Apparatus and a method for secure communications for network computers
First Claim
1. A method in a distributed data processing system for implementing secure network communication, the method comprising the data processing system implemented steps of:
- receiving a block of data from a segmentation logic on a network interface card;
encrypting the block of data using encryption hardware built on the network interface card;
putting the encrypted data into a packet frame;
setting a flag in a header of the packet frame indicating an encryption algorithm, from a plurality of encryption algorithms, used to encrypt the block of data;
inserting a validation value for the encrypted data in a trailer of the packet frame; and
sending the packet over a network.
3 Assignments
0 Petitions
Accused Products
Abstract
Encryption hardware built on a network interface card is provided by the present invention for encrypting data sent from a computer to a network. A block of data is retrieved from the network interface card, encrypted using encryption hardware, and inserted into a data packet. A flag is set in the packet header to indicate the encryption type. If the data packet is received by a system equipped with similar network interface card, decryption algorithm indicated by the flag is applied to the data using decryption hardware on the network interface card. The decrypted data is sent to re-assembly logic to rebuild the original message for the transmitted packets. The original message is sent to a computer memory via a system bus for further processing. If the data packet is received by a system not equipped with the network interface card, suitable software is provided to decrypt the data packet.
68 Citations
18 Claims
-
1. A method in a distributed data processing system for implementing secure network communication, the method comprising the data processing system implemented steps of:
-
receiving a block of data from a segmentation logic on a network interface card;
encrypting the block of data using encryption hardware built on the network interface card;
putting the encrypted data into a packet frame;
setting a flag in a header of the packet frame indicating an encryption algorithm, from a plurality of encryption algorithms, used to encrypt the block of data;
inserting a validation value for the encrypted data in a trailer of the packet frame; and
sending the packet over a network. - View Dependent Claims (2, 13)
-
-
3. A method in a distributed data processing system for implementing secure network communication, the method comprising the data processing system implemented steps of:
-
receiving a block of data from a packet frame on a network interface card;
validating the data based on a validation value in a trailer of the packet frame;
detecting an encryption algorithm used to encrypt the block of data based on a flag in a header of the packet frame;
decrypting the block of data in decryption hardware built on the network interface card using the detected encryption algorithm; and
sending the decrypted data to a reassembly logic on the network interface card. - View Dependent Claims (4, 14)
-
-
5. A data processing system for implementing secure network communication, the data processing system comprising:
-
a receiving means for receiving a block of data from a segmentation logic on a network interface card;
an encrypting means for encrypting the block of data using encryption hardware built on the network interface card;
a transfer means for transferring the encrypted data into a packet frame;
a flagging means for setting a flag in a header of the packet frame indicating an encryption algorithm, from a plurality of encryption algorithms, used to encrypt the block of data;
an inserting means for inserting a validation value for the encrypted data in a trailer of the packet frame; and
a sending means for sending the packet over a network. - View Dependent Claims (6, 15)
-
-
7. A data processing system for implementing secure network communication, the data processing system comprising:
-
a receiving means for receiving a block of data from a packet fame on a network interface card;
a validating means for validating the data based on a validation value in a trailer of the packet frame;
a detecting means for detecting an encryption algorithm used to encrypt the block of data based on a flag in a header of the packet frame;
a decrypting means for decrypting the block of data in decryption hardware built on the network interface card using the detected encryption algorithm; and
a sending means for sending the decrypted data to a re-assembly logic on the network interface card. - View Dependent Claims (8, 16)
-
-
9. A computer program product for implementing secure network communication, the computer program product comprising:
-
instructions for receiving a block of data from a segmentation logic on a network interface card;
instructions for encrypting the block of data using encryption hardware built on the network interface card;
instructions for putting the encrypted data into a packet frame;
instructions for setting a flag in a header of the packet frame indicating an encryption algorithm, from a plurality of encryption algorithms, used to encrypt the block of data;
instructions for inserting a validation value for the encrypted data in a trailer of the packet frame; and
instructions for sending the packet over a network. - View Dependent Claims (10, 12, 17)
-
-
11. A computer program product for implementing secure network communication, the computer program product comprising:
-
instructions for receiving a block of data from a packet frame on a network interface card;
instructions for validating the data based on a validation value in a trailer of the packet frame;
instructions for detecting an encryption algorithm used to encrypt the block of data based on a flag in a header of the packet frame;
instructions for decrypting the block of data in decryption hardware built on the network interface card using the detected encryption algorithm; and
instructions for sending the decrypted data to a re-assembly logic on the network interface card. - View Dependent Claims (18)
-
Specification