System for key exchange in a content centric network
First Claim
1. A computer system for facilitating secure communication between computing entities, the system comprising:
- a processor; and
a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising;
generating, by a content-consuming device, a first key based on a first consumer-share key and a previously received producer-share key, and performing a key derivation function based on the first consumer-share key and the first producer-share key;
constructing a first interest packet that includes the first consumer-share key and a nonce token which is used as a pre-image of a previously generated first nonce, wherein the first interest packet has a name that includes a first prefix, and wherein the first nonce is used to establish a session between the content-consuming device and a content-producing device;
in response to the nonce token being verified by the content-producing device, receiving a first content-object packet with a payload that includes a first resumption indicator encrypted based on a second key; and
generating the second key based on a second consumer-share key and the first content-object packet.
3 Assignments
0 Petitions
Accused Products
Abstract
One embodiment provides a system that facilitates secure communication between computing entities. During operation, the system generates, by a content-consuming device, a first key based on a first consumer-share key and a previously received producer-share key. The system constructs a first interest packet that includes the first consumer-share key and a nonce token which is used as a pre-image of a previously generated first nonce, wherein the first interest has a name that includes a first prefix, and wherein the first nonce is used to establish a session between the content-consuming device and a content-producing device. In response to the nonce token being verified by the content-producing device, the system receives a first content-object packet with a payload that includes a first resumption indicator encrypted based on a second key. The system generates the second key based on a second consumer-share key and the first content-object packet.
-
Citations
20 Claims
-
1. A computer system for facilitating secure communication between computing entities, the system comprising:
-
a processor; and a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising; generating, by a content-consuming device, a first key based on a first consumer-share key and a previously received producer-share key, and performing a key derivation function based on the first consumer-share key and the first producer-share key; constructing a first interest packet that includes the first consumer-share key and a nonce token which is used as a pre-image of a previously generated first nonce, wherein the first interest packet has a name that includes a first prefix, and wherein the first nonce is used to establish a session between the content-consuming device and a content-producing device; in response to the nonce token being verified by the content-producing device, receiving a first content-object packet with a payload that includes a first resumption indicator encrypted based on a second key; and generating the second key based on a second consumer-share key and the first content-object packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer system for facilitating secure communication between computing entities, the system comprising:
-
a processor; and a storage device storing instructions that when executed by the processor cause the processor to perform a method, the method comprising; receiving, by a content-producing device, a first interest packet that includes a first consumer-share key and a nonce token which is used as a pre-image of a previously received first nonce, wherein the first interest packet has a name that includes a first prefix, and wherein the first nonce is used to establish a session between a content-consuming device and the content-producing device; generating a first key based on the first consumer-share key and a first producer-share key, and performing a key derivation function based on the first consumer-share key and the first producer-share key; verifying the nonce token based on the first key and the first nonce; generating a second key based on the first interest packet and a second producer-share key; and constructing a first content-object packet with a payload that includes a first resumption indicator encrypted based on the second key. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification