Over the relatively short history of the computer industry dramatic changes have occurred. The most significant of these changes has been the incredible drop in hardware prices along with the equally incredible improvement in performance, reliability, size and ruggedness of computer hardware. The reliability and performance of computers have improved to the point where the military is able to place computers in each individual combat vehicle. In this manner a wide area network of computers is formed which may be used to receive orders and other mission critical data, such as the position of enemy and friendly troops, as well as their movements. However, implementing security on such a wide area network is a difficult undertaking. One of the many challenges is the sheer size such a network may take. Thousands of nodes of various types of computers may have access to the network. Further, most users may be authorized to receive only a portion of the data being transmitted over such a network. Still further, since the network operates over a battlefield, the use of cable to enable high-speed communications is out the question. Only radio or microwave communications methods could be utilized either directly, or via a satellite system. However, the use of radio or microwave communications limits the speed at which data may be transmitted over the network. Even when a high-speed cable-based network is utilized, due to the large number of nodes on a network, it is still imperative to keep administrative data traffic to an absolute minimum.
In addition to the communications issues, a significant security issue exists. Most soldiers in the field that would have access to the system would not be authorized (“cleared”) to receive most of the information traveling across the network. Of those individuals on the network that are cleared to receive classified information, not all would be at the same level of security clearance. Therefore, mechanisms have been attempted that partition the network into a multilevel security system. However, these multilevel systems are often complex, expensive, require large amounts of the available bandwidth in to order function properly, and are very man-power-intensive to administer. Therefore, implementing such a multilevel security system on a battlefield over a relatively low bandwidth communications system is not possible. This is further compounded by the fact that in a battle, vehicles may be captured. If the enemy could tap into the battle plans and troop movements of our forces, it would provide the enemy with a tremendous advantage in a battle.
It should be noted that many of the same problems encountered by the military in implementing a large wide area network are also experienced by major corporations having tens of thousands of employees all with their own personal computers connected worldwide over a wide area network. Most employees in a corporation fall into the same category as most soldiers in the field. Namely, most employees have no need or requirement to access all of the information on a wide area network. Further, most corporations have competitors which are both domestic and foreign and who could benefit from inside information relating to new products in development and bids being issued by the corporation. Therefore, in both military and commercial applications it is vital to enable authorized personnel access to required information quickly and easily, while blocking access to unauthorized individuals. These unauthorized individuals may include enemy troops, competitors, or the ubiquitous hacker. As noted by recent denial-of-service attempts and the email virus/worm infiltration of corporate computers, a hacker may cost businesses billions of dollars in wasted effort and loss of valuable information. Further, a business can be ruined by a hacker or disgruntled employee accessing customer credit card (or similar) information and publishing it on the worldwide web.
Beyond the use of multilevel security systems, the primary method of providing security has been through the use of a password access method. In such a password-based system, a user would be denied access to a computer system or a network in the event that the proper password associated with the user was not entered. Typically, a single password file would be stored on a server in a local area network, and upon start-up of a particular computer system on that local area network, the user ID and password would be checked against those in the server. This works well when the number of potential users is relatively small and substantial band width is available for users to simultaneously logon. However, where a large number of users attempt to logon to the system simultaneously, access to the single password file would form a bottleneck in the system. Further, the necessity that users must always log into a single server on the network, in order to gain access, makes the server a single point of failure. Failure could lock out users throughout the network. User's passwords are conventionally either transferred to the server over the network in clear text (unencrypted), where they are vulnerable to be discovered by an adversary, or they are encrypted in transit but saved in clear text on the server. Thus, the server becomes a target in the battlefield for conventional warfare, as well as cyber warfare applicable to both the military and commercial enterprises.
In an attempt to alleviate the formation of a bottleneck in a large network, passwords for individual users have been stored on their local machines. Upon start-up of the local computer, the user would log onto his assigned computer system and enter his password. Failure to provide such a password would prevent access to that individual computer. This eliminates the overhead associated with a central password file, but it restricts each user to using only the particular computers on the network assigned to them. If a computer fails, the employee may not use another employee's computer in order to complete his assigned tasks. Thus, resources are wasted.
Therefore, what is needed is a system, method, and computer program that will provide a high degree of security for a local and wide area network, while keeping administrative communications traffic required to implement security to an absolute minimum. Further, this system, method, and computer program must block access to unauthorized users and users without the proper security clearance. In addition, a user must be able to logon to any computer system in the network and be able to of receive messages and access information for the particular user or his role in the organization. The security system must also prevent an unauthorized user from accessing passwords for other users on the system even when the unauthorized user has complete access to a particular computer on the network. Also, this security system must enable a security officer or systems administrator to remotely disable a computer which has fallen (or is suspected of having fallen) into an unauthorized user's hands.