Browse Prior Art Database

Reporting Encryption Errors to a Management Server

IP.com Disclosure Number: IPCOM000123681D
Original Publication Date: 1999-Mar-01
Included in the Prior Art Database: 2005-Apr-05
Document File: 2 page(s) / 83K

Publishing Venue

IBM

Related People

Cromer, D: AUTHOR [+5]

Abstract

Problem Solved By This Invention: As network communication becomes more widespread and client sites become more dependent on the Internet for the transfer of sensitive data, the need for enhanced data security becomes apparent. Eventually all corporate traffic on the Internet will be encrypted to prevent data interception. With the emergence of IPv6, there are new interests in a standard for packet security. (Reference: RFC 1825-1829) Along with these standards will come improvements in network hardware to incorporate these security protocols.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 53% of the total text.

Reporting Encryption Errors to a Management Server

   Problem Solved By This Invention:

   As network communication becomes more widespread and
client sites become more dependent on the Internet for the transfer
of sensitive data, the need for enhanced data security becomes
apparent.  Eventually all corporate traffic on the Internet will be
encrypted to prevent data interception.  With the emergence of IPv6,
there are new interests in a standard for packet security.
(Reference: RFC 1825-1829)  Along with these standards will come
improvements in network hardware to incorporate these security
protocols.

   Under normal operating conditions, the network software
stack is able to encrypt network traffic and handle problems
encountered with improperly encrypted data.  However, when a machine
is in a sleep state, or off, there is no mechanism for detecting
encryption problems or hacking attempts.

   Description of Invention:

   This invention applies to Client PC, which requires a
connection to the network.  The following description is based on an
on-board Ethernet solution, however the concept can be applied to
Token Ring, ATM, or modem.

   The invention is an exploitation of existing encryption
hardware.  The encryption block is a discrete ASIC that snoops the
activity on MII bus.  The Encrypt line determines the state of
network activity.  If the Encrypt line is low, network activity will
not be tampered with by the Encryption block.  If the line is high,
all outgoing packets will be encrypted and all non-encrypted incoming
packets will be ignored.

   On a failed decryption, the PASS/FAIL line is signaled
which notifies the MAC of the failed packet.  The MAC then takes the
failed packet and re-sends it to the Management server.  The server
can decode the packet and inspect its origins.

   An encrypted TCP/IP packet using the Authentication
Header has the following format:
  o  MEDIA HEADER: Ethernet, Token Ring, etc.,
     Source MAC...