System and method for performing key resolution over a content centric network
First Claim
1. A computer-implemented method, comprising:
- receiving, by a server computer of the key-resolution service (KRS) over a Content Centric Network, an Interest message with a name that includes a routable prefix associated with the key-resolution service, wherein the Interest includes a query for a content name that is to be resolved in the name or a payload of the Interest;
obtaining, from the Interest message, the content name that is to be resolved;
obtaining, by the server computer, a KRS record for the content name, wherein the KRS record includes security information for the content name or security information for a prefix of the content name, wherein obtaining the KRS record involves;
performing a longest-prefix-matching lookup in a next-hop table, using the content name as input, to obtain a second routable prefix for a key-resolution zone associated with the content name or a prefix of the content name;
disseminating, over the Content Centric Network, a second Interest message that includes the query for the content name, and whose name includes the second routable prefix for the key-resolution zone; and
in response to receiving, from the key-resolution zone, a Content Object that includes a routable prefix for a second key-resolution zone, obtaining the KRS record from the second key-resolution zone; and
returning, by the server computer, a Content Object whose payload includes the security information that satisfies the query, and whose name includes the Interest message'"'"'s name, to satisfy the Interest message.
5 Assignments
0 Petitions
Accused Products
Abstract
A key-resolution service (KRS) can facilitate a client device in verifying that Content Objects are signed by a trusted entity. During operation, the KRS service can receive an Interest that includes a KRS query for a content name that is to be resolved. The KRS service obtains the content name from the Interest, and obtains a KRS record that includes security information for the content name or a prefix of the content name. The KRS service then returns a Content Object whose payload includes the KRS record to satisfy the first Interest. The client device can query the KRS service to obtain a trusted key associated with at least a name prefix of the Content Object, and if necessary, can disseminate Interests to obtain keys that complete a chain of trust between the trusted key and a key that is used to authenticate the Content Object.
381 Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
receiving, by a server computer of the key-resolution service (KRS) over a Content Centric Network, an Interest message with a name that includes a routable prefix associated with the key-resolution service, wherein the Interest includes a query for a content name that is to be resolved in the name or a payload of the Interest; obtaining, from the Interest message, the content name that is to be resolved; obtaining, by the server computer, a KRS record for the content name, wherein the KRS record includes security information for the content name or security information for a prefix of the content name, wherein obtaining the KRS record involves; performing a longest-prefix-matching lookup in a next-hop table, using the content name as input, to obtain a second routable prefix for a key-resolution zone associated with the content name or a prefix of the content name; disseminating, over the Content Centric Network, a second Interest message that includes the query for the content name, and whose name includes the second routable prefix for the key-resolution zone; and in response to receiving, from the key-resolution zone, a Content Object that includes a routable prefix for a second key-resolution zone, obtaining the KRS record from the second key-resolution zone; and returning, by the server computer, a Content Object whose payload includes the security information that satisfies the query, and whose name includes the Interest message'"'"'s name, to satisfy the Interest message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method, the method comprising:
-
receiving, over a Content Centric Network, an Interest message with a name that includes a routable prefix associated with a key-resolution service, wherein the Interest includes a query for a content name that is to be resolved in the name or a payload of the Interest; obtaining, from the Interest message, the content name that is to be resolved; obtaining a KRS record for the content name, wherein the KRS record includes security information for the content name or security information for a prefix of the content name, wherein obtaining the KRS record involves; performing a longest-prefix-matching lookup in a next-hop table, using the content name as input, to obtain a second routable prefix for a key-resolution zone associated with the content name or a prefix of the content name; disseminating, over the Content Centric Network, a second Interest message that includes the query for the content name, and whose name includes the second routable prefix for the key-resolution zone; and in response to receiving, from the key-resolution zone, a Content Object that includes a routable prefix for a second key-resolution zone, obtaining the KRS record from the second key-resolution zone; and returning a Content Object whose payload includes the security information that satisfies the query, and whose name includes the Interest message'"'"'s name, to satisfy the Interest message. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A server computer of a key-resolution service (KSR), comprising:
-
a processor; and a memory storing instructions that when executed by the processor cause the server computer to implement; a communication module configured to receive, over a Content Centric Network, an Interest message with a name that includes a routable prefix associated with the key-resolution service, wherein the Interest includes a query for a content name that is to be resolved in the name or a payload of the Interest; an Interest-processing module configured to obtain, from the Interest message, the content name that is to be resolved; and a record-lookup module configured to obtain a KRS record for the content name, wherein the KRS record includes security information for the content name or security information for a prefix of the content name, wherein obtaining the KRS record involves; performing a longest-prefix-matching lookup in a next-hop table, using the content name as input, to obtain a second routable prefix for a key-resolution zone associated with the content name or a prefix of the content name; disseminating, over the Content Centric Network, a second Interest message that includes the query for the content name, and whose name includes the second routable prefix for the key-resolution zone; and in response to receiving, from the key-resolution zone, a Content Object that includes a routable prefix for a second key-resolution zone, obtaining the KRS record from the second key-resolution zone; and wherein the communication module is further configured to return a Content Object whose payload includes the security information that satisfies the query, and whose name includes the Interest message'"'"'s name, to satisfy the Interest message.
-
Specification