Communication devices, such as transmitters, receivers and transceivers are connected through a common communication infrastructure. The connections may be either wireless or via fixed cables. A communication device typically comprises a processing unit, an input/output device connected to the communication infrastructure, working memory and program memory. Additionally, the communication device may have an input device, such as a keyboard and a mouse, and a display to communicate with a human operator. The program memory of the communication device contains one or more programs that, while being executed by the processing unit, may require, from time to time, that data is to be sent or received from other communication devices that are connected to the same common communication infrastructure. The common communication infrastructure typically comprises data transportation devices, like copper or optical cables, that provide the connection between communication devices possibly in combination with interconnection nodes that provide for information transfer between physically separated data transportation devices. Connection to the common communication infrastructure need not be permanent and may vary both in location and over time. At a given time, a communication unit may be connected to none, one or several distinct data transportation devices.
Data transportation devices may be shared, e.g., they may be used at the same time by different communication devices. Shared transportation devices are typically connected to more than two communication devices and/or interconnection nodes. The communication devices or interconnection nodes perform amongst themselves an arbitration protocol to allocate communication capacity of the shared data transportation devices to each of the connected communication devices or interconnection nodes. Ethernet™ is a type of communication architecture that uses shared data transportation devices.
In some instances, data transportation devices may not be shared. Instead, they may be dedicated to two communication devices communicating with one another. Dedicated data transportation devices typically connect a communication device or an interconnection node with a single other communication device or interconnection node, e.g., a 10-BaseT connection. An interconnection node for such a dedicated data transportation device is typically connected to more than two of such communication devices.
Data communication between communication devices typically involves the sending and subsequently receiving of data unites often referred to as “packets” or “messages” comprising a message header and some additional data. The message header typically comprises a part to identify a communication unit that is intended as receiver and further data indicating the manner to correctly interpret and process the message header and the additional data being transmitted. For example, in TCP/IP network communication, the IP number of the recipient is part of the message header. The additional data comprises “pure” data or instructions, or both.
When communicating over shared transportation devices, an arbitration protocol allows the communication devices' and interconnection nodes to, in effect, simultaneously use the same resources, such as copper or optical cables, and perform communication in a pseudo-exclusive fashion. The arbitration protocol may include a multiplexing technique and predefined priority rules. However, sharing the resources also allows any of the other communication devices connected to that resources to share, intended or unintended, in the communication performed, resulting in a fundamental lack of confidentiality in communication over such shared resources.
Another aspect of using shared resources is that a single communication device for performing a predetermined task may in fact be arranged as a number of physically distinct collaborating communication devices. In some cases, the transparent collaboration of communication units to be perceived by other communicating units as one may be beneficial.
Typically, a communication device, or equally, a collection of collaborating communication devices, takes part in a communication either in a role of initiator, commonly referred to as “client,” or in a role of respondent, commonly referred to as “server.” However, because a communication device may participate in multiple simultaneous communications, it may operate in any combination of these two roles.
Functionally, a communication message may be defined as a unit of data sent by a communication device acting as client, commonly referred to as “request,” or sent by a communication device acting as server, commonly referred to as “response.” A request-and-response type communication is typical for communications between computer programs using Remote Procedure Calls (RPC) or Remote Method Invocation (RMI), or for communication on the World Wide Web (e.g., HTTP), or many other TCP/IP protocols.
The RPC concept was developed by Sun Microsystems, Inc. as part of the Open Network Computing architecture. The RPC is an interface allowing different programs to communicate with one another. The interface allows communication devices to use services of other communication devices. Upon request by a sending communication device another communication device, executes data received from the sending communication device and the results are transmitted back to the sending communication device.
RMI was also developed by Sun Microsystems, Inc. for distributed programs using software objects written in Java. RMI is an example of an RPC mechanism and allows Java objects instantiated somewhere in a network of computers to access each other remotely.
Another type of communication includes “message passing” between communication devices. In message passing, a response is required although such a response is typically restricted to only contain an acknowledgement of the reception of a communication message. Such a restricted response is sent by a receiver to a sender. Typically, in this type of communication, a subsequent response message may also be sent to the sender by the receiver.
Communication between devices can be described as performed as a session. In session, the communication is started at some point in time and, after a period of regular exchange of communication messages, no further messages are sent. Typically, a communication session is started by the exchange of an initial set of communication messages that may serve to establish the purpose of the session or any parameters needed by the communicating devices. Session initialization is typically used when it is required that the communication is secured to, for example, establish a shared data encryption key.
In some implementations of data transportation devices, a communication message may, during actual transport, be partitioned and reassembled as may be required by the data transportation devices. For example, communication messages can be reassembled to conform to the communication message structure inherent to ATM (Asynchronous Transfer Mode) connection. This technique is commonly implemented in Internet-based communications.
In general, a computer program may be designed based on a plurality of software units, such as “objects,” e.g., Java™ Enterprise Beans. Java™ Enterprise Beans are developed by Sun Microsystems, Inc. The software units may be designed to execute in separate controlling threads. Data communication may be performed between programs and, in particular, between specific controlling threads in these programs.
Some communication sessions between controlling threads require security. Communicating devices, or, communicating computer programs, may be implemented to protect communication between themselves and one or more other devices or computer programs. For a secured communication at least one of the following may be required:                1. Establishing an appropriateness of a communicating device, or program, to take part in the communication;        2. Controlling authenticity;        3. Maintaining confidentiality of the existence of the communication; and        4. Maintaining confidentially of data exchanged in the communication.        
In IP protocol Ipv6, the traditional EP protocol (IPv4) has been extended to provide support for security in data communication mainly for items 2 and 3 mentioned above. The actually applied security mechanism to the communication session may depend on the relative locations of the computer programs and may vary from communication session to communication session. In particular, in some cases no security mechanisms will be applied to a communication session.
U.S. Pat. Nos. 5,802,519 and 6,094,656 describe systems and communication devices that define executable procedures and data stored in a communication device to communicate with other communication devices in an orderly exchange of communication messages. These patents, however, do not disclose specifics regarding the data exchanged in communication primitives or of the nature of the processing involved in response to a received communication message, such as determining data elements contained in the header of a communication message.
International Patent Application No. PCT/NL00/00510 describes a system of communication devices that communicate by exchanging communication messages, where additional data is inserted in the payload of each communication message. The additional data is derived from application program data available to the communication devices and stored in the payload of the communication message. The 00510 publication, however, does not describe how the data in the header of a communication message is constructed.
Further, WO-A-01/72012 describes a mechanism to enhance security in a conglomerate of communicating small processors, by implementing a solution to the problem of initializing and administering cryptographic data, such as, secret keys needed to perform secured communications.