It is well known that private computer networks are useful for communicating electronic data in a secure and reliable manner from one computer to another. As the name implies, a private network is a network that is not available for public use. One drawback to utilizing a private network is the excessive cost of such networks. This is because the owner of such networks must first build the network and then pay fees to maintain the associated circuits. These maintenance costs can be significantly greater than those associated with public data networks. Private data networks also suffer from limited availability in remote areas.
It is also well known that public networks, such as the Internet, offer tremendously efficient means of organizing and communicating electronic data. Such public networks are beneficial in that their utilization costs are considerably less than that for private data networks. Furthermore, the bandwidth associated with the Internet can often greatly exceed that available to private networks. The Internet, however, has several drawbacks, the most significant being that the Internet is public. As such any data that is transmitted over the Internet is available for public viewing.
Several attempts have been made to address these problems associated with public and private communication networks. One such attempt involves encrypting data prior to transmission over the Internet. Networks that utilize public networks to transmit encrypted data to computers or networks connected thereto are known as “virtual private networks” (VPNs).
A well known type of VPN is a customer premises equipment-based VPN (CPE-VPN). A CPE-VPN is a VPN wherein the majority of the communication equipment necessary for establishing the VPN is situated on the enterprise's premises. A schematic representation of such a CPE-VPN [100] is generally shown in FIG. 1. Referring to FIG. 1, the CPE-VPN depicted therein [100] includes two sub-networks interconnected via the public Internet [102]: an enterprise network [104], and a wireless network [108]. As will be apparent to one skilled in the art, an enterprise network is any privately owned computer network. Referring to enterprise network [104] one can see a variety of enterprise content servers [110] connected to a VPN switch [112]. It is these content servers [110] that store enterprise data for communication over the CPE-VPN. The purpose of the VPN switch [112] is to establish a secure communication tunnel [114] with VPN client [118] via the Internet [102] and wireless communications network [108], wherein the VPN client [118] is any type of wireless communication device. Also depicted in FIG. 1 is an acceleration server [120] within wireless network [108]. The role of the acceleration server [120] is described below in greater detail.
The prior art CPE-VPN described above has a number of drawbacks that limit its use for the secure transfer of electronic information. One of the major drawbacks is its inability to utilize various wireless communication performance optimization techniques including compression, protocol optimization, caching, and traffic management. Collectively the application of these techniques to a wireless signal can be referred to as signal “acceleration.” As will be apparent to one skilled in the art, it is the acceleration server [120] that applies these acceleration algorithms to the signal to improve the performance of the data flow over the bandwidth limited wireless connection.
The inability of a CPE-VPN to accelerate a wireless signal is best explained with reference to FIGS. 2 and 3. FIG. 2 shows the Open System Interconnection (OSI) standard for worldwide communications [200] as is known in the art. The OSI standard is an ISO standard (International Organization for Standardization) specifying standards the seven layers of computer communications. The seven layers are: (i) the physical layer—for passing and receiving bits onto and from the connection medium [202]; (ii) data link layer—for ensuring node to node validity and integrity of the transmission [204]; (iii) network layer—for establishing the route between the sending and receiving nodes [206]; (iv) transport layer—for overall end to end validity and integrity of the transmission [208]; (v) session layer—for providing coordination of the communications between the connected parties as marking significant parts of the transmitted data with checkpoints to allow for fast recovery in the event of a connection failure [210]; (vi) presentation layer—for negotiating and managing the way data is represented and encoded when data is transmitted between different computer types [212]; and (vii) application layer—for defining the language and syntax that the programs use to communicate with other programs [214].
Referring to FIG. 3, a network layer representation of an electronic message being communicated over the prior art CPE-VPN [100] of FIG. 1 is shown. Note, for sake of simplicity, the intermediate network depicted in FIG. 1 is not depicted in FIG. 3. Starting from a content server [110] within enterprise network [104], an electronic message stating “HELLO” is sent towards a VPN acceleration client [118] that is connected to wireless network [108]. On route to wireless device [118] the message is encrypted by VPN switch [112] such that the message now reads “PZRZO” for transmission through tunnel [114]. As shown in FIG. 3, encryption of the electronic message occurs at network layer 3 (network layer) of the OSI standard. Electronic transmission which are encrypted before transmission are referred to as transmissions being made through a “secure tunnel” [114].
As mentioned above, the major drawback of traditional CPE-VPNS is their inability to accelerate a secure tunnel transmission over the wireless network. The reason the CPE-VPNs cannot accelerate such secure tunnel transmissions is because the aforementioned optimization performance techniques operate on the transport layer and up (fourth layer) of the OSI standard, whereas the encryption occurs on the network layer (third layer). That is to say, the signal cannot be accelerated as it bypasses the acceleration server [120] in a lower layer encrypted tunnel.
One prior art attempt to overcome this problem is to accelerate the electronic data prior to encryption in the VPN switch [112]. This solution, however, requires the wireless operator to sell an acceleration solution to each enterprise account that wants to have their remote/mobile employees' data accelerated. Furthermore, this solution results in higher start-up costs for the enterprise that owns the enterprise network, as this solution requires the purchase of an enterprise acceleration server.
A need exists, therefore, for a method for securely accelerating CPE-based VPN transmissions over a wireless network.