Traditional Content Delivery Networks or CDNs often use some form of content caching, which caches at least the more popular content in caches that are ideally as close to the network edge as possible. For example, a given telecommunications network provides access to one or more content providers whose servers are available via the Internet or other Packet Data Networks, PDNs. Rather than delivering all content from the external servers of the content providers, the telecommunications network operates as a “man in the middle,” by intercepting content requests and servicing at least some of those requests from in-network caches holding local copies of the requested content. In one such example, the telecommunications network comprises a cellular network wherein the Radio Access Network, RAN, portion of the cellular network includes one or more content caches from which targeted content is delivered with higher efficiency and less back-end network burden than would be obtained if the content were sourced from the corresponding external content provider or providers.
One of the more basic requirements associated with the above caching scheme is the ability of the telecommunications network to identify the particular content—e.g., a particular movie or other multimedia file—targeted by a given content request originating from one of the network's subscribers. The network easily identifies targeted content when the incoming content requests are unsecured, but secure connection requests are problematic not least because the traditional mechanisms establish the secure end-to-end, E2E, connection between the requesting subscriber device and a remote server of the targeted content provider. The encrypted traffic and signaling flowing between those two endpoints passes transparently through the telecommunications network, leaving no opportunity for the telecommunications network to identify and deliver cached content over the secure connection.