Patent Grant
9794238
The subject matter of this application is related to the subject matter in the following applications:
Field
This disclosure is generally related to distribution of digital content. More specifically, this disclosure is related to a system for facilitating secure communication between entities in a content centric network based on a key exchange protocol.
Related Art
The proliferation of the Internet and e-commerce continues to create a vast amount of digital content. Content centric network (CCN) architectures have been designed to facilitate accessing and processing such digital content. A CCN includes entities, or nodes, such as network clients, forwarders (e.g., routers), and content producers, which communicate with each other by sending interest packets for various content items and receiving content-object packets in return. CCN interests and content objects are identified by their unique names, which are typically hierarchically structured variable length identifiers (HSVLI). An HSVLI can include contiguous name components ordered from a most general level to a most specific level.
In an IP-based communication such as TCP and UDP, two communicating entities can establish a secure session and verify subsequent messages based on their individual respective IP addresses. In contrast, communication in a CCN is not based on IP addresses. Instead, a CCN data packet (such as an interest or content object) is routed based on the name for the packet. Thus, entities communicating within a CCN cannot rely on IP addresses to securely establish an ephemeral session and exchange data within the session.
One embodiment provides a system that facilitates secure communication between computing entities. During operation, the system generates, by a content-consuming device, a first key based on a first consumer-share key and a previously received producer-share key. The system constructs a first interest packet that includes the first consumer-share key and a nonce token which is used as a pre-image of a previously generated first nonce, wherein the first interest has a name that includes a first prefix, and wherein the first nonce is used to establish a session between the content-consuming device and a content-producing device. In response to the nonce token being verified by the content-producing device, the system receives a first content-object packet with a payload that includes a first resumption indicator encrypted based on a second key. The system generates the second key based on a second consumer-share key and the first content-object packet.
In some embodiments, the nonce token is verified based on the first key and the first nonce.
In some embodiments, generating the first key is further based on performing a key derivation function based on the first consumer-share key and the first producer-share key, and generating the second key is further based on performing the derivation function based on the second consumer-share key and a second producer-share key indicated in the first content-object packet. The system also generates, based on performing an expansion function based on the second key, one or more of the following: a consumer-specific second key; a producer-specific second key; a consumer-specific initialization vector; and a producer-specific initialization vector.
In some embodiments, the system constructs an initial interest packet with a name that includes the first prefix and the first nonce, and a payload that indicates an initial hello. In response to the initial interest packet, the system receives an initial content-object packet with a payload that includes configuration information and the second nonce, wherein the configuration information indicates the first consumer-share key, and wherein the second nonce is used to establish the session.
In some embodiments, the payload for the initial content-object packet includes a second prefix different from the first prefix. The system replaces the first prefix with the second prefix in the name for the first interest packet and a name for a subsequent interest packet associated with the session.
In some embodiments, the name for the first interest packet further includes a previously received second nonce, wherein the second nonce is used to establish the session.
In some embodiments, the system constructs a second interest packet with a name that includes a previously received session identifier, and a payload encrypted based on a consumer-specific second key. In response to the second interest packet, the system receives a second content-object packet with a payload encrypted based on a producer-specific second key, wherein the consumer-specific second key and the producer-specific second key are generated based on performing an expansion function on the second key.
In some embodiments, the payload for the first content-object packet indicates a move token and a third prefix different from the first prefix. The system replaces the first prefix with the third prefix in the name for the second interest packet and a name for a subsequent interest packet associated with the session, and indicates the move token in the payload for the second interest packet.
In some embodiments, the payload for the second content-object packet includes a second resumption indicator for a subsequently resumed session between the consumer and the producer.
In some embodiments, the system decrypts the payload for the first content-object packet. In response to determining that the decrypted payload does not indicate a rejection, the system obtains an acknowledgment and a second producer-share key.
Another embodiment provides a system that facilitates secure communication between computing entities. During operation, the system receives, by a content-producing device, a first interest packet that includes a first consumer-share key and a nonce token which is used as a pre-image of a previously received first nonce, wherein the first interest has a name that includes a first prefix, and wherein the first nonce is used to establish a session between a content-consuming device and the content-producing device. The system generates a first key based on the first consumer-share key and a first producer-share key. The system verifies the nonce token based on the first key and the first nonce. The system then generates a second key based on the first interest packet and a second producer-share key. The system also constructs a first content-object packet with a payload that includes a first resumption indicator encrypted based on the second key.
In some embodiments, the system receives an initial interest packet with a name that includes the first prefix and the first nonce, and a payload that indicates an initial hello. In response to the initial interest packet, the system constructs an initial content-object packet with a payload that includes configuration information and a second nonce, wherein the configuration information indicates the first consumer-share key, and wherein the second nonce is used to establish the session.
In some embodiments, the system includes in the payload for the initial content-object packet a second prefix that is different from the first prefix, wherein the name for the first interest packet includes the second prefix, and wherein the second prefix replaces the first prefix. Furthermore, a name for a subsequent interest packet associated with the session includes the second prefix.
In some embodiments, the system generates a session identifier based on the second key. The system receives a second interest packet with a name that includes the session identifier, and a payload encrypted based on a consumer-specific second key. In response to the second interest packet, the system constructs a second content-object packet with a payload encrypted based on a producer-specific second key, wherein the consumer-specific second key and the producer-specific second key are generated based on performing an expansion function on the second key.
In some embodiments, the system indicates in the payload for the first content-object packet a move token and a third prefix different from the first prefix, wherein the name for the second interest packet includes the third prefix in place of the first prefix, and wherein the payload for the second interest packet indicates the move token.
In some embodiments, in response to identifying a need for a new resumption indicator, the system generates a new resumption indicator for use in a subsequently resumed session between the consumer and the producer. The system includes in the payload for the second content-object packet the new resumption indicator encrypted based on the producer-specific second key.
In some embodiments, verifying the nonce token further comprises: decrypting the payload for the first interest packet based on the first key; performing a hash function on the nonce token to obtain a result; and verifying whether the result matches the first nonce.
In some embodiments, in response to determining that the result matches the first nonce, the system includes in the payload for the first content-object packet an acknowledgment and the second producer-share key. In response to determining that the result does not match the first nonce, the system includes in the payload for the first content-object packet a rejection and a reason for the rejection.
In the figures, like reference numerals refer to the same figure elements.
The following description is presented to enable any person skilled in the art to make and use the embodiments, and is provided in the context of a particular application and its requirements. Various modifications to the disclosed embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be applied to other embodiments and applications without departing from the spirit and scope of the present disclosure. Thus, the present invention is not limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features disclosed herein.
Embodiments of the present invention provide a system which establishes secure session keys for authenticated encryption of data between two entities in a CCN based on a key exchange protocol. In a traditional IP-based communication (e.g., TCP and UDP), two communicating entities can establish a session and verify subsequent communications based on their individual IP addresses. In contrast, in a CCN, communication is not based on IP addresses. A CCN data packet is instead routed based on a packet name. Two communicating CCN entities cannot rely on IP addresses to securely establish an ephemeral session and ensure that subsequent messages belong to the same session.
Embodiments of the present invention address this problem by providing a system which establishes a secure ephemeral session between two CCN entities (e.g., a consumer and a producer) and binds all messages to the secure session based on a key exchange protocol. The protocol provides mutual authentication and establishes a symmetric forward-secure session key (“FSK”) which protects the privacy and integrity of communication between the entities. An FSK is a shared, symmetric key derived from a set of short-term and long-term keys in a way that prevents the FSK from being compromised even if one of the long-terms keys is compromised. In other words, an FSK protects past sessions against future compromises of secret keys. Thus, encrypted past communications cannot be retrieved and decrypted even if long-term secret keys are compromised in the future. A detailed description of FSK generation based on short-term and long-term keys is provided below in relation to
Prior transport network layer protocols based on TCP or UDP over IP include Transport Layer Security (TLS) and Quick UDP Internet Connections (QUIC). TLS is described in Rescorla, E., “The Transport Layer Security (TLS) Protocol Version 1.3,” August 2015, and QUIC is described in Iyengar, J. and I. Swett, “QUIC: A UDP-Based Secure and Reliable Transport for HTTP/2,” December 2015. Prior TCP-based protocol TLS uses the TCP three-way handshake to provide proof of a single continued message exchange, while prior UDP-based protocol QUIC uses a session address token that must be presented by the consumer to prove ownership of an address during a key exchange procedure. In contrast, embodiments of the present invention provide a reverse hash-chained nonce in an interest name as proof of a single continued message exchange.
The key exchange protocol of the present invention requires at most two round trip times (“RTTs”) when an initial bootstrap is required. In some instances, only one RTT may be needed (e.g., when certain bootstrapping has already been performed). The key exchange protocol may also allow for zero RTTs in the case of accelerated starts (e.g., when the information necessary to derive the FSK has previously been exchanged) and session resumption (e.g., when a consumer wishes to subsequently resume an interrupted session). For example, a producer may, at its discretion, generate and provide a new resumption cookie for a consumer to use in a subsequently resumed session, thus enabling a zero RTT session resumption. In addition, the key exchange protocol provides for end-to-end migration and session migration. The end-to-end migration allows a producer to redirect a consumer to a different entity (e.g., to hand off the key exchange to a different service with a different name prefix). The session migration allows a producer to redirect the consumer by transferring an initially established security context to a new service (e.g., to hand off the session security and subsequent content communication to a different service with a different name prefix).
The following terms describe elements of a CCN architecture:
Content Object or “content object”: A single piece of named data, which is bound to a unique name. Content Objects are “persistent,” which means that a Content Object can move around within a computing device, or across different computing devices, but does not change. If any component of the Content Object changes, the entity that made the change creates a new Content Object that includes the updated content, and binds the new Content Object to a new unique name.
Unique Names: A name in a CCN is typically location independent and uniquely identifies a Content Object. A data-forwarding device can use the name or name prefix to forward a packet toward a network node that generates or stores the Content Object, regardless of a network address or physical location for the Content Object. In some embodiments, the name may be a hierarchically structured variable-length identifier (HSVLI). The HSVLI can be divided into several hierarchical components, which can be structured in various ways. For example, the individual name components parc, home, ccn, and test.txt can be structured in a left-oriented prefix-major fashion to form the name “/parc/home/ccn/test.txt.” Thus, the name “/parc/home/ccn” can be a “parent” or “prefix” of “/parc/home/ccn/test.txt.” Additional components can be used to distinguish between different versions of the content item, such as a collaborative document.
In some embodiments, the name can include a non-hierarchical identifier, such as a hash value that is derived from the Content Object's data (e.g., a checksum value) and/or from elements of the Content Object's name. A description of a hash-based name is described in U.S. patent application Ser. No. 13/847,814, which is hereby incorporated by reference. A name can also be a flat label. Hereinafter, “name” is used to refer to any name for a piece of data in a name-data network, such as a hierarchical name or name prefix, a flat name, a fixed-length name, an arbitrary-length name, or a label (e.g., a Multiprotocol Label Switching (MPLS) label).
Interest or “interest”: A packet that indicates a request for a piece of data, and includes a name (or a name prefix) for the piece of data. A data consumer can disseminate a request or Interest across an information-centric network, which CCN routers can propagate toward a storage device (e.g., a cache server) or a data producer that can provide the requested data to satisfy the request or Interest.
The methods disclosed herein are not limited to CCN networks and are applicable to other architectures as well. A description of a CCN architecture is described in U.S. patent application Ser. No. 12/338,175, which is hereby incorporated by reference.
Exemplary Network and Overview of Exemplary Communication
A brief overview of each round is described below in relation to
In the second round, consumer 116 can generate an interest 213 with a name of “/prefix/nonce2” (which includes nonce2 212.2 previously received from producer 118). Interest 213 can include a NonceToken 213.1 which is the pre-image of the previously generated “nonce1” provided in the name for interest 211. For example, hashing the NonceToken generates nonce1: H(NonceToken)=nonce1. Producer 118 can receive interest 213, verify the NonceToken, and create a content object 214 by generating a SessionID 214.1, and optionally generating a prefix3 214.2 and a MoveToken 214.3. Prefix3 214.2 and MoveToken 214.3 can be used to indicate a migration to another server for authentication of the security context for subsequent data exchanges. Producer 118 can generate the FSK and begin encrypting data based on the FSK, as described below in relation to
In the third round, consumer 116 and producer 118 may begin exchanging application data encrypted based on the FSK. For example, consumer 116 can create an interest with a name of “/prefix/sessionID” (which includes SessionID 214.1 previously received from producer 118) and data encrypted with the FSK. Producer 118 can receive interest 215 and generate a content object 216 which includes data 216.1 encrypted with the FSK. Producer 118 can optionally include in content object 216 a resumption cookie 216.2 for a consumer to use for efficiently resuming a subsequent session.
Detailed Description of Exemplary Communication
Upon receiving content object 212, consumer 116 begins round 2 by generating an interest 213 with a name of “/prefix/nonce2” (where “nonce2” is previously provided by producer 118 in content object 212) and a payload that includes a first consumer-share key (“ClientShare1,” for use in generating the SS key) and encrypted consumer parameters, such as: AlgorithmOptions which indicate the algorithm selected by the consumer for use based on the previously received CONFIG file; a NonceToken which is the pre-image of the previously generated “nonce1”; and a second consumer-share key (“ClientShare2”) for use in generating the FSK. Consumer 116 generates the SS key based on a key derivation function performed on the first consumer-share key and the first producer-share key (which is included in the CONFIG file), and encrypts the client parameters based on the SS key. The key derivation function can be a hash-based key derivation function (HKDF) as described in Krawczyk, H. and P. Eronen, “HMAC-based Extract-and-Expand Key Derivation Function (HKDF)”, RFC 5869, DOI 10.17487, May 2010 (hereinafter “RFC 5869”).
Producer 118 receives interest 213 and generates the SS key based on the same key derivation function performed on the first consumer-share key (included as cleartext in the payload of interest 213) and the first producer-share key (in its possession and also included in the CONFIG file). Producer 118 decrypts the client parameters to obtain AlgorithmOptions, NonceToken, and ClientShare2. In some embodiments, producer 118 maintains a mapping of nonce2 to nonce1, and confirms that nonce2 in the received interest 213 corresponds to this mapping. Producer 118 verifies that a hash function performed on NonceToken results in “nonce 1”: H(NonceToken)=nonce1. If it does not, producer 118 returns a content object 214 with a rejection and a reason for the rejection. If it does, producer 118 generates the FSK key based on a key derivation function performed on the second consumer-share key (e.g., ClientShare2) and a second producer-share key in its possession (e.g., ServerShare2). Producer 118 further generates a consumer-specific FSK (FSK-C) and a producer-specific FSK (FSK-P) by performing an expansion function on the FSK. For example, the expansion function can be the HKDF-Expand function described in RFC 5869. Producer 118 can encrypt a resumption cookie with the FSK-P and can also generate a session identifier. Producer 118 can include in the payload for content object 214 the resumption cookie encrypted based on the FSK-P as well as an ACK and the second producer-share key encrypted based on the SS key. A description of all possible fields for interest 213 and content object 214, respectively, is described below in relation to
Finally, upon receiving content object 214, consumer 116 can begin round 3. Consumer 116 can decrypt and obtain the ACK and the second producer share key (ServerShare2) based on the SS key, and subsequently generate the FSK based on the HKDF using the second consumer-share key (ClientShare2) and the obtained second producer-share key (ServerShare2). Consumer 116 can also perform the same expansion function to obtain the FSK-C and the FSK-P. Consumer 116 can then decrypt and obtain the first resumption cookie based on the FSK-P, for later use in a subsequently resumed session. At this point, consumer 116 can generates an interest 215 with a name of “prefix/sessionID/{ . . . }_FSK-C.” which includes the session identifier previously received from producer 118 and, optionally, one or more name components encrypted based on the FSK-C. Consumer 116 can further encrypt the payload (“ConsumerData”) for interest 215 based on the FSK-C, and send interest 215 to producer 118. Producer 118 can receive interest 215, decrypt the payload (and any encrypted name components) based on the FSK-C, and create a responsive content object 216 with a payload that includes “ProducerData” encrypted based on the FSK-P. Producer 118 can send content object 216 to consumer 116, and consumer 116 can decrypt the payload based on the FSK-P.
Derivation of SS Key and FSK
The SS key and the FSK can both be derived based on an HKDF, as described in RFC 5869. More specifically, the SS key can be derived as follows:
SS=HKDF(Salt,IKM) (1)
Salt=CSALT1∥PSALT1∥“ss generation” (2)
IKM=DH(ClientShare1,ServerShare1) (3)
The input keying material (IKM) is based on a Diffie-Hellman function that takes as inputs the first consumer-share key (ClientShare1) and the first producer-share key (ServerShare1), and the Salt is a concatenation of the optionally provided first consumer salt (e.g., item 532.2 of
Furthermore, the FSK can be derived as follows:
FSK=HKDF(Salt,IKM) (4)
Salt=CSALT2∥PSALT2∥“fsk generation” (5)
IKM=DH(ClientShare2,ServerShare2) (6)
In this case, the input keying material (IKM) is based on a Diffie-Hellman function that takes as inputs the second consumer-share key (ClientShare2) and the second producer-share key (ServerShare2), and the Salt is a concatenation of the optionally provided second consumer salt (e.g., item 532.10 of
Upon deriving the FSK, a consumer or producer can subsequently derive key material by performing the HKDF-Expand function on the FSK, as described in RFC 5869. The key material is produced from the Expand function in the following order: a consumer-specific write key (FSK-C); a producer-specific write key (FSK-P); a consumer-specific write initialization vector (IV-C); and a producer-specific write initialization vector (IV-P).
Session Identifier and Resumption Cookie
The producer can generate a session identifier (“SessionID”) in Round 2 (e.g., as included in content object 214 of round 2 (202) of
SessionID=Enc(k1,H(secret∥FSK∥(Prefix3|“ ”))) (7)
The SS key and the FSK are the keys which enable correct session communication. Thus, the resumption cookie (“RC”) used in the key exchange protocol described herein must be able to be used to recover the SS key and the FSK for a given session. The resumption cookie is derived as the encryption of the hash digest of a secret of the producer (“secret”), the SS key, the FSK, and the optional “(Prefix3, MoveToken)” tuple (if created for the session). The encryption is performed based on a long-term secret key (“k2”) owned by the producer, which is used only for this purpose and not for encrypting consumer traffic:
RC=Enc(k2,SS∥FSK∥((Prefix3∥MoveToken)|“ ”)) (8)
Note that it is possible, though not required, that k1 is equal to k2.
Role of Content-Consuming Device
Subsequently, the consumer constructs a second interest packet with a name that includes the first prefix and the session identifier, and a payload that is encrypted based on the FSK-C (operation 326). In response to the second interest packet, the consumer receives a second content-object packet with a payload that is encrypted based on the FSK-P (operation 328). Finally, the consumer decrypts the payload of the second content-object packet based on the FSK-P (operation 330).
In some embodiments (as described in relation to
In some embodiments (as described in relation to
In other embodiments (as described in relation to
Role of Content-Producing Device
The producer generates the SS key based on a first producer-share key and the first consumer-share key (operation 408). The first producer-share key is included in the configuration information and the SS key generation can be based on an HKDF function as described in RFC 5869. The producer decrypts the consumer parameters based on the SS key (operation 410), and obtains the nonce token and the second consumer-share key. The producer verifies the nonce token based on the SS key and the first nonce, and also validates the algorithm options (operation 412). In some embodiments, the producer performs a hash function on the nonce token and verifies that the result matches “nonce1”: H(NonceToken)=nonce1. The algorithm options may be a list of tags echoed from the producer's configuration information, as described below in
The producer encrypts a first resumption cookie based on the FSK-P (operation 422) and generates a session identifier (operation 424). In response to the first interest packet, the producer constructs a first content-object packet with a payload that includes the session identifier, the encrypted resumption cookie, and producer parameters encrypted based on the SS key (operation 426). The producer parameters include an acknowledgment and the second producer-share key. Subsequently, the producer receives a second interest packet with a name that includes the first prefix and the session identifier, and a payload that is encrypted based on the FSK-C (operation 428). The producer decrypts the payload of the second interest packet based on the FSK-C (operation 430). In response to the second interest packet, the producer constructs a second content-object packet with a payload that is encrypted based on the FSK-P (operation 432).
In some embodiments (as described in relation to
In some embodiments (as described in relation to
In other embodiments (as described in relation to
Exemplary Payload Formats
The configuration information, as shown in data structure 520, is a semi-static catalog of information that consumers can use to complete future key exchanges with the producer. KEXS 522.2 is a data structure that enumerates the elliptic curve key-exchange algorithms supported by the producer, such as Curve25519 and P-256. Selection criteria for these curves is described at http://safecurves.cr.yp.to. AEAD 522.3 is a data structure that enumerates the supported Authenticated Encryption with Associated Data (AEAD) algorithms used for symmetric-key authenticated encryption after the session is established, such as AES-GCM-(128,192,256) and Salsa20. AES-GCM is described in Dworkin, M., “Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GSM) and GMAC,” NIST Special Publication 800-38D, November 2007, and Salsa20 is described in Bernstein, D., “Salsa20 specification,” at http://cr.yp.to.snuffle/spec.pdf. The configuration information provides the key sizes and related parameters with the AEAD tag. In addition, PUBS 522.4 is a data structure that contains the public values for the initial key exchange. Both Curve25519 and P-256 provide their own set of accepted parameters. Thus, the only values provided in the configuration information are the random curve elements used in the DH operation.
Exemplary Computer Systems
Content-processing system 618 can include instructions, which when executed by computer system 602, can cause computer system 602 to perform methods and/or processes described in this disclosure. Specifically, content-processing system 618 may include instructions for sending and/or receiving data packets to/from other network nodes across a computer network, such as a content centric network, where a data packet can correspond to an interest or a content-object packet with a name and a payload. Content-processing system 618 may include instructions for generating, by a content-consuming device, a first key based on a first consumer-share key and a previously received producer-share key (key-generating module 622). Content-processing system 618 may include instructions for constructing a first interest packet that includes the first consumer-share key and a nonce token which is used as a pre-image of a previously generated first nonce (packet-constructing module 624). Content-processing system 618 may include instructions for, in response to the nonce token being verified by the content-producing device, receiving a first content-object packet with a payload that includes a first resumption indicator encrypted based on a second key (communication module 620).
Content-processing system 618 can further include instructions for: generating the first key by performing a key derivation function based on the first consumer-share key and the first producer-share key; generating the second key by performing the derivation function based on the second consumer-share key and a second producer-share key indicated in the first content-object packet; and performing an expansion function based on the second key to generate an FSK-C, an FSK-P, an IV-C, and/or an IV-P (key-generating module 622).
Content-processing system 618 can additionally include instructions for constructing an initial interest packet with a name that includes the first prefix and the first nonce, and a payload that indicates an initial hello (packet-constructing module 624). Content-processing system 618 can include instructions for, in response to the initial interest packet, receiving an initial content-object packet with a payload that includes configuration information and the second nonce (communication module 620). Content-processing system 618 can include instructions for constructing a second interest packet with a name that includes a previously received session identifier, and a payload encrypted based on a consumer-specific second key (packet-constructing module 624). Content-processing system 618 can also include instructions for, in response to the second interest packet, receiving a second content-object packet with a payload encrypted based on a producer-specific second key (communication module 620). Content-processing system 618 can include instructions for decrypting the payload for the first content-object packet, and, in response to determining that the decrypted payload does not indicate a rejection, obtaining an acknowledgment and a second producer-share key (packet-processing module 628).
Content-processing system 618 can further include instructions for: replacing the first prefix with a second prefix in the name for the first interest packet and a name for a subsequent interest packet associated with the session; replacing the first prefix with a third prefix in the name for the second interest packet and a name for a subsequent interest packet associated with the session; and indicating the move token in the payload for the second interest packet (prefix-migrating module 626).
Content-processing system 668 can include instructions, which when executed by computer system 652, can cause computer system 652 to perform methods and/or processes described in this disclosure. Specifically, content-processing system 668 may include instructions for sending and/or receiving data packets to/from other network nodes across a computer network, such as a content centric network, where a data packet can correspond to an interest or a content-object packet with a name and a payload. Content-processing system 668 may include instructions for receiving, by a content-producing device, a first interest packet that includes a first consumer-share key and a nonce token which is used as a pre-image of a previously received first nonce (communication module 670). Content-processing system 668 can include instructions for generating a first key based on the first consumer-share key and a first producer-share key (key-generating module 672). Content-processing system 668 can also include instructions for verifying the nonce token based on the first key and the first nonce (validating module 680), and for generating a second key based on the first interest packet and a second producer-share key (key-generating module 672). Content-processing system 668 can further include instructions for constructing a first content-object packet with a payload that includes a first resumption indicator encrypted based on the second key (packet-constructing module 674).
Content-processing system 668 can further include instructions for: generating the first key by performing a key derivation function based on the first consumer-share key and the first producer-share key; generating the second key by performing the derivation function based on the second consumer-share key and a second producer-share key indicated in the first content-object packet; and performing an expansion function based on the second key to generate an FSK-C, an FSK-P, an IV-C, and/or an IV-P (key-generating module 672).
Content-processing system 668 can further include instructions for receiving an initial interest packet with a name that includes the first prefix and the first nonce, and a payload that indicates an initial hello (communication module 670), and, in response to the initial interest packet, constructing an initial content-object packet with a payload that includes configuration information and a second nonce (packet-constructing module 674). Content-processing system 668 can further include instructions for including in the payload for the initial content-object packet a second prefix that is different from the first prefix, and for indicating in the payload for the first content-object packet a move token and a third prefix different from the first prefix (prefix-migrating module 676).
Content-processing system 668 can additionally include instructions for generating a session identifier based on the second key (packet-constructing module 674) and for receiving a second interest packet with a name that includes the session identifier, and a payload encrypted based on a consumer-specific second key (communication module 670). Content-processing system 668 can include instructions for, in response to the second interest packet, constructing a second content-object packet with a payload encrypted based on a producer-specific second key (packet-constructing module 674). Content-processing system 668 can include instructions for, in response to identifying a need for a new resumption indicator, generating a new resumption indicator for use in a subsequently resumed session between the consumer and the producer, and for including in the payload for the second content-object packet the new resumption indicator encrypted based on the producer-specific second key (packet-constructing module 674). Content-processing system 668 can also include instructions for decrypting the payload for the first interest packet based on the first key (packet-processing module 678).
Content-processing system 668 can further include instructions for performing a hash function on the nonce token to obtain a result, and for verifying whether the result matches the first nonce (validating module 680). Content-processing system 668 can also include instructions for: in response to verifying that the result matches the first nonce, including in the payload for the first content-object packet an acknowledgment and the second producer-share key; and, in response to verifying that the result does not match the first nonce, including in the payload for the first content-object packet a rejection and a reason for the rejection (packet-processing module 678 and validating module 680).
Data 682 can include any data that is required as input or that is generated as output by the methods and/or processes described in this disclosure. Specifically, data 682 can store at least: an interest packet; a content-object packet; a first consumer-share key; a second consumer-share key; a producer configuration file or configuration information; a first producer-share key; a second producer-share key; a first short-term secret key based on the first consumer-share key and the first producer-share key; a second forward-secure key (FSK) based on the second consumer-share key and the second producer-share key; a first nonce; a second nonce; a nonce token which is a pre-image of the first nonce; a first resumption indicator; a second resumption indicator; a key derivation function; a key expansion function; algorithm options; one or more salts; an FSK-C; an FSK-P; an IV-C; an IV-P; at least three prefixes that are distinct from each other; a move token; an indicator of an acknowledgment or a rejection; a reason for the rejection; an indicator of an initial hello; a name; a hierarchically structured variable length identifier; and a payload.
The data structures and code described in this detailed description are typically stored on a computer-readable storage medium, which may be any device or medium that can store code and/or data for use by a computer system. The computer-readable storage medium includes, but is not limited to, volatile memory, non-volatile memory, magnetic and optical storage devices such as disk drives, magnetic tape, CDs (compact discs), DVDs (digital versatile discs or digital video discs), or other media capable of storing computer-readable media now known or later developed.
The methods and processes described in the detailed description section can be embodied as code and/or data, which can be stored in a computer-readable storage medium as described above. When a computer system reads and executes the code and/or data stored on the computer-readable storage medium, the computer system performs the methods and processes embodied as data structures and code and stored within the computer-readable storage medium.
Furthermore, the methods and processes described above can be included in hardware modules. For example, the hardware modules can include, but are not limited to, application-specific integrated circuit (ASIC) chips, field-programmable gate arrays (FPGAs), and other programmable-logic devices now known or later developed. When the hardware modules are activated, the hardware modules perform the methods and processes included within the hardware modules.
The foregoing descriptions of embodiments of the present invention have been presented for purposes of illustration and description only. They are not intended to be exhaustive or to limit the present invention to the forms disclosed. Accordingly, many modifications and variations will be apparent to practitioners skilled in the art. Additionally, the above disclosure is not intended to limit the present invention. The scope of the present invention is defined by the appended claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 817441 | Niesz | Apr 1906 | A |
| 4309569 | Merkle | Jan 1982 | A |
| 4921898 | Lenney | May 1990 | A |
| 5070134 | Oyamada | Dec 1991 | A |
| 5110856 | Oyamada | May 1992 | A |
| 5506844 | Rao | Apr 1996 | A |
| 5629370 | Freidzon | May 1997 | A |
| 5870605 | Bracho | Feb 1999 | A |
| 6052683 | Irwin | Apr 2000 | A |
| 6085320 | Kaliski, Jr. | Jul 2000 | A |
| 6091724 | Chandra | Jul 2000 | A |
| 6173364 | Zenchelsky | Jan 2001 | B1 |
| 6226618 | Downs | May 2001 | B1 |
| 6233617 | Rothwein | May 2001 | B1 |
| 6233646 | Hahm | May 2001 | B1 |
| 6332158 | Risley | Dec 2001 | B1 |
| 6366988 | Skiba | Apr 2002 | B1 |
| 6574377 | Cahill | Jun 2003 | B1 |
| 6654792 | Verma | Nov 2003 | B1 |
| 6667957 | Corson | Dec 2003 | B1 |
| 6681220 | Kaplan | Jan 2004 | B1 |
| 6681326 | Son | Jan 2004 | B2 |
| 6769066 | Botros | Jul 2004 | B1 |
| 6772333 | Brendel | Aug 2004 | B1 |
| 6862280 | Bertagna | Mar 2005 | B1 |
| 6901452 | Bertagna | May 2005 | B1 |
| 6917985 | Madruga | Jul 2005 | B2 |
| 6968393 | Chen | Nov 2005 | B1 |
| 6981029 | Menditto | Dec 2005 | B1 |
| 7013389 | Srivastava | Mar 2006 | B1 |
| 7031308 | Garcia-Luna-Aceves | Apr 2006 | B2 |
| 7061877 | Gummalla | Jun 2006 | B1 |
| 7152094 | Jannu | Dec 2006 | B1 |
| 7177646 | ONeill | Feb 2007 | B2 |
| 7206860 | Murakami | Apr 2007 | B2 |
| 7257837 | Xu | Aug 2007 | B2 |
| 7287275 | Moskowitz | Oct 2007 | B2 |
| 7315541 | Housel | Jan 2008 | B1 |
| 7339929 | Zelig | Mar 2008 | B2 |
| 7350229 | Lander | Mar 2008 | B1 |
| 7362727 | ONeill | Apr 2008 | B1 |
| 7382787 | Barnes | Jun 2008 | B1 |
| 7430755 | Hughes | Sep 2008 | B1 |
| 7444251 | Nikovski | Oct 2008 | B2 |
| 7466703 | Arunachalam | Dec 2008 | B1 |
| 7472422 | Agbabian | Dec 2008 | B1 |
| 7496668 | Hawkinson | Feb 2009 | B2 |
| 7509425 | Rosenberg | Mar 2009 | B1 |
| 7523016 | Surdulescu | Apr 2009 | B1 |
| 7542471 | Samuels et al. | Jun 2009 | B2 |
| 7543064 | Juncker | Jun 2009 | B2 |
| 7552233 | Raju | Jun 2009 | B2 |
| 7555482 | Korkus | Jun 2009 | B2 |
| 7555563 | Ott | Jun 2009 | B2 |
| 7564812 | Elliott | Jul 2009 | B1 |
| 7567547 | Mosko | Jul 2009 | B2 |
| 7567946 | Andreoli | Jul 2009 | B2 |
| 7580971 | Gollapudi | Aug 2009 | B1 |
| 7623535 | Guichard | Nov 2009 | B2 |
| 7647507 | Feng | Jan 2010 | B1 |
| 7660324 | Oguchi | Feb 2010 | B2 |
| 7685290 | Satapati | Mar 2010 | B2 |
| 7698463 | Ogier | Apr 2010 | B2 |
| 7769887 | Bhattacharyya | Aug 2010 | B1 |
| 7779467 | Choi | Aug 2010 | B2 |
| 7801177 | Luss | Sep 2010 | B2 |
| 7816441 | Elizalde | Oct 2010 | B2 |
| 7831733 | Sultan | Nov 2010 | B2 |
| 7908337 | Garcia-Luna-Aceves | Mar 2011 | B2 |
| 7924837 | Shabtay | Apr 2011 | B1 |
| 7953885 | Devireddy | May 2011 | B1 |
| 8000267 | Solis | Aug 2011 | B2 |
| 8010691 | Kollmansberger | Aug 2011 | B2 |
| 8074289 | Carpentier | Dec 2011 | B1 |
| 8117441 | Kurien | Feb 2012 | B2 |
| 8160069 | Jacobson | Apr 2012 | B2 |
| 8204060 | Jacobson | Jun 2012 | B2 |
| 8214364 | Bigus | Jul 2012 | B2 |
| 8224985 | Takeda | Jul 2012 | B2 |
| 8225057 | Zheng | Jul 2012 | B1 |
| 8271578 | Sheffi | Sep 2012 | B2 |
| 8312064 | Gauvin | Nov 2012 | B1 |
| 8386622 | Jacobson | Feb 2013 | B2 |
| 8467297 | Liu | Jun 2013 | B2 |
| 8473633 | Eardley | Jun 2013 | B2 |
| 8553562 | Allan | Oct 2013 | B2 |
| 8572214 | Garcia-Luna-Aceves | Oct 2013 | B2 |
| 8654649 | Vasseur | Feb 2014 | B2 |
| 8665757 | Kling | Mar 2014 | B2 |
| 8667172 | Ravindran | Mar 2014 | B2 |
| 8688619 | Ezick | Apr 2014 | B1 |
| 8699350 | Kumar | Apr 2014 | B1 |
| 8718055 | Vasseur | May 2014 | B2 |
| 8750820 | Allan | Jun 2014 | B2 |
| 8761022 | Chiabaut | Jun 2014 | B2 |
| 8762477 | Xie | Jun 2014 | B2 |
| 8762570 | Qian | Jun 2014 | B2 |
| 8762707 | Killian | Jun 2014 | B2 |
| 8767627 | Ezure | Jul 2014 | B2 |
| 8817594 | Gero | Aug 2014 | B2 |
| 8826381 | Kim | Sep 2014 | B2 |
| 8832302 | Bradford | Sep 2014 | B1 |
| 8836536 | Marwah | Sep 2014 | B2 |
| 8862774 | Vasseur | Oct 2014 | B2 |
| 8868779 | ONeill | Oct 2014 | B2 |
| 8903756 | Zhao | Dec 2014 | B2 |
| 8934496 | Vasseur | Jan 2015 | B2 |
| 8937865 | Kumar | Jan 2015 | B1 |
| 9071498 | Beser | Jun 2015 | B2 |
| 9112895 | Lin | Aug 2015 | B1 |
| 9313030 | Ravindran | Apr 2016 | B2 |
| 20020010795 | Brown | Jan 2002 | A1 |
| 20020038296 | Margolus | Mar 2002 | A1 |
| 20020048269 | Hong | Apr 2002 | A1 |
| 20020054593 | Morohashi | May 2002 | A1 |
| 20020077988 | Sasaki | Jun 2002 | A1 |
| 20020078066 | Robinson | Jun 2002 | A1 |
| 20020138551 | Erickson | Sep 2002 | A1 |
| 20020176404 | Girard | Nov 2002 | A1 |
| 20020188605 | Adya | Dec 2002 | A1 |
| 20020199014 | Yang | Dec 2002 | A1 |
| 20030033394 | Stine | Feb 2003 | A1 |
| 20030046437 | Eytchison | Mar 2003 | A1 |
| 20030048793 | Pochon | Mar 2003 | A1 |
| 20030051100 | Patel | Mar 2003 | A1 |
| 20030074472 | Lucco | Apr 2003 | A1 |
| 20030088696 | McCanne | May 2003 | A1 |
| 20030097447 | Johnston | May 2003 | A1 |
| 20030099237 | Mitra | May 2003 | A1 |
| 20030140257 | Peterka | Jul 2003 | A1 |
| 20030229892 | Sardera | Dec 2003 | A1 |
| 20040024879 | Dingman | Feb 2004 | A1 |
| 20040030602 | Rosenquist | Feb 2004 | A1 |
| 20040071140 | Jason et al. | Apr 2004 | A1 |
| 20040073715 | Folkes | Apr 2004 | A1 |
| 20040139230 | Kim | Jul 2004 | A1 |
| 20040221047 | Grover | Nov 2004 | A1 |
| 20040225627 | Botros | Nov 2004 | A1 |
| 20040252683 | Kennedy | Dec 2004 | A1 |
| 20050003832 | Osafune | Jan 2005 | A1 |
| 20050028156 | Hammond | Feb 2005 | A1 |
| 20050043060 | Brandenberg | Feb 2005 | A1 |
| 20050050211 | Kaul | Mar 2005 | A1 |
| 20050074001 | Mattes | Apr 2005 | A1 |
| 20050149508 | Deshpande | Jul 2005 | A1 |
| 20050159823 | Hayes | Jul 2005 | A1 |
| 20050198351 | Nog | Sep 2005 | A1 |
| 20050249196 | Ansari | Nov 2005 | A1 |
| 20050259637 | Chu | Nov 2005 | A1 |
| 20050262217 | Nonaka | Nov 2005 | A1 |
| 20050281288 | Banerjee et al. | Dec 2005 | A1 |
| 20050289222 | Sahim | Dec 2005 | A1 |
| 20060010249 | Sabesan | Jan 2006 | A1 |
| 20060029102 | Abe | Feb 2006 | A1 |
| 20060039379 | Abe | Feb 2006 | A1 |
| 20060051055 | Ohkawa | Mar 2006 | A1 |
| 20060072523 | Richardson | Apr 2006 | A1 |
| 20060099973 | Nair | May 2006 | A1 |
| 20060129514 | Watanabe | Jun 2006 | A1 |
| 20060133343 | Huang | Jun 2006 | A1 |
| 20060173831 | Basso | Aug 2006 | A1 |
| 20060193295 | White | Aug 2006 | A1 |
| 20060206445 | Andreoli | Sep 2006 | A1 |
| 20060215684 | Capone | Sep 2006 | A1 |
| 20060223504 | Ishak | Oct 2006 | A1 |
| 20060256767 | Suzuki | Nov 2006 | A1 |
| 20060268792 | Belcea | Nov 2006 | A1 |
| 20070019619 | Foster | Jan 2007 | A1 |
| 20070073888 | Madhok | Mar 2007 | A1 |
| 20070094265 | Korkus | Apr 2007 | A1 |
| 20070112880 | Yang | May 2007 | A1 |
| 20070124412 | Narayanaswami | May 2007 | A1 |
| 20070127457 | Mirtorabi | Jun 2007 | A1 |
| 20070160062 | Morishita | Jul 2007 | A1 |
| 20070162394 | Zager | Jul 2007 | A1 |
| 20070171828 | Dalal et al. | Jul 2007 | A1 |
| 20070189284 | Kecskemeti | Aug 2007 | A1 |
| 20070195765 | Heissenbuttel | Aug 2007 | A1 |
| 20070204011 | Shaver | Aug 2007 | A1 |
| 20070209067 | Fogel | Sep 2007 | A1 |
| 20070239892 | Ott | Oct 2007 | A1 |
| 20070240207 | Belakhdar | Oct 2007 | A1 |
| 20070245034 | Retana | Oct 2007 | A1 |
| 20070253418 | Shiri | Nov 2007 | A1 |
| 20070255677 | Alexander | Nov 2007 | A1 |
| 20070255699 | Sreenivas | Nov 2007 | A1 |
| 20070255781 | Li | Nov 2007 | A1 |
| 20070274504 | Maes | Nov 2007 | A1 |
| 20070276907 | Maes | Nov 2007 | A1 |
| 20070294187 | Scherrer | Dec 2007 | A1 |
| 20080005056 | Stelzig | Jan 2008 | A1 |
| 20080010366 | Duggan | Jan 2008 | A1 |
| 20080037420 | Tang | Feb 2008 | A1 |
| 20080043989 | Furutono | Feb 2008 | A1 |
| 20080046340 | Brown | Feb 2008 | A1 |
| 20080059631 | Bergstrom | Mar 2008 | A1 |
| 20080080440 | Yarvis | Apr 2008 | A1 |
| 20080101357 | Iovanna | May 2008 | A1 |
| 20080107034 | Jetcheva | May 2008 | A1 |
| 20080123862 | Rowley | May 2008 | A1 |
| 20080133583 | Artan | Jun 2008 | A1 |
| 20080133755 | Pollack | Jun 2008 | A1 |
| 20080151755 | Nishioka | Jun 2008 | A1 |
| 20080159271 | Kutt | Jul 2008 | A1 |
| 20080165775 | Das et al. | Jul 2008 | A1 |
| 20080186901 | Itagaki | Aug 2008 | A1 |
| 20080200153 | Fitzpatrick | Aug 2008 | A1 |
| 20080215669 | Gaddy | Sep 2008 | A1 |
| 20080216086 | Tanaka | Sep 2008 | A1 |
| 20080243992 | Jardetzky | Oct 2008 | A1 |
| 20080250006 | Dettinger | Oct 2008 | A1 |
| 20080256359 | Kahn | Oct 2008 | A1 |
| 20080270618 | Rosenberg | Oct 2008 | A1 |
| 20080271143 | Stephens | Oct 2008 | A1 |
| 20080287142 | Keighran | Nov 2008 | A1 |
| 20080288580 | Wang | Nov 2008 | A1 |
| 20080298376 | Takeda et al. | Dec 2008 | A1 |
| 20080320148 | Capuozzo | Dec 2008 | A1 |
| 20090006659 | Collins | Jan 2009 | A1 |
| 20090013324 | Gobara | Jan 2009 | A1 |
| 20090022154 | Kiribe | Jan 2009 | A1 |
| 20090024641 | Quigley | Jan 2009 | A1 |
| 20090030978 | Johnson | Jan 2009 | A1 |
| 20090037763 | Adhya | Feb 2009 | A1 |
| 20090052660 | Chen | Feb 2009 | A1 |
| 20090067429 | Nagai | Mar 2009 | A1 |
| 20090077184 | Brewer | Mar 2009 | A1 |
| 20090092043 | Lapuh | Apr 2009 | A1 |
| 20090097631 | Gisby | Apr 2009 | A1 |
| 20090103515 | Pointer | Apr 2009 | A1 |
| 20090113068 | Fujihira | Apr 2009 | A1 |
| 20090116393 | Hughes | May 2009 | A1 |
| 20090144300 | Chatley | Jun 2009 | A1 |
| 20090157887 | Froment | Jun 2009 | A1 |
| 20090185745 | Momosaki | Jul 2009 | A1 |
| 20090193101 | Munetsugu | Jul 2009 | A1 |
| 20090222344 | Greene | Sep 2009 | A1 |
| 20090228593 | Takeda | Sep 2009 | A1 |
| 20090254572 | Redlich | Oct 2009 | A1 |
| 20090268905 | Matsushima | Oct 2009 | A1 |
| 20090285209 | Stewart | Nov 2009 | A1 |
| 20090287835 | Jacobson | Nov 2009 | A1 |
| 20090288143 | Stebila | Nov 2009 | A1 |
| 20090288163 | Jacobson | Nov 2009 | A1 |
| 20090292743 | Bigus | Nov 2009 | A1 |
| 20090293121 | Bigus | Nov 2009 | A1 |
| 20090300079 | Shitomi | Dec 2009 | A1 |
| 20090300407 | Kamath | Dec 2009 | A1 |
| 20090307333 | Welingkar | Dec 2009 | A1 |
| 20090323632 | Nix | Dec 2009 | A1 |
| 20100005061 | Basco | Jan 2010 | A1 |
| 20100027539 | Beverly | Feb 2010 | A1 |
| 20100046546 | Ram | Feb 2010 | A1 |
| 20100057929 | Merat | Mar 2010 | A1 |
| 20100058346 | Narang et al. | Mar 2010 | A1 |
| 20100088370 | Wu | Apr 2010 | A1 |
| 20100094767 | Miltonberger | Apr 2010 | A1 |
| 20100098093 | Ejzak | Apr 2010 | A1 |
| 20100100465 | Cooke | Apr 2010 | A1 |
| 20100103870 | Garcia-Luna-Aceves | Apr 2010 | A1 |
| 20100124191 | Vos | May 2010 | A1 |
| 20100125911 | Bhaskaran | May 2010 | A1 |
| 20100131660 | Dec | May 2010 | A1 |
| 20100150155 | Napierala | Jun 2010 | A1 |
| 20100165976 | Khan | Jul 2010 | A1 |
| 20100169478 | Saha | Jul 2010 | A1 |
| 20100169503 | Kollmansberger | Jul 2010 | A1 |
| 20100180332 | Ben-Yochanan | Jul 2010 | A1 |
| 20100182995 | Hwang | Jul 2010 | A1 |
| 20100185753 | Liu | Jul 2010 | A1 |
| 20100195653 | Jacobson | Aug 2010 | A1 |
| 20100195654 | Jacobson | Aug 2010 | A1 |
| 20100195655 | Jacobson | Aug 2010 | A1 |
| 20100217874 | Anantharaman | Aug 2010 | A1 |
| 20100232402 | Przybysz | Sep 2010 | A1 |
| 20100232439 | Dham | Sep 2010 | A1 |
| 20100235516 | Nakamura | Sep 2010 | A1 |
| 20100246549 | Zhang | Sep 2010 | A1 |
| 20100250497 | Redlich | Sep 2010 | A1 |
| 20100250939 | Adams | Sep 2010 | A1 |
| 20100268782 | Zombek | Oct 2010 | A1 |
| 20100272107 | Papp | Oct 2010 | A1 |
| 20100284309 | Allan | Nov 2010 | A1 |
| 20100284404 | Gopinath | Nov 2010 | A1 |
| 20100293293 | Beser | Nov 2010 | A1 |
| 20100322249 | Thathapudi | Dec 2010 | A1 |
| 20110013637 | Xue | Jan 2011 | A1 |
| 20110022812 | VanderLinden | Jan 2011 | A1 |
| 20110029952 | Harrington | Feb 2011 | A1 |
| 20110055392 | Shen | Mar 2011 | A1 |
| 20110055921 | Narayanaswamy | Mar 2011 | A1 |
| 20110060716 | Forman | Mar 2011 | A1 |
| 20110060717 | Forman | Mar 2011 | A1 |
| 20110090908 | Jacobson | Apr 2011 | A1 |
| 20110106755 | Hao | May 2011 | A1 |
| 20110145597 | Yamaguchi | Jun 2011 | A1 |
| 20110145858 | Philpott | Jun 2011 | A1 |
| 20110149858 | Hwang | Jun 2011 | A1 |
| 20110153840 | Narayana | Jun 2011 | A1 |
| 20110158122 | Murphy | Jun 2011 | A1 |
| 20110161408 | Kim | Jun 2011 | A1 |
| 20110202609 | Chaturvedi | Aug 2011 | A1 |
| 20110219427 | Hito | Sep 2011 | A1 |
| 20110231578 | Nagappan | Sep 2011 | A1 |
| 20110239256 | Gholmieh | Sep 2011 | A1 |
| 20110258049 | Ramer | Oct 2011 | A1 |
| 20110264824 | Venkata Subramanian | Oct 2011 | A1 |
| 20110265159 | Ronda | Oct 2011 | A1 |
| 20110265174 | Thornton | Oct 2011 | A1 |
| 20110271007 | Wang | Nov 2011 | A1 |
| 20110286457 | Ee | Nov 2011 | A1 |
| 20110286459 | Rembarz | Nov 2011 | A1 |
| 20110295783 | Zhao | Dec 2011 | A1 |
| 20110299454 | Krishnaswamy | Dec 2011 | A1 |
| 20120011170 | Elad | Jan 2012 | A1 |
| 20120011551 | Levy | Jan 2012 | A1 |
| 20120036180 | Thornton | Feb 2012 | A1 |
| 20120047361 | Erdmann | Feb 2012 | A1 |
| 20120066727 | Nozoe | Mar 2012 | A1 |
| 20120106339 | Mishra | May 2012 | A1 |
| 20120114313 | Phillips | May 2012 | A1 |
| 20120120803 | Farkas | May 2012 | A1 |
| 20120127994 | Ko | May 2012 | A1 |
| 20120136676 | Goodall | May 2012 | A1 |
| 20120136936 | Quintuna | May 2012 | A1 |
| 20120136945 | Lee | May 2012 | A1 |
| 20120137367 | Dupont | May 2012 | A1 |
| 20120141093 | Yamaguchi | Jun 2012 | A1 |
| 20120155464 | Kim | Jun 2012 | A1 |
| 20120158973 | Jacobson | Jun 2012 | A1 |
| 20120163373 | Lo | Jun 2012 | A1 |
| 20120179653 | Araki | Jul 2012 | A1 |
| 20120197690 | Agulnek | Aug 2012 | A1 |
| 20120198048 | Ioffe | Aug 2012 | A1 |
| 20120221150 | Arensmeier | Aug 2012 | A1 |
| 20120224487 | Hui | Sep 2012 | A1 |
| 20120257500 | Lynch | Oct 2012 | A1 |
| 20120284791 | Miller | Nov 2012 | A1 |
| 20120290669 | Parks | Nov 2012 | A1 |
| 20120290919 | Melnyk | Nov 2012 | A1 |
| 20120291102 | Cohen | Nov 2012 | A1 |
| 20120314580 | Hong | Dec 2012 | A1 |
| 20120317307 | Ravindran | Dec 2012 | A1 |
| 20120331112 | Chatani | Dec 2012 | A1 |
| 20130024560 | Vasseur | Jan 2013 | A1 |
| 20130041982 | Shi | Feb 2013 | A1 |
| 20130051392 | Filsfils | Feb 2013 | A1 |
| 20130060962 | Wang | Mar 2013 | A1 |
| 20130073552 | Rangwala | Mar 2013 | A1 |
| 20130074155 | Huh | Mar 2013 | A1 |
| 20130091539 | Khurana | Apr 2013 | A1 |
| 20130110987 | Kim | May 2013 | A1 |
| 20130111063 | Lee | May 2013 | A1 |
| 20130151584 | Westphal | Jun 2013 | A1 |
| 20130163426 | Beliveau | Jun 2013 | A1 |
| 20130166668 | Byun | Jun 2013 | A1 |
| 20130173822 | Hong | Jul 2013 | A1 |
| 20130182568 | Lee | Jul 2013 | A1 |
| 20130182931 | Fan et al. | Jul 2013 | A1 |
| 20130185406 | Choi | Jul 2013 | A1 |
| 20130191412 | Kitamura | Jul 2013 | A1 |
| 20130197698 | Shah | Aug 2013 | A1 |
| 20130198119 | Eberhardt, III | Aug 2013 | A1 |
| 20130219038 | Lee | Aug 2013 | A1 |
| 20130219081 | Qian | Aug 2013 | A1 |
| 20130219478 | Mahamuni | Aug 2013 | A1 |
| 20130223237 | Hui | Aug 2013 | A1 |
| 20130227114 | Vasseur | Aug 2013 | A1 |
| 20130227166 | Ravindran | Aug 2013 | A1 |
| 20130242996 | Varvello | Sep 2013 | A1 |
| 20130250809 | Hui | Sep 2013 | A1 |
| 20130282854 | Jang | Oct 2013 | A1 |
| 20130282860 | Zhang | Oct 2013 | A1 |
| 20130282920 | Zhang | Oct 2013 | A1 |
| 20130304937 | Lee | Nov 2013 | A1 |
| 20130329696 | Xu | Dec 2013 | A1 |
| 20130336323 | Srinivasan | Dec 2013 | A1 |
| 20130339481 | Hong | Dec 2013 | A1 |
| 20130343408 | Cook | Dec 2013 | A1 |
| 20140003232 | Guichard | Jan 2014 | A1 |
| 20140006354 | Parkison | Jan 2014 | A1 |
| 20140006565 | Muscariello | Jan 2014 | A1 |
| 20140029445 | Hui | Jan 2014 | A1 |
| 20140032714 | Liu | Jan 2014 | A1 |
| 20140040505 | Barton | Feb 2014 | A1 |
| 20140040628 | FORT | Feb 2014 | A1 |
| 20140074730 | Arensmeier | Mar 2014 | A1 |
| 20140075567 | Raleigh | Mar 2014 | A1 |
| 20140082135 | Jung | Mar 2014 | A1 |
| 20140089454 | Jeon | Mar 2014 | A1 |
| 20140096249 | Dupont | Apr 2014 | A1 |
| 20140108474 | David | Apr 2014 | A1 |
| 20140115037 | Liu | Apr 2014 | A1 |
| 20140129736 | Yu | May 2014 | A1 |
| 20140136814 | Stark | May 2014 | A1 |
| 20140140348 | Perlman | May 2014 | A1 |
| 20140143370 | Vilenski | May 2014 | A1 |
| 20140146819 | Bae | May 2014 | A1 |
| 20140149733 | Kim | May 2014 | A1 |
| 20140156396 | deKozan | Jun 2014 | A1 |
| 20140165207 | Engel | Jun 2014 | A1 |
| 20140172783 | Suzuki | Jun 2014 | A1 |
| 20140172981 | Kim | Jun 2014 | A1 |
| 20140173034 | Liu | Jun 2014 | A1 |
| 20140173076 | Ravindran et al. | Jun 2014 | A1 |
| 20140192717 | Liu | Jul 2014 | A1 |
| 20140195328 | Ferens | Jul 2014 | A1 |
| 20140195641 | Wang et al. | Jul 2014 | A1 |
| 20140195666 | Dumitriu | Jul 2014 | A1 |
| 20140233575 | Xie | Aug 2014 | A1 |
| 20140237085 | Park | Aug 2014 | A1 |
| 20140245359 | DeFoy | Aug 2014 | A1 |
| 20140254595 | Luo | Sep 2014 | A1 |
| 20140280823 | Varvello | Sep 2014 | A1 |
| 20140281489 | Peterka | Sep 2014 | A1 |
| 20140281505 | Zhang | Sep 2014 | A1 |
| 20140282816 | Xie | Sep 2014 | A1 |
| 20140289325 | Solis | Sep 2014 | A1 |
| 20140289790 | Wilson | Sep 2014 | A1 |
| 20140314093 | You | Oct 2014 | A1 |
| 20140337276 | Iordanov | Nov 2014 | A1 |
| 20140365550 | Jang | Dec 2014 | A1 |
| 20150006896 | Franck | Jan 2015 | A1 |
| 20150018770 | Baran | Jan 2015 | A1 |
| 20150032892 | Narayanan | Jan 2015 | A1 |
| 20150039890 | Khosravi | Feb 2015 | A1 |
| 20150063802 | Bahadur | Mar 2015 | A1 |
| 20150089081 | Thubert | Mar 2015 | A1 |
| 20150095481 | Ohnishi | Apr 2015 | A1 |
| 20150095514 | Yu | Apr 2015 | A1 |
| 20150188770 | Naiksatam | Jul 2015 | A1 |
| 20150195149 | Vasseur | Jul 2015 | A1 |
| 20150207633 | Ravindran | Jul 2015 | A1 |
| 20160192186 | Lin | Jun 2016 | A1 |
| 20160286393 | Rasheed | Sep 2016 | A1 |
| Number | Date | Country |
|---|---|---|
| 1720277 | Jun 1967 | DE |
| 19620817 | Nov 1997 | DE |
| 0295727 | Dec 1988 | EP |
| 0757065 | Jul 1996 | EP |
| 1077422 | Feb 2001 | EP |
| 1384729 | Jan 2004 | EP |
| 2124415 | Nov 2009 | EP |
| 2214357 | Aug 2010 | EP |
| 03005288 | Jan 2003 | WO |
| 03042254 | May 2003 | WO |
| 03049369 | Jun 2003 | WO |
| 03091297 | Nov 2003 | WO |
| 2007113180 | Oct 2007 | WO |
| 2007144388 | Dec 2007 | WO |
| 2011049890 | Apr 2011 | WO |
| 2013123410 | Aug 2013 | WO |
| Entry |
|---|
| Jacobson, Van et al., “Content-Centric Networking, Whitepaper Describing Future Assurable Global Networks”, Palo Alto Research Center, Inc., Jan. 30, 2007, pp. 1-9. |
| Koponen, Teemu et al., “A Data-Oriented (and Beyond) Network Architecture”, SIGCOMM '07, Aug. 27-31, 2007, Kyoto, Japan, XP-002579021, p. 181-192. |
| Fall, K. et al., “DTN: an architectural retrospective”, Selected areas in communications, IEEE Journal on, vol. 28, No. 5, Jun. 1, 2008, pp. 828-835. |
| Gritter, M. et al., ‘An Architecture for content routing support in the Internet’, Proceedings of 3rd Usenix Symposium on Internet Technologies and Systems, 2001, pp. 37-48. |
| “CCNx,” http://ccnx.org/. downloaded Mar. 11, 2015. |
| “Content Delivery Network”, Wikipedia, Dec. 10, 2011, http://en.wikipedia.org/w/index.php?title=Content—delivery—network&oldid=465077460. |
| “Digital Signature” archived on Aug. 31, 2009 at http://web.archive.org/web/20090831170721/http://en.wikipedia.org/wiki/Digital—signature. |
| “Introducing JSON,” http://www.json.org/. downloaded Mar. 11, 2015. |
| “Microsoft PlayReady,” http://www.microsoft.com/playready/.downloaded Mar. 11, 2015. |
| “Pursuing a pub/sub internet (PURSUIT),” http://www.fp7-pursuit.ew/PursuitWeb/. downloaded Mar. 11, 2015. |
| “The FP7 4WARD project,” http://www.4ward-project.eu/. downloaded Mar. 11, 2015. |
| A. Broder and A. Karlin, “Multilevel Adaptive Hashing”, Jan. 1990, pp. 43-53. |
| Detti, Andrea, et al. “CONET: a content centric inter-networking architecture.” Proceedings of the ACM SIGCOMM workshop on Information-centric networking. ACM, 2011. |
| A. Wolman, M. Voelker, N. Sharma N. Cardwell, A. Karlin, and H.M. Levy, “On the scale and performance of cooperative web proxy caching,” ACM SIGHOPS Operating Systems Review, vol. 33, No. 5, pp. 16-31, Dec. 1999. |
| Afanasyev, Alexander, et al. “Interest flooding attack and countermeasures in Named Data Networking.” IFIP Networking Conference, 2013. IEEE, 2013. |
| Ao-Jan Su, David R. Choffnes, Aleksandar Kuzmanovic, and Fabian E. Bustamante. Drafting Behind Akamai: Inferring Network Conditions Based on CDN Redirections. IEEE/ACM Transactions on Networking {Feb. 2009). |
| B. Ahlgren et al., ‘A Survey of Information-centric Networking’ IEEE Commun. Magazine, Jul. 2012, pp. 26-36. |
| “PBC Library-Pairing-Based Cryptography-About,” http://crypto.stanford.edu/pbc. downloaded Apr. 27, 2015. |
| Bari, MdFaizul, et al. ‘A survey of naming and routing in information-centric networks.’ Communications Magazine, IEEE 50.12 (2012): 44-53. |
| Baugher, Mark et al., “Self-Verifying Names for Read-Only Named Data”, 2012 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Mar. 2012, pp. 274-279. |
| Brambley, Michael, A novel, low-cost, reduced-sensor approach for providing smart remote monitoring and diagnostics for packaged air conditioners and heat pumps. Pacific Northwest National Laboratory, 2009. |
| C. Gentry and A. Silverberg. Hierarchical ID-Based Cryptography. Advances in Cryptology—ASIACRYPT 2002. Springer Berlin Heidelberg (2002). |
| C.A. Wood and E. Uzun, “Flexible end-to-end content security in CCN,” in Proc. IEEE CCNC 2014, Las Vegas, CA, USA, Jan. 2014. |
| Carzaniga, Antonio, Matthew J. Rutherford, and Alexander L. Wolf. ‘A routing scheme for content-based networking.’ INFOCOM 2004. Twenty-third Annual Joint Conference of the IEEE Computer and Communications Societies. vol. 2. IEEE, 2004. |
| Cho, Jin-Hee, Ananthram Swami, and Ray Chen. “A survey on trust management for mobile ad hoc networks.” Communications Surveys & Tutorials, IEEE 13.4 (2011): 562-583. |
| Compagno, Alberto, et al. “Poseidon: Mitigating interest flooding DDoS attacks in named data networking.” Local Computer Networks (LCN), 2013 IEEE 38th Conference on. IEEE, 2013. |
| Conner, William, et al. “A trust management framework for service-oriented environments.” Proceedings of the 18th international conference on World wide web. ACM, 2009. |
| Content Centric Networking Project (CCN) [online], http://ccnx.org/releases/latest/doc/technical/, Downloaded Mar. 9, 2015. |
| Content Mediator Architecture for Content-aware Networks (COMET) Project [online], http://www.comet-project.org/, Downloaded Mar. 9, 2015. |
| Boneh et al., “Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys”, 2005. |
| D. Boneh and M. Franklin. Identity-Based Encryption from the Weil Pairing. Advances in Cryptology—CRYPTO 2001, vol. 2139, Springer Berlin Heidelberg (2001). |
| D.K. Smetters, P. Golle, and J.D. Thornton, “CCNx access control specifications,” PARC, Tech. Rep., Jul. 2010. |
| Dabirmoghaddam, Ali, Maziar Mirzazad Barijough, and J. J. Garcia-Luna-Aceves. ‘Understanding optimal caching and opportunistic caching at the edge of information-centric networks.’ Proceedings of the 1st international conference on Information-centric networking. ACM, 2014. |
| Detti et al., “Supporting the Web with an information centric network that routes by name”, Aug. 2012, Computer Networks 56, pp. 3705-3702. |
| Dijkstra, Edsger W., and Carel S. Scholten. ‘Termination detection for diffusing computations.’ Information Processing Letters 11.1 (1980): 1-4. |
| Dijkstra, Edsger W., Wim HJ Feijen, and A—J M. Van Gasteren. “Derivation of a termination detection algorithm for distributed computations.” Control Flow and Data Flow: concepts of distributed programming. Springer Berlin Heidelberg, 1986. 507-512. |
| E. Rescorla and N. Modadugu, “Datagram transport layer security,” IETF RFC 4347, Apr. 2006. |
| E.W. Dijkstra, W. Feijen, and A.J.M. Van Gasteren, “Derivation of a Termination Detection Algorithm for Distributed Computations,” Information Processing Letter, vol. 16, No. 5, 1983. |
| Fayazbakhsh, S. K., Lin, Y., Tootoonchian, A., Ghodsi, A., Koponen, T., Maggs, B., & Shenker, S. {Aug. 2013). Less pain, most of the gain: Incrementally deployable ICN. In ACM SIGCOMM Computer Communication Review (vol. 43, No. 4, pp. 147-158). ACM. |
| Anteniese et al., “Improved Proxy Re-Encryption Schemes with Applications to Secure Distributed Storage”, 2006. |
| G. Tyson, S. Kaune, S. Miles, Y. El-Khatib, A. Mauthe, and A. Taweel, “A trace-driven analysis of caching in content-centric networks,” in Proc. IEEE ICCCN 2012, Munich, Germany, Jul.-Aug. 2012, pp. 1-7. |
| G. Wang, Q. Liu, and J. Wu, “Hierarchical attribute-based encryption for fine-grained access control in cloud storage services,” in Proc. ACM CCS 2010, Chicago, IL, USA, Oct. 2010, pp. 735-737. |
| G. Xylomenos et al., “A Survey of Information-centric Networking Research,” IEEE Communication Surveys and Tutorials, Jul. 2013. |
| Garcia, Humberto E., Wen-Chiao Lin, and Semyon M. Meerkov. “A resilient condition assessment monitoring system.” Resilient Control Systems (ISRCS), 2012 5th International Symposium on. IEEE, 2012. |
| Garcia-Luna-Aceves, Jose J. ‘A unified approach to loop-free routing using distance vectors or link states.’ ACM SIGCOMM Computer Communication Review. vol. 19. No. 4. ACM, 1989. |
| Garcia-Luna-Aceves, Jose J. ‘Name-Based Content Routing in Information Centric Networks Using Distance Information’ Proc ACM ICN 2014, Sep. 2014. |
| Ghali, Cesar, GeneTsudik, and Ersin Uzun. “Needle in a Haystack: Mitigating Content Poisoning in Named-Data Networking.” Proceedings of NDSS Workshop on Security of Emerging Networking Technologies (SENT). 2014. |
| Ghodsi, Ali, et al. “Information-centric networking: seeing the forest for the trees.” Proceedings of the 10th ACM Workshop on Hot Topics in Networks. ACM, 2011. |
| Ghodsi, Ali, et al. “Naming in content-oriented architectures.” Proceedings of the ACM SIGCOMM workshop on Information-centric networking. ACM, 2011. |
| Gupta, Anjali, Barbara Liskov, and Rodrigo Rodrigues. “Efficient Routing for Peer-to-Peer Overlays.” NSDI. vol. 4. 2004. |
| Xiong et al., “CloudSeal: End-to-End Content Protection in Cloud-based Storage and Delivery Services”, 2012. |
| Heckerman, David, John S. Breese, and Koos Rommelse. “Decision-Theoretic Troubleshooting.” Communications of the ACM. 1995. |
| Heinemeier, Kristin, et al. “Uncertainties in Achieving Energy Savings from HVAC Maintenance Measures in the Field.” ASHRAE Transactions 118.Part 2 {2012). |
| Herlich, Matthias et al., “Optimizing Energy Efficiency for Bulk Transfer Networks”, Apr. 13, 2010, pp. 1-3, retrieved for the Internet: URL:http://www.cs.uni-paderborn.de/fileadmin/informationik/ag-karl/publications/miscellaneous/optimizing.pdf (retrieved on Mar. 9, 2012). |
| Hoque et al., ‘NLSR: Named-data Link State Routing Protocol’, Aug. 12, 2013, ICN 2013, pp. 15-20. |
| https://code.google.com/p/ccnx-trace/. |
| I. Psaras, R.G. Clegg, R. Landa, W.K. Chai, and G. Pavlou, “Modelling and evaluation of CCN-caching trees,” in Proc. IFIP Networking 2011, Valencia, Spain, May 2011, pp. 78-91. |
| Intanagonwiwat, Chalermek, Ramesh Govindan, and Deborah Estrin. ‘Directed diffusion: a scalable and robust communication paradigm for sensor networks.’ Proceedings of the 6th annual international conference on Mobile computing and networking. ACM, 2000. |
| J. Aumasson and D. Bernstein, “SipHash: a fast short-input PRF”, Sep. 18, 2012. |
| J. Bethencourt, A, Sahai, and B. Waters, ‘Ciphertext-policy attribute-based encryption,’ in Proc. IEEE Security & Privacy 2007, Berkeley, CA, USA, May 2007, pp. 321-334. |
| J. Hur, “Improving security and efficiency in attribute-based data sharing,” IEEE Trans. Knowledge Data Eng., vol. 25, No. 10, pp. 2271-2282, Oct. 2013. |
| J. Shao and Z. Cao. CCA-Secure Proxy Re-Encryption without Pairings. Public Key Cryptography. Springer Lecture Notes in Computer Sciencevol. 5443 (2009). |
| V. Jacobson et al., ‘Networking Named Content,’ Proc. IEEE CoNEXT '09, Dec. 2009. |
| Jacobson, Van et al. ‘VoCCN: Voice Over Content-Centric Networks.’ Dec. 1, 2009. ACM ReArch'09. |
| Jacobson et al., “Custodian-Based Information Sharing,” Jul. 2012, IEEE Communications Magazine: vol. 50 Issue 7 (p. 3843). |
| Ji, Kun, et al. “Prognostics enabled resilient control for model-based building automation systems.” Proceedings of the 12th Conference of International Building Performance Simulation Association. 2011. |
| K. Liang, L. Fang, W. Susilo, and D.S. Wong, “A Ciphertext-policy attribute-based proxy re-encryption with chosen-ciphertext security,” in Proc. INCoS 2013, Xian, China, Sep. 2013, pp. 552-559. |
| Katipamula, Srinivas, and Michael R. Brambley. “Review article: methods for fault detection, diagnostics, and prognostics for building systemsa review, Part I.” HVAC&R Research 11.1 (2005): 3-25. |
| Katipamula, Srinivas, and Michael R. Brambley. “Review article: methods for fault detection, diagnostics, and prognostics for building systemsa review, Part II.” HVAC&R Research 11.2 (2005): 169-187. |
| L. Wang et al., ‘OSPFN: An OSPF Based Routing Protocol for Named Data Networking,’ Technical Report NDN-0003, 2012. |
| L. Zhou, V. Varadharajan, and M. Hitchens, “Achieving secure role-based access control on encrypted data in cloud storage,” IEEE Trans. Inf. Forensics Security, vol. 8, No. 12, pp. 1947-1960, Dec. 2013. |
| Li, Wenjia, Anupam Joshi, and Tim Finin. “Coping with node misbehaviors in ad hoc networks: A multi-dimensional trust management approach.” Mobile Data Management (MDM), 2010 Eleventh International Conference on. IEEE, 2010. |
| Lopez, Javier, et al. “Trust management systems for wireless sensor networks: Best practices.” Computer Communications 33.9 (2010): 1086-1093. |
| Gopal et al. “Integrating content-based Mechanisms with hierarchical File systems”, Feb. 1999, University of Arizona, 15 pages. |
| M. Green and G. Ateniese, “Identity-based proxy re-encryption,” in Proc. ACNS 2007, Zhuhai, China, Jun. 2007, pp. 288-306. |
| M. Ion, J. Zhang, and E.M. Schooler, “Toward content-centric privacy in ICM: Attribute-based encryption and routing,” in Proc. ACM SIGCOMM ICN 2013, Hong Kong, China, Aug. 2013, pp. 39-40. |
| B. Naor and Pinkas “Efficient trace and revoke schemes,” in Proc. FC 2000, Anguilla, British West Indies, Feb. 2000, pp. 1-20. |
| M. Nystrom, S. Parkinson, A. Rusch, and M. Scott, “PKCS#12: Personal information exchange syntax v. 1.1,” IETF RFC 7292, K. Moriarty, Ed., Jul. 2014. |
| M. Parsa and J.J. Garcia-Luna-Aceves, “A Protocol for Scalable Loop-free Multicast Routing.” IEEE JSAC, Apr. 1997. |
| M. Walfish, H. Balakrishnan, and S. Shenker, “Untangling the web from DNS,” in Proc. USENIX NSDI 2004, Oct. 2010, pp. 735-737. |
| Mahadevan, Priya, et al. “Orbis: rescaling degree correlations to generate annotated internet topologies.” ACM SIGCOMM Computer Communication Review. vol. 37. No. 4. ACM, 2007. |
| Mahadevan, Priya, et al. “Systematic topology analysis and generation using degree correlations.” ACM SIGCOMM Computer Communication Review. vol. 36. No. 4. ACM, 2006. |
| Matocha, Jeff, and Tracy Camp. ‘A taxonomy of distributed termination detection algorithms.’ Journal of Systems and Software 43.3 (1998): 207-221. |
| Matteo Varvello et al., “Caesar: A Content Router for High Speed Forwarding”, ICN 2012, Second Edition on Information-Centric Networking, New York, Aug. 2012. |
| McWilliams, Jennifer A., and lain S. Walker. “Home Energy Article: A Systems Approach to Retrofitting Residential HVAC Systems.” Lawrence Berkeley National Laboratory (2005). |
| Merindol et al., “An efficient algorithm to enable path diversity in link state routing networks”, Jan. 10, Computer Networks 55 (2011), pp. 1132-1140. |
| Mobility First Project [online], http://mobilityfirst.winlab.rutgers.edu/, Downloaded Mar. 9, 2015. |
| Narasimhan, Sriram, and Lee Brownston. “HyDE-A General Framework for Stochastic and Hybrid Modelbased Diagnosis.” Proc. DX 7 (2007): 162-169. |
| NDN Project [online], http://www.named-data.net/, Downloaded Mar. 9, 2015. |
| Omar, Mawloud, Yacine Challal, and Abdelmadjid Bouabdallah. “Certification-based trust models in mobile ad hoc networks: A survey and taxonomy.” Journal of Network and Computer Applications 35.1 (2012): 268-286. |
| P. Mahadevan, E.Uzun, S. Sevilla, and J. Garcia-Luna-Aceves, “CCN-krs: A key resolution service for ccn,” in Proceedings of the 1st International Conference on Information-centric Networking, Ser. INC 14 New York, NY, USA: ACM, 2014, pp. 97-106. [Online]. Available: http://doi.acm.org/10.1145/2660129.2660154. |
| R. H. Deng, J. Weng, S. Liu, and K. Chen. Chosen-Ciphertext Secure Proxy Re-Encryption without Pairings. CANS. Spring Lecture Notes in Computer Science vol. 5339 (2008). |
| Rosenberg, J. “Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols”, Apr. 2010, pp. 1-117. |
| S. Chow, J. Weng, Y. Yang, and R. Deng. Efficient Unidirectional Proxy Re-Encryption. Progress in Cryptology—AFRICACRYPT 2010. Springer Berlin Heidelberg (2010). |
| S. Deering, “Multicast Routing in Internetworks and Extended LANs,” Proc. ACM SIGCOMM '88, Aug. 1988. |
| S. Deering et al., “The Pim architecture for wide-area multicast routing,” IEEE/ACM Trans, on Networking, vol. 4, No. 2, Apr. 1996. |
| S. Jahid, P. Mittal, and N. Borisov, “Easier: Encryption-based access control in social network with efficient revocation,” in Proc. ACM ASIACCS 2011, Hong Kong, China, Mar. 2011, pp. 411-415. |
| S. Kamara and K. Lauter, “Cryptographic cloud storage,” in Proc. FC 2010, Tenerife, Canary Islands, Spain, Jan. 2010, pp. 136-149. |
| S. Kumar et al. “Peacock Hashing: Deterministic and Updatable Hashing for High Performance Networking,” 2008, pp. 556-564. |
| S. Misra, R. Tourani, and N.E. Majd, “Secure content delivery in information-centric networks: Design, implementation, and analyses,” in Proc. ACM SIGCOMM ICN 2013, Hong Kong, China, Aug. 2013, pp. 73-78. |
| S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving secure, scalable, and fine-grained data access control in cloud computing,” in Proc. IEEE INFOCOM 2010, San Diego, CA, USA, Mar. 2010, pp. 1-9. |
| S.J. Lee, M. Gerla, and C. Chiang, “On-demand Multicast Routing Protocol in Multihop Wireless Mobile Networks,” Mobile Networks and Applications, vol. 7, No. 6, 2002. |
| Sandvine, Global Internet Phenomena Report—Spring 2012. Located online at http://www.sandvine.com/downloads/ documents/Phenomenal H 2012/Sandvine Global Internet Phenomena Report 1H 2012.pdf. |
| Scalable and Adaptive Internet Solutions (SAIL) Project [online], http://sail-project.eu/ Downloaded Mar. 9, 2015. |
| Schein, Jeffrey, and Steven T. Bushby. A Simulation Study of a Hierarchical, Rule-Based Method for System-Level Fault Detection and Diagnostics in HVAC Systems. US Department of Commerce,[Technology Administration], National Institute of Standards and Technology, 2005. |
| Shani, Guy, Joelle Pineau, and Robert Kaplow. “A survey of point-based POMDP solvers.” Autonomous Agents and Multi-Agent Systems 27.1 (2013): 1-51. |
| Sheppard, John W., and Stephyn GW Butcher. “A formal analysis of fault diagnosis with d-matrices.” Journal of Electronic Testing 23.4 (2007): 309-322. |
| Shih, Eugene et al., ‘Wake on Wireless: An Event Driven Energy Saving Strategy for Battery Operated Devices’, Sep. 23, 2002, pp. 160-171. |
| Shneyderman, Alex et al., 'Mobile VPN: Delivering Advanced Services in Next Generation Wireless Systems', Jan. 1, 2003, pp. 3-29. |
| Solis, Ignacio, and J. J. Garcia-Luna-Aceves. ‘Robust content dissemination in disrupted environments.’ proceedings of the third ACM workshop on Challenged networks. ACM, 2008. |
| Sun, Ying, and Daniel S. Weld. “A framework for model-based repair.” AAAI. 1993. |
| T. Ballardie, P. Francis, and J. Crowcroft, “Core Based Trees (CBT),” Proc. ACM SIGCOMM '88, Aug. 1988. |
| T. Dierts, “The transport layer security (TLS) protocol version 1.2,” IETF RFC 5246, 2008. |
| T. Koponen, M. Chawla, B.-G. Chun, A. Ermolinskiy, K.H. Kim, S. Shenker, and I. Stoica, ‘A data-oriented (and beyond) network architecture,’ ACM SIGCOMM Computer Communication Review, vol. 37, No. 4, pp. 181-192, Oct. 2007. |
| The Despotify Project (2012). Available online at http://despotify.sourceforge.net/. |
| V. Goyal, 0. Pandey, A. Sahai, and B. Waters, “Attribute-based encryption for fine-grained access control of encrypted data,” in Proc. ACM CCS 2006, Alexandria, VA, USA, Oct.-Nov. 2006, pp. 89-98. |
| V. Jacobson, D.K. Smetters, J.D. Thornton, M.F. Plass, N.H. Briggs, and R.L. Braynard, ‘Networking named content,’ in Proc. ACM CoNEXT 2009, Rome, Italy, Dec. 2009, pp. 1-12. |
| V. K. Adhikari, S. Jain, Y. Chen, and Z.-L. Zhang. Vivisecting Youtube:An Active Measurement Study. In INFOCOM12 Mini-conference (2012). |
| Verma, Vandi, Joquin Fernandez, and Reid Simmons. “Probabilistic models for monitoring and fault diagnosis.” The Second IARP and IEEE/RAS Joint Workshop on Technical Challenges for Dependable Robots in Human Environments. Ed. Raja Chatila. Oct. 2002. |
| Vijay Kumar Adhikari, Yang Guo, Fang Hao, Matteo Varvello, Volker Hilt, Moritz Steiner, and Zhi-Li Zhang. Unreeling Netflix: Understanding and Improving Multi-CDN Movie Delivery. In the Proceedings of IEEE INFOCOM 2012 (2012). |
| Vutukury, Srinivas, and J. J. Garcia-Luna-Aceves. A simple approximation to minimum-delay routing. vol. 29. No. 4. ACM, 1999. |
| W.-G. Tzeng and Z.-J. Tzeng, “A public-key traitor tracing scheme with revocation using dynamic shares,” in Proc. PKC 2001, Cheju Island, Korea, Feb. 2001, pp. 207-224. |
| Waldvogel, Marcel “Fast Longest Prefix Matching: Algorithms, Analysis, and Applications”, A dissertation submitted to the Swiss Federal Institute of Technology Zurich, 2002. |
| Walker, lain S. Best practices guide for residential HVAC Retrofits. No. LBNL-53592. Ernest Orlando Lawrence Berkeley National Laboratory, Berkeley, CA (US), 2003. |
| Wang, Jiangzhe et al.,“DMND: Collecting Data from Mobiles Using Named Data”, Vehicular Networking Conference, 2010 IEEE, pp. 49-56. |
| Xylomenos, George, et al. “A survey of information-centric networking research.” Communications Surveys & Tutorials, IEEE 16.2 (2014): 1024-1049. |
| Yi, Cheng, et al. ‘A case for stateful forwarding plane.’ Computer Communications 36.7 (2013): 779-791. |
| Yi, Cheng, et al. ‘Adaptive forwarding in named data networking.’ ACM SIGCOMM computer communication review 42.3 (2012): 62-67. |
| Zahariadis, Theodore, et al. “Trust management in wireless sensor networks.” European Transactions on Telecommunications 21.4 (2010): 386-395. |
| Zhang, et al., “Named Data Networking (NDN) Project”, http://www.parc.com/publication/2709/named-data-networking-ndn-project.html, Oct. 2010, NDN-0001, PARC Tech Report. |
| Zhang, Lixia, et al. ‘Named data networking.’ ACM SIGCOMM Computer Communication Review 44.3 {2014): 66-73. |
| J. Lotspiech, S. Nusser, and F. Pestoni. Anonymous Trust: Digit. |
| RTMP (2009). Available online at http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/rtmp/ pdf/rtmp specification 1.0.pdf. |
| S. Kamara and K. Lauter. Cryptographic Cloud Storage. Financial Cryptography and Data Security. Springer Berlin Heidelberg (2010). |
| Soh et al., “Efficient Prefix Updates for IP Router Using Lexicographic Ordering and Updateable Address Set”, Jan. 2008, IEEE Transactions on Computers, vol. 57, No. 1. |
| Beben et al., “Content Aware Network based on Virtual Infrastructure”, 2012 13th ACIS International Conference on Software Engineering. |
| Biradar et al., “Review of multicast routing mechanisms in mobile ad hoc networks”, Aug. 16, Journal of Network and Computer Applications 35 (2012) 221-229. |
| D. Trossen and G. Parisis, “Designing and realizing and information-centric internet,” IEEE Communications Magazing, vol. 50, No. 7, pp. 60-67, Jul. 2012. |
| Garcia-Luna-Aceves et al., “Automatic Routing Using Multiple Prefix Labels”, 2012, IEEE, Ad Hoc and Sensor Networking Symposium. |
| Gasti, Paolo et al., ‘DoS & DDoS in Named Data Networking’, 2013 22nd International Conference on Computer Communications and Networks (ICCCN), Aug. 2013, pp. 1-7. |
| lshiyama, “On the Effectiveness of Diffusive Content Caching in Content-Centric Networking”, Nov. 5, 2012, IEEE, Information and Telecommunication Technologies (APSITT), 2012 9th Asia-Pacific Symposium. |
| J. Hur and D.K. Noh, “Attribute-based access control with efficient revocation in data outsourcing systers,” IEEE Trans. Parallel Distrib. Syst, vol. 22, No. 7, pp. 1214-1221, Jul. 2011. |
| Kaya et al., “A Low Power Lookup Technique for Multi-Hashing Network Applications”, 2006 IEEE Computer Society Annual Symposium on Emerging VLSI Technologies and Architectures, Mar. 2006. |
| Hoque et al., “NLSR: Named-data Link State Routing Protocol”, Aug. 12, 2013, ICN'13. |
| Nadeem Javaid, “Analysis and design of quality link metrics for routing protocols in Wireless Networks”, PhD Thesis Defense, Dec. 15, 2010, Universete Paris—Est. |
| Wetherall, David, “Active Network vision and reality: Lessons form a capsule-based system”, ACM Symposium on Operating Systems Principles, Dec. 1, 1999. pp. 64-79. |
| Kulkarni A.B. et al., “Implementation of a prototype active network”, IEEE, Open Architectures and Network Programming, Apr. 3, 1998, pp. 130-142. |
| Xie et al. “Collaborative Forwarding and Caching in Content Centric Networks”, Networking 2012. |
| Amadeo et al. “Design and Analysis of a Transport-Level Solution for Content-Centric VANETs”, University “Mediterranea” of Reggio Calabria, Jun. 15, 2013. |
| Lui et al. (A TLV-Structured Data Naming Scheme for Content-Oriented Networking, pp. 5822-5827, International Workshop on the Network of the Future, Communications (ICC), 2012 IEEE International Conference on Jun. 10-15, 2012). |
| Peter Dely et al. “OpenFlow for Wireless Mesh Networks” Computer Communications and Networks, 2011 Proceedings of 20th International Conference on, IEEE, Jul. 31, 2011 (Jul. 31, 2011), pp. 1-6. |
| Garnepudi Parimala et al “Proactive, reactive and hybrid multicast routing protocols for Wireless Mesh Networks”, 2013 IEEE International Conference on Computational Intelligence and Computing Research, IEEE, Dec. 26, 2013, pp. 1-7. |
| Tiancheng Zhuang et al. “Managing Ad Hoc Networks of Smartphones”, International Journal of Information and Education Technology, Oct. 1, 2013. |
| Number | Date | Country | |
|---|---|---|---|
| 20170126643 A1 | May 2017 | US |
