公开(公告)号：US10263965B2

公开(公告)日：2019-04-16

申请号：US14885904

申请日：2015-10-16

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Marc E. Mosko ,  Christopher A. Wood

IPC: H04L29/06 ,  H04L9/00 ,  H04L9/14 ,  H04L9/32 ,  H04L9/06 ,  H04L9/30

Abstract: One embodiment provides a system that facilitates selective encryption of bit groups of a message. During operation, the system determines, by a content requesting device or content producing device, a message that includes a plurality of bit groups, each corresponding to a type, a length, and a set of values, wherein one or more bit groups are marked for encryption, and wherein the message indicates a name that is a hierarchically structured variable-length identifier comprising contiguous name components ordered from a most general level to a most specific level. The system computes a plurality of cipher blocks for the message based on an authenticated encryption protocol. The system encrypts the one or more bit groups marked for encryption based on one or more symmetric keys, wherein the marked bit groups include one or more name components. Subsequently, the system indicates the encrypted bit groups as encrypted.

公开(公告)号：US10172068B2

公开(公告)日：2019-01-01

申请号：US14161406

申请日：2014-01-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Marc E. Mosko ,  Jose J. Garcia-Luna-Aceves

IPC: H04W40/04 ,  H04L12/24 ,  H04L12/721 ,  H04W40/24 ,  H04L12/717 ,  H04W84/18 ,  H04W40/32

Abstract: One embodiment provides a mobile ad-hoc network (MANET). The MANET includes a plurality of mobile nodes and a centralized controller node. The controller node includes a receiving mechanism configured to receive, from a source mobile node, a request for a service, with the request including an identifier associated with the requested service; an identification mechanism configured to identify a destination mobile node that provides the service associated with the identifier; a path-computation mechanism configured to compute a path between the source mobile node and the destination mobile node using a network graph for the mobile nodes; and a path-sending mechanism configured to send the computed path to at least the destination mobile node, which facilitates establishing a route between the source mobile node and the destination mobile node.

公开(公告)号：US10129230B2

公开(公告)日：2018-11-13

申请号：US15690485

申请日：2017-08-30

Applicant: Cisco Technology, Inc.

Inventor： Christopher A. Wood ,  Marc E. Mosko ,  Ersin Uzun

IPC: H04L29/06 ,  H04L9/08 ,  H04W12/04

Abstract: One embodiment provides a system that facilitates secure communication between computing entities. During operation, the system generates, by a content-consuming device, a first key based on a first consumer-share key and a previously received producer-share key. The system constructs a first interest packet that includes the first consumer-share key and a nonce token which is used as a pre-image of a previously generated first nonce, wherein the first interest has a name that includes a first prefix, and wherein the first nonce is used to establish a session between the content-consuming device and a content-producing device. In response to the nonce token being verified by the content-producing device, the system receives a first content-object packet with a payload that includes a first resumption indicator encrypted based on a second key. The system generates the second key based on a second consumer-share key and the first content-object packet.

公开(公告)号：US10098051B2

公开(公告)日：2018-10-09

申请号：US14161410

申请日：2014-01-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Marc E. Mosko ,  Jose J. Garcia-Luna-Aceves

IPC: H04W40/02 ,  H04W28/10 ,  H04L12/715 ,  H04W40/24 ,  H04L12/751 ,  H04L12/717 ,  H04L12/761

Abstract: One embodiment provides a mobile wireless network that includes a plurality of wireless nodes and a controller node which manages a weighted network graph for the plurality of wireless nodes. A local wireless node sends a route-request message associated with at least one destination node to the controller node, receives a path to the destination node, and routes a packet to the destination node based on the received path. The path is computed based on the weighted network graph. One embodiment provides a system for routing in a mobile wireless network that comprises a plurality of wireless nodes. The system receives a route-request message associated with at least one destination node from a source node, computes a path between the source node and the destination node based on a weighted network graph for the plurality of wireless nodes, and transmits the computed path to at least the destination node.

公开(公告)号：US10075401B2

公开(公告)日：2018-09-11

申请号：US14662101

申请日：2015-03-18

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Marc E. Mosko ,  Ignacio Solis ,  Jose J. Garcia-Luna-Aceves

IPC: H04L12/58 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L51/16 ,  H04L51/14 ,  H04L67/2833 ,  H04L67/327 ,  H04L69/28

Abstract: One embodiment provides a system that facilitates efficient aggregation of multiple interest messages for the same content from multiple predecessors. During operation, an intermediate node receives a first interest message from a predecessor node. The first interest indicates a name for a content object and a lifetime associated with the first interest. The intermediate node identifies an entry in a pending interest table that corresponds to the first interest and determines that the entry has not expired. The intermediate node determines whether a second interest message which indicates a same content object name as the first interest message has been received from the predecessor node. If so, it forwards the first interest. If not, it adds information associated with the predecessor node to the entry. The intermediate node determines a predecessor lifetime associated with the entry and also determines a maximum lifetime associated with the entry.

公开(公告)号：US09959156B2

公开(公告)日：2018-05-01

申请号：US14334530

申请日：2014-07-17

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Marc E. Mosko ,  Ignacio Solis ,  Ersin Uzun

IPC: G06F15/16 ,  G06F11/07 ,  H04L12/741 ,  H04L12/703 ,  H04L12/26 ,  H04L12/939 ,  H04L12/24

CPC classification number: G06F11/0784 ,  G06F11/0709 ,  G06F11/0766 ,  G06F11/0775 ,  G06F11/0793 ,  H04L41/06 ,  H04L43/0847 ,  H04L45/28 ,  H04L45/74 ,  H04L49/555 ,  H04L49/557

Abstract: One embodiment provides a system that facilitates processing of error-condition information associated with a content-centric network (CCN) message transmitted over a network. During operation, the system receives, by a first node, a packet that corresponds to a CCN message, where a name for the CCN message is a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level. Responsive to determining that the CCN message triggers an error condition, the system generates an interest return message by pre-pending a data structure to the CCN message, where the data structure indicates the error condition. The system transmits the interest return message to a second node.

公开(公告)号：US09929935B2

公开(公告)日：2018-03-27

申请号：US15422281

申请日：2017-02-01

Applicant: Cisco Technology, Inc.

Inventor： Priya Mahadevan ,  Glenn C. Scott ,  Marc E. Mosko

IPC: G06F15/16 ,  H04L12/751 ,  H04L12/755 ,  H04L29/08

CPC classification number: H04L45/026 ,  H04L45/021 ,  H04L67/10

Abstract: One embodiment provides a system that facilitates a content requesting device to handle a potential timeout event. During operation, the system receives, by a content producing device, a packet that corresponds to a first Interest message from a content requesting device, where the first Interest includes a name. Responsive to determining that additional time is required to generate a matching Content Object for the first Interest, the system generates a notification message which indicates a time period after which a second Interest is to be sent out by the content requesting device. The name for the second Interest can be the same as the name for the first Interest or a new name as indicated in the notification message. The system transmits the notification message to the content requesting device, thereby facilitating the content requesting device to handle a potential timeout event.

公开(公告)号：US20170366526A1

公开(公告)日：2017-12-21

申请号：US15690485

申请日：2017-08-30

Applicant: Cisco Technology, Inc.

Inventor： Christopher A. Wood ,  Marc E. Mosko ,  Ersin Uzun

IPC: H04L29/06 ,  H04L9/08 ,  H04W12/04

CPC classification number: H04L63/061 ,  H04L9/0861 ,  H04L9/14 ,  H04L9/3271 ,  H04L63/0807 ,  H04L63/0853 ,  H04L63/0876 ,  H04L2209/60 ,  H04W12/04

Abstract: One embodiment provides a system that facilitates secure communication between computing entities. During operation, the system generates, by a content-consuming device, a first key based on a first consumer-share key and a previously received producer-share key. The system constructs a first interest packet that includes the first consumer-share key and a nonce token which is used as a pre-image of a previously generated first nonce, wherein the first interest has a name that includes a first prefix, and wherein the first nonce is used to establish a session between the content-consuming device and a content-producing device. In response to the nonce token being verified by the content-producing device, the system receives a first content-object packet with a payload that includes a first resumption indicator encrypted based on a second key. The system generates the second key based on a second consumer-share key and the first content-object packet.

公开(公告)号：US20170331800A1

公开(公告)日：2017-11-16

申请号：US15154825

申请日：2016-05-13

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Christopher A. Wood ,  Marc E. Mosko

IPC: H04L29/06 ,  G06F9/44 ,  G06F11/32

CPC classification number: H04L63/061 ,  G06F9/442 ,  G06F11/327 ,  H04L63/0428 ,  H04L63/0464 ,  H04L63/062

Abstract: One embodiment provides a system that facilitates a secure encryption proxy in a content centric network. During operation, the system receives, by an intermediate router from a content-consuming computing device, a first interest that includes a first name, signaling information encrypted based on a signaling key, and an inner interest encrypted based on an encryption key. The inner interest includes a name for a manifest that represents a collection of data. The intermediate router does not possess the encryption key. The system generates one or more interests for the data represented by the manifest. The system transmits to the content-consuming computing device a content object received in response to a generated interest, wherein the intermediate router transmits the responsive content object without receiving a corresponding interest from the content-consuming computing device, thereby facilitating reduced network between the content-consuming computing device and the intermediate router.

公开(公告)号：US20170222812A1

公开(公告)日：2017-08-03

申请号：US15483826

申请日：2017-04-10

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Marc E. Mosko

IPC: H04L9/32 ,  H04L12/24 ,  H04L29/06

CPC classification number: H04L9/3247 ,  H04L41/12 ,  H04L63/123 ,  H04L63/20 ,  H04L65/4084 ,  H04L67/04 ,  H04L67/28

Abstract: One embodiment of the present invention provides a system for delivering a content piece over a network using a set of reconstructable objects. During operation, the system obtains a metadata file that includes a set of rules; generates the set of reconstructable objects for the content piece based on the set of rules included in the metadata file; cryptographically signs the set of reconstructable objects to obtain a set of signed reconstructable objects; and delivers, over the network, the set of signed reconstructable objects along with the metadata file to a recipient, thereby enabling the recipient to extract and store a copy of the content piece and then to reconstruct the set of signed reconstructable objects from the stored copy of the content piece and the metadata file.