It is well known that transaction networks are useful for providing a variety of electronic services in a secure and reliable manner. There are many examples of such transaction networks including: automatic bank teller machine networks; airline ticket kiosk networks and credit card authorization machine networks to name a few.
A transaction network (TN) is a geographically distributed collection of interconnected computers, data-servers, and switching and routing elements that co-operate to effect a particular service. A TN typically includes one or more access points or gateways through which information is obtained from or delivered to the TN. For example, a credit card processing would typically include at least two access points. One access point for allowing end users to input and receive information to and from the TN, and a second access point for communicating that information to and from the TN to a credit card server.
Typically, transaction networks are built over private networks. A private network is one which is not available for public use. One type of private network utilized for transaction purposes is a packet-switched network. A packet-switched network is a network which transmits electronic messages by breaking up the message into smaller messages known as packets. These packets are then “switched” or transmitted over the network from a sending to receiving computer. Switching refers to a technology wherein each packet is identified by a destination address and transmitted individually over a network. Thus, unlike telephony circuit switching which requires a constant point-to-point circuit to transfer a message, packet-switching allows each message to take a different path over the network to its destination. Upon receiving the entire set of packets comprising the complete electronic message, the destination computer then assembles the packets into their proper sequence to obtain the message. A private packet-switched network is merely a packet-switched network which is unavailable for public communication purposes. Typically this is achieved by adding security features to the network to prevent access by unauthorized persons.
Private packet-switched networks are most often utilized in transaction networks as a result of the high level of security they provide. First, given the private nature of the network, it is much more difficult for potential computer hackers (thieves) to obtain access to the network. Second, as a result of the messages being transmitted via the packet-switching technology outlined above, it is much more difficult for hackers to intercept and re-assemble entire messages. This is particularly true when the individual packets are electronically encrypted before being transmitted.
One drawback to utilizing a private, packet-switched data network, however, is the excessive cost of such networks. This is because the owner of such a network must first build the network and then pay fees to maintain the associated private circuits. These maintenance costs can be significantly greater than those associated with a public data network. Furthermore, private data networks also suffer from limited availability in remote areas.
It is also well known that public packet-switched data networks, such as the Internet, offer tremendously efficient means of organizing and distributing computerized data. The cost of utilizing the Internet for transmitting data is also considerably less than that for private data networks. Furthermore, the bandwidth associated with the Internet can often greatly exceed that available to private networks. The Internet, however, has several drawbacks for interconnecting transaction networks. First, as a result of being a public network, data transmitted over the Internet is available to public viewing at all times. Second, the Internet does not offer central management or co-ordination which can provide quality of service assurances to its users. Third, the routing of data between various points on the Internet can be sub-optimal resulting in inordinate network delay. Finally, the various links and routing elements utilized in the Internet can fail or become congested resulting in unpredictable network performance.
Several attempts have been made to address the aforementioned problems associated with Internet communications. One such attempt involves using encryption routers to encrypt data prior to being transmitted over the Internet. An encryption router is basically a computer which performs the function of encrypting or decrypting information which is being transmitted over a communication network. Networks which are constructed using encryption routers and public networks to connect the participating computers or networks are known as “virtual private networks” (VPN). VPNs are well known in the art of electronic data communication.
Internet-based VPN's, however, have a number of drawbacks which limit their use for secure transaction network purposes. These drawbacks are best explained with reference to FIGS. 1 and 2.
FIG. 1 shows the Open System Interconnection (OSI) standard for worldwide communications 100 as is known in the art. The standard is an ISO standard (International Organization for Standardization) which specifies standards for seven layers of computer communications. The seven layers are; (i) physical layer—for passing and receiving bits onto and from the connection medium 102; (ii) data link layer—for ensuring node to node validity and integrity of the transmission 104; (iii) network layer—for establishing the route between the sending and receiving nodes 106; (iv) transport layer—for overall end to end validity and integrity of the transmission 108; (v) session layer—for providing coordination of the communications between the connected parties as marking significant parts of the transmitted data with checkpoints to allow for fast recovery in the event of a connection failure 110; (vi) presentation layer—for negotiating and managing the way data is represented and encoded when data is transmitted between different computer types 112; and (vii) application layer—for defining the language and syntax that the programs use to communicate with other programs 114.
Referring now to FIG. 2, a schematic representation of an electronic message being communicated over a VPN is shown. Note, the transmission is shown in the context of the OSI model referred to in FIG. 1. Starting at a source node 122, an electronic message stating “HELLO” is sent over a local area network (LAN) 124 towards the Internet 128. On route to the internet the message is encrypted by a VPN router 126 such that the message now reads “xy01hapQU”. The message is then re-transmitted over the Internet 128 towards the destination node 134. Upon the message being received at the LAN 132 to which the destination node is connected, the message is decrypted by another VPN router 130. The de-encrypted message is then forwarded to the destination node 134.
As is apparent from FIG. 2, one can see that only the un-encrypted message (“HELLO”) utilizes all seven layers of the OSI model. That is to say the un-encrypted message is transmitted according to the full OSI model such that the receiving node can monitor, interpret and utilize the message within the context of the communication dialogue existing between the nodes. Referring to the VPN routers (126 and 130), however, one can see that the encrypted message only utilizes the lowest three layers of the OSI model. This means that the encrypted data only conforms to the physical, data link and network layer standards prescribed by the OSI model. The encryption and de-encryption stages are only concerned with; the physical passing of information from and onto the connection medium; the node to node validity of the message; and the route the message will follow between the sending and receiving stations (in this instance the VPN routers 126 and 130).
As a result of only utilizing the lowest three layers of the OSI model for their functions, VPNs are unable to provide a full set of redundant safeguards against lost data or failed hosts. There is no way for the network to detect these problems as this would require the encrypted message to utilize the standard prescribed in the transport layer (layer 4). Furthermore, by merely relying on the lowest three layers of the OSI model the VPN is unable to automatically recover from system crashes of individual nodes in the network. This is because the protocols for managing the dialogue between communicating parties exists in the session layer of the OSI model (layer 5). Thus, in the event of a crash or failure of an individual node in the network, the VPN would be unable to automatically determine the states of the communicating parties prior to the crash. VPNs, therefore, merely provide a secure physical conduit for transmitting information from one node to the next. They do not, however, provide a secure and reliable transaction service which can compensate for various network problems such as lost packets, failed hosts or system crashes, or user needs such as transaction back-out or roll-back.
VPNs also suffer an additional drawback which negatively affects their ability to provide secure transactions. This drawback is the inability of such networks to automatically modify and update the algorithms and keys utilized for message encryption.
A need exists, therefore, for an improved method for communicating information over a public network, when it is used as a transaction network.