Hardware assisted provenance proof of named data networking associated to device data, addresses, services, and servers
First Claim
1. A system delivering data content with hardware assisted provenance proof in named data networking (NDN), comprising:
- a first client with a first client trusted security zone enabled, configured to;
send a first request message, wherein the first request message comprises a name that identifies desired data content,receive data content and a digital signature, anddetermine whether or not the data content is from a corresponding trusted content server based on the digital signature;
a data content server with a data content server trusted security zone enabled, configured to;
receive the first request message from the first client, andtransmit the desired data content based on the name comprised in the first request message and a determination by the data content server independently that the first client is trusted and that the routing path from the first client to the data content server is trusted;
a signature server with a signature server trusted security zone enabled, configured to;
receive the first request message from the first client,generate the digital signature based on the desired data content, andtransmit the digital signature based on a determination by the signature server independently that the first client is trusted and that the routing path from the first client to the signature server is trusted; and
at least one router each with a router trusted security zone enabled, wherein the router trusted security zone, the first client trusted security zone, the data content server trusted security zone, and the signature server trusted security zone provide hardware assisted trust, where the at least one router is configured to;
cache the data content and the digital signature received from the data content server and the signature server, andforward the data content and the digital signature to a second client requesting the data content based on the same name comprised in a second request message from the second client and a determination by the at least one router independently that the second client is trusted and that the routing path from the second client to the router is trusted.
6 Assignments
0 Petitions
Accused Products
Abstract
A system of delivering data content with hardware assisted provenance proof in named data networking (NDN). The system comprises a data content server with a trusted security zone enabled that is configured to receive the first request message from the first client, and transmit the desired data content based on the name comprised in the first request message and a determination that the first client is trusted and that the routing path from the first client to the data content server is trusted. The system further comprises a signature server with a trusted security zone enabled that is configured to receive the first request message from the first client, generate a digital signature based on the desired data content, and transmit the corresponding digital signature based on a determination that the first client is trusted and that the routing path from the first client to the signature server is trusted.
-
Citations
20 Claims
-
1. A system delivering data content with hardware assisted provenance proof in named data networking (NDN), comprising:
-
a first client with a first client trusted security zone enabled, configured to; send a first request message, wherein the first request message comprises a name that identifies desired data content, receive data content and a digital signature, and determine whether or not the data content is from a corresponding trusted content server based on the digital signature; a data content server with a data content server trusted security zone enabled, configured to; receive the first request message from the first client, and transmit the desired data content based on the name comprised in the first request message and a determination by the data content server independently that the first client is trusted and that the routing path from the first client to the data content server is trusted; a signature server with a signature server trusted security zone enabled, configured to; receive the first request message from the first client, generate the digital signature based on the desired data content, and transmit the digital signature based on a determination by the signature server independently that the first client is trusted and that the routing path from the first client to the signature server is trusted; and at least one router each with a router trusted security zone enabled, wherein the router trusted security zone, the first client trusted security zone, the data content server trusted security zone, and the signature server trusted security zone provide hardware assisted trust, where the at least one router is configured to; cache the data content and the digital signature received from the data content server and the signature server, and forward the data content and the digital signature to a second client requesting the data content based on the same name comprised in a second request message from the second client and a determination by the at least one router independently that the second client is trusted and that the routing path from the second client to the router is trusted. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of delivering data content with hardware assisted provenance proof in named data networking (NDN), comprising:
-
sending, by a first client with a first client trusted security zone enabled, a first request message, wherein the first request message comprises a name that identifies desired data content; receiving, by a data content server with a data content server trusted security zone enabled and a signature server with a signature server trusted security zone enabled, the first request message from the first client; transmitting, by the data content server, the desired data content based on the name comprised in the first request message and a determination by the data content server independently that the first client is trusted and that the routing path from the first client to the data content server is trusted; generating, by the signature server, a digital signature based on the desired data content; transmitting, by the signature server, the digital signature based on a determination by the signature server independently that the first client is trusted and that the routing path from the first client to the signature server is trusted; caching, by at least one router each with a router trusted security zone enabled, the data content and the digital signature received from the data content server and the signature server, wherein the router trusted security zone, the first client trusted security zone, the data content server trusted security zone, and the signature server trusted security zone provide hardware assisted trust; receiving, by the first client, the data content and the digital signature; determining, by the first client, whether or not the data content is from a corresponding trusted content server based on the digital signature; and forwarding, by the at least one router, the data content and the digital signature to a second client requesting the data content based on the same name comprised in a second request message from the second client and a determination by the at least one router independently that the second client is trusted and that the routing path from the second client to the router is trusted. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method of delivering data content with hardware assisted provenance proof in named data networking (NDN), comprising:
-
sending, by a client with a client trusted security zone enabled, a request message, wherein the request message comprises a name that identifies desired data content; receiving, by a data content server with a data content server trusted security zone enabled and a signature server with a signature server trusted security zone enabled, the request message from the client; transmitting, by the data content server, the desired data content based on the name comprised in the request message and a determination by the data content server independently that the first client is trusted and that the routing path from the client to the data content server is trusted; generating, by the signature server, a digital signature based on the desired data content; transmitting, by the signature server, the digital signature based on a determination by the signature server independently that the client is trusted and that the routing path from the client to the signature server is trusted; caching, by at least one router each with a router trusted security zone enabled, the data content and the digital signature received from the content server, wherein the router trusted security zone, the client trusted security zone, the data content server trusted security zone, and the signature server trusted security zone provide hardware assisted trust; receiving, by the client, the data content and the digital signature; and determining, by the client, whether or not the data content is from a corresponding trusted content server based on the digital signature. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification