Today, there continues to be an increase in the prevalence and utility of computer and communication networks. Increased connectivity has allowed people rapid access to vast amounts of information and services, whether through the Internet, intranets or other networks. Increased data accessibility continues to impact the behavior of organizations as well as individuals. For example, people utilize the Internet for diverse functions such as research, news, banking, correspondence and other uses too numerous to list.
Availability of wireless devices and networks has also increased the utility of networks. Many people utilize a mobile device, such as a cellular phone or smartphone, as a primary means of communication. In addition, functionality of such devices has increased to allow users to access voice-over-Internet-protocol (“VoIP”) phone service, software applications, email access, Internet access and the like.
This unprecedented access to data and services has also led to various security problems. Enhanced accessibility of banking and credit information is connected to increase in profitability as well as frequency of identity theft. Additional security concerns include privacy of communications (e.g., telephone conversations, email, instant messaging, text messaging and the like). Network customers often expect and rely on network security to protect their data and communications. At the same time, the customers expect rapid and cost-effective communication and frequently real-time transmission of data.
The foundation of network security is the authentication of network entities. ‘Authentication’ refers to the validation of the claimed identity of an entity, such as a device, which is attaching to a network, or validation that a user, who is requesting network services, is a valid user of the network services requested. Authentication is often accomplished via the presentation of an identity and credentials (e.g., digital certificates or shared secrets). Initial authentication is typically performed for network admission control by a provider edge (PE) device (e.g., router, switch) when a consumer device such as a cable modem or mobile cellular handset connects to a service provider's network.
The effectiveness of other network security mechanics such as authorization, integrity check and confidentiality rely upon network entity authentication as well as continuity of service. ‘Authorization’ refers to an act of granting a device or user access to specific types of resources and/or services. This grant of access can be based upon a number of factors, including user authentication, services requested, device type, current system state, etc. As well, authorization can be restricted in a variety of manners, for example, scope of use, temporal restrictions, physical location restrictions, etc.