CONTENT-BASED TRANSPORT SECURITY
First Claim
1. A computer-implemented method for sending an encrypted request to a remote computer system over a named-data network, the method comprising:
- determining, by a client computing device, a request for data or a service from the remote computer system;
determining at least a routable prefix and a name suffix associated with the request;
determining an encryption key that corresponds to a session with the remote computer system;
encrypting the name suffix using the session encryption key;
generating an Interest whose name includes the routable prefix and the encrypted name suffix; and
disseminating the Interest over a named-data network to send the request to the remote computer system.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer system can send a secure request over a named-data network to a remote device by generating an Interest with encrypted name components. During operation, the computer system can receive or obtain a request for data, such as from a local user or from a local application. If the system cannot satisfy the request locally, the system can determine at least a routable prefix and a name suffix associated with the request. The system can generate the secure Interest for the request by determining an encryption key that corresponds to a session with the remote computer system, and encrypts the name suffix using the session encryption key. The system then generates an Interest whose name includes the routable prefix and the encrypted name suffix, and disseminates the Interest over a named-data network to send the request to the remote computer system.
-
Citations
25 Claims
-
1. A computer-implemented method for sending an encrypted request to a remote computer system over a named-data network, the method comprising:
-
determining, by a client computing device, a request for data or a service from the remote computer system; determining at least a routable prefix and a name suffix associated with the request; determining an encryption key that corresponds to a session with the remote computer system; encrypting the name suffix using the session encryption key; generating an Interest whose name includes the routable prefix and the encrypted name suffix; and disseminating the Interest over a named-data network to send the request to the remote computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for sending an encrypted request to a remote computer system over a named-data network, the method comprising:
-
determining a request for data or a service from the remote computer system; determining at least a routable prefix and a name suffix associated with the request; determining an encryption key that corresponds to a session with the remote computer system; encrypting the name suffix using the session encryption key; generating an Interest whose name includes the routable prefix and the encrypted name suffix; and disseminating the Interest over a named-data network to send the request to the remote computer system. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. An apparatus, comprising:
-
a request-processing mechanism to determine a request for data or a service from the remote computer system, and to determine at least a routable prefix and a name suffix associated with the request; cryptography mechanism to determine an encryption key that corresponds to a session with the remote computer system, and encrypt the name suffix using the session encryption key; an Interest-processing mechanism to generate an Interest whose name includes the routable prefix and the encrypted name suffix; and a communication mechanism to disseminate the Interest over a named-data network to send the request to the remote computer system. - View Dependent Claims (24, 25)
-
Specification