A wide area network using the internet as a backbone utilizing specially
selected ISX/ISP providers whose routers route packets of said wide area
network along private tunnels through the internet comprised of high
bandwidth, low hop-count data paths. Firewalls are provided at each end
of each private tunnel which recognize IP packets addressed to devices at
the other end of the tunnel and encapsulate these packets in other IP
packets which have a header which includes as the destination address,
the IP address of the untrusted side of the firewall at the other end of
the tunnel. The payload sections of these packets are the original IP
packets and are encrypted and decrypted at both ends of the private
tunnel using the same encryption algorithm using the same key or keys.