CN102821095A - Approaches to Removing Content in the Content-Centric Network - Google Patents

Abstract

Translated fromChinese

本发明公开了一种以内容为中心的网络中删除内容的方法，主要解决现有技术不能高效删除内容所有副本的问题。其实现步骤是：内容发布者生成公钥和私钥；在内容的属性和内容目录中的该内容条目中，分别加入内容发布者的公钥；当内容发布者想删除内容时，向网络提交删除请求，其中包含该发布者用其私钥生成的签名；网络将删除请求路由到内容目录结点；内容目录结点用其公钥认证该签名，若认证成功则将该删除请求转发给所有存储该内容的结点，并将此内容的条目从内容目录中删除；存储有该内容的结点接收到删除请求时，再用其公钥认证该签名，若认证成功则将该内容删除。本发明能够找到内容的目录结点和存储结点，并高效删除内容的所有副本和相关信息。

The invention discloses a content-deleting method in a content-centered network, which mainly solves the problem that all copies of the content cannot be deleted efficiently in the prior art. The implementation steps are: the content publisher generates a public key and a private key; respectively adds the content publisher’s public key to the content attribute and the content entry in the content directory; when the content publisher wants to delete the content, submit it to the network Delete request, which contains the signature generated by the publisher with its private key; the network will route the delete request to the content directory node; the content directory node will use its public key to verify the signature, and if the authentication is successful, the delete request will be forwarded to all The node that stores the content deletes the entry of the content from the content directory; when the node that stores the content receives the delete request, it verifies the signature with its public key, and deletes the content if the verification is successful. The invention can find the directory node and storage node of the content, and efficiently delete all copies and related information of the content.

Description

Translated fromChinese

以内容为中心的网络中删除内容的方法Approaches to Removing Content in the Content-Centric Network

技术领域technical field

本发明属于网络技术领域，涉及网络中删除内容的方法，可用于以内容为中心的网络中的信息保护。The invention belongs to the field of network technology, relates to a method for deleting content in a network, and can be used for information protection in a content-centered network.

背景技术Background technique

以内容为中心的网络，是一种“从零开始”设计全新互联网的“革命性”演进思路，其核心思想是改变当前网络面向主机通信的使用方式，它更加关注信息和人，而非主机设备本身。当用户要获取内容时，直接向邻近网络设备提出内容访问请求，指明要访问的内容，然后由网络提供内容。用户不必关心内容在网络中的存储位置，也不必关心如何获取，这些问题都由网络解决。在网络内，将内容和主机永久绑定已无必要，内容既可以存储在最初提供内容的主机上，也可以分布存储在网络中的各处。The content-centric network is a "revolutionary" evolutionary idea of "starting from scratch" to design a new Internet. Its core idea is to change the way the current network uses host-oriented communication. It pays more attention to information and people rather than hosts. the device itself. When the user wants to obtain content, he directly makes a content access request to the adjacent network device, indicates the content to be accessed, and then the network provides the content. Users do not need to care about where the content is stored on the network, nor how to obtain it. These problems are solved by the network. In the network, it is no longer necessary to permanently bind the content to the host. The content can be stored on the host that originally provided the content, or it can be distributed and stored in various places in the network.

以内容为中心的网络，可采用类似网内P2P的方法实现，网络内有很多可以存储内容的结点，再将内容的存储地址列表存储在分布式哈希表DHT或集中式的目录服务器Tracker中。The content-centered network can be realized by a method similar to P2P in the network. There are many nodes in the network that can store content, and then store the storage address list of the content in the distributed hash table DHT or the centralized directory server Tracker middle.

以内容为中心的网络中，一个关键问题就是如何删除内容。这个问题在主机为中心的网络中都不是一个很容易解决的问题：比如文档，放在网上后，就可能被转载，出现在很多网站上，此时要删除就很困难了，这才催生了专门的删帖公司。在以内容为中心的网络中，发布者发布了内容后，这个内容到底存在于网络中的何处、有多少个版本，都不由发布者控制，所以要想删除时就要删除网络中的所有副本，难度可想而知。In a content-centric network, a key issue is how to remove content. This problem is not an easy problem to solve in the host-centric network: for example, after a document is placed on the Internet, it may be reproduced and appear on many websites. It is very difficult to delete it at this time, which gave birth to Specialized post deletion company. In a content-centric network, after the publisher publishes the content, where the content exists in the network and how many versions there are are not controlled by the publisher, so if you want to delete it, you must delete all the content in the network Copy, the difficulty can be imagined.

一种可能的删除内容方法是采用广播方式，在网络内广播删除某内容的消息，以保证存储了该内容的结点可以接收到删除信息。但显然广播方式给网络带来大的负载，而且需要较长的时间，不具有可扩展性。A possible method for deleting content is to broadcast a message to delete a certain content in the network, so as to ensure that the nodes storing the content can receive the deletion information. But it is obvious that the broadcast method brings a large load to the network, and it takes a long time, and it is not scalable.

发明内容Contents of the invention

本发明的目的在于针对以内容为中心的网络中难以删除内容的问题，提出一种以内容为中心的网络中删除内容的方法，以减小网络的负载和操作时间，实现高效的内容删除。The purpose of the present invention is to solve the problem that it is difficult to delete content in the content-centric network, and propose a method for deleting content in the content-centric network, so as to reduce the load and operation time of the network and realize efficient content deletion.

本发明实现步骤包括如下：The present invention realizes steps and comprises as follows:

（1）内容发布者用RSA算法或数字签名算法DSA生成公钥P和私钥S；(1) The content publisher uses RSA algorithm or digital signature algorithm DSA to generate public key P and private key S;

（2）在内容的名字中嵌入内容发布者的公钥单向哈希值H，并在内容的属性和内容目录中的该内容条目中，分别加入内容发布者的公钥P；其中内容目录采用分布式哈希表DHT组织，或采用层次化的目录服务器Tracker组织；(2) Embed the content publisher’s public key one-way hash value H into the name of the content, and add the content publisher’s public key P to the content’s attributes and content entries in the content directory; the content directory Use the distributed hash table DHT organization, or use the hierarchical directory server Tracker organization;

（3）当内容发布者想删除内容时，向网络提交删除请求，该请求包含要删除的内容的名字、发布者名称以及该发布者用其私钥S按照RSA算法或DSA算法生成的签名v；(3) When the content publisher wants to delete the content, he submits a deletion request to the network, which includes the name of the content to be deleted, the name of the publisher, and the signature v generated by the publisher using its private key S according to the RSA algorithm or the DSA algorithm ;

（4）网络将删除请求路由到内容目录结点；(4) The network routes the deletion request to the content directory node;

（5）内容目录结点用内容发布者的公钥P按照RSA算法或DSA算法认证删除请求中的签名v，若认证成功则将该删除请求再转发给所有存储该内容的结点，并将此内容的条目从内容目录中删除；若认证不成功，则拒绝删除请求；(5) The content directory node uses the public key P of the content publisher to authenticate the signature v in the deletion request according to the RSA algorithm or the DSA algorithm. If the authentication is successful, the deletion request is forwarded to all nodes that store the content, and the The entry for this content is deleted from the content directory; if authentication is unsuccessful, the deletion request is denied;

（6）存储内容的结点接收到删除请求时，也用内容发布者的公钥P按照RSA算法或DSA算法认证删除请求中的签名v，若认证成功则将该内容删除；若认证不成功，则拒绝删除请求。(6) When the node storing the content receives the deletion request, it also uses the public key P of the content publisher to authenticate the signature v in the deletion request according to the RSA algorithm or the DSA algorithm. If the authentication is successful, the content will be deleted; if the authentication is unsuccessful , deny the delete request.

本发明具有如下优点：The present invention has the following advantages:

1）本发明由于将删除请求路由到存储内容条目的目录结点，再转发给所有存储该内容的结点，可以有效删除一个内容的所有副本；1) Since the present invention routes the deletion request to the directory node storing the content entry, and then forwards it to all nodes storing the content, it can effectively delete all copies of a content;

2）本发明由于只在内容目录结点和存储内容的结点间转发删除请求，避免了删除请求的广播，减小了网络的负载和操作时间，增加了网络的可扩展性。2) Since the present invention only forwards the deletion request between the content directory node and the content storage node, it avoids the broadcast of the deletion request, reduces the load and operation time of the network, and increases the scalability of the network.

附图说明Description of drawings

图1是本发明实施例1的流程图；Fig. 1 is the flowchart of embodiment 1 of the present invention;

图2是本发明中删除请求的格式图；Fig. 2 is a format diagram of a deletion request in the present invention;

图3是本发明中内容目录采用DHT组织时删除请求的路由过程示意图；Fig. 3 is the schematic diagram of routing process of deletion request when content catalog adopts DHT organization among the present invention;

图4是本发明实施例2的流程图；Fig. 4 is the flowchart of embodiment 2 of the present invention;

图5是本发明中内容目录采用层次化的目录服务器Tracker组织时删除请求的路由过程示意图。Fig. 5 is a schematic diagram of the routing process of the deletion request when the content directory is organized by a hierarchical directory server Tracker in the present invention.

具体实施方式Detailed ways

实施例1Example 1

参照图1，本实施例包括以下步骤：With reference to Fig. 1, present embodiment comprises the following steps:

步骤一，内容发布者用RSA算法生成公钥P和私钥S：Step 1, the content publisher uses the RSA algorithm to generate the public key P and private key S:

1a)随机产生两个素数p和q，10⁷⁵<p<10¹⁰⁰，10⁷⁵<q<10¹⁰⁰；1a) Randomly generate two prime numbers p and q, 10⁷⁵ <p<10¹⁰⁰ , 10⁷⁵ <q<10¹⁰⁰ ;

1b)计算p与q的乘积n=p×q；1b) Calculate the product n=p×q of p and q;

1c)计算欧拉函数φ(n)=(p-1)×(q-1)；1c) Calculate the Euler function φ(n)=(p-1)×(q-1);

1d)选择随机整数e，满足1<e<φ(n)，且gcd(e,φ(n))=1，其中gcd(e,φ(n))表示e和φ(n)的最大公约数，可用欧几里德算法求得；gcd(e,φ(n))=1表示e和φ(n)互素；1d) Select a random integer e that satisfies 1<e<φ(n), and gcd(e,φ(n))=1, where gcd(e,φ(n)) represents the greatest common agreement between e and φ(n) The number can be obtained by Euclidean algorithm; gcd(e, φ(n))=1 means that e and φ(n) are mutually prime;

1e)采用扩展的欧几里德算法计算整数d，d≡e^-1modφ(n)，其中≡表示左右两边对φ(n)同余，mod表示取模运算；该式也可表达为de≡1modφ(n)；1e) Use the extended Euclidean algorithm to calculate the integer d, d≡e^-1 modφ(n), where ≡ means that the left and right sides are congruent to φ(n), and mod means the modulo operation; this formula can also be expressed as de ≡1 mod φ(n);

1f)根据随机整数e和p与q的乘积n得到公钥：P=(e,n)；根据整数d和p与q的乘积n得到私钥：S=(d,n)。1f) Obtain the public key according to the random integer e and the product n of p and q: P=(e,n); obtain the private key according to the integer d and the product n of p and q: S=(d,n).

步骤二，在内容的名字中嵌入内容发布者公钥的单向哈希值H，并在内容的属性和内容目录中的该内容条目中，分别加入内容发布者的公钥P。Step 2: Embedding the one-way hash value H of the content publisher's public key into the name of the content, and adding the content publisher's public key P to the content's attributes and the content entry in the content directory.

在内容的名字中嵌入内容发布者公钥的哈希值H，目的是将内容和发布者之间绑定，其中H通过消息摘要算法MD5由下式计算得到：Embedding the hash value H of the content publisher's public key in the name of the content is to bind the content to the publisher, where H is calculated by the following formula through the message digest algorithm MD5:

H=MD5(P)，H=MD5(P),

式中，公钥P是输入数据。In the formula, the public key P is the input data.

MD5算法是一种经典的信息摘要算法，其输入可以是任意长度的消息，对输入按512位的分组为单位进行处理，算法的输出是128位的消息摘要。消息摘要对输入消息中的任何一位都很敏感，即输入消息中任何一位的变化都将引起消息摘要中的变化。MD5是一种单向哈希算法，即从消息摘要反推输入消息是不可行的。MD5算法常用于消息的完整性检测和错误检测以及信息安全领域。MD5算法具体可参考文献：The MD5 algorithm is a classic information digest algorithm. Its input can be a message of any length, and the input is processed in units of 512-bit packets. The output of the algorithm is a 128-bit message digest. The message digest is very sensitive to any bit in the input message, that is, a change in any bit in the input message will cause a change in the message digest. MD5 is a one-way hash algorithm, that is, it is not feasible to deduce the input message from the message digest. The MD5 algorithm is often used in message integrity detection and error detection and in the field of information security. MD5 algorithm can refer to the specific literature:

[美]William Stallings著，刘玉珍等译，密码编码学与网络安全——原理与实践（第3版），电子工业出版社，2004年，12.1节，258页。[US] Written by William Stallings, translated by Liu Yuzhen, etc., Cryptography and Network Security—Principles and Practices (3rd Edition), Electronic Industry Press, 2004, section 12.1, page 258.

在内容的属性和内容目录中的该内容条目中，分别加入内容发布者的公钥P，目的是在后续步骤中验证内容发布者用私钥S生成的签名。In the attributes of the content and the content entry in the content directory, respectively add the public key P of the content issuer to verify the signature generated by the content issuer with the private key S in the subsequent steps.

内容目录采用分布式哈希表DHT组织。分布式哈希表DHT是一种分布式计算系统，用来将一个关键值的集合分散到所有在分布式系统中的节点，并且可以有效地将消息转送到拥有查询者提供的关键值的节点，这里的节点类似哈希表中的储存位置。分布式哈希表通常是为了拥有极大节点数量的系统而设计的，如点对点P2P系统。常见的DHT包括Chord、CAN、Pastry、Tapestry和Kademlia，其中Kademlia已广泛应用于多种P2P软件如eMule、BitTorrent。每个内容根据其名字将该内容的目录条目存储在DHT中的几个结点上。内容的目录条目记录了该内容所有副本在网络中的存储位置。The content directory is organized using a distributed hash table DHT. Distributed Hash Table DHT is a distributed computing system that distributes a set of key values to all nodes in the distributed system, and can effectively forward messages to nodes with key values provided by the queryer , where the nodes are similar to the storage locations in the hash table. Distributed hash tables are usually designed for systems with a very large number of nodes, such as peer-to-peer P2P systems. Common DHTs include Chord, CAN, Pastry, Tapestry and Kademlia, among which Kademlia has been widely used in various P2P software such as eMule and BitTorrent. Each content stores directory entries for that content on several nodes in the DHT according to its name. A directory entry for content records where all copies of that content are stored on the network.

步骤三，当内容发布者想删除内容时，向网络提交删除请求：Step 3, when the content publisher wants to delete the content, submit a deletion request to the network:

参照图2，删除请求包含要删除的内容的名字、发布者名称以及该发布者按照RSA算法用其私钥S生成的签名v，其中签名v的生成方法如下：Referring to Figure 2, the deletion request includes the name of the content to be deleted, the name of the publisher, and the signature v generated by the publisher with its private key S according to the RSA algorithm, where the signature v is generated as follows:

将删除请求中要删除内容的名字和发布者的名称一起定义为消息m，使用私钥S=(d,n)，计算签名v=(hash(m))^d mod n，其中hash(m)为单向哈希算法如消息摘要算法MD5或安全哈希算法SHA-1，mod为取模运算；Define the name of the content to be deleted in the deletion request and the name of the publisher together as a message m, use the private key S=(d,n), and calculate the signature v=(hash(m))^d mod n, where hash(m) It is a one-way hash algorithm such as message digest algorithm MD5 or secure hash algorithm SHA-1, and mod is a modulo operation;

删除请求只需向邻近该内容发布者的网络边界结点提交即可。A delete request only needs to be submitted to a network border node adjacent to the content publisher.

步骤四，使用特定分布式哈希表DHT的路由方式，网络根据删除请求中要删除内容的名字将删除请求路由到内容目录结点，该内容目录结点存储了要删除内容的目录条目。Step 4, using a specific distributed hash table DHT routing method, the network routes the deletion request to the content directory node according to the name of the content to be deleted in the deletion request, and the content directory node stores the directory entry of the content to be deleted.

参照图3，本步骤的具体实现如下：Referring to Figure 3, the specific implementation of this step is as follows:

4a)内容发布者A向邻近的网络边界结点B提交删除请求；4a) The content publisher A submits a deletion request to the adjacent network border node B;

4b)网络边界结点B把删除请求路由到邻近的内容目录DHT结点D1；4b) The network boundary node B routes the delete request to the adjacent content directory DHT node D1;

4c)内容目录DHT中的第一结点D1经第二结点D2、第三结点D3将删除请求逐步路由到实际存储该内容目录条目的目录结点D4，其中D1到D2、D3、D4的路由采用特定DHT的具体路由方式实现。4c) The first node D1 in the content directory DHT gradually routes the deletion request to the directory node D4 that actually stores the content directory entry via the second node D2 and the third node D3, wherein D1 to D2, D3, D4 Routing is implemented using a specific routing method of a specific DHT.

步骤五，内容目录结点D4用内容发布者的公钥P按照RSA算法认证删除请求中的签名v，若认证成功，则将该删除请求再转发给存储该内容的第一存储结点C1、第二存储结点C2、第三存储结点C3，并将此内容的条目从内容目录中删除；若认证不成功，则拒绝删除请求，其中认证过程如下：Step 5, the content directory node D4 uses the public key P of the content publisher to authenticate the signature v in the deletion request according to the RSA algorithm. If the authentication is successful, the deletion request is forwarded to the first storage node C1, which stores the content. The second storage node C2 and the third storage node C3 delete the entry of this content from the content directory; if the authentication is unsuccessful, the deletion request is rejected, and the authentication process is as follows:

5a)计算认证值h1=v^e mod n和哈希值h2=hash(m)mod n，其中v为签名，e和n为公钥P=(e,n)的一部分，hash(m)与步骤三中的单向哈希算法相同，m为删除请求中要删除内容的名字和发布者的名称构成的消息；5a) Calculate the authentication value h1=v^e mod n and the hash value h2=hash(m) mod n, where v is the signature, e and n are part of the public key P=(e,n), hash(m) and The one-way hash algorithm in step 3 is the same, and m is the message composed of the name of the content to be deleted and the name of the publisher in the deletion request;

5b)将认证值h1与哈希值h2进行比较；若h1=h2，则认证成功，否则认证失败。5b) Compare the authentication value h1 with the hash value h2; if h1=h2, the authentication is successful, otherwise the authentication fails.

步骤六，存储内容的三个结点C1、C2、C3接收到删除请求时，用内容发布者的公钥P按照RSA算法认证删除请求中的签名v，若认证成功则将该内容删除；若认证不成功，则拒绝删除请求，其中认证过程与步骤五中的认证过程相同。Step 6: When the three nodes C1, C2, and C3 storing the content receive the deletion request, they use the public key P of the content publisher to authenticate the signature v in the deletion request according to the RSA algorithm. If the authentication is successful, the content is deleted; if If the authentication is unsuccessful, the deletion request is rejected, and the authentication process is the same as that in step five.

实施例2Example 2

参照图4，本实施例包括以下步骤：With reference to Fig. 4, present embodiment comprises the following steps:

步骤1，内容发布者用数字签名算法DSA生成公钥P和私钥S：Step 1, the content publisher uses the digital signature algorithm DSA to generate the public key P and private key S:

1.1)选择160比特的素数j和1024比特的素数i，满足j整除i-1；1.1) Select a prime number j of 160 bits and a prime number i of 1024 bits, satisfying that j is divisible by i-1;

1.2)选取整数h，使得h^(i-1)/j mod i不等于1，令整数g=h^(i-1)/j mod k；素数i、素数j、整数g为DSA算法中的三个域参数，需要公开；1.2) Select an integer h such that h^(i-1)/j mod i is not equal to 1, and make the integer g=h^(i-1)/j mod k; prime number i, prime number j, and integer g are three elements in the DSA algorithm A domain parameter, which needs to be disclosed;

1.3)随机选择私钥S满足1<S<i-1，S为整数；1.3) Randomly select the private key S to satisfy 1<S<i-1, and S is an integer;

1.4)计算公钥P=g^S mod p。1.4) Calculate the public key P=g^S mod p.

步骤2，在内容的名字中嵌入内容发布者公钥的单向哈希值H，并在内容的属性和内容目录中的该内容条目中，分别加入内容发布者的公钥P，其中H通过安全哈希算法SHA-1由下式计算得到：Step 2: Embed the one-way hash value H of the content publisher’s public key into the name of the content, and add the content publisher’s public key P to the content’s attributes and the content entry in the content directory, where H passes The secure hash algorithm SHA-1 is calculated by the following formula:

H=SHA-1(P)，H=SHA-1(P),

式中，公钥P是输入数据。In the formula, the public key P is the input data.

SHA-1算法是一种经典的信息摘要算法，其输入是长度小于2⁶⁴位的消息，对输入按512位的分组为单位进行处理，算法的输出是160位的消息摘要。消息摘要对输入消息中的任何一位都很敏感，即输入消息中任何一位的变化都将引起消息摘要中的变化。SHA-1是一种单向哈希算法，即从消息摘要反推输入消息是不可行的。SHA-1算法具体可参考文献：The SHA-1 algorithm is a classic information digest algorithm. Its input is a message with a length of less than²⁶⁴ bits. The input is processed in units of 512 bits. The output of the algorithm is a 160-bit message digest. The message digest is very sensitive to any bit in the input message, that is, a change in any bit in the input message will cause a change in the message digest. SHA-1 is a one-way hash algorithm, that is, it is not feasible to deduce the input message from the message digest. For details about the SHA-1 algorithm, please refer to:

[美]William Stallings著，刘玉珍等译，密码编码学与网络安全——原理与实践（第3版），电子工业出版社，2004年，12.2节，265页。[US] William Stallings, translated by Liu Yuzhen, Cryptography and Network Security—Principles and Practices (3rd Edition), Electronics Industry Press, 2004, section 12.2, p.265.

内容目录采用层次化的目录服务器Tracker组织。参照图5，第一目录服务器Tracker T1、第二目录服务器Tracker T2、第三目录服务器Tracker T3、第四目录服务器Tracker T4和第五目录服务器Tracker T5构成层次化的目录服务器系统。每个目录服务器Tracker中存储有一些内容的目录条目，该内容的目录条目记录了内容所有副本在网络中的存储位置。当在低层目录服务器Tracker中查询不到某内容的目录条目时，继续在高层目录服务器Tracker中查询。例如，当在T1和T2中查询某内容名字失败时，查询请求被转发到T3；当在T3和T4中查询某内容名字失败时，查询请求被转发到T5。The content directory is organized by hierarchical directory server Tracker. Referring to Fig. 5, the first directory server Tracker T1, the second directory server Tracker T2, the third directory server Tracker T3, the fourth directory server Tracker T4 and the fifth directory server Tracker T5 constitute a hierarchical directory server system. Each directory server Tracker stores directory entries of some content, and the directory entries of the content record the storage locations of all copies of the content in the network. When the directory entry of a certain content cannot be queried in the low-level directory server Tracker, continue to query in the high-level directory server Tracker. For example, when querying a certain content name fails in T1 and T2, the query request is forwarded to T3; when querying a certain content name fails in T3 and T4, the query request is forwarded to T5.

步骤3，当内容发布者想删除内容时，向网络提交删除请求：Step 3, when the content publisher wants to delete the content, submit a deletion request to the network:

参照图2，删除请求包含要删除的内容的名字、发布者名称以及该发布者用其私钥S按照DSA算法生成的签名v，其中签名v的生成按如下步骤进行：Referring to Figure 2, the deletion request includes the name of the content to be deleted, the name of the publisher, and the signature v generated by the publisher using its private key S according to the DSA algorithm, where the signature v is generated according to the following steps:

3.1)选择随机整数k满足1<k<i-1；3.1) Select a random integer k to satisfy 1<k<i-1;

3.2)计算第一签名r=(g^k mod i)modj，其中整数g、素数i、素数j为DSA算法中的三个域参数，若r=0，则返回步骤3.1)；3.2) Calculate the first signature r=(g^k mod i) modj, where the integer g, the prime number i, and the prime number j are the three field parameters in the DSA algorithm, if r=0, return to step 3.1);

3.3)计算第二签名s=(k^-1×(SHA-1(m)+S×r))mod j，其中k^-1采用扩展的欧几里德算法计算，SHA-1为安全哈希算法，m为删除请求中要删除内容的名字和发布者的名称构成的消息，S为内容发布者的私钥；3.3) Calculate the second signature s=(k^-1 ×(SHA-1(m)+S×r))mod j, where k^-1 is calculated using the extended Euclidean algorithm, and SHA-1 is a secure hash Algorithm, m is the message composed of the name of the content to be deleted and the name of the publisher in the deletion request, and S is the private key of the content publisher;

3.4)根据第一签名r和第二签名s得到签名v=(r,s)。3.4) Obtain the signature v=(r, s) according to the first signature r and the second signature s.

步骤4，网络将删除请求路由到内容目录结点，该内容目录结点存储了要删除内容的目录条目。Step 4, the network routes the deletion request to the content directory node, and the content directory node stores the directory entry of the content to be deleted.

参照图5，本步骤的具体实现如下：Referring to Figure 5, the specific implementation of this step is as follows:

4.1)内容发布者A向邻近的网络边界结点B提交删除请求；4.1) Content publisher A submits a deletion request to the adjacent network border node B;

4.2)网络边界结点B把删除请求路由到邻近的目录服务器Tracker T1；4.2) Network border node B routes the delete request to the adjacent directory server Tracker T1;

4.3)T1查询本机存储的内容目录，看删除请求中指明的要删除内容的目录条目是否在本机中；由于T1中没有该内容的目录条目，则将删除请求路由到上级目录服务器Tracker T3；4.3) T1 queries the content directory stored on the local machine to see whether the directory entry of the content to be deleted specified in the deletion request is in the local machine; since there is no directory entry of the content in T1, the deletion request is routed to the upper-level directory server Tracker T3 ;

4.4)T3查询本机存储的内容目录，看删除请求中指明的要删除内容的目录条目是否在本机中；由于T3中包含了该内容的目录条目，则路由过程结束。4.4) T3 queries the content directory stored in the local machine to see whether the directory entry of the content to be deleted indicated in the deletion request is in the local machine; since T3 contains the directory entry of the content, the routing process ends.

步骤5，目录服务器Tracker T3用内容发布者的公钥P按照DSA算法认证删除请求中的签名v，若认证成功，则将该删除请求再转发给存储该内容的第一存储结点C1、第二存储结点C2，并将此内容的条目从内容目录中删除；若认证不成功，则拒绝删除请求。其中认证过程按如下步骤进行：Step 5. The directory server Tracker T3 uses the public key P of the content publisher to authenticate the signature v in the deletion request according to the DSA algorithm. If the authentication is successful, the deletion request is forwarded to the first storage node C1 and the second storage node that store the content. 2. Store the node C2, and delete the entry of this content from the content directory; if the authentication is unsuccessful, reject the deletion request. The authentication process is carried out as follows:

5.1)计算中间变量w=s^-1mod j，其中s为签名v=(r,s)中的第二签名，s^-1采用扩展的欧几里德算法计算，素数j为域参数；5.1) Calculate the intermediate variable w=s^-1 mod j, where s is the second signature in the signature v=(r,s), s^-1 is calculated using the extended Euclidean algorithm, and the prime number j is the domain parameter;

5.2)计算中间变量u1=(SHA-1(m)×w)modj和中间变量u2=(r×w)mod j，其中SHA-1为安全哈希算法，m为删除请求中要删除内容的名字和发布者的名称构成的消息，r为签名v=(r，s)中的第一签名；5.2) Calculate the intermediate variable u1=(SHA-1(m)×w)modj and the intermediate variable u2=(r×w)mod j, where SHA-1 is a secure hash algorithm, and m is the content to be deleted in the deletion request A message composed of the name and the name of the publisher, r is the first signature in the signature v=(r, s);

5.3)计算校验值r2=((g^u1×P^u2)mod i)modj，其中整数g、素数i、素数j为DSA算法中的三个域参数，P为公钥；5.3) Calculate the check value r2=((g^u1 ×P^u2 )mod i)modj, where integer g, prime number i, and prime number j are the three domain parameters in the DSA algorithm, and P is the public key;

5.4)将校验值r2与第一签名r比较；若r2=r，则认证成功，否则认证失败。5.4) Compare the check value r2 with the first signature r; if r2=r, the authentication is successful, otherwise the authentication fails.

步骤6，存储内容的结点C1、C2接收到删除请求时，也用内容发布者的公钥P按照DSA算法认证删除请求中的签名v，若认证成功则将该内容删除；若认证不成功，则拒绝删除请求。其中认证过程与步骤5中的认证过程相同。Step 6: When the content storage nodes C1 and C2 receive the deletion request, they also use the public key P of the content publisher to authenticate the signature v in the deletion request according to the DSA algorithm. If the authentication is successful, the content will be deleted; if the authentication is unsuccessful , deny the delete request. The authentication process is the same as that in step 5.

术语解释Terminology Explanation

DHT：Distributed Hash Table，分布式哈希表。DHT: Distributed Hash Table, distributed hash table.

Tracker：目录服务器。Tracker: directory server.

RSA：RSA加密与数字签名算法。RSA: RSA encryption and digital signature algorithm.

DSA：Digital Signature Algorithm，数字签名算法。DSA: Digital Signature Algorithm, digital signature algorithm.

MD5：Message-Digest Algorithm5，信息摘要算法。MD5: Message-Digest Algorithm5, information digest algorithm.

SHA-1：Secure Hash Algorithm1，安全哈希算法。SHA-1: Secure Hash Algorithm1, secure hash algorithm.

以上是本发明的两个优选实例，并不构成对本发明的任何限制，显然在本发明的思想下，可以选用不同的算法实现本发明的效果，但这些都在本发明的保护之列。The above are two preferred examples of the present invention, which do not constitute any limitation to the present invention. Obviously, under the thinking of the present invention, different algorithms can be selected to realize the effect of the present invention, but these are all included in the protection of the present invention.

Claims (10)

1. one kind is the method for deletion content in the network at center with the content, may further comprise the steps:

(1) content publisher generates PKI P and private key S with RSA Algorithm or Digital Signature Algorithm DSA;

(2) in the name of content, embed content publisher's PKI one-way hash value H, and in the attribute of content and this content item in the contents directory, add content publisher's PKI P respectively; Wherein contents directory adopts distributed hashtable DHT tissue, or adopts the LIST SERVER Tracker tissue of stratification;

(3) when the content publisher wants to delete content, submit the deletion request to network, this request comprises name, publisher's title and this publisher of the content that will delete with the signature v of its private key S according to RSA Algorithm or the generation of DSA algorithm;

(4) the network request of will deleting is routed to the contents directory node;

(5) the contents directory node is deleted the signature v in the request with content publisher's PKI P according to RSA Algorithm or the authentication of DSA algorithm; If the authentication success request of then will deleting is transmitted to the node of all these contents of storage again, and the clauses and subclauses of this content are deleted from contents directory; If authentication is unsuccessful, then refusal deletion request;

When (6) node of memory contents received the deletion request, also the PKI P with the content publisher deleted the signature v in the request according to RSA Algorithm or the authentication of DSA algorithm, if authentication success is then with this content deletion; If authentication is unsuccessful, then refusal deletion request.

2. according to claim 1 is the method for deletion content in the network at center with the content, it is characterized in that, generates PKI P and private key S with RSA Algorithm in the said step (1), and concrete steps comprise:

1a) produce two prime number p and q, 10 at random⁷⁵<p<10¹⁰⁰, 10⁷⁵<q<10¹⁰⁰

1b) product n=p * q of calculating p and q;

1c) calculate Euler's function φ (n)=(p-1) * (q-1);

1d) select random integers e, satisfy 1 < e < φ (n), and gcd (e, φ (n))=1, wherein gcd (e, φ (n)) representes the greatest common divisor of e and φ (n), available Euclidean algorithm is tried to achieve; Gcd (e, φ (n))=1 expression e and φ (n) are coprime;

1e) adopt the Euclidean algorithm computes integer d that expands, d ≡ e^-1Mod φ (n), wherein ≡ representes the right and left to φ (n) congruence, mod representes modulo operation;

1f) the product n according to random integers e and p and q obtains PKI: and P=(e, n); Product n according to integer d and p and q obtains private key: and S=(d, n).

3. according to claim 1 is the method for deletion content in the network at center with the content, it is characterized in that, in the said step (1) with DSA algorithm generation PKI P and private key S, concrete steps comprise:

1.1) select the prime number j of 160 bits and the prime number i of 1024 bits, satisfy j and divide exactly i-1;

1.2) choose integer h, make h^(i-1)/jMod i is not equal to 1, makes integer g=h^(i-1)/jMod k; Prime number i, prime number j, integer g are three field parameters in the DSA algorithm, need open;

1.3) select private key S to satisfy 1 < S < i-1 at random, S is an integer;

1.4) calculating PKI P=g^SMod p.

4. according to claim 1 is the method for deletion content in the network at center with the content, it is characterized in that, the PKI one-way hash value H in the said step (2) adopts message digest algorithm MD5, is generated by PKI P according to following formula:

H=MD5(P)，

In the formula, PKI P is the input data, after the MD5 algorithm computation, obtains cryptographic hash H.

5. according to claim 1 is the method for deletion content in the network at center with the content, it is characterized in that, the PKI one-way hash value H in the said step (2) adopts Secure Hash Algorithm SHA-1, is generated by PKI P according to following formula:

H=SHA-1(P)，

In the formula, PKI P is the input data, after the SHA-1 algorithm computation, obtains cryptographic hash H.

6. according to claim 1 is the method for deletion content in the network at center with the content; It is characterized in that; Publisher in the said step (3) generates signature v with its private key S according to RSA Algorithm, and concrete grammar is with deleting the name of content with publisher's title is defined as message m together in the deletion request, use private key S=(d; N), compute signature v=(hash (m))^dMod n, wherein hash (m) is one-way hash function algorithm such as Message Digest 5 MD5 or Secure Hash Algorithm SHA-1, mod is a modulo operation.

7. according to claim 1 is the method for deletion content in the network at center with the content, it is characterized in that, the publisher in the said step (3) generates signature v with its private key S according to the DSA algorithm, carries out as follows:

3.1) select random integers k to satisfy 1 < k < i-1;

3.2) the calculating first signature r=(g^kMod i) mod j, wherein integer g, prime number i, prime number j are three field parameters in the DSA algorithm, if r=0 then returns step 3.1);

3.3) the calculating second signature s=(k^-1* (SHA-1 (m)+S * r)) mod j, wherein k^-1Adopt the Euclidean algorithm of expansion to calculate, SHA-1 is a Secure Hash Algorithm, and m is the message of the name that will delete content in the deletion request and publisher's title formation, and S is content publisher's a private key;

3.4) according to first the signature r and second the signature s obtain signing v=(r, s).

8. according to claim 1 is the method for deletion content in the network at center with the content; It is characterized in that; The request of will deleting of the described network of step (4) is routed to the contents directory node, is to select routing mode according to the organizational form that contents directory adopts, that is:

When contents directory adopts distributed hashtable DHT to organize, use the routing mode of this DHT, be routed to the node of these contents directory clauses and subclauses of storage according to the name request of will deleting that will delete content in the deletion request;

When contents directory adopts the LIST SERVER Tracker of stratification to organize, the deletion request is routed to the LIST SERVER Tracker of these contents directory clauses and subclauses of storage.

9. according to claim 1 is the method for deletion content in the network at center with the content; It is characterized in that; Signature v during the PKI P with the content publisher in said step (5) and the step (6) asks according to RSA Algorithm authentication deletion, carry out as follows:

5a) calculate authentication value h1=v^eMod n and cryptographic hash h2=hash (m) mod n; Wherein v is signature; E and n are PKI P=(e; N) a part, hash (m) is one-way hash function algorithm such as Message Digest 5 MD5 or Secure Hash Algorithm SHA-1, m is the message of the name that will delete content in the deletion request and publisher's title formation;

5b) authentication value h1 and cryptographic hash h2 are compared; If h1=h2, authentication success then, otherwise authentification failure.

10. according to claim 1 is the method for deletion content in the network at center with the content; It is characterized in that; PKI P with the content publisher in said step (5) and the step (6) deletes the signature v in the request according to the authentication of DSA algorithm, carries out as follows:

5.1) calculating intermediate variable w=s^-1Mod j, wherein s is signature v=(r, the signature of second in s), s^-1Adopt the Euclidean algorithm of expansion to calculate, prime number j is a field parameter;

5.2) calculate intermediate variable u1=(SHA-1 (m) * w) mod j and intermediate variable u2=(the mod j of r * w); Wherein SHA-1 is a Secure Hash Algorithm; The message that m constitutes for the name that will delete content in the deletion request and publisher's title, r for signature v=(r, first in s) signed;

5.3) calculation check value r2=((g^U1* P^U2) mod i) modj, wherein integer g, prime number i, prime number j are three field parameters in the DSA algorithm, P is a PKI;

5.4) the check value r2 and the first signature r are compared; If r2=r, authentication success then, otherwise authentification failure.

Images