Conventional forms of secure communication are commonly used to communicate between computer systems. Generally, systems communicate using one or more protocols such as, for example, protocols available in the well-known TCP/IP protocol suite. In some networks, secure communication between two or more computer systems is critical for particular applications to ensure that the information communicated cannot be observed during transmission over the network.
IPsec (IP security) is a standardized framework for securing Internet Protocol (IP) communications by encrypting and/or authenticating each packet in a data stream, which prohibits observation of communications between unauthorized systems. The well-known HAIPE (High Assurance Internet Protocol Encryptor) is based on the IPSec framework and includes additional restrictions and enhancements. Other security protocols (e.g., SSL, TLS) exist that permit the encryption of data packets which are transmitted between computers.
To ensure a quality of service (QOS) relating to the transmission performance of particular protocols, various techniques may be used. For example, the Dynamic Bandwidth Resource Allocation (DBRA) system may be used in a network to resolve quality of service requests from users and for managing bandwidth allocation issues from a central location. However, such schemes may have difficulty being performed in networks having encrypted communications. More particularly, according to one aspect of the present invention, it is appreciated that there may be security issues with having an entity monitor information regarding communications in a secure network. Thus, in some environments where network-layer based security is performed, bandwidth management functions by processes such as DBRA cannot be performed. What is needed, therefore, is a method for permitting such functions to be performed in a secure network.