In many situations, it is desirable to encrypt communications sent over a network. For example, various government regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and the Payment Card Industry Data Security Standard (PCI DSS) require the use of encryption, even on private networks. Such regulations can be satisfied by configuring network devices, such as routers, to encrypt messages received from client machines before transmitting those messages over the network. Receiving network devices then decrypt the transmitted messages before passing the messages to the recipient client machines.
Intermediary network devices within the network typically perform various types of processing (e.g., to apply various policies) on transmitted messages. Unfortunately, some of this processing may not be possible unless the transmitted messages are decrypted prior to being processed. If the intermediary network devices are unable to decrypt encrypted messages, the intermediary network devices may not be able to perform the desired processing. Absent the ability to process the encrypted messages, these intermediary network devices will only be able to apply very basic policies (e.g., such as a policy specifying that all encrypted messages are to be dropped) to encrypted traffic. This may in turn negatively affect overall network performance or even prevent the effective communication of encrypted messages within the network.
While the invention is susceptible to various modifications and alternative forms, specific embodiments of the invention are provided as examples in the drawings and detailed description. It should be understood that the drawings and detailed description are not intended to limit the invention to the particular form disclosed. Instead, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope of the invention as defined by the appended claims.