1. Field of the Invention
The present invention relates generally to computer networks and, in particular, to security for such computer networks.
2. Description of Related Art
With the advent of local area networks (LANs), office computers were able to communicate in a cost efficient manner. As the price of LAN technology has dropped, the use of LANs has increased for such things as shared data bases, electronic mail (E-Mail) and word processing. As LAN technology has grown, the need for LANs to communicate with one another over telephones has also increased. The same type of data that cross LANs also crosses these wide-area networks (WANs) today. Much of this traffic is sensitive information such as business forecasts, sales figures, accounting information, personnel records, new product plans or manpower requirements.
Ethernet has become the dominant physical interface for communication in LANs. Ethernet provides an inexpensive method of connecting many computers on a single wire with a throughput of ten megabits. More than one hundred users can be connected to a server using a single ten megabit channel. All information that is transmitted in that channel can be received by any computer connected to the channel. Almost any computer connected to the channel may be placed in promiscuous mode, allowing it to see any transaction on the Ethernet wire. Promiscuous mode is used normally for diagnostics and for computer bridges. Since software to eavesdrop on the Ethernet line is used for diagnostics and since Ethernet is so prevalent, the software has become increasingly prevalent and sophisticated. The price of some of this software is virtually free since it is available in shareware. These products have also improved their capability to understand what the information crossing the network is trying to do.
For wide-area networks, as well as other LAN topologies, the problem is similar. Anyone who can tap into public switched data communications has access to all the data transferring across the telephone line. Some of the telephone connection portals to a LAN can become access points for promiscuous eavesdropping also. It is conceivable that a person can gain access th rough a remote login facility, and eavesdrop on a network without ever having to log into the network.
In a preferred embodiment of the present invention, a server contains a data base with information regarding valid keys or encryption algorithms or both which are necessary for encrypting and decrypting data on the network. The term xe2x80x9cencryption algorithmxe2x80x9d is used here in the broad sense, referring to an algorithm that uses an encryption key to convert a message into a form that is unintelligible without knowledge of the algorithm and the encryption key. The driver level of the server is designed to understand the encryption scheme. During initialization, the driver software reads the encryption information contained in the data base. It configures a logical interface for each record in the data base. As information is passed through the driver, the driver directs the data to one of the logical interfaces.
Work stations are connected by a network medium to the server, but the work stations do not contain an encryption key. When a user initializes a work station, the user enters a key. This key is then used in subsequent transactions with the server.
Any application programs run in the server deal with the data in an unencrypted form. When a server application wishes to talk to a client, in this case a work station, it responds on the same logical interface from which it received the data. This allows the driver to encrypt the data in a manner necessary for that work station to understand. Each work station on the server can have its own key for the encryption algorithm or several work stations may share a key.
A method according to the present invention for secured transmission in a computer network between a work station and a server includes the steps of initializing a predetermined number of logical interfaces in the server, loading a program that takes a character phrase of arbitrary length and generates a unique byte sequence of fixed length called a unique key and a smaller key for transport called a transport key into the work station, installing a software logical interface into the work station defining which encryption algorithm to use, entering a predetermined character phrase into the work station, initializing an encryption algorithm using the character phrase, encrypting the phrase into a unique key and a transport key by the work station logical interface, encrypting, using the unique key, by the work station of a first data packet for transmission, transmitting the encrypted first data packet including the transport key to the server from the work station, receiving the encrypted first data packet by the server, reading the transport key by the server, comparing the transport key with a list of transport keys corresponding to server logical interfaces, and if the transport key matches with a key for a server logical interface, then decrypting by the server of the encrypted first data packet using the unique key and encryption algorithm for that logical interface.
The method, in one embodiment, also includes the steps of encrypting by the server using the logical interface associated with the work station of a second data packet for transmission, transmitting the encrypted second data packet including the transport key to the work station from the server, receiving the encrypted packet of data by the work station, reading the transport key by the work station, comparing the transport key with the transport key of the work station, and if the transport key matches the transport key of the work station, then decrypting by the work station of the encrypted second data package.
The system and method described have been in terms of a server and work stations, but the method can be used in peer-to-peer networks and between servers.