Browse Prior Art Database

SECURING COMMUNICATIONS IN AN ENTERPRISE NETWORK OF LAN AND OR WAN BY UTILIZING AN ENHANCED ENCRYPTING NETWORK INTERFACE CARD

IP.com Disclosure Number: IPCOM000009830D
Original Publication Date: 2000-May-01
Included in the Prior Art Database: 2002-Sep-20
Document File: 4 page(s) / 242K

Publishing Venue

Motorola

Related People

Robert Neal Smith: AUTHOR [+3]

Abstract

This paper describes a unique way to encrypt communications utilizing a multi-phase process that minimizes the complexity of key exchange. This solution also takes advantage of a co-processor within the encrypting Network Interface Card (eNIC) to perform the encryption, freeing the main processor for other tasks. It also utilizes a protocol between eNIC to eNIC which steers the message flow in a hierarchical fashion, such that a sender node only needs to know a narrow subset of gateway nodes public keys. In the current version of a three layer hierarchical implementation, we propose an intra-LAN, intra-WAN and inter-WAN gateway structure.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 24% of the total text.

MOTOROLA

Technical Developments

SECURING COMMUNICATIONS IN AN ENTERPRISE NETWORK OF LAN AND OR WAN BY UTILIZING AN ENHANCED ENCRYPTING NETWORK INTERFACE CARD

by Robert Neal Smith, Sourav Bhattacharya and Ron Feigen

This paper describes a unique way to encrypt communications utilizing a multi-phase process that minimizes the complexity of key exchange. This solution also takes advantage of a co-processor within the encrypting Network Interface Card (eNIC) to perform the encryption, freeing the main processor for other tasks. It also utilizes a protocol between eNIC to eNIC which steers the message flow in a hierarchical fashion, such that a sender node only needs to know a narrow subset of gateway nodes public keys. In the current version of a three layer hierarchical implementation, we propose an intra-LAN, intra-WAN and inter-WAN gateway structure.

A sender node sends its packets to the least common ancestor following this hierarchy. A node needs to know the private keys of the following groups of other nodes: 1) all other nodes within the same LAN; 2) all LAN gateway nodes (note that the private keys of the individual members of the other LANs need not be known); and 3) all WAN gateway nodes (likewise, the LAN gateway nodes in other WAN s, need not be known).

Figure I describes a three-level hierarchy in the network design which deploys the eNIC device.

Each of the eNIC cards can operate in one of the following three modes: 1) as a regular-node that operates within a LAN, who knows the public keys of all other regular-nodes within the same LAN as well as the public key of all other LANs and WANs;

2) as a LAN gateway who knows the public keys of other LANs and WANs; or 3) as a WAN gateway.

Depending on the relative position of the destination node with respect to the source node, the following three configurations can occur:

. Case 1: The destination node is within the same intra-LAN as the source node.

Motorola. Inc. 2000

In this case. the source node knows the public key of the destination node, and simply adopts a public key cryptographic process to send a secure data to the destination node (viz. uses the public key of the receiver to encrypt the message, and the destination uses its private key to decrypt the message).

No other node can decipher the content of the secure message, owing to the complex break-in difficulty of the public key crypto algorithms. No prior hand shake is needed between the source and destination nodes, since the public keys of the destination node (in this case being within the LAN) are known to the sender.

WAN

. 0 t

(~\ tOO

~~

WAN 2

Fig. 1

. Case 2: The destination node is not within the same intra-LAN but within a common WAN as the source node. Thus, the destination and source nodes share a common intra- WAN structure.

In this case, the source node does not know the public key of the destination node, but knows the public key of a LAN Gateway in the destination node cluster. The source node uses this public ke...