1. Field of the Embodiments
The present disclosure relates in general to digital network communications. Specifically, the present disclosure relates to secure data transmission and provision of remote application services in an open or closed network setting. More specifically, methods and integrated systems are provided for improving access control, administrative monitoring, reliability and integrity of data transmission and remote application sharing over a network. The disclosed methods and systems employ a datagram schema that enables dynamic datagram switching in network transactions in support of a multitude of applications and network services. Mobile intelligent data carriers are provided in various embodiments that allow for implementation of an authentication and encryption scheme. The pervasive, user-centric network security enabled by the disclosed methods and systems may be advantageously deployed in, among other things, the financial and banking environment, the national security and military information technology (IT) systems, the healthcare management networks, the IT infrastructure for legal and other professional consultation services, and various online commercial transaction systems. The systems and methods according to this disclosure may be implemented in connection with biometric and other suitable authentication means.
2. Description of the Related Art
The digital revolution, accompanied by globalization, is transforming people's life in an unprecedented way. The growth and evolution of the Internet fuels the expansion of the existing businesses while fostering the emergence of new enterprises cross nation lines. In today's global economy, the viability of a business or research institution turns in a large part on its efficiency in processing and managing information. Data transmission and management is playing an increasingly vital role in a variety of industries. Engineers and business visionaries have been faced with a significant challenge to institute secure network systems that enable stable and efficient data transmission, effective access control, and remote sharing and management of application resources among distributed computers in service to multiple users.
Various network configurations have been in use in institutional IT infrastructures. Ethernet, token ring, and client-server architecture, for example, are widely adopted. Related technologies for data encryption and compression are similarly known and have been utilized to facilitate secure data transmission. The existing network systems often suffer from interception of data transactions and loss of network connections. It is generally difficult to restore a lost connection. It is even more challenging to accurately reestablish the parameters of a lost connection thereby ensuring the integrity of the reconnection. Data may be lost and data transmission will need to start over. The loss may be permanent if one cannot trace and gather a threshold level of information to allow rescue. This lack of stability greatly compromises the fidelity of data transmission and thus poses a fatal problem for distributive data processing and management. Significant costs are incurred in coping with such failure. As manifested in the difficulties encountered in the recent years by on-line electronic businesses, this problem can hamper an entire industry.
The problem of instable—hence unreliable—network communications is compounded by a want of comprehensive, robust, user-friendly, and cost-efficient network security solutions for safeguarding information dissemination and application management in a distributive enterprise IT environment. Private businesses and public institutions alike often suffer significant financial losses from security breaches. A great deal of money is also wasted on inefficient IT security solutions due to uncoordinated information and application management.
Drawbacks of the current network security solutions are manyfold. In the main, four aspects are noteworthy: First, there is lacking an integrated system that secures an entire network without severely limiting business growth. Organizations are forced to employ a multiplicity of products from different vendors to fulfill different security functions. Each of these products only solves a discreet aspect of the overall network security needs. For example, a firewall does not encrypt data being transmitted across the Internet; an Intrusion Detection System (IDS) cannot validate and ensure that the person who enters an authorized login name and password to open a Virtual Private Network (VPN) connection is in fact the intended user; and, a VPN doesn't help an IT department monitor user rights and access policies. Thus, no existing system or method is capable of singularly protecting every aspect of a network. Resorting to multiple security products from competing vendors creates incompatibility problems. Maintaining a fluctuating number of peripheral security devices and software packages can also be extremely complex and overly expensive. On the whole, such patchwork solution is less than effective in protecting institutional IT framework.
Secondly, the existing focus is on securing devices and data. Such system-centric approach fails to safeguard the point of access at individual users who use the devices. This inherent problem with the current approach will become more and more conspicuous as the number of devices and degree of user mobility increases—an inevitable as the world is transitioning into pervasive computing.
To appreciate the inherent flaws of the system-centric systems, one can consider the various scenarios of cyber-crimes. Cyber-crimes are often marked by the perpetrator's attempt to disguise its identity, whether masquerading as someone else or covering its trail over the routings. Such attempt too often succeeds because, at least in part, the techniques used to establish and verify the user's identity are fallible. For example, most passwords are easy to break; they are often too obvious or are stored on a device that can be easily compromised. The existing infrastructure supporting digital certificates and public/private keys is also subject to abuse. Therefore, the existing ways for identifying the users of a network device and securing the device vis-á-vis these users—hence system-centric—presents inherent security liabilities. A high level of security will remain illusory if no effective means is adopted for pinpointing the identities of those who attempt to access a protected network. A major paradigm shift is thus warranted for better network security, from protecting the devices and data to protecting the users. A user-centric scheme for establishing and validating user identities, thereby enabling mobile access and event-based, user-centric security, is desirable.
Third, the existing IT security solutions are too complex for ordinary users. Average users are expected to perform complicated security procedures, which often result in errors and security lapses in the enterprise IT environment. For example, VPNs are far from straightforward in their installation, operation, or maintenance. Encrypting emails involves extra work so very few ever bother to do it. Even selecting and remembering a good password can be too much trouble for many people. Relying on users who are not IT experts to perform complicated security procedures simply doesn't work. An ordinary user may find ways to bypass the security procedures or outright ignore them. Moreover, maintaining and operating a deluge of software patches also drains the resources in many IT departments and run beyond their capacity. Therefore, an effective security solution that is user friendly and that draws minimal operational and administration overheads is in need.
And finally, like in other fields, certain inertia exists in the IT security industry. Changes and new methodologies to some extent are resisted. The existing way of doing things prevails and dominates the landscape of network security solutions on both the provider side and the consumer side. The adherence to the existing technologies and the band-aid approach for improvements and modifications hampers the development of true innovative solutions.
For the aforementioned reasons, there is a need for a new network security paradigm that delivers the desired reliability, efficiency, and user-friendliness. The kind of security solution that can meet the needs of distributive IT framework and support pervasive computing and information processing must address the fallacies of the existing systems.
A skilled network engineer or a learned user of business IT networks will appreciate the importance of better IT security solutions. To that end, a brief review of the history of institutional computing and IT networks will be useful.
The first computers were mainframes. These complex monolithic devices required a protected environment to function properly. They could only be operated by skilled technicians with highly specialized knowledge. Access to them was confined and they offered limited connectivity with other devices. As a result, they were easy to secure.
The advent of the personal computer (PC), the evolution of networking technology and, particularly, the recent explosive growth of the Internet transformed the way people use and relate to computers. The size of the computer devices decreased; they became readily moveable, as well as operable by lay individuals aided by friendly user interfaces. Computers were connected to create computer networks, allowing for information and application sharing. The Internet brought the network connectivity to its acme—the true global connectivity that is affordable to the mass. In addition to the desktop and laptop PCs, personal digital assistant (PDAs), Tablet PCs, and mobile phones grew popular among people who need network access outside of their home or office.
The rapid advance of technologies and expansion of business needs presented an unprecedented challenge for the IT departments around the world. An ever-increasing amount of data—accessible from a vast number of devices—needs to be protected. And, such protection must be instituted against the backdrop of the broadband “always-on” connections. Also noteworthy are the regulatory initiative in various countries addressing privacy and information ownership concerns over the Internet. Clearly, a network security solution that is technically robust and comprehensive business-wise is needed, especially in view of the next inevitable phase of the IT evolution, one marked by pervasive computing. All analog devices are being and expected to be replaced by digital counterparts. Televisions, telephones, CDs and DVDs, digital cameras, video cameras, and computer game platforms alike will—if not already—all support Internet access. As network data access becomes possible everywhere and all the time, the need for protecting proprietary corporate data and sensitive private information becomes more pressing and, the level of difficulty in meeting such needs correspondingly elevates.
In sum, reflecting on the evolution of the organizational IT infrastructure and the current deficiencies in secure network communications, an ordinarily skilled artisan will appreciate the need for systems and methods that improve the security, stability, efficiency, and flexibility of network data transmission and, connected thereto, the need for a new network paradigm for secure and reliable enterprise information management and application sharing.