Trusted internal computer networks are typically protected from un-trusted external computer networks by routers or other gateway systems that provide different types of firewall functionality. Security processing performed by related systems may also provide additional protection. For example, a computer in the internal network may establish a virtual private network (VPN) session with a computer in the external network. The host processor of the computer or a dedicated security processor coupled to the router or other gateway system typically performs the security processing necessary to support the VPN. In addition, a dedicated network processor may be coupled to the security processor and/or the host processor to handle network packet processing functions.
Network interface cards (NIC) often provide a computer's physical connection to its trusted internal network. More specifically, a NIC connects a personal computer, server or workstation to a local area network (LAN) and has two primary interfaces: the network interface and the host bus interface. NICs are typically low-cost ASIC-based products designed for simple buffering and data transfer.
It is desired that communications to and from a trusted computer be secure and that communication speeds be improved. However, providing firewall, network processing and security functionalities in different systems, which are often made by different manufacturers, provides increased opportunities for snooping or other techniques that may permit an unauthorized person to gain access to ongoing communications or to discover key or other security data when it is exchanged between subsystems. For example, if certain security functions associated with securing communications over a NIC are handled by the computer's host processor and/or by other computers on the internal network, then the communications may be more easily attacked or otherwise accessed or interfered with by an unauthorized person, who may attempt to exploit easier snooping access or other vulnerabilities presented by the processing of security functions by a host processor or another server on the network.
The use of different systems to perform different portions of security and network processing also requires additional processing and interfaces for coordinating communications processing between the systems. Such additional processing and interfaces increase processing demands, which limits communication speed and increases the size of the chips and systems necessary to implement secure communications.
As a specific example, when using a separate security processor and I/O card connected to a backplane bus of a host, input encrypted data is typically transferred using direct memory access (DMA) from the I/O card, under control of the host, to memory coupled to the host. Then, the data is transferred by DMA from the memory via the host to the security processor. After the data is decrypted, and possibly a public key generated, the data is transferred by DMA from the security processor to memory again via the host. Finally, the decrypted data is transferred by DMA from the memory to the I/O card for output to another destination. This large number of data transfers creates a bottleneck on the backplane bus, which includes multiple data transactions, many interrupts, and heavy usage of memory to store the data.
The use of secure communications in broadband networks will increasingly require high-speed security and network processing. Further, the use of portable devices that securely connect to networks will require smaller chip and system sizes that can meet security and networking processing demands while at the same time retaining easy portability. In light of the foregoing, there is a general need for a secure I/O interface system and method that improve the security of communications to and from trusted hardware, improve communication speed, reduce the number of different systems required for secure communications, and reduce the extent of the bottleneck on the backplane bus.
The exemplification set out herein illustrates an embodiment of the invention in one form, and such exemplification is not intended to be construed as limiting in any manner.