| 摘要 |
A content-producing computer system can use a locally generated key or a client-generated key to communicate with a client device during a session over a named-data network. During operation, the computer system can receive an Interest packet that includes a name for a piece of data or a service. The Interest's name can include a routable prefix, a session identifier, and an encrypted suffix. In some embodiments, the system can generating a session key based on the session identifier and a secret value, and decrypts the encrypted suffix using the session key to obtain a plaintext suffix. The system processes the plaintext suffix to obtain data requested by the Interest, and encrypts the data using the session key. In some other embodiments, the system can use a local private key to decrypt the encrypted suffix, and uses an encryption key obtained from the Interest to encrypt the Content Object. |
