1. Field of the Invention
This invention relates to data communications and more particularly relates to asymmetric security of data communications.
2. Description of the Related Art
Node-to-node security, also referred to as link level security, guarantees that data is secure while being transferred from one node to another within a communication system. Data security can encompass multiple aspects. Two common aspects of data security are integrity and privacy considerations. Integrity security employs a technology, such as digital signatures, to prevent data from being tampered with or forged by an unauthorized party. By using a digital signature, a receiver or destination node may be able to verify the sender's identity and know if the data has been altered or forged. Privacy security employs a technology, such as encryption, to restrict access to sensitive data and, thereby, prevent disclosure to or collection by an unauthorized party. One, both, or neither of these security technologies may be employed for the transmission of data.
A common implementation of link level security is secure socket layer (SSL), which is a transport layer security technology that encrypts data during data transmission between two nodes. Additionally, SSL does not provide end-to-end security for asynchronous communications.
FIG. 1 shows a communication system that includes three nodes. When the source node sends a communication to the destination node, the data may pass through the intermediate node. The communication between the source node and the intermediate node is a synchronous communication because the intermediate node is actively participating in the communication. Once the intermediate node receives the data from the source node, the intermediate node may store the data on a storage device, such as a hard disk drive. The intermediate node subsequently initiates a synchronous communication with the destination node to deliver the data. In this way, the data may be communicated from the source node to the destination node.
By implementing SSL for the data communication, the data is secure during the transmission from the source node to the intermediate node and from the intermediate node to the source node. However, the data is not secure while stored on the electronic storage device or other data retention device on the intermediate node. This insecure storage of the data on the intermediate node provides an opportunity for an unauthorized party to access and potentially tamper with the insecure data. Although SSL provides link level security, it cannot ensure end-to-end security of the data communication. End-to-end security guarantees that data is secure during the entire communication process from the source node to the destination node.
The conventional SSL technology also fails to address the issue of performance on the communication system. By implementing a transport layer security technology such as SSL, the communication system cannot discriminate between data communications that should be protected and those that do not need to be protected. Rather, the communication system simply protects all communications to the extent possible. However, this protection has a very high operating cost due to the time and processing that is required to ensure privacy of the data communications.
Another conventional security technology that was introduced for internet communications is secure hypertext transfer protocol (S-HTTP). S-HTTP, similar to SSL, implements encryption technology to secure the privacy of a data communication. Additionally, although S-HTTP is an application layer security technology, S-HTTP is not widely accepted because it has many disadvantages.
One of the disadvantages of S-HTTP is that it is protocol-specific—it is designed specifically for the HTTP protocol and is not used with any other protocols. Also, S-HTTP does not provide true end-to-end security in a multi-node communication system having intermediate nodes. Rather, S-HTTP is a link level security technology that provides security between an HTTP client and an HTTP server. S-HTTP is also limited, similar to SSL, to synchronous communications because it is a request-response communication protocol. Additionally, S-HTTP also fails to address the performance of the communication system—S-HTTP applies security features to all messages, regardless of the nature of the message.
In additional to the several disadvantages of SSL and S-HTTP listed above, conventional data security technologies operate within symmetric security environments. Symmetric security within data communications refers to sending and receiving messages at the same security levels. For example, within a single communication session either all of the incoming and outgoing messages are encrypted or none of the messages are encrypted. Additionally, when the security features are applied to the data communications, the same security features are applied to all of the data communications, regardless of the need for or usefulness of such security features for some of the non-critical data. In this way, conventional security technologies fail to address the performance of the system for the various messages communicated each way within a communication session.
For example, referring to FIG. 1, the source node may communicate various types of messages (shown by different shapes) to the destination node. Some of these messages may require security in the way of encryption and/or integrity. Other messages may not require security during the transmission to the destination node. Likewise, some of the messages may only require one-way security or, in other words, security when transferred to the destination node but not when transferred from the destination node to the source node. Implementation of one-way security is not possible in a symmetric communication system in which all of the communications between the source node and the destination node are sent at a single security level.
There are overhead costs for generally applying security features to data communications, such as encrypting all data, no matter whether the data is critical or not. In some cases, only data flowing in one direction needs to be secure. In other situations, certain message types may need to be secure while others do not. Still further, some types of messages may need to be secure in one direction and not in the other direction. For example, a client in a client-server system may request some large documents from the server. The server may need some sensitive user information to authenticate the user and, hence, the client request needs to be secure. However, if the response from the server to the client contains large documents that are neither sensitive nor critical, the performance of the server may be improved by not encrypting or otherwise securing the large documents. Unfortunately, symmetric security technologies do not allow for this enhanced performance due to the general application of security features to all data communications.
From the foregoing discussion, it should be apparent that a need exists for a method for asymmetric security, in which incoming and outgoing messages may be at different security levels, in order to address the security cost/performance balance of the communication system. Beneficially, such method would additionally allow a security level definition to be dynamically updated during a communication session.