1. The Field of the Invention
The field of the invention relates to computer and communication networks having a remote terminal isolated from the remainder of the computer network. More specifically, the present invention relates to verification of the identity of a user of the remote terminal, and more particularly, the invention relates to authenticating the user of the remote terminal as an authorized user of the computer network.
2. Present State of the Art
Computer networks have traditionally relied upon physical boundaries such as structures and facilities to provide security for the computer network. In fact, traditional networks interconnect computers or local terminals into networks using hard-wired physical connections for promoting interoperability. As such, local networks originally did not discriminate among users of the local terminals. As security awareness increased, local terminals provided discrimination by incorporating simplistic password protection. Because of the localized nature of password protection on a particular local terminal, users were often hindered from utilizing various other terminals.
As computer networks became more sophisticated additional resources were configured within the computer network to provide additional functionality such as extended data storage and centralized log-in protection. For example, as network servers became more sophisticated, authorized users of a computer network were able to migrate throughout the computer network to other local terminals. As computer network terminals increased in size and complexity security concerns also increased. One previous solution for managing such security concerns included interconnecting local smaller computer networks with other computer networks by physically coupling together network servers of each computer network. The coupling of these computer networks was generally accomplished using physical links such as coaxial cable or fiber optic lines. As computer networks became more diverse and spatially separated, security concerns were again raised that information exchanged between these intercomputer network links may become vulnerable to tampering or interception as such intercomputer network links often occur over public telephone lines or other accessible communication channels. To combat these concerns, network servers incorporated encryption protection for the information exchanged between computer networks. Encryption of exchange data requires that each network server have a key or password for encrypting and decrypting exchanged information.
Furthermore, additional security concerns arise when local terminals within a computer network are no longer physically secured within a structural boundary. Such concerns arise when local terminals are remotely operated. Remote operation of a terminal raises an additional security concern regarding the authentication of the remote terminal. Some security concerns of remote operation of local terminals have been resolved by incorporating similar log-in password protection techniques for remote terminal operation as were required for local terminal operation. In such configurations, remote terminals are programmed with an identifier which may be verified by a network server as being a remote terminal authorized to operate within the computer network.
Additionally, prior configurations further protect informational exchanges between remote terminals and a network server by incorporating encryption into each informational exchange. Such bi-directional encryption required the pre-placement of matching encryption keys within both the remote terminal and the network server. Compatible informational exchange between the remote terminal and network server verified the identity of the remote terminal. Although such correlation of a remote terminal with a network server provides a level of assurance of the legitimacy of the remote terminal, the association of the encryption key with a remote terminal does not provide assurances to the network server of the identity of the user of the remote terminal. Resolution of this concern was mitigated by employing simplistic log-in password procedures. However, identification procedures incorporating users specific information stored on the remote terminal do not facilitate a particular remote user moving between remote terminals.
Mobile remote terminals present yet another variable to a computer network attempting to identify or authenticate legitimate users when such remote terminals attempt to access the computer network using wireless communication means. Such unpredictable remote access removes any physical benefits fixed site remote terminals may have provided since wireless communication channels may be established from non-fixed locations. Furthermore, as remote terminals employing wireless communication channels become more prevalent, they are becoming more fungible as access centers to computer networks. The security focus must then shift from authenticating an authorized remote terminal to focusing on authenticating the user of the remote terminal. Thus, prior art configurations have focused on authentication of a remote terminal optionally coupled with simplistic password protection of the remote terminal against unauthorized users of the remote terminal rather than on authenticating the user themselves.
In conclusion, there exists a need for an apparatus and method for authenticating an authorized user prior to permitting access to a computer network. Furthermore, there exists a need for providing a method and system for establishing an encrypted authenticated wireless communication channel between an authorized user and a computer network. Though attempts have been made to correlate a remote terminal with authorized terminals of a computer network, there exists no scheme or configuration for solely authenticating an authorized user of a remote terminal and establishing an authenticated encrypted secure wireless communication channel therebetween.