As a computer user engages in transactions with an increasing number of secure servers over a network, it becomes increasingly difficult for the user to remember required information for each server, such as an account name and password. In order to make this task more manageable, many users either employ the same password with multiple servers or write their account information and passwords down in some form that can be obtained by another. In each case, the goal of maintaining the security of the user's account information is compromised.
A number of techniques have been proposed or suggested for helping users to securely manage their account information and passwords. Lucent Technologies, Inc. of Murray Hill, N.J., for example, provides an architecture for securely managing user account information, referred to as the Factotum™ security system. Factotum stores a copy of the keys of a user and negotiates security transactions with applications and system services.
The Factotum runs on the user's computer and interacts with a network-based repository of personal credential information, referred to as the “Secure Store.” The Secure Store stores one or more passwords or keys for a user. The Factotum application acts as a “trusted proxy” for the user and has permission to use the stored keys to access online services or applications on behalf of the user. In this manner, the user is not required to input the same information at every new secure server visited by the user, or to remember different passwords for each accessed online service.
While the Factotum security system provides a convenient and secure method for users to manage their account information on their own computer, users are increasingly engaging remote applications on remote machines to take actions on their behalf. For example, a user may authorize a remote spam filtering application to process email stored by another remote email server on behalf of the user. In addition, due to license restrictions for a given application specifying where the application may be executed, the application may execute on behalf of a user from a remote machine. In any case, these remote applications or services often must engage in secure transactions on behalf of the user, even when the user is not present or actively participating.
Currently, in order for users to engage a remote application on a remote machine to take actions on their behalf, the users must provide their credentials to the remote application, thus requiring the users to trust each remote application and potentially compromising security. A need therefore exists for more secure techniques that allow users to manage their account information and passwords with one or more remote applications. A further need exists for more centralized trusted repositories for storing secure user account information that is required to communicate with one or more remote applications.