1. Field of the Invention
The present invention relates generally to network security, and more specifically to a method and system for providing authentication of authorization for access to content and/or services from an application server.
2. Discussion of the Related Art
The Internet is an insecure network. Many of the protocols used on the Internet do not provide any security. Data that is transmitted over the Internet without using encryption or any other type of security scheme is said to be transmitted “in the clear.” Tools are readily available that allow hackers to “sniff” data, such as passwords, credit card numbers, client identity and names, etc., that is transmitted over the Internet in the clear. Thus, applications that send unencrypted data over the Internet are extremely vulnerable.
Kerberos is an example of a known network authentication protocol that is designed to provide authentication for client/server applications by using secret-key cryptography. The Kerberos protocol, which is available from the Massachusetts Institute of Technology, uses cryptography so that a client can purportedly prove its identity to a server (and vice versa) across an insecure network connection. After a client and server have used Kerberos to prove their identity, they can also encrypt all of their communications to purportedly assure privacy and data integrity as they conduct their business.
It is with respect to these and other background information factors relevant to the field of network security that the present invention has evolved.