Computer networks, until recently, have been “wired” networks. Wired networks require some type of physical connection between the computer connecting to the network and an access point to the network to carry the communication signals. The physical connection is commonly a network cable or telephone wire. Although wireless transmission of data for specialized purposes has been possible for some time, such as for transferring data between a computer and a printer using infrared (IR) ports, only recently have wireless computer networks become widespread. One reason for the increased popularity in wireless networks is that the cost to create a wireless network has dropped appreciably from the cost to create one just a few years ago, and this trend is very likely to continue.
Simultaneous with the growing availability of wireless computer networks, capabilities of portable computing devices are increasing. These increased capabilities include not only portable personal computers, e.g. laptop and notebook computers, but are also found in smaller devices, such as handheld computers (e.g. the Palm™ and iPAQ™ personal digital assistants), wireless communication devices like RIM Corporation's Blackberry™, and even in mobile telephones.
Presently, portable computers and other devices, such as those described above, have the capability to provide services formerly provided only by powerful network servers. In other words, many contemporary devices can not only use services of others, such as a laptop computer accessing the Internet through a Wireless Access Point (WAP), but can also provide services to other devices, such as providing access to an authentication program running on a laptop computer that provides authentication services for a trust network.
Protecting devices that are connected to a wireless network from unauthorized access over the wireless network itself is especially difficult, because, unlike a wired network, no physical connection is needed to access a wireless network. Antennae for most popular wireless network frequencies are generally small and easy to conceal. Since no signs of unauthorized access may exist, network providers, and especially wireless network providers, must be extremely diligent to ensure that only those devices authorized to access a network are doing so.
Ways to limit access to devices are known, such as by using a firewall that limits access to a network to only authorized users, as well as by requiring passwords, requiring data encryption, etc. Network firewalls can limit or filter network traffic leaving or entering a device or network of devices. However, not only is the process for correctly configuring such a firewall time consuming and detailed, once a service provider leaves the environment for which access was tailored, the access is most likely not tailored to the new environment. This is a particularly difficult situation for devices that provide services to other devices and that operate in more than one environment. Security for each environment is different, and therefore each environment may require a completely different security configuration for the proper amount of protection. Providing few or no services in environments that the operator cannot completely trust may unnecessarily limit the services provided. Providing many services that are not secure may jeopardize valuable data or the service provider itself.
Embodiments of the invention address this and other limitations of the prior art.