1. Field of the Invention
The present invention relates to technology for telecommunication using cryptography.
2. Description of the Related Art
Conventionally, to securely transmit and receive private information, including personal information, trade secrets, etc., over a network such as the Internet, protocols are used such as Secure Socket Layer (SSL) and Transport Layer Security (TLS) in which the information is transmitted and received after encryption.
Recently in communication involving SSL, to reduce delay caused by the time required for the assembly of encrypted data from Transmission Control Protocol (TCP) packets, the transmitted packets into which the data is divided are sequentially decrypted at the time of decryption at reception. Furthermore, it has been proposed that at the time of encryption for transmission, data in the application layer be divided in such a manner that the divided data may be transferred in one TCP packet after block-ciphering (see, for example, Japanese Patent Application Laid-Open Publication No. 2004-364022).
In the case of transmitting and receiving contents using protocols such as SSL and TLS, usually transmit data (data that is to be transmitted and generated by processing the contents according to such procedures as shown in (1) to (4) below) is transmitted to a destination server or client.
(1) Generation of a Message Authentication Code (MAC)
(2) Padding processing, as required
(3) Encryption of the transmit data including the contents, the MAC, and the padding
(4) Generation of a header of the transmit data
FIG. 1 is a diagram of an example of a conventional method of generating transmit data. As shown in FIG. 1, the transmit data is stored in a transmitting buffer 820 and includes contents 801, a MAC 802, and padding 803.
The contents 801 are the data of the contents to be transmitted. The MAC 802 is an authenticator that authenticates the transmit data (i.e., verifies that the data has not been altered) and the sender (i.e., verifies the identity of the sender), and specifically, is a MAC value, etc., generated by, for example, a MAC generating algorithm. The padding 803 is data for padding the encrypted part such that the resulting size will be equal to a multiple of a block used for block-ciphering in a given encrypting algorithm.
The header 810 carries a description indicating attributes of the transmit data temporarily stored by the transmitting buffer 820 and includes, for example, “type” indicating the type of the contents 801, “version” indicating the version of the protocol used for transmitting and receiving, and “length” indicating the size of the transmit data.
The header 810 is information that is required at the time of transmitting or receiving the data and is generated after the generation of the MAC 802, the generation of the padding 803 by the padding processing, and the encryption of the transmit data.
However, the conventional technology mentioned above is configured such that at the time of transmission of the transmit data, the header, which is to be transmitted first, is not generated until after the processing and generation of the transmit data, thereby necessitating a transmitting buffer that is capable of storing the transmit data until the header generation is completed. Namely, to accommodate the transmit data whose data size varies depending on the data size of the MAC and the padding, a transmitting buffer must be prepared that has a maximum size (for example, approximately 16 Kbytes) specified by the standard.
Therefore, in the case that a memory area of a built-in memory is allocated as the transmitting buffer, if there is a limitation to the minimum size of the memory area, the memory area is pressed by the transmitting buffer. In particular, when the data size of the transmit data is small and the transmit data can be held by a transmitting buffer of a small size, there is a problem of inefficient use of the memory since a certain area, even if not used for the transmitting buffer, must be secured as the transmitting buffer in the memory area.
On the other hand, in the case of preparing the transmitting buffer of a small size, there is a problem in that transmit data of a size larger than that of the transmitting buffer can not be transmitted.