JP2004147029A - Data transfer method and device therefor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To improve security in a communication using a public network. <P>SOLUTION: When a relay point 32 is intentionally or dynamically changed against respective IP packets 20, the IP packets 20 are transferred through random routes. Even if a third person performs tapping in one route, only a part of packets can be obtained and decoding is satisfactorily inhibited. Thus, high security can be secured. Since IP packet groups are spread to a plurality of the routs and are transferred, a channel of a wide band is formed as a result. <P>COPYRIGHT: (C)2004,JPO

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a data transfer method and apparatus for transferring data packets over a public network such as the Internet.
[0002]
[Background Art]
In recent years, intra-company networks (intranets) have become widespread, and head offices, sales offices, branch offices, factories, and the like scattered throughout the country or overseas have been interconnected by networks. In the corporate network, highly confidential information is exchanged, and there is a high demand for network security. When a remote LAN is connected by a WAN (Wide Area Network: wide area network) such as a LAN at a head office (Local Area Network) and a LAN at a branch office, a dedicated line, a frame relay, an ISDN, and the like are considered. However, in each case, a considerable communication cost is required.
[0003]
Therefore, a VPN (Virtual Private Network) using the Internet, which is a public network, has been put to practical use. The VPN has features of low cost, high security, and wide band, and is suitable for constructing a corporate network by interconnecting geographically dispersed in-house LANs. Basic functions that constitute a VPN include “tunneling or encapsulation” and “encryption”. Among these, the former tunneling technology is a technology in which a plurality of in-house LANs are virtually viewed as one corporate network by adding a new header to a data packet and encapsulating the packet. The user sees it as a private network, despite the fact that the Internet is present. Next, the latter encryption technology uses the above-described tunneling alone to make data contents visible to a third party, which may lead to data eavesdropping (sniffing) or tampering. This is a technology for encrypting and transmitting packets.
[0004]
[Problems to be solved by the invention]
By the way, in a VPN currently used, information encrypted by a router connected to a transmission source in-house LAN is converted into an encapsulated IP (Internet Protocol) packet by using a normal routing method on the Internet. Will be delivered. Then, the data is decrypted by a router connected to the destination company LAN.
[0005]
FIG. 11 shows this state. In the in-house LAN 900 of the transmission source, for example, data “HELLO” is encrypted into “IFMMP” by the router 902, and further, “I”, “F”, “M” , “M”, and “P”. These IP packets 912 are sent from the router 902 to the Internet 910. In the in-house LAN 920 of the transmission destination, the IP packet 912 is received via the router 922, and the IP packet 912 is decrypted by the router 922.
[0006]
In the above case, the routing table (route table) recorded in the router 902 is referred to, and the transfer destination of the IP packet 912 is sequentially determined according to the IP address of the destination company LAN 920 described in the IP packet header. That is, when the routing table is configured, the route 914 from the source company LAN 900 to the destination company LAN 920 is statically determined. That is, the route is mechanically determined based on the routing table. Due to the nature of the Internet 910, the IP packets 912 are not always delivered by the same route. However, in many cases, the IP packets 912 will be delivered using the same route 914. Accordingly, the eavesdropper 950 can detect this route 914, observe and eavesdrop on the detected route 914, obtain all of the group of IP packets 912, and decode it using a high-performance computer. It is.
[0007]
Various methods have been devised as encryption algorithms, but each method requires only the amount of computation required to acquire information without the need for an encryption key or decryption key. It is the basis. For this reason, there is a high possibility that the information will be decrypted due to the improvement in the computing power of the computer, and the information will be illegally obtained by the eavesdropper 950.
[0008]
The present invention focuses on the above points, and an object of the present invention is to improve security in communication using a public network. Another object is to provide a method for effectively reducing the possibility of eavesdropping on data transmission using a public network.
[0009]
[Means for Solving the Problems]
In order to achieve the above object, the present invention controls a route on a public network through which a packet of data passes when the packet is transferred through the public network, and a packet corresponding to a relay point set thereby is transmitted. The transmission processing is performed on the packet so that the packet passes. The above and other objects, features, and advantages of the present invention will be apparent from the following detailed description and the accompanying drawings.
[0010]
BEST MODE FOR CARRYING OUT THE INVENTION
<Summary> First, an overview will be described. In the present invention, attention has been paid to the point that the eavesdropper must not receive all IP packets in order to enable secure communication regardless of the performance of the eavesdropper's computer. That is, even if an IP packet group for delivering one ciphertext is intentionally delivered using a plurality of different routes, even if an IP packet group for delivering a certain route is eavesdropped, the entire ciphertext is If you don't get it, you won't be able to decipher it and your security will improve. Further, by introducing a method of dynamically determining a route to be used for delivery each time a communication request occurs, the success rate of wiretapping can be further reduced.
[0011]
First Embodiment First, a first embodiment, which is a basic mode of the present invention, will be described. FIG. 1 shows the overall configuration, and a source in-house LAN 10 is connected to the Internet 30 via an IP spreading device 100 which is a router having an IP spreading function. In addition, the Internet 30 is connected to a destination company LAN 40 via an IP diffusion device 102. In addition, although not shown, a provider intervenes as needed.
[0012]
In the in-house LAN 10 of the transmission source, for example, the data “HELLO” is encrypted to “IFMMP” by the IP diffusion device 100, and further the packets are transmitted to “I”, “F”, “M”, “M”, and “P”. Be converted to These IP packets 20 are sent from the IP diffusion device 100 to the Internet 30. In the in-house LAN 40 of the transmission destination, the IP packet 20 is received via the IP spreading device 102, and the IP packet 20 is decoded by the IP spreading device 102.
[0013]
In the above case, in this embodiment, a route for delivering the IP packet 20 is searched by the IP diffusion device 100, and a route is dynamically set. Therefore, the IP packet 20 is delivered using a plurality of different routes. In the illustrated example, the “P” and “M” packets are delivered via a route 34, the “M” and “F” packets are delivered via a route 36, and the “I” packet is delivered via a route 38.
[0014]
Therefore, even if the eavesdropper 60 detects the route 38 and obtains the IP packet by observing and eavesdropping on the route 38, only the IP packet of “I” can be obtained. For this reason, even if the decoding is attempted using a high-performance computer, the decoding is impossible.
[0015]
Next, the configuration of the above-described IP diffusion apparatuses 100 and 102 will be described. Since the two have the same configuration, the following description will be given on behalf of the IP diffusion device 100. FIG. 2 shows the configuration of the IP diffusion device 100, which includes a CPU 104, a display 106, a hard disk 108, a RAM 110, a ROM 112, and I / Fs 114 to 120. Among these, the CPU 104 controls the operation of the entire apparatus and executes a program stored in the ROM 112. The display 106 is for displaying an operation state and a result appropriately. The hard disk 108 is a memory for storing data and programs such as the routing table TA and the access log LA. The RAM 110 is a memory that is appropriately used when loading or executing a program.
[0016]
The I / F 114 is an interface for connecting to an in-house LAN. The I / Fs 116 to 120 are interfaces for connecting to the Internet. In this embodiment, only the I / F 116 is used, and the other I / Fs 118 and 120 will be described later.
[0017]
The ROM 112 stores dynamic relay point search software PA, IP packet transmission / reception software PB, VPN software PC, log analysis software PD, cooperative packet division / synthesis software PE, and route information cache software PF. I have. Each is a program executed by the CPU 104.
[0018]
Among them, the dynamic relay point search software PA is a program for intentionally or dynamically searching for a relay point on a route for transmitting the packet 20. FIGS. 3 and 4 show an example of a method of searching for a relay point as a flowchart. As shown in the figure, when the IP spreading apparatus 100 receives a group of IP packets having the source on the in-house LAN 10 and the destination on the in-house LAN 40, the IP spreading apparatus 100 refers to its own routing table TA. It is detected that the relay IP diffusion device of the IP packet is 102 (steps S10, S12). The next step S14 will be described later.
[0019]
The IP diffusion apparatus 100 transmits an IP packet for measuring the number of hops with the transmission source being the IP transmission apparatus 100 and the IP diffusion apparatus 102 being the transmission destination (step S16). Here, the initial value of the TTL (Time To Live) of the IP packet for measuring the number of hops is assumed to be Ti. Note that the hop number is the number of routers that have passed. The TTL is a value indicating the lifetime of an IP packet on the network, and is indicated by the number of hops when passing through a router. The TTL value is decremented by one each time the packet passes through the router. Upon receiving the IP packet for measuring the number of hops, the destination IP diffusion device 102 calculates the number of hops from the IP diffusion device 100 (step S18). This is given by T = Ti−To, where To is the value of TTL at the time of reception.
[0020]
Next, the IP diffusion device 102 transmits an IP packet for notifying the hop count measurement result with the IP transmission device 100 as a transmission source and the IP diffusion device 100 as a transmission destination (step S20). The calculated hop number T is included in the IP packet for notification of the measurement result. When receiving the IP packet for notifying the hop number measurement result, the transmission destination IP spreading apparatus 100 calculates a spreading degree D = F (T) based on the value of T (step S22).
[0021]
The spreading degree D indicates the degree to which a plurality of routes used for data distribution are spread. If the spreading factor D is large, the possibility that a plurality of routes pass through a common computer is low, so that the security is high. However, the number of hops of the obtained route is large. Conversely, if the spreading factor D is small, the number of hops of the obtained route is small, but the possibility that a plurality of routes pass through a common computer increases, and data is stolen by an eavesdropper monitoring the computer. The likelihood increases. In the present embodiment, it is assumed that the relationship D = F (T) between the hop count T of the route from the IP spreading device 100 to the IP spreading device 102 and the spreading degree D of the route is obtained in advance from experimentally measured data.
[0022]
Next, the IP diffusion device 100 randomly determines N IP addresses IP [0], IP [1],..., IP [N−1] (Step S24). Then, the IP diffusion apparatus 100 transmits itself as a transmission source, IP [i] (i = 0, 1,..., N−1) as a transmission destination, and further transmits an IP packet P [i] having a TTL of D. (Step S26). Then, when the IP packet P [i] reaches the IP [i] (Yes in step S28), the IP [i] sends the IP control message to itself and the IP diffusion apparatus 100 to the destination. (Step S30). When receiving the ICMP protocol unreachable message corresponding to P [i], the IP diffusion device 100 randomly determines IP [i] again (step S32). Next, the IP diffusion apparatus 100 sets itself as a transmission source, sets IP [i] as a transmission destination, and further transmits an IP packet P [i] with TTL set to D (step S34).
[0023]
When the operations of steps S30 to S32 are repeated and the IP packet P [i] has not reached IP [i] (No in step S28), the TTL value of P [i] becomes 0. The router that has transmitted transmits an ICMP timeout message with itself as the transmission source and the IP diffusion device 100 as the transmission destination (step S36). Then, the IP diffusion device 100 sets the transmission source R [i] of the ICMP timeout message corresponding to P [i] as one of the relay points (step S38). Thus, by receiving the ICMP timeout message corresponding to P [0], P [1],..., P [N-1], N relay points (relay routers) R [0], R [1],..., R [N-1] are determined (step S40).
[0024]
Next, the IP packet transmission / reception software PB delivers the corresponding packet to the route passing through the relay point searched by the above-described dynamic relay point search software PA, and receives the delivered packet. It is a program for. FIG. 5 is a flowchart showing the operation procedure. As shown in the figure, the IP spreading apparatus 100 relays the IP packet group transmitted to the computer of the in-house LAN 40 by relaying the IP spreading apparatus 102 to N subgroups PG [0], PG [1],. , PG [N-1] (step S50). Then, the IP packet belonging to PG [i] (i = 0, 1,..., N−1) is delivered via the relay router R [i] (step S52). This is achieved by using the IP packet as data, using the IP spreading device 100 as the transmission source, the IP spreading device 102 as the transmission destination, and using a loose source routing option specified in the IP protocol. This is realized by performing encapsulation for creating an IP packet CP [i] designated to be delivered via R [i].
[0025]
The IP diffusion device 102 that has received the IP packet CP [i] extracts the data portion of the IP packet, and thereby transmits the IP packet transmitted from any computer in the corporate LAN 10 to any computer in the corporate LAN 40. Obtain (step S54). The IP diffusion device 102 transmits the obtained IP packet to the in-house LAN 40 (Step S56).
[0026]
Next, the VPN software PC is a program for performing tunneling and encryption processing for connecting the in-house LAN 10 and the in-house LAN 40 by VPN. The log analysis software PD is a program for analyzing the communication status of the IP diffusion device 100 and storing the record as an access log LA on the hard disk 108. The cooperative packet division / synthesis software PE and the path information cache software PF will be described later as other embodiments.
[0027]
Next, the overall operation of the present embodiment will be described. In the following description, it is assumed that the IP addresses of the respective units are assigned as shown in FIG. That is, there is a PC (personal computer) 12 on the company LAN 10 side, and a private IP address A is assigned. A global IP address B is assigned to the in-house LAN 10. An IP address N is assigned to a relay point (relay router) 32 of the searched route. Furthermore, a private IP address P is assigned to the PC 42 on the in-house LAN 40 side, and a global IP address Q is assigned to the in-house LAN 40. The data is transmitted from the PC 12 to the PC 42.
[0028]
First, at the time of data transmission, a relay point on the path for transmitting the IP packet 20 is searched by the dynamic relay point search software PA in the procedure shown in FIGS. Specifically, a relay point from the source in-house LAN 10 to the destination in-house LAN 40 is randomly determined. Then, as shown in FIGS. 6 (B) to 6 (D), a header is added to the encrypted data to perform IP packetization. First, as shown in FIG. 6B, packet headers of the transmission source A and the transmission destination P are added. Next, as shown in FIG. 6C, the encapsulation headers of the transmission source B and the transmission destination Q are added by the VPN software PC. Next, the IP packet transmission / reception software PB adds a spread header having the above-mentioned relay point 32 as a destination as shown in FIG. 6D. At this time, as described above, the IP packets 20 are grouped, and a relay point is designated for each group.
[0029]
When the IP packet 20 to which the header has been added in this manner is transmitted from the IP diffusion apparatus 100 to the Internet 30, first, the destination IP address "N" of the spread header is referred to and transferred to the address. You. That is, the IP packet 20 is transferred to a router (not shown) corresponding to the relay point 32. Upon arriving at the relay point 32, the IP address of the relay point 32 ends its role and is deleted. Then, as shown in FIG. 6C, the IP packet 20 is transferred to the address “Q” of the encapsulation header. Since the address “Q” is the corporate LAN 40, the IP packet 0 arrives at the IP diffusion device 102 of the corporate LAN 40. Then, this time, the encapsulation header is deleted, and the IP packet 20 is transferred to the address “P” of the packet header. Since the address "P" is the PC 42 of the in-house LAN 40, the IP packet 20 is transferred to the PC 42.
[0030]
In this case, in the present embodiment, the relay point 32 is set to be intentionally different for each group of the IP packets 20. That is, the subgroups PG [i] (i = 0, 1,..., N−1) of the IP packets are transferred via the respective relay routers R [i]. Therefore, even if a third party eavesdrops on any of the paths, only a part of the packets can be obtained, and the decryption is successfully prevented, so that high security can be ensured. Further, since the IP packet group is spread and transferred to a plurality of paths, a wideband communication path is formed as a result.
[0031]
Second Embodiment Next, a second embodiment of the present invention will be described with reference to FIGS. In this embodiment, in addition to the first embodiment, processing by the cooperative packet division / synthesis software PE and a plurality of I / Fs 116 to 120 are used. Each I / F is connected to a different NSP (Network Service Provider).
[0032]
If there is a contract with a specific NSP, there is usually one firewall that serves as a connection point between the in-house LAN and the Internet. In this case, as described above, security can be ensured by setting a plurality of routes from the firewall to the transmission destination. However, in order to ensure higher security, it is desirable to provide a plurality of firewalls and deliver an IP packet group via a plurality of different NSPs. The present embodiment focuses on such a point.
[0033]
FIG. 7 shows an operation procedure of the present embodiment, in which the IP diffusion device 100 divides an IP packet and assigns it to one of the plurality of I / Fs 116 to 120 (step S60). Each IP packet is delivered from the assigned I / F (step S62). Then, similarly to the above-described first embodiment, the packet is delivered to the IP spreading apparatus 102 via a different relay point for each group, and is synthesized by the cooperative packet division and synthesis software PE of the IP spreading apparatus 102 (step S64). ).
[0034]
FIG. 8 shows the state corresponding to FIG. As shown in the figure, by providing a plurality of transmission source I / Fs, the transmission source provider differs depending on the packet group. For this reason, for example, even if the IP packets 22a and 22b pass through the same relay point 22, the routes are different, and the security is further improved.
[0035]
Third Embodiment Next, a third embodiment of the present invention will be described. In this embodiment, the path information cache software PF is used. The route information cache software PF performs a process of temporarily storing the information of the relay point obtained by the process shown in FIGS. 3 and 4 by the dynamic relay point search software PA as the route information DA on the hard disk 108. .
[0036]
According to the above-described first embodiment, a search for a relay point is performed each time data transmission processing is performed, and IP packets are delivered via different routes for each packet. In this case, even if the relay point is changed not at every time but at an appropriate interval, practically sufficient security can be ensured. For example, the route may be determined to be different each time a communication event occurs. During the same communication event, it is more convenient to use the same relay point from the viewpoint of the absolute speed of communication.
[0037]
From such a viewpoint, in the present embodiment, when a plurality of routes from the IP diffusion apparatuses 100 to 102 are stored as the route information DA in the route cache as shown in step S14 of FIG. Yes), the relay point of each IP packet is set using the route information DA without performing the operation after step S16.
[0038]
The frequency of updating the route information DA may be appropriately set as needed. The higher the frequency, the higher the security, but the lower the communication speed. The update frequency may be changed according to the importance of the data.
[0039]
<Embodiment 4> Next, Embodiment 4 of the present invention will be described. In the current Internet, IP packets using the source routing function of the IP protocol are discarded without being transferred by many routers. This is because the source routing option is used for unauthorized delivery of IP packets, as described in RFC (Request for Comment [s]) 2003 (an Internet technical document dealing with IP encapsulation). This is because there are many cases.
[0040]
Thus, in the present embodiment, the above-described IP spread communication can be performed even in an environment where source routing cannot be used. In the present embodiment, the delivery processing of the IP packet 20 is performed using the ICMP echo. FIG. 9 shows a processing procedure by the IP packet transmission / reception software PB in the present embodiment.
[0041]
According to the present embodiment, the IP diffusion apparatus 100 converts the IP packet group transmitted to the computer of the in-house LAN 40 through the IP diffusion apparatus 102 into N subgroups PG [0], PG [1],. , PG [N-1] (step S70). The IP packets 20 belonging to each of the divided subgroups PG [i] (i = 0, 1,..., N−1) are delivered via the relay router R [i] as follows.
[0042]
First, the IP diffusion apparatus 100 transmits an ICMP echo request message in which the IP packet 20 is data, the transmission source is the IP diffusion apparatus 102, and the transmission destination is R [i] (step S72). The relay router R [i] that has received the ICMP echo request message copies the data portion of the received echo request message as it is as the data portion by using the function of the ICMP protocol, and sets the transmission source to R [i] and the transmission destination to R [i]. An ICMP echo response message is transmitted with the IP diffusion device 102 specified as the transmission source of the echo request as the transmission destination (step S74).
[0043]
The IP diffusion device 102 that has received the ICMP echo response obtains the IP packet 20 transmitted from the computer in the company LAN 10 to the computer in the company LAN 40 by extracting the data part (step S76). The IP diffusion device 102 transmits the obtained IP packet 20 to the in-house LAN 40 (Step S78).
[0044]
For example, it is assumed that the IP addresses of the respective units are assigned as shown in FIG. 10A (the same as FIG. 6A). In transmitting data, as in the above-described embodiment, the relay point of the route for transmitting the IP packet 20 is searched by the dynamic relay point search software PA according to the procedures shown in FIGS. Next, as shown in FIG. 10B, packet headers of the transmission source A and the transmission destination P are added to the data. Next, an ICMP echo request header is added as shown in FIG. 10C by the processing of FIG. 9 by the IP packet transmission / reception software PB. In the illustrated example, the transmission source is “Q” and the transmission destination is “N”. That is, the transmission source should be the global IP address “B” because the transmission source is the corporate LAN 10, but in this embodiment, the global IP address “Q” of the destination corporate LAN 40 is the transmission source. It has become.
[0045]
When the IP packet 20 to which the header is added in this manner is transmitted from the IP diffusion apparatus 100 to the Internet 30, first, the destination IP address "N" of the ICMP echo request header is referred to, and the relay of the address is performed. Transferred to point 32. Then, at the relay point 32, an ICMP echo response header is added as shown in FIG. That is, in the echo response header, the transmission source and the transmission destination are reversed with respect to the echo request header. In the illustrated example, the transmission source is “N” and the transmission destination is “Q”.
[0046]
Therefore, the IP packet 20 is transmitted from the relay point 32 to the office LAN 40 and arrives at the IP diffusion device 102 of the office LAN 40. Then, both the echo request header and the echo response header of ICMP are deleted, and the IP packet 20 is transferred to the address “P” of the packet header. Since the address "P" is the PC 42 of the in-house LAN 40, the IP packet 20 is transferred to the PC 42.
[0047]
As described above, by using the echo back technique, spread communication becomes possible regardless of availability of source routing, and security can be improved.
[0048]
<Other Embodiments> The present invention has many embodiments and can be variously modified based on the above disclosure. For example, the following is also included.
(1) The above embodiment is an example in which the present invention is applied to a VPN, but is applicable to general public networks such as the Internet.
(2) The design of the apparatus shown in FIG. 2 can be variously changed so as to achieve the same operation. For example, in the above-described embodiment, as shown in FIGS. 2 and 8, one IP spreading device is provided with a plurality of Internet I / Fs. It is also possible to provide a plurality of provided IP spreading devices and connect them to different NSPs.
(3) In the above embodiment, the packet delivery route is controlled by changing the relay point (relay router) on the Internet. However, other route control methods such as changing and setting the route itself may be used. It does not hinder. For example, a large number of routes or relay points may be prepared in advance as a table, and a route or a relay point may be randomly selected from this table.
[0049]
【The invention's effect】
As described above, the present invention has the following effects.
(1) Since the transfer route of the data packet is intentionally set and dynamically changed, security in communication using the public network is improved, and the possibility of eavesdropping is effectively reduced. You.
(2) Since the data packet is transferred via a plurality of paths, the bandwidth of the communication path can be widened.
[Brief description of the drawings]
FIG. 1 is a diagram showing a main part of an embodiment of the present invention.
FIG. 2 is a block diagram illustrating a configuration example of an IP diffusion device.
FIG. 3 is a flowchart showing a procedure of a relay point search in the first embodiment.
FIG. 4 is a flowchart illustrating a procedure of a relay point search in the first embodiment.
FIG. 5 is a flowchart illustrating a procedure of transmitting and receiving an IP packet according to the first embodiment.
FIG. 6 is a diagram illustrating the operation of the first embodiment.
FIG. 7 is a flowchart illustrating main operations according to the second embodiment of the present invention.
FIG. 8 is a diagram showing the operation of the second embodiment.
FIG. 9 is a flowchart illustrating main operations according to the fourth embodiment of the present invention.
FIG. 10 is a view showing the operation of the fourth embodiment.
FIG. 11 is a diagram showing a state of transmission and reception of a conventional IP packet.
[Explanation of symbols]
10, 40… In-house LAN
12, 42… PC
20, 20a ... IP packet
22 ... relay point
22a, 22b ... IP packets
30 ... Internet
32 ... relay point
34, 36, 38 ... route
60 ... Eavesdropper
100, 102 ... IP diffusion device
104 ... CPU
106 ... Display
108 ... Hard disk
110 ... RAM
112 ... ROM
114-120 ... I / F

Claims (8)

A data transfer method for transferring data packets through a public network,
Controlling a route on the public network through which the packet passes;
Performing a transmission process on the packet so that the packet passes through the route set by this;
A data transfer method comprising: 2. The data transfer method according to claim 1, wherein the route is controlled by dynamically changing a relay point on a public network. 3. The data transfer method according to claim 1, further comprising a step of performing a VPN encapsulation process on the packet. 4. The data transfer method according to claim 1, further comprising sending the packet to a public network via a plurality of providers. A data transfer device for transferring a data packet through a public network,
Path control means for controlling a path on the public network through which the packet passes, packet transmitting means for performing transmission processing on the packet so that the packet passes through the path set thereby,
A data transfer device comprising: 6. The data transfer device according to claim 5, wherein the route control unit controls the route by dynamically changing a relay point on a public network. 7. The data transfer device according to claim 5, further comprising an encapsulation processing unit that performs a VPN encapsulation process on the packet. The data transfer device according to any one of claims 5 to 7, further comprising data transmission means for transmitting the packet to a public network via a plurality of providers.

Images