via an obtained encryption parameter shared by a first device, a second device, and a separate computer, forwarding only each data packet, of a plurality of received packets, that is in compliance with a predetermined criterion associated with said separate computer, a decrypted copy of each data packet scanned for compliance with said predetermined criterion at a predetermined portion of said separate computer, said predetermined portion of said separate computer adapted to provide only an affirmative response or a negative response regarding compliance with said predetermined criterion, wherein contents of said decrypted copy of each data packet is restricted to said predetermined portion of said separate computer, said separate computer adapted for restricting all operators of said separate computer from accessing contents of said decrypted copy of each data packet, said separate computer adapted to communicate with second device via a public wide area network said separate computer adapted to form a first security association with said first device said separate computer adapted to form a second security association with said second device, said separate computer adapted to calculate a first secret key associated with said first security association and a second secret key associated with said second security association.