1. Field of the Invention
The present invention relates to the field of data communication. More specifically, the present invention relates to a method and apparatus for configuring secure virtual private networks that operate over public or otherwise insecure data communication infrastructures.
2. Related Art
In recent years organizations have come to rely heavily on the ability to communicate data electronically between members of the organization. Such communications typically include electronic mail and file sharing or file transfer. In a centralized, single site organization, these communications are most commonly facilitated by a local area network (LAN) installed and operated by the enterprise.
Preventing unauthorized access to data traversing an enterprise's LAN is relatively straightforward. As long as intelligent network management is maintained, unauthorized accesses to data traversing an enterprise's internal LAN can be prevented. It is when the enterprise spans multiple sites that security threats from the outside become a considerable problem.
For distributed enterprises that want to communicate data electronically several options exist today; but each has associated disadvantages. The first option is to interconnect the offices or various sites with dedicated, or private, communication connections, often referred to as leased lines. This is the traditional method that organizations use to implement a wide area network (WAN). The disadvantages of implementing an enterprise-owned and controlled WAN are obvious: they are expensive, cumbersome and frequently underutilized if they are configured to handle the peak capacity requirements of the enterprise. The obvious advantage is that the lines are dedicated for use by the enterprise and are therefore reasonably secure from eavesdropping or tampering by intermediate third parties.
An alternative to dedicated communication lines is for an enterprise to handle inter-site data distributions over the emerging public network space. In recent years, the Internet has evolved from being primarily a tool for scientists and academics into an efficient mechanism for global communications. The Internet provides electronic communications paths between millions of computers by interconnecting the various networks upon which those computers reside. It has become commonplace, even routine, for enterprises, even those in non-technical fields, to provide Internet access to at least some portion of the computers within the enterprises. For many businesses this facilitates communications with customers and potential business partners as well as to geographically distributed members of the organization.
Distributed enterprises have found that the Internet is a convenient mechanism for providing electronic communications between members of the enterprise. For example, two remote sites within an enterprise may each connect to the Internet through a local Internet Service Provider (ISP). This enables the various members of the enterprise to communicate with other sites on the Internet, including those within their own organization. A large disadvantage of using the Internet for intra-enterprise communications is that the Internet is a public network. The route by which data communication travel from point to point can vary on a per packet basis, and is essentially indeterminate. Furthermore, the data protocols for transmitting information over the constituent networks of the Internet are widely known, leaving electronic communications susceptible to interception and eavesdropping with packets being replicated at most intermediate hops. An even greater concern is the fact that communications can be modified in transit or even initiated by impostors. With these disconcerting risks, most enterprises are unwilling to subject their proprietary and confidential internal communications to the exposure of the public network space. For many organizations it is common today to not only have Internet access provided at each site, but also to maintain the existing dedicated communications paths for internal enterprise communications, with all of the attendant disadvantages described above.
To remedy this problem, devices have been developed to encrypt and decrypt communications travelling across a public network. A source node desiring to send a packet across a public network to a destination node first sends the packet to a local encryption device that encrypts the packet. The local encryption device forwards the encrypted packet across the public network to a decryption device that decrypts the packet, and forwards the decrypted packet to the destination node.
However, these encryption and decryption devices are somewhat inflexible because they encrypt all packets travelling between source and destination sites. In some cases it is desirable to allow some communications between sites to be encrypted, while allowing other communications to proceed without encryption. For example, an organization may include a plurality of geographically-distributed local area networks that are coupled together through a public data network, such as the Internet. In order to protect data travelling over the public network, the organization can install encryption/decryption devices between the local area networks and the public data network. However, these encryption/decryption devices will encrypt and decrypt all of the traffic to and from the public network. Hence, communications originating from other sources on the public network, such as email from customers, will require separate communication channels that are not encrypted.
Furthermore, it is desirable to provide secure communications within sub-units of an organization. For example, it may be desirable to allow members of a sub-unit, such as finance, to communicate securely with each other, while excluding other sub-units, such as engineering from having access to the information. In order to accomplish this using existing encryption and decryption devices, it is necessary to provide additional encryption and decryption devices for the different sub-units, and these additional encryption and decryption devices must be coupled to systems that belong to a sub-unit. Consequently, it is not possible to use one device to encrypt and decrypt data for each LAN, because a given LAN typically includes users from different sub-units. Additionally, it is often necessary to set up matching pairs of encryption and decryption devices for each pair of local area networks to be linked securely across the public network, because the encryption and decryption devices are configured to operate in matched pairs.
What is needed is a system for facilitating secure communications across a public network that is able to selectively encrypt and decrypt communications based upon the identities of entities that are sending and receiving the messages.