1. Field of the Invention
The present invention relates to a method and an apparatus for communicating data between application programs in a system which includes a plurality of computers connected with one another via a network.
2. Description of the Related Art
With improvement in computer performance and expansion of its connection to a network, information to be saved is distributed to a plurality of computers, and the data saved in a certain computer is referred to from another computer via the network.
Under such an environment, if the data directly flows through the network, there is a risk of sniffing or altering of the data, which causes a security problem. Thus, data has been encrypted prior to transmission. Further, in order to improve communication efficiency, the data has been compressed prior to transmission.
As to the encryption, the following methods have been conventionally employed:    (1) Each application program performs encryption of data, and transmits the encrypted data;    (2) An application program is changed to use encryption protocol such as SecureSocketsLayer (SSL);    (3) Hardware having an encryption function represented by a security router is used to transfer encrypted information between routers;    (4) A relay service for encrypting communication data is performed to encrypt the communication data when a relay program is in an operated state (Japanese Patent Application Laid-Open No. 9-139735).
As to the compression, a conventionally employed method includes a communication adaptor or driver program for controlling the communication adaptor to compress the data. An example of this is Point-to-Point protocol (PPP).
In the case of methods (1) and (2), a change has to be added to the application program, and an existing application cannot be directly used. Changing of the application increases development burdens because it requires addition of an encryption program loading process or incorporation of an encryption function in the program. A general user cannot implement such application change.
In the case of method (3), while security is assured between the routers, communication security cannot be secured through a network within the router.
In the case of method (4), since all communication data is encrypted in the operated state of the relay program, the data which needs no encryption is also encrypted/decrypted. Accordingly, the associated overhead becomes an issue when a high processing speed is required.
As to method (5), as in the case of method (4), since the data which needs no compression is also compressed/decompressed, the associated overhead becomes an issue.
A distributed object system that includes a plurality of applications includes flexibility in a machine configuration or an application arrangement and can change the arrangement from the standpoint of load distribution or usability. Since the application arrangement can be changed, a necessity of encryption or compression of the communication data changes depending on the arrangement. Thus, encryption or compression of the communication data should not be set in a fixed manner.
For example, communication between applications installed in different machines requires encryption of data because of a possibility of communication data alteration. On the other hand, communication between applications installed in the same machine requires no encryption because of a low possibility of communication data alteration. Additionally, in the case of the communication between the applications installed in the same machine, compression of data is not as necessary because no external communication line is used.
While encryption of data is necessary in communication between applications installed in different domains, encryption of data is not necessary in communication between applications installed in the same domain.
On the other hand, unencrypted data may be transmitted without any problems if confidentiality of the communicated data is low.