Tens of thousands of computers are networked together via a public packet-switched network known as the Worldwide or Global Internet (the "Internet"). Any two computers connected to the Internet can transmit data to each other using communications protocols named TCP (Transmission Control Protocol) and IP (Internet Protocol). The wide acceptance of TCP/IP has made the Internet the largest and most popular computer network in history. Many Internet users access the Internet through a local telephone network connecting the user's computer to an Internet Commercial Service Provider, such as IDT Corp. of Hackensack, N.J. These Internet Commercial Service Providers provide a gateway connection to the Internet.
Communications across public packet-switched networks, such as the Internet, are broken up into a series of discrete data units called "IP datagrams" or "packets." Each computer (or "host") connected to the packet-switched network is assigned a unique IP address. Hosts are connected to the public packet-switched networks through routers which interconnect physical networks and perform routing and relaying functions. Every data packet transmitted between two hosts via TCP/IP contains a "header" that includes, among other fields, (i) the internet address of the source host (the host generating and sending the packet) and (ii) the internet address of the destination host (the host intended to receive the packet). Additionally, the header contains, among other items, codes for the class of service desired for the packet, protocol identifiers, and checksum fields to detect errors in transmission.
Public packet-switched networks are themselves comprised of networks of other packet-switched networks. The actual path traversed by each packet across these subnetworks is software configurable and determined by a multitude of routers that connect the various networks and subnetworks comprising the Internet. This path across the packet-switched network can change over time as the routers try to optimize the Internet data traffic. One such method for optimizing a data path is taught in U.S. Pat. No. 5,088,032 to Leonard Bosack entitled "Method and Apparatus for Routing Communications Among Computer Networks," which discloses a method of dynamically routing data packets across a computer network (such as the Xerox ETHERNET System or the IBM Token Ring System) having multiple alternative paths. The selection of the path the data will follow is based on multiple characteristics associated with each data path on the computer network, such as number of hops, delay time, bandwidth, reliability, cost, channel occupancy and security. Each gateway circuit on the computer network is designed to handle multiple "classes of service" for the data packets which may specify the relative importance of the various network characteristics.
Occasionally, two computers on a public packet-switched network wish to exchange secret data between themselves. While at least a portion of a typical user's data path from host computer to Internet Commercial Service Provider may be transmitted over public telephone lines, such transmissions are well protected from eaves-dropping or other spying by Federal Statute. Moreover, even if one chooses to violate the law and eavesdrop into the public telephone network, one must gain physical access to the telephone junction, telephone channel or termination point in order to tap into the data path and capture any data. In contrast, once a communication enters the Internet, maintaining secrecy becomes much more problematic. All messages transmitted over the Internet may be physically intercepted and "listened to" by any gateway system or host connected thereto. Thus, for example, many users are concerned about transmitting credit card numbers over the Internet, not because they fear someone has tapped their local or long distance telephone lines, but rather because other computers connected to the Internet itself may be listening to their transmissions as the data proceeds through the nodes or gateways of the Internet. Moreover, since each computers' Internet address is software-configurable, a rogue computer connected to the network can pretend to be at the Internet address of the true destination computer and intercept the data intended for it. This is sometimes referred to as "packet sniffing." Other modes of packet-sniffling can be employed that are completely transparent to the rest of the Internet, allowing the rogue computer to gather secret data without being detected.
A common solution to enable secret data transmission over the Internet, or other public packet-switched networks, is to encrypt the data. If only the sender and recipient know the encryption key of such a system it is difficult, but not impossible, for a packet-sniffer to decode the data that it captures.
Encrypted data nonetheless may be comprised. First, an encryption key can be stolen. Second, a message carelessly formed can reveal clues that make it easier to crack the encryption key. Third, a fast computer or network of computers may crack a seemingly safe key by brute force.
As a method of security, encrypting data also suffers from other disadvantages. For instance, a third party listening to encrypted messages may determine the destination hosts "visited" by an Internet user by examining the unencrypted internet source and destination fields in each packet, and, thus, gather information the user may consider private. Additionally, many common data encryption methods used over public packet-switched networks, such as the RSA encryption technology marketed by RSA Data Security of Redwood City, Calif., have been patented, thus leading to a search for alternative methods for transmitting secret data. Given these shortcomings, there exists a need for an alternative method, or a method which can be used in conjunction with existing encryption technology, to send and receive secret data between hosts connected to a public packet-switched network that is not subject to packet-sniffing.
One solution to the packet-sniffing problem is to transmit secret messages over a private, secure permanent packet-switched connection. This, however, requires a large start-up expense to establish either an independent secure network or a permanent private virtual circuit over a publicly available packet-switched network, such as GEIS.TM. or SprintNet.TM.. Such costs are often not justified in light of the amount of data traffic across a given router. Thus, there exists a need for a method and system to enable computer users communicating across the Internet to transmit at least a portion of the communication across a network having a low initial connection cost, such as a circuit-switched public phone network or a circuit-switched interface to a secure packet-switched network.
An additional problem which occurs when communicating across public packet-switched networks, such as the Internet, is the presence of "delays" or pauses which occur when a packet must wait for transmission-related resources to become available at individual routers or nodes along its path. This can be caused by network congestion, for example when many "feeder lines" are attempting to funnel more data into a trunk line than the trunk line's rated capacity. This is particularly troublesome on public packet-switched networks, such as the Internet, where no authority limits the number of feeder lines transmitting through public trunks. A user transmitting or receiving critical data across a network may not be willing to tolerate these delays. Accordingly, there exists a need for a method and system to enable computer users connected to a public packet-switched network to transmit at least a portion of a communication between hosts on a circuit-switched network with minimal delay time. Although such a method may require additional costs and resources, as compared to transmitting solely over the Internet, these costs may be justified in light of the critical nature of the data being transmitted.