An embedded DSP hardware encryption module for secure e-commerce transactions

Cryptography is one of the key elements in providing security for modern e-commerce systems. It is well known that software-based encryption has built-in security weaknesses due to storing and managing digital certificates/keys in a high-risk environment such as a local hard disk or software. This makes embedded hardware encryption a superior solution. However, most existing embedded hardware encryption modules need additional dedicated software in order to implement a secure e-commerce application, which increases cost as well as adds complexity. In this paper, a new embedded hardware DSP (digital signal processor) encryption module, using the RSA (Rivest, Shamir, and Adleman) algorithm, is developed for secure e-commerce transactions from the client side. The goal is to seamlessly integrate the embedded DSP hardware encryption module, which combines computational power and flexibility in programming, with a widely available web browser that provides the required e-commerce functions. The integrated system can store and process security sensitive data inside the plug-in hardware. The proposed scheme tries to maximize security strength while limiting overheads by utilizing a widely available web browser to perform e-commerce functions such as product searching, etc. A fully functional web e-commerce system has been developed as a proof of concept. Our major contribution is a design of a functional RSA plug-in encryptor which can store and encrypt sensitive information originated from the e-commerce process using standard web browsers. Implementation details addressing challenging issues such as big integer, large message, and communication components have been provided which have never been reported in the public literature. This can be very useful for real-life industry security applications. Copyright (C) 2010 John Wiley & Sons, Ltd.