| 摘要 |
<p>In a computer network, each pair of host computers that need to exchange data packets establish a single host-to-host encryption/decryption key. Then, whenever one host computer sends a data packet to the other host computer, it first forms a predefined logical combination of the established host-to-host key and the destination buffer index to which the data packet is being sent, and then uses the resulting value to encrypt the secure portions of the data packet. The destination buffer index is included in the data packet's header, which is not encrypted. When the receiving host computer receives the encrypted data packet, it reads the destination buffer index from the packet header, forms the same predefined logical combination of the established host-to-host key and the destination buffer index to generate a decryption key, and uses the computed decryption key to decrypt the secure portions of the received data packet. If the destination buffer index in the received data packet has been modified either by noise or by an interloper, the decryption key computed by the receiving host computer will be different from the encryption key used by the sending host computer, and therefore the portions of the received data packet decrypted using the computed decryption key will be unintelligible. Thus, interlopers are prevented from breaching the confidentiality of encrypted data. <IMAGE></p> |
