Embodiments of the present invention relate to the field of computer network technology. More particularly, embodiments of the present invention relate to dynamic encryption and decryption for network communication.
With the development of network technology, network communication has become increasingly prevalent. In many cases, when a communication channel is established between network entities distributed in different locations or within an internal network (for example an intranet), it is required to encrypt the data transferred over the channel. For example, when communicating on a transmission control protocol/internet protocol (TCP/IP) public network (for example, Internet), it is generally required to encrypt the network communication at the IP layer so as to guarantee the security and integrity of communication data.
The Internet protocol security (IPSec) provides a solution for IP communication security. It prescribes a method for protecting private information communicated over a public network. The service supported by the IPSec includes creditability (encryption), authenticity (sender certification), integrity (data tamper detection) and reply protection (preventing unauthorized data retransmission). The IPSec further prescribes a key management mechanism called Internet Key Exchange (IKE), for establishing a key for encrypting and decrypting information.