1. Field of the Invention
The present invention relates to network security. More specifically, the invention relates to using patterns to perform identification data substitution.
Portions of the disclosure of this patent document contain material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure as it appears in the Patent and Trademark Office file or records, but otherwise reserves all copyright rights whatsoever.
2. Background Art
When logging in to a distributed network of computing devices, it is typical for a security measure to be in place which insures the identity of the individual logging in. One manner where this occurs is on a system that uses a smart card. The user inserts the card into a card reading device attached to the computing system and enters a personal identification number (PIN) onto a keyboard or other input device of the computing system. Alternatively, the user might provide biometric identification to the system in the form of a fingerprint or retinal scan. If the identification data is authenticated then the user logs in and begins using the distributed network.
As will be further explained below, the manner in which identification data (such as PINs or biometric identifiers) is currently authenticated is vulnerable to snooping attacks from untrusted third parties that might use the data to compromise the network. Before further describing the problems associated with current techniques which authenticate identification data, an example computing environment where this problem occurs is describe below.
Multi-Tier Application Architecture
In the multi-tier application architecture, a client communicates requests to a server for data, software and services, for example, and the server responds to the requests. The server's response may entail communication with a database management system for the storage and retrieval of data. The multi-tier architecture includes at least a database tier that includes a database server, an application tier that includes an application server and application logic (i.e., software application programs, functions, etc.), and a client tier. The application server responds to application requests received from the client. The application server forwards data requests to the database server.
FIG. 1 provides an overview of a multi-tier architecture. Client tier 100 typically consists of a computer system that provides a graphic user interface (GUI) generated by a client 110, such as a browser or other user interface application. Conventional browsers include Internet Explorer and Netscape Navigator, among others. Client 110 generates a display from, for example, a specification of GUI elements (e.g., a file containing input, form, and text elements defined using the Hypertext Markup Language (HTML)) and/or from an applet (i.e., a program such as a program written using the Java™ programming language, or other platform independent programming language, that runs when it is loaded by the browser).
Further application functionality is provided by application logic managed by application server 120 in application tier 130. The apportionment of application functionality between client tier 100 and application tier 130 is dependent upon whether a “thin client” or “thick client” topology is desired. In a thin client topology, the client tier (i.e., the end user's computer) is used primarily to display output and obtain input, while the computing takes place in other tiers. A thick client topology, on the other hand, uses a more conventional general purpose computer having processing, memory, and data storage abilities. Database tier 140 contains the data that is accessed by the application logic in application tier 130. Database server 150 manages the data, its structure and the operations that can be performed on the data and/or its structure.
Application server 120 can include applications such as a corporation's scheduling, accounting, personnel and payroll applications, for example. Application server 120 manages requests for the applications that are stored therein. Application server 120 can also manage the storage and dissemination of production versions of application logic. Database server 150 manages the database(s) that manage data for applications. Database server 10 responds to requests to access the scheduling, accounting, personnel and payroll applications' data, for example.
Connection 160 is used to transmit data between client tier 100 and application tier 130, and may also be used to transfer the application logic to client tier 100. The client tier can communicate with the application tier via, for example, a Remote Method Invocator (RMI) application programming interface (API) available from Sun Microsystems™. The RMI API provides the ability to invoke methods, or software modules, that reside on another computer system. Parameters are packaged and unpackaged for transmittal to and from the client tier. Connection 170 between application server 120 and database server 150 represents the transmission of requests for data and the responses to such requests from applications that reside in application server 120.
Elements of the client tier, application tier and database tier (e.g., client 10, application server 120 and database server 150) may execute within a single computer. However, in a typical system, elements of the client tier, application tier and database tier may execute within separate computers interconnected over a network such as a LAN (local area network) or WAN (wide area network).
Security Measures
Smart cards and other identification techniques are used in environments like the multi-tier application architecture as a security measure to insure of the user when he/she logs into a computing device on the client tier. Once identified, data on the database tier and applications on the application tier may be used. One advantage associated with using a smart card or other identification technique is that no matter where the computing device is located on the client tier, the same data and applications that the user needs, or was using before his/her last log-off, can be retrieved.
In many cases, the identification technique involves the presentation of a secret that only the cardholder knows. Sometimes this secret is called a PIN. Since the smart card itself has no mechanism for interacting with a human being (i.e., no keyboard or display), it requires the system it is being used with to provide the human I/O facilities to prompt the cardholder for a PIN and to accept the cardholder's input of the PIN, typically on a keyboard or other suitable input device.
Application Protocol Data Units (APDU)
Application communicate with smart cards using a data encapsulation protocol called APDU. The format of an APDU is described in the ISO standards document ISO-7816. In general, an APDU comprises a header, instructions that tell the smart card what to do, and information regarding whether data is supposed to be returned. A PIN is generally presented to the smart card as a part of an APDU transaction. The PIN is embedded in the APDU in a format that the card understands. By understanding the format, the card is able to verify the PIN and can perform some function for the user, such as releasing data out of the smart card or otherwise performing a calculation for the user.
Since the PIN is a very sensitive piece of information that is ideally known only by the cardholder, the PIN must be protected from interception. One solution is to provide a smart card reader with a built in key pad used to enter the PIN. The PIN is retained inside he reader for the duration of the transaction required to format an APDU with the PIN embedded in it and to send that APDU to the smart card. This solution, however, only solves part of the problem. In particular, it does not permit an application executing outside of the card reader to send an APDU to the reader that the smart card requires for presentation of the PIN, without actually specifying the PIN itself in the APDU. This is disadvantageous because specifying the PIN itself makes it vulnerable to interception. In addition, there are multiple types of smart card families, and each requires presentation of the PIN in a different manner, which makes compatibility difficult.