The present invention relates generally to distributed information systems and in particular to a distributed information system which automatically invokes and establishes secure data transfers between elements of the system.
Contemporary computer systems catagorized as distributed information systems have various portions thereof located at geographically separated sites. A distributed information system may also take the form of an information system in which different functions of the system are performed by different computers at a single site. Combinations of these types of distributed systems also exist. For effective and reliable operation of a distributed information system, communications systems connecting the various elements or end-systems must be able to securely convey information between the end-systems without danger of eavesdropping or modification of the transmitted data. The requirements for communications security requires the secure establishement of encryption keys and/or security protocols between end-systems desiring to communicate.
Typically, before accepting requests for the secure transmission of data, an authorized security person manually negotiates and secures agreement in advance of keying material and protocols to be used between communicating parties or end-systems. For example, cryptographic modems function in this manner. This manual intervention is time consuming and results in delay of data transfers.
It is an objective of the present invention to provide an improved distributed information system wherein, in response to a request for transfer of secure data, the system automatically invokes the negotiation of keying material and protocol to be used for that instance of communication. Another objective of the invention is to provide a system in which secure data communication is provided with minimal delay between elements of the system for which an appropriate security key and agreement on security protocol already exists. Another objective of the invention is provision of a system in which transmission of data not requiring a security protocol is automatically affected without interruption of the data transfer.