Disclosed is a computer-readable medium containing program instructions for configuring a first computer so that a first telephony client on the first computer may securely communicate with a second telephony client on a second computer via a communication path. The computer-readable medium includes computer code for inserting a security algorithm within the communication path. The security algorithm facilitates secure communication between the first and second telephony clients such that more than a single type of telephony client may be implemented. In a specific embodiment, the security algorithm is inserted within the first computer's operating system kernel.
A method and system for prevention of unauthorized access to multimedia data are disclosed herein. A tamper-resistant system having a software driver, a peripheral device, and a system memory is used to encrypt sensitive routines used by the software driver. The software driver is used to interface between one component of the system, such as a processor, and a peripheral device, such as a graphics chip. The driver incorporates one or more sensitive routines, that if divulged, could possibly allow an unauthorized party access to data processed by the software driver. Accordingly, in one embodiment, the sensitive routines are stored in an encrypted format with the driver. To access a sensitive routine, the driver submits the associated encrypted routine to the peripheral device, as well as a decryption method, if desired, where it is decrypted and stored in a plaintext format in a location, such as system memory, accessible to both the driver and the peripheral device. The driver can then use the plaintext routine to process the data. When finished processing the data, the plaintext routine can be re-encrypted using one or more of a variety of encryption methods and stored with the driver. Any remaining copies of the plaintext routine can be removed from the system. By encrypting the sensitive routines at all times other than when in immediate use, the system can effectively prevent an unauthorized party from accessing data based on knowledge about the sensitive routine. In addition, the use of the hardware of the peripheral device to encrypt/decrypt the sensitive routines provides an additional barrier to an unauthorized party.
Improvements in security processing are disclosed which enable security processing to be transparent to the application. Security processing (such as Secure Sockets Layer, or "SSL", or Transport Layer Security, or "TLS") is performed in (or controlled by) the stack. A decision to enable security processing on a connection can be based on configuration data or security policy, and can also be controlled using explicit enablement directives. Directives may also be provided for allowing applications to communicate with the security processing in the stack for other purposes. Functions within the protocol stack that need access to clear text can now be supported without loss of security processing capability. No modifications to application code, or in some cases only minor modifications (such as inclusion of code to invoke directives), are required to provide this security processing. Improved offloading of security processing is also disclosed, which provides processing efficiencies over prior art offloading techniques.
In a node (110) communicating with other nodes in a network (150), a system and method for performing cryptographic-related functions is provided. The node (110) receives and transmits inputs and outputs requiring cryptographic-related processing. When cryptographic processing is required, the node (110) transmits a predefined message to a cryptographic processing component in the node (110) that then performs the desired cryptographic-related processing.
