Communications networks are widely used to send and receive messages among nodes that are connected thereto. Communications networks may include, for example, wired and wireless communications networks, local area networks, the Internet, other connections based networks or any combination thereof. The nodes may include but are not limited to mainframe computers, mid-range computers, personal computers, notebook devices, hand held devices, radio-telephones, applications programs, devices such as smart cards or adapters and combinations thereof.
Crytography is a security mechanism for protecting information from unintended disclosure by transforming the information into a form that is unreadable to humans, and unreadable to machines that are not specially adapted to reversing the transformation back to the original information content. The cryptographic transformation can be performed on data that is to be transmitted electronically, such as an electronic mail message, and is equally useful for data that is to be securely stored, such as the account records for customers of a bank or credit company.
In addition to preventing unintended disclosure, cryptography also provides a, mechanism for preventing unauthorized alteration of data transmitted or stored in electronic form. After the data has been transformed cryptographically, an unauthorized person is unlikely to be able to determine how to alter the data, because the specific data portion of interest cannot be recognized. Even if the unauthorized user knew the position of the data portion within a data file or message, this position may have been changed by the transformation, preventing the unauthorized person from merely substituting data in place. If an alteration to the transformed data is made by the unauthorized user despite the foregoing difficulties, the fact of the alteration will be readily detectable, so that the data-will be considered untrustworthy and not relied upon. This detection occurs when the transformation is reversed; the encrypted date will not reverse to its original contents properly if it has been altered. The same principle prevents unauthorized addition of characters to the data, and deletion of characters from the data, once it has been transformed.
The transformation process performed on the original data is referred to as “encryption.” The process of reversing the transformation, to restore the original data, is referred to as “decryption.” The terms “encipher” and “decipher” are also used to describe these processes, respectively. A mechanism that can both encipher and decipher is referred to as a “cipher.” Data encryption systems-are well known in the data processing art. In general, such systems operate by performing an encryption on a plaintext input block, using an encryption key, to produce a ciphertext output block. “Plaintext” refers to the fact that the data is in plain, unencrypted form. “Ciphertext” refers to the fact that the data is in enciphered or encrypted form. The receiver of an encrypted message performs a corresponding decryption operation, using a decryption key, to recover the original plaintext block.
A cipher to be used in a computer system can be implemented in hardware, in software, or in a combination of hardware and software. Hardware chips are available that implement various ciphers. Software algorithms are known in the art as well.
Historically, encryption for computer programs has been performed either based on the session over which the traffic flowed or by the application program itself determining its level of security and encrypting all of the information it sends in an end-to-end manner. This end-to-end manner of encryption requires a secure session, where hardware devices or software devices are used to encrypt everything that flows across the link and a corresponding device is required at the receiving end to decrypt everything. This means that even non-critical data is encumbered by the processing overhead of the encryption and decryption.