Security is a significant concern in the communication between computer networks over a public network. Public networks, such as various institutional intranets and the well-known Internet enable large numbers of diverse users to establish communication links between each other. A series of servers and switching systems route packets of data between various users based upon addresses using communication protocols such as TCP/IP. Packets of data move between senders and recipients through a variety of pathways that are often open to public scrutiny. In other words, unauthorized third parties can sometimes gain access to data as it travels between authorized senders and recipients.
As such networks become increasingly used for important commercial transactions, special care must be taken to protect sensitive data as it travels through the network. Various cryptography procedures are now employed regularly to ensure that intercepted messages cannot be interpreted by unauthorized users. A common form of cryptography is public key cryptography such as the well-known RSA standard. In public key cryptography, each principal in a communication link has a public encryption key and a private encryption key. The two principals can communicate knowing only each other's public keys. An encryption key is a code or number, which, when taken together with an encryption algorithm, defines a unique transformation used to encrypt or decrypt data. Operation of a public key cryptography system to ensure authentication may be understood without reference to the mathematical transformations that are used for encryption and decryption. Public key cryptography is also referred to as "asymmetric" encryption because information encoded with a public key may be decoded only by using a complimentary private key, the associated public and private keys defining a unique key pair. According to this form of encryption, the private key is known only to the owner of the key, while the public key is known to other principals in the system.
To effect a secure transmission of information to a recipient, a principal encodes or "encrypts," the information with the recipient's public key. Since only the intended recipient has the complimentary private key, only that principal can decode or "decrypt" the information. Conversely, to prove to a recipient of information that the sender is authentic, the sender encodes or "signs," the information with its private key. If the recipient can decode, or "verify," the information, it can be sure that the sender has correctly identified itself. In public key cryptography, each principal is responsible for knowing its own private key and all the public keys are generally accessible from one location, typically a directory service.
Generally, each of the principals is provided with a private key by an insecure transfer. In other words, the private key is generated by a certification authority or "CA," and then is manually delivered to the appropriate principal by mail or hand delivery of a disk or other data storage device. The CA stores each users public key and each public key can be downloaded from the CA when needed by another sender. The certification authority generates "certificates" or signed messages that specify the name of the public key holder to verify its identity.
Public key encryption systems like RSA are highly effective in generating secure links between parties. However, RSA is a slow system; as a result, it is often used only to encrypt the data necessary to establish secret key links. Faster secret key systems such as DES are often employed for actual data transfer. Data in such a secret key system is encrypted using a secret key that is shared by both the sender and the recipient of the data.
It is increasingly desirable to construct a "virtual private network" (VPN) in which data links between selected senders and recipients in, for example, a widely distributed corporate computer system, are established directly between each other. Since the network is not, itself, a direct wire between sites, a virtual (logical) "tunnel" is established instead. Through the use of cryptography keys and configuration data a system administrator can create logical linkages between sites or "nodes" that allow data to be transmitted without the risk of interception by unauthorized users. In addition, sites can be configured so that communication can only occur in a specific manner (e.g. from a first node to a second node and from a second node to a third node but not from a first node to a third). Typically such configuration data must be entered manually at each local node site. This process is time consuming and the configuration data is, thus, not easily altered when the network is updated.
In view of these disadvantages, it is an object of this invention to provide a method for establishing a virtual private network between certain selected nodes linked by a network. Cryptography keys for use in communication between nodes should be delivered to all nodes in the virtual private network in a secure manner. Configuration data that regulates communication between the nodes should also be delivered automatically to each of the nodes in the virtual private network without manual intervention at each of the nodes.