1. Field of the Invention
The present invention generally is related to data transmission via IP based public networks and particularly to data transmission via the internet to an internal device of an internal network upon using asymmetric keys.
2. Description of the Related Art
Electronic data or messages transmitted via public networks like the internet are typically encrypted in order to preserve the privacy of the transmitted information. Preferably, public key systems are used in this regard. By encrypting the transmitted information with the public key of a destination device, it can be guaranteed that only the destination device, which securely stores the corresponding private key, can decrypt the transmitted information by means of the private key.
In the internet the public key of a user may be provided by means of a public key server. The public key server stores the public key of the user and for example a certificate of the public key, which is issued for the public key by a trusted third party. Accordingly, a sender of a message to the user may request the user's public key or the corresponding certificate, for checking the validity of the public key, from the public key server. Public key servers, certification authorities and further components provide a system also referred to as a public key infrastructure (PKI).
For transmitting information over the internet the sender further needs the unique IP address of the destination. The number of world wide IP addresses however is limited and becomes a scarce resource due to the rising number of participants in the internet. Moreover, a user publishing his IP address becomes open to a variety of possible attacks.
As a consequence, IP addresses are usually not published, but exchanged upon request only. Thereby the number of steps for establishing a secure communication path via the internet increases significantly. For example, when using temporarily assigned IP addresses, such IP addresses initially have to be communicated and administered, then validated for a secure communication and finally prevented from being hijacked by third parties.
EP 1 035 702 A2 discloses a system for secure communication between a mobile host and a device within an internal network, which prevents the hijacking of IP addresses. A gateway, having a secure port coupling the gateway to a secure network and an insecure port coupling the gateway to an insecure or public network, provides a list of secure IP addresses for use on the public network. The IP address of the mobile host is assigned to a “secured address”. Data packets received in the gateway are analysed, if they are received from a secured address. The gateway then transmits the received data to the destination address with the secured address as a sender's address. Accordingly, the potentially insecure IP address of the sender is neither known nor used within the secure network.