1. Technical Field
The present invention relates generally to an improved network communications and in particular to an apparatus and a method to improve communications security. Still more particularly, the present invention provides an apparatus and a method for using encryption hardware on a network interface card to insure message security.
2. Description of the Related Art
Secure data communication is essential in a wide range of businesses, including, but not limited to, banking, e-commerce, on-line stock trading, business-to-business transactions, and so forth. In the process of carrying out a transaction, the user will enter a “secure server” and later leave a secure server. If this is performed in a web browser, then a small icon, such as a key or a lock, will appear when data is being encrypted. This continual entering and leaving a secure environment can be, at best, annoying and, at worst, nonexistent at some web sites.
There are a variety of data encryption techniques that may be used to secure data transfers. Data Encryption Standard (DES) is based on use of a symmetric private key with the level of security varying according to key length, typical lengths ranging from 56-bit DES to 256-bit DES.
Public key cryptography, also called the RSA method, named after the inventors Rivest, Shamir, and Adleman, uses an asymmetrical key pair in which one key is public and the other key is private. Data is typically encrypted by using the recipient's public key, and can only be decrypted by using the recipient's private key. The roles of the two keys can also be reversed, such as digitally signing a document using the sender's private key, and validating the signature using the sender's public key.
RSA is very computation intensive, thus it is often used to create a digital envelope, which holds an RSA-encrypted DES key and DES-encrypted data. This method encrypts the secret DES key so that it can be transmitted over the network, but encrypts and decrypts the actual message using the much faster DES algorithm.
The OSI (Open System Interconnection) Model for networks specifies seven layers: Layer 7: Application; Layer 6: Presentation; Layer 5: Session; Layer 4 Transport; Layer 3: Network; Layer 2: Data Link, and Layer 1: Physical. Data encryption is normally performed at Layer 6 using encryption software that requires considerable processor resources.
Therefore, it would be advantageous to have an apparatus and a method that performs encryption at all times in a manner transparent to the user and performs encryption in hardware at the network interface card level that does not require valuable processor resources.