1. Field of the Invention
The present invention relates to the field of data processing. More specifically, embodiments of the present invention relate to providing a method for a wireless electronic device (e.g., a portable computer system, a palmtop computer system, cell phone, pager or any other hand held electronic device) to connect with authenticated access to Intranet web applications.
2. Related Art
Computer systems have evolved into extremely sophisticated devices that may be found in many different settings. Computer systems typically include a combination of hardware (e.g., semiconductors, circuit boards, etc.) and software (e.g., computer programs). As advances in semiconductor processing and computer architecture push the performance of computer hardware higher, more sophisticated computer software has evolved to take advantage of the higher performance of the hardware, resulting in computer systems today that are much more powerful than just a few years ago.
Other changes in technology have also profoundly affected how people use computers. For example, the widespread proliferation of computers prompted the development of computer networks that allow computers to communicate with each other. With the introduction of the personal computer (PC), computing became accessible to large numbers of people. Networks for personal computers were developed to allow individual users to communicate with each other. In this manner, a large number of people within a company could communicate at the same time with a central software application running on one computer system.
As corporations utilize increasingly distributed and open computing environments, the security requirements of an enterprise typically grow accordingly. The complexity of employee, customer and partner access to critical information, while assuring proper security, has proven to be a major hurdle. For example, many organizations implement applications that allow their external business partners, as well as their own internal employees, to access sensitive information resources within the enterprise. In the absence of adequate security measures, an enterprise may be subject to the risk of decreased security and confidentiality.
As a result, authentication mechanisms are usually implemented to protect information resources from unauthorized users. Examples of network security products include firewalls, digital certificates, virtual private networks, and single sign-on systems. Some of these products provide limited support for resource-level authorization. For example, a firewall can screen access requests to an application or a database, but does not provide object-level authorization within an application or database.
Single Sign-On (SSO) products, for example, maintain a list of resources an authenticated user can access by managing the login process to many different applications. However, firewalls, SSO and other related products are very limited in their ability to implement a sophisticated security policy characteristic of many of today's enterprises. They are limited to attempting to manage access at a login, or “launch level,” which is an all or nothing approach that can't implement an acceptable level of security that is demanded by businesses supporting Intranets.
FIG. 1A illustrates a prior art system 100 of a palmtop or “palm sized” computer system 104 connected to other computing systems and an Intranet via a cradle. Specifically, system 100 comprises a palmtop device 104 connected to PC 103, which can be a serial communication bus, but could be any of a number of well known communication standards and protocols, e.g., a parallel bus, Ethernet, Local Area Network (LAN), and the like. PC 103 is connected to server 101 and database 102 by an authenticated network connection. In the prior art system 100, two authentication parameters are achieved to provide a secure connection. First, PC 103 is physically connected to the server 101 to establish a network connection. The physical location of PC 103 is usually sufficient for the network connection to be approved. Secondly, when applications on server 101 are used, the user of PC 103 must provide a user name and password to authorize use. In this configuration, security and authentication is achieved first on the network level by authenticating the user's login name and password or device identification over the network and secondly on the application level by again authenticating the users login name and password.
Similarly, FIG. 1B is a prior art system 105 illustrating a palmtop computer connected to other computer systems and the Internet via a modem or dial up device. Specifically, palm device 104 is connected to modem 106, which can be a serial communication bus, but could be of any of a number of well known communication standards and protocols, e.g., a parallel bus, Ethernet, Local Area Network (LAN), and the like. Modem 106 is connected to server 101 and database 102 by an authenticated dial-up network connection. In the prior art system 105, two authentication parameters are achieved to provide a secure connection. First, modem 106 must provide a correct user name and password to the server 101 to establish a network connection. Secondly, when applications on server 101 are used, the user of palm device 104 must provide a user name and password to authenticate use. In this configuration, security and authentication is achieved first on the network level by authenticating the user's login name and password or device identification when the modem makes a connection to the network and secondly on the application level by again authenticating the users login name and password.
In these two configurations, a secure authentication process occurs in which two layers of authentication occur. First a network authentication is processed and secondly, an application authentication occurs. At least one of the authentication processes rely on the user supplying a user name and a password and both require network level authentication.
Unfortunately, most wireless communications do not support double authentication. Due to the differences between ECC encryption associated with wireless protocol and SSL encryption associated with traditional IP protocol, security and authentication mechanisms associated with mobile and wireless need to be modified to provide the same level of security as does the traditional land based communications. For example, mobile and wireless devices often access web servers through Internet gateways that provide no assurance of the identity of a device or user. In other words, they provide no network level of security. Intranet security guidelines for most companies usually require both authentication of a device to the network and of a user to each application before access to internal resource can be permitted.
Therefore, there exists a need for a mechanism which allows wireless devices to establish secure and authenticated connections to applications that reside on Intranet networks.