In this day of heterogeneous and vendor independent networks, problems arise in maintaining secure communications in a network. For example, one such problem arises when a private network includes communication nodes that are provided by independent network vendors.
One common technique of providing secure communications is to encrypt and decrypt messages communicated between adjacent nodes of a network enroute to a destination node. Thus, a sending node encrypts a message using a key shared between it and the next adjacent node in the route. Upon receiving the encrypted message, the adjacent node decrypts the message and encrypts the now clear message with a new key shared between itself and the next adjacent node in the route, and so on. This is the technique used in IBM's subarea SNA (System Network Architecture) networks. Every node in the network must share an encrypting key with each of its adjacent nodes in the network. This means that if any node in a route between a message originating node and a destination node belongs to an independent vendor, that independent node must share keys with the adjacent private network nodes. This is an unacceptable security risk for many network users.
A possible solution to, the above problem is to assign a single key for all encrypted communications between the private user nodes of a network. This allows a network to use public vendor portions without the sharing of keys with the independent vendor. However, this is usually thought to be unacceptable, especially in large networks, because of the heightened risk involved with using a single key for all user nodes.
Another solution to the above problem is to maintain separate keys at every private node for every other private node in a user network. However, this is unacceptable to many network owners because of the proliferation of keys. For example, in a network of one thousand private user nodes, this solution requires that each private node store 999 separate keys for the remaining user nodes.