1. Field of the Invention
The present invention relates to the field of data communications. More specifically, the present invention relates to a device for processing data communications and a method of configuring such a device to selectively operate according to one of a plurality of stored operating system programs.
2. Related Art
In recent years, organizations have come to rely heavily upon their ability to communicate data electronically between their members, representatives, employees, etc. Such communications typically include electronic mail and some form of file sharing or file transfer. In a centralized, single site organization, these communications are most commonly facilitated by a local area network (LAN) installed and/or operated by the organization.
Preventing unauthorized access to data traversing an enterprise's single site LAN is relatively straightforward. As long as intelligent network management and adequate physical security are maintained, unauthorized access to the data passing across an enterprise's internal LAN can be prevented. It is when the enterprise spans multiple sites that security threats from the outside become a considerable problem.
For distributed enterprises that wish to communicate data electronically, several options exist but each has associated disadvantages. One option is to interconnect the various offices or sites with dedicated, or private, communication connections, often referred to as leased lines. This is a traditional method used by organizations to implement a wide area network (WAN). The disadvantages of implementing an enterprise-owned and controlled WAN are obvious: they are expensive, cumbersome and frequently underutilized if configured to handle the peak capacity requirements of the enterprise. The obvious advantage is that the lines are dedicated for use by the enterprise and are therefore reasonably secure from eavesdropping or tampering by intermediate third parties.
One alternative to using dedicated communication lines is to exchange data communications over the emerging public network space. For example, in recent years the Internet has evolved from a tool primarily used by scientists and academics into an efficient mechanism for global communications. The Internet provides electronic communication paths between millions of computers by interconnecting the various networks upon which those computers reside. It has become commonplace, even routine, for enterprises (including those in nontechnical fields) to provide Internet access to at least some portion of the computers within the enterprises. For many organizations, Internet access facilitates communications with customers and potential business partners and promotes communications between geographically distributed members of the organization as well.
Distributed enterprises have discovered that the Internet is a convenient mechanism for enabling electronic communications between their members. For example, even remote sites within an enterprise can connect to the Internet through Internet Service Providers (ISP). Once they have access to the Internet, the various members of the enterprise can communicate among the enterprise's distributed sites and with other Internet sites as well. A large disadvantage of using this form of intra-enterprise communications is the general lack of security afforded communications traversing public networks such as the Internet. The route by which a data communication travels from one point on the Internet to another point can vary on a per packet basis, and is therefore essentially indeterminate. Furthermore, the data protocols for transmitting information over the constituent networks of the Internet are widely known, thus leaving electronic communications susceptible to interception and eavesdropping, the danger of which increases as packets are replicated at most intermediate hops. Of potentially greater concern is the fact that communications can be modified in transit or even initiated by or routed to an impostor. With these disconcerting risks, most enterprises are unwilling to subject their proprietary and confidential communications to the exposure of the public network space. For many organizations, it is common to not only have Internet access available at each site, but also to maintain existing dedicated communications paths for internal enterprise communications, with all of the attendant disadvantages described above.
To remedy this problem, organizations have begun to build "virtual private networks" (VPNs) on top of public networks, such as the Internet, to protect data transmitted over public networks. Virtual private network systems often rely on virtual private network units, which may reside on the WAN or LAN side of a routing apparatus to connect an enterprise site to the Internet. Thus, VPN units are in the path of all relevant data traffic between an enterprise site and the public network. To ensure secure data communications between members of the same VPN, a VPN unit implements a combination of techniques for data communication between members of the VPN group. These techniques include various combinations of compression, encryption and authentication, the rules for each of which may vary for members of different groups.
Intelligent communication devices such as encryption and decryption devices described above typically incorporate processors. Processors execute sets of instructions, such as those comprising an operating system program, in order to perform their specified functions. The operating system of an encryption or decryption device, for example, may include instructions detailing the method of encryption or decryption to be applied, identifying how to differentiate between streams of data that are and are not to be encrypted or decrypted, etc. The operating system program executed by a processor is typically updated periodically for a variety of reasons, perhaps to add a new function, enhance efficiency, or to resolve an error in a previous version.
Sometimes, however, a new version of an operating system contains an error, or "bug," that causes a processor and/or its host device to operate incorrectly or inefficiently. A flawed operating system may force a processor to operate so erroneously or erratically as to cause the processor to reboot. Many bugs that detrimentally affect a processor's operation are not discovered until after the new version is installed and the host device fails to operate or operates incorrectly. Replacing the new, flawed, version of the operating system with a previous version known to operate effectively increases the amount of time that the device is out of operation. The longer a communication device is out of operation, the greater the impact upon an organization.
There is, therefore, a need in the art for an intelligent communications device that can be selectively configured to run any of a plurality of operating system programs, which programs are advantageously stored on the device. In addition, there is a need for a method of configuring such a device from a location remote from the device.