Computer networks such as the Internet are well known today. Such networks include communication media, firewalls, routers, network switches and hubs. Networks often interconnect client computers and servers. In the case of communications through the Internet, typically there are many routers and many possible routing paths between a source computer and a destination computer. When a message arrives at a router, the router makes a decision as to the next router or “hop” in a path to the destination. There are many known algorithms for making this decision, such as OSPF, RIP, IGRP, EIGRP, ISIS or BGP. Generally, the routing decisions attempt to route the message packets to the destination via the shortest number of hops.
However, the router may consider other factors as well. For example, if the message is sensitive, such as containing confidential data, and is not encrypted, it may need to be encrypted before transmission onto a nonsecure network. It was known to forward an unencrypted message to a virtual private network where the message is encrypted. Then, the message is forwarded to a router to make a known, shortest-hop routing decision based on OSPF, RIP, IGRP, EIGRP, ISIS or BGP. While the router can detect if a message is encrypted, it is more difficult to determine if the message contains sensitive data. Consequently, if the router receives an unencrypted message, it may automatically forward the message to a virtual private network for encryption without regard for whether the message contains sensitive data. In those cases where the messages do not contain sensitive data, this burdens the virtual private network and its encryption device, and also slows the propagation of the message.
U.S. Pat. No. 6,732,273 discloses that a sender of a message generates a message characterization code and attaches it to each message packet, apart from the body of the message packet. When a router receives the message packet, it reads the message characterization code. If the code indicates that the message requires secure communication (typically if the data in the payload is sensitive and not encrypted), then the router propagates the message packet in a secure manner such as by encryption or other secure path. However, if the code indicates that the message is not sensitive (typically if the data in the payload is not sensitive, or is sensitive but encrypted), then the router propagates the message packet along the shortest path, typically through the nonsecure Internet. While this technique is effective, it requires that the sender of the message generate the message characterization code.
An object of the present invention is to enable a network device such as a router to determine whether a message contains unencrypted sensitive data, without requiring a message characterization code of the foregoing type.