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols”, Apr. 2010, pp. 1-117. |
| S. Chow, J. Weng, Y. Yang, and R. Deng. Efficient Unidirectional Proxy Re-Encryption. Progress in Cryptology—Africacrypt 2010. Springer Berlin Heidelberg (2010). |
| S. Deering, “Multicast Routing in Internetworks and Extended LANs,” Proc. ACM SIGCOMM '88, Aug. 1988. |
| S. Deering et al., “The PIM architecture for wide-area multicast routing,” IEEE/ACM Trans, on Networking, vol. 4, No. 2, Apr. 1996. |
| S. Jahid, P. Mittal, and N. Borisov, “EASiER: Encryption-based access control in social network with efficient revocation,” in Proc. ACM ASIACCS 2011, Hong Kong, China, Mar. 2011, pp. 411-415. |
| S. Kamara and K. Lauter, “Cryptographic cloud storage,” in Proc. FC 2010, Tenerife, Canary Islands, Spain, Jan. 2010, pp. 136-149. |
| S. Kumar et al. “Peacock Hashing: Deterministic and Updatable Hashing for High Performance Networking,” 2008, pp. 556-564. |
| S. Misra, R. Tourani, and N.E. Majd, “Secure content delivery in information-centric networks: Design, implementation, and analyses,” in Proc. ACM SIGCOMM ICN 2013, Hong Kong, China, Aug. 2013, pp. 73-78. |
| S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving secure, scalable, and fine-grained data access control in cloud computing,” in Proc. IEEE INFOCOM 2010, San Diego, CA, USA, Mar. 2010, pp. 1-9. |
| S.J. Lee, M. Gerla, and C. Chiang, “On-demand Multicast Routing Protocol in Multihop Wireless Mobile Networks,” Mobile Networks and Applications, vol. 7, No. 6, 2002. |
| Sandvine, Global Internet Phenomena Report—Spring 2012. Located online at http://www.sandvine.com/downloads/ documents/Phenomenal H 2012/Sandvine Global Internet Phenomena Report 1H 2012.pdf. |
| Scalable and Adaptive Internet Solutions (SAIL) Project [online], http://sail-project.eu/ Downloaded Mar. 9, 2015. |
| Schein, Jeffrey, and Steven T. Bushby. A Simulation Study of a Hierarchical, Rule-Based Method for System-Level Fault Detection and Diagnostics in HVAC Systems. US Department of Commerce,[Technology Administration], National Institute of Standards and Technology, 2005. |
| Shani, Guy, Joelle Pineau, and Robert Kaplow. “A survey of point-based POMDP solvers.” Autonomous Agents and Multi-Agent Systems 27.1 (2013): 1-51. |
| Sheppard, John W., and Stephyn GW Butcher. “A formal analysis of fault diagnosis with d-matrices.” Journal of Electronic Testing 23.4 (2007): 309-322. |
| Shih, Eugene et al., ‘Wake on Wireless: An Event Driven Energy Saving Strategy for Battery Operated Devices’, Sep. 23, 2002, pp. 160-171. |
| Shneyderman, Alex et al., ‘Mobile VPN: Delivering Advanced Services in Next Generation Wireless Systems’, Jan. 1, 2003, pp. 3-29. |
| Solis, Ignacio, and J. J. Garcia-Luna-Aceves. ‘Robust content dissemination in disrupted environments.’ proceedings of the third ACM workshop on Challenged networks. ACM, 2008. |
| Sun, Ying, and Daniel S. Weld. “A framework for model-based repair.” AAAI. 1993. |
| T. Ballardie, P. Francis, and J. Crowcroft, “Core Based Trees (CBT),” Proc. ACM SIGCOMM '88, Aug. 1988. |
| T. Dierts, “The transport layer security (TLS) protocol version 1.2,” IETF RFC 5246, 2008. |
| The Despotify Project (2012). Available online at http://despotify.sourceforge.net/. |
| V. Goyal, 0. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” in Proc. ACM CCS 2006, Alexandria, VA, USA, Oct.-Nov. 2006, pp. 89-98. |
| V. Jacobson, D.K. Smetters, J.D. Thornton, M.F. Plass, N.H. Briggs, and R.L. Braynard, ‘Networking named content,’ in Proc. ACM CoNEXT 2009, Rome, Italy, Dec. 2009, pp. 1-12. |
| V. K. Adhikari, S. Jain, Y. Chen, and Z.-L. Zhang. Vivisecting Youtube:An Active Measurement Study. In INFOCOM12 Mini-conference (2012). |
| Verma, Vandi, Joquin Fernandez, and Reid Simmons. “Probabilistic models for monitoring and fault diagnosis.” The Second IARP and IEEE/RAS Joint Workshop on Technical Challenges for Dependable Robots in Human Environments. Ed. Raja Chatila. Oct. 2002. |
| Vijay Kumar Adhikari, Yang Guo, Fang Hao, Matteo Varvello, Volker Hilt, Moritz Steiner, and Zhi-Li Zhang. Unreeling Netflix: Understanding and Improving Multi-CDN Movie Delivery. In the Proceedings of IEEE INFOCOM 2012 (2012). |
| Vutukury, Srinivas, and J. J. Garcia-Luna-Aceves. A simple approximation to minimum-delay routing. vol. 29. No. 4. ACM, 1999. |
| W.-G. Tzeng and Z.-J. Tzeng, “A public-key traitor tracing scheme with revocation using dynamic shares,” in Proc. PKC 2001, Cheju Island, Korea, Feb. 2001, pp. 207-224. |
| Waldvogel, Marcel “Fast Longest Prefix Matching: Algorithms, Analysis, and Applications”, A dissertation submitted to the Swiss Federal Institute of Technology Zurich, 2002. |
| Walker, Iain S. Best practices guide for residential HVAC Retrofits. No. LBNL-53592. Ernest Orlando Lawrence Berkeley National Laboratory, Berkeley, CA (US), 2003. |
| Wang, Jiangzhe et al., “DMND: Collecting Data from Mobiles Using Named Data”, Vehicular Networking Conference, 2010 IEEE, pp. 49-56. |
| Xylomenos, George, et al. “A survey of information-centric networking research.” Communications Surveys & Tutorials, IEEE 16.2 (2014): 1024-1049. |
| Yi, Cheng, et al. ‘A case for stateful forwarding plane.’ Computer Communications 36.7 (2013): 779-791. |
| Yi, Cheng, et al. ‘Adaptive forwarding in named data networking.’ ACM SIGCOMM computer communication review 42.3 (2012): 62-67. |
| Zhang, et al., “Named Data Networking (NDN) Project”, http://www.parc.com/publication/2709/named-data-networking-ndn-project.html, Oct. 2010, NDN-0001, PARC Tech Report. |
| Zhang, Lixia, et al. ‘Named data networking.’ ACM SIGCOMM Computer Communication Review 44.3 {2014): 66-73. |
| Soh et al., “Efficient Prefix Updates for IP Router Using Lexicographic Ordering and Updateable Address Set”, Jan. 2008, IEEE Transactions on Computers, vol. 57, No. 1. |
| Beben et al., “Content Aware Network based on Virtual Infrastructure”, 2012 13th ACIS International Conference on Software Engineering. |
| Biradar et al., “Review of multicast routing mechanisms in mobile ad hoc networks”, Aug. 16, Journal of Network$. |
| D. Trossen and G. Parisis, “Designing and realizing and information-centric Internet,” IEEE Communications Magazing, vol. 50, No. 7, pp. 60-67, Jul. 2012. |
| Garcia-Luna-Aceves et al., “Automatic Routing Using Multiple Prefix Labels”, 2012, IEEE, Ad Hoc and Sensor Networking Symposium. |
| Ishiyama, “On the Effectiveness of Diffusive Content Caching in Content-Centric Networking”, Nov. 5, 2012, IEEE, Information and Telecommunication Technologies (APSITT), 2012 9th Asia-Pacific Symposium. |
| J. Hur and D.K. Noh, “Attribute-based access control with efficient revocation in data outsourcing systers,” IEEE Trans. Parallel Distrib. Syst, vol. 22, No. 7, pp. 1214-1221, Jul. 2011. |
| J. Lotspiech, S. Nusser, and F. Pestoni. Anonymous Trust: Digital Rights Management using Broadcast Encryption. Proceedings of the IEEE 92.6 (2004). |
| Kaya et al., “A Low Power Lookup Technique for Multi-Hashing Network Applications”, 2006 IEEE Computer Society Annual Symposium on Emerging VLSI Technologies and Architectures, Mar. 2006. |
| S. Kamara and K. Lauter. Cryptographic Cloud Storage. Financial Cryptography and Data Security. Springer Berlin Heidelberg (2010). |
| RTMP (2009). Available online at http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/rtmp/ pdf/rtmp specification 1.0.pdf. |
| Hoque et al., “NLSR: Named-data Link State Routing Protocol”, Aug. 12, 2013, ICN'13. |
| Nadeem Javaid, “Analysis and design of quality link metrics for routing protocols in Wireless Networks”, PhD Thesis Defense, Dec. 15, 2010, Universete Paris-Est. |
| Wetherall, David, “Active Network vision and reality: Lessons form a capsule-based system”, ACM Symposium on Operating Systems Principles, Dec. 1, 1999. pp. 64-79. |
| Kulkarni A.B. et al., “Implementation of a prototype active network”, IEEE, Open Architectures and Network Programming, Apr. 3, 1998, pp. 130-142. |
| Number | Date | Country | |
|---|---|---|---|
| 20160212148 A1 | Jul 2016 | US |
