Portions of the disclosure of this patent document contain material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure as it appears in the Patent and Trademark Office file or records, but otherwise reserves all copyright rights whatsoever. Sun, Sun Microsystems, the Sun logo, Solaris, SPARC, xe2x80x9cWrite Once, Run Anywherexe2x80x9d, Java, JavaOS, JavaStation and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.
A. FIELD OF INVENTION
This invention relates to the field of computer systems, and more specifically, to a method and apparatus for remote access to a server, using a secured and self-contained environment.
With the advancement of the Internet technology, it is now common to access various electronic accounts or data banks from almost any location in the world, where a telephone line and a computer equipped with the appropriated connectivity software are available. Unfortunately, along with technological advancements there are also technological pitfalls that can create opportunities for security breaches in seemingly secure systems.
For example, certain airports and other facilities are equipped with public computer terminals that allow an individual to access the Internet, also known as the world wide web (WWW). Typically, all that is required to access the Internet via one of these terminals or any other computer system is an established Internet account and the required access information (i.e., account number, password, etc.). A persisting problem with such terminals is that they are susceptible to attack by information technology intruders (hackers). A computer program called a xe2x80x9cbrowserxe2x80x9d is typically installed on a terminal to provide access to various Internet sites. By manipulating certain default values in the browser""s configuration, a hacker can acquire access to highly sensitive information entered by a victim user. Once the information is obtained a hacker can further use that information for illegitimate purposes.
Currently, there are no effective methods available to eliminate the danger of such intrusive activities. A method and/or apparatus is needed that can provide a secure environment for Internet access, especially in circumstances where covert manipulation or capture of electronic data is an undesirable possibility. The security issues associated with accessing remote computer networks can be better understood from a discussion of general networking principals and the Internet environment, set forth below.
B. BACKGROUND ART
Networks
In modem computing environments, multiple computers or workstations are linked together in a network to communicate between, and share data with, network users. A network also may include resources, such as printers, modems, file servers, etc., and may also include services, such as electronic mail, information transfer services, etc.
A network can be a small system that is physically connected by cables or via wireless communication (a local area network or xe2x80x9cLANxe2x80x9d), or several separate networks can be connected together to form a larger network (a wide area network or xe2x80x9cWANxe2x80x9d). Other types of networks include the Internet, tel-com networks, intranets, extranets, wireless networks, and other networks over which electronic, digital, and/or analog data may be communicated. An Intranet is an internal corporate or organizational network that uses many of the same communication protocols as the Internet. The terms Internet, World Wide Web (WWW), and Web as used herein include the Intranet as well as the Internet.
Internet
The Internet is a client/server system. A xe2x80x9cclientxe2x80x9d is the computer that one uses to access the Internet. When a user logs onto the Internet using a client computer, the user may view xe2x80x9cweb pagesxe2x80x9d that are stored on a remote xe2x80x9cserverxe2x80x9d computer. Information including data, files, and the web pages to be viewed are often transferred between the client and the server. One method for transferring the data may be more secure than another method depending on the operating software. This in part is related to the configuration of hardware and software components that form the operating environment for data communication. Some background on the various Internet components helps provide an understanding of these problems.
Browsing Software
The components of the WWW include browsing software, network links, and servers. The browsing software, or browser, is a user-friendly interface that simplifies access to the Internet. A browser allows a client to communicate a request without having to learn a complicated command syntax, for example. A browser typically provides a graphical user interface (GUI) for displaying information and receiving input. For example, a browser displays information to a client or user as pages or documents.
A language called Hypertext Markup Language (HTML) is used to define the format for a page to be displayed in the browser. A Web page is transmitted to a client as an HTML document. The browser executing at the client parses the document and produces and displays a Web Page based on the information in the HTML document. Consequently, the HTML document defines the Web Page that is rendered at runtime on the browser. Examples of browsers currently available include Netscape Navigator and Internet Explorer.
Network Communication/Data Transfer
A server may act as a repository of information on the WWW and is capable of processing a client request for the information. To enable the computers on a network including the WWW to communicate with each other, a set of standardized rules for exchanging the information between the computers, referred to as a xe2x80x9cprotocolxe2x80x9d, is utilized. Transfer protocols generally specify the data format, timing, sequencing, and error checking of data transmissions. Numerous transfer protocols are used in the networking environment. For example, one example of a transfer protocol is the transmission control protocol/Internet protocol (xe2x80x9cTCP/IPxe2x80x9d). The TCP/IP transfer protocol is used on the Internet and on many multiplatform networks.
TCP/IP is sometimes used to refer to a suite of protocols that includes TCP/IP as well as other protocols such as the file transfer protocol (xe2x80x9cFTPxe2x80x9d), hypertext transfer protocol (xe2x80x9cHTTPxe2x80x9d), simple mail transport protocol (xe2x80x9cSMPTxe2x80x9d) and network terminal protocol (xe2x80x9cTELNETxe2x80x9d)).
The TCP transfer protocol is often utilized to transmit large amounts of information. The TCP protocol is responsible for breaking up a message to be transmitted into datagrams of manageable size, reassembling the datagrams at the receiving end, resending any datagrams that get lost (or are not transferred), and reordering the data (from the datagrams) in the appropriate order. A datagram is a unit of data or information (also referred to as a packet) that is transferred or passed across the Internet. A datagram contains a source and destination address along with the data.
The TCP/IP protocol interfaces with the lower-layer network infrastructure. Protocols such as HTTP, FTP, etc., provide an interface to the application layer and are referred to as application protocols. An application protocol defines a set of rules for communication between network applications. Hyper Text Transfer Protocol (HTTP) is an application protocol that is used for communication between an information server and a client browser on the WWW. HTTP has communication methods that identify operations to be performed by a network application (e.g. commands that allow clients to request data from a server and send information to the server).
Secured Data Transmission
A transfer protocol may also include security measures that ensure the uninterrupted and secure transfer of data from one network port to another by implementing encryption/decryption mechanisms on the sending and the receiving ends. For example, HTTPS is a secured information transfer protocol having a Secure Socket Layer (SSL) implementation for the HTTP protocol. SSL is a protocol developed by Netscape for a software layer that sits between the application software and the TCP/IP stack. Using the SSL layer information prior to transmission is encrypted by the client. The SSL is implemented to provide data encryption, message integrity, and user authentication in server client communications.
Unfortunately, even using the above mechanisms, security risks may not be eliminated all together. For example, while it may be difficult for an intruder to decrypt encrypted data, he may be able to divert the data transmission destination altogether. Thus, unbeknownst to the user, the user may be securely interacting with an impostor server. An intruder, in this manner, can reroute certain sensitive information such as account numbers, passwords, or other highly confidential information to an impostor server system that imitates the look and feel of the intended server. A user alluded into thinking that his/her transactions are being securely processed by a legitimate source will readily provide any information requested by the impostor.
For example, some current Internet browsers prior to sending information to a requesting server verify whether that server is a trusted server. A server is a trusted server when the authenticity of a token (also called a certificate) sent from that sever is verified by the receiving client. Regretfully, once a certificate is verified by a first user, the server that has sent the certificate will remain on the list of trusted servers to that client until it is deleted. As this list is typically invisible to a common user, a back door can be established by a perpetrator to divert information entered by a subsequent user to a destination that has not been verified by that user.
FIG. 1 illustrates a block diagram of a public terminal or computer in communication with remote servers. Public terminal 110 includes browser 113 and operating system (OS) 115 that can be used to establish a connection with a server over the Internet. The system of FIG. 1 can be manipulated by a hacker, so that information that are supposed to be routed to legitimate server 120 are redirected to an impostor server 130 (e.g., by modifying the proxy settings on browser 113). A hacker can manipulate browser 113 to accept an unauthorized certificate issued by impostor server 130 as a trusted certificate for legitimate server 120.
A subsequent user may later use public terminal 110 to access legitimate server 120. Unbeknown to the user, if the proxy setting have been previously manipulated by a hacker, the connection may be redirected to impostor server 130 instead of legitimate server 120. If the browser settings have been manipulated so that impostor server 130 has been already added to the list of trusted servers by the hacker, it will successfully authenticate against public terminal 110 as if the user is establishing a connection with legitimate server 120. Thereafter, any information transmitted by the user will be intercepted by impostor server 130 over a secure connection terminating at that server. Once the needed information are obtained the connection can be disconnected by impostor server 130 by relaying some typical error message or response to its victimized user.
As such, despite of security measures, a computer system that is subject to tampering by many users is vulnerable and unsafe for secured data transmission. Thus, a method and apparatus is needed that allows a user to securely utilize a public computer terminal or any other computer for Internet access.
A method and apparatus for remote access to a network server, using a secured and self-contained environment is described. In one or more embodiments of the invention, the needed software for transmission of information is readily available on bootable, portable media. The portable media can be used in conjunction with any compatible computer system to securely transfer or access information to or from Internet resources.
In one or more embodiments of the invention, the operating system needed for accessing the remote server is stored on bootable media, such as a floppy disk for example. A user can reboot a computer or public terminal using the bootable media. Other portable and easily accessible media with larger memory storage capacity, such as a memory flash card, are utilized to store software applications necessary for information communication, such as browsers, email clients, etc.
One or more embodiments of the invention are invulnerable to attacks by a preceding user of the computer system, as the required operating systems and communication software are loaded from trusted portable media, carried by the user. Thus, so long as the software stored on the portable storage media remains intact, the self-contained environment created from the execution of that software will remain uncorrupted and immune against attacks by perpetrators.