1. The Field of the Invention
The present invention relates to securing network communication, and more specifically, to mechanisms for including a significant portion of the information needed to securely process a message within the message.
2. Background and Relevant Art
Computer systems and related technology affect many aspects of society. Indeed, the computer system's ability to process information has transformed the way we live and work. Computer systems now commonly perform a host of tasks (e.g., word processing, scheduling, and database management) that prior to the advent of the computer system were performed manually. More recently, computer systems have been coupled to one another to form computer networks over which the computer systems can communicate electronically to share data. As a result, many of the tasks performed at a computer system (e.g., accessing electronic mail and web browsing) include electronic communication with one or more other computer systems via a computer network (e.g., the Internet).
Communicating electronically via a computer network typically includes transferring electronic messages between computer systems to cause the computer systems to operate in a desired manner. To transfer an electronic message, the electronic message is typically broken down into corresponding data packets at a sending computer system, the data packets are transferred from the sending computer system via one of more communication links to a receiving computer system (often referred to as transferring data packets “over-the-wire”), the data packets are then used to reconstruct the message at the receiving computer system. In limited cases, data packets may be transferred over a communication link that directly couples one computer system to another computer system (i.e., a one-to-one relationship). However much more frequently, a communication link is utilized by a number of computer systems in a many-to-many relationship. For example, a number of clients connected to an Internet Service Provider (“ISP”) may each be able to electronically communicate with all the other clients connected to the ISP (as well as users connected to other ISPs).
Further, communication links often exist in a web configuration (e.g., the Internet) where any one of a number of different combinations of communication links can be used for electronic communication between two computer systems. This is beneficial as it provides some level of redundancy. That is, if one communication link fails a number of other communication links may still provide communication between computer systems. To further facilitate efficient electronic communication between computer systems many communication links of a network, especially those on the Internet, are made publicly available. That is, if a computer system is able to access such a network, the computer system inherently has access to all the public communication links connected to the network. This promotes free flow of information between computer systems (and their users) without significant restraints of the type of data that can be transferred or the network applications that can be executed.
Due at least in part to the ease and efficiency of electronic communication, the number and diversity of entities that use electronic communication is quite large. However, since each computer system coupled to a computer network potentially has access to all the public communication links that couple other computer systems to the network, there is some risk that a malicious user could intercept data packets being sent between computer systems. To compound the problem, some protocols used for electronic communication, such as, for example, the HyperText Transfer Protocol (“HTTP”) typically send communication between computer systems in clear text data packets. That is, if the text “Balance=$5,000” were included in an HTTP related message, this exact text would be sent over-the-wire. While the text may be broken down into a number of different clear text data packets, the clear text data packets could be processed at any computer system to easily reconstruct this text. Thus, if the clear text data packets were intercepted at the computer system of a malicious user, the malicious user could easily interpolate that the text was associated with financial data.
In some cases, such as, for example, when browsing news items or other public information, this risk may be tolerable as the data to be included in the clear text data packets is already public and accessible to a large number of computer systems. However, in a large number of other cases, such as, for example, when the data to be included in clear text data packets includes financial or sensitive personal information, the risks associated with transferring clear text data packets may be unacceptable. As such, methods for making intercepted data packets harder to decipher into a meaningful format have been developed.
One method to protect data being transferred between computer systems is to encrypt the data before it is send and decrypt the data after it is received. Thus, if data is intercepted as it travels over-the-wire the difficulty of deciphering the data can be increased, and depending on the type of encryption can be made nearly impossible. However, for encryption to be of benefit the sender and the receiver of the encrypted data must establish keys (secret codes typically used by computerized encryption algorithms) for both encrypting and decrypting data. Thus, computer systems will typically exchange a number of configuration parameters to establish these keys before any user related data is transferred. This initial exchange of configuration parameters is often referred to as a “handshake.”
One example of such a handshake is a Secure Socket Layers (“SSL”) handshake sequence. An SSL handshake allows a server to authenticate itself to a client using public-key techniques and then allows the client and server to cooperate in the creation of session keys used for encryption, decryption, and tamper detection during a subsequent data exchange. An SSL handshake typically begins with the client and server exchanging information, such as, for example, SSL version number, cipher settings, random data, and other information needed for communication. During this initial exchange the server also sends a certificate to the client system.
One method to protect data being transferred between computer systems is to encrypt the data before it is sent, and decrypt the data after it is received. Thus, if data is intercepted as it travels over-the-wire the difficulty of deciphering the data can be increased, and depending on the type of encryption can be made nearly impossible. However, for encryption to be of benefit the sender and the receiver of the encrypted data must establish keys (secret codes typically used by computerized encryption algorithms) for both encrypting and decrypting data. Thus, computer systems will typically exchange a number of configuration parameters to establish these keys before any user related data is transferred. This initial exchange of configuration parameters is often refeffed to as a “handshake.”
The server uses its private key to decrypt the premaster secret, and then both the server and the client, starting with the premaster secret, perform a series of operations to generate the master secret. Both the client and the server use the master secret to generate session keys, which are symmetric keys used to encrypt and decrypt information exchanged during an SSL session. The client sends a message to the server informing the server that future messages from the client will be encrypted with the session key. Likewise, the server sends a message to the client indicating that future messages from the server will be encrypted with the session key. Thus, eventually the SSL handshake sequence completes and the client and server can exchange encrypted data.
A considerable amount of processing and data exchange must be performed (i.e., the entire SSL handshake sequence) before a secure session is established and any encrypted data can be transferred between the client and server. This processing and data exchange consumes both computer system and network bandwidth resources. Further, since SSL is a state based protocol some information must be maintained in the system memories of both the client and the server for the duration of the secure connection.
Therefore systems, methods, computer program products, and data structures for establishing secure communication between computer systems in a manner that conserves both computer system and network bandwidth resources would be advantageous.