Communications often flow from one network to another, and usually some form of security is required between the networks. Security is often provided by user identifications or userIDs and passwords to authenticate a user, and a firewall to screen out unwanted messages. There are different types of networks, and the type of security depends on the types of networks involved in the communication. For example, there may be an intranet or “Blue zone” for local communications within an enterprise. It is presumed that all users of the intranet are trustworthy because they all work for the same enterprise. Therefore, usually there is relatively little security concern within the intranet, although userIDs and passwords are still required to access applications. However, oftentimes users of the intranet want to communicate with another entity located on another network, for example, a “Red zone” such as the Internet. Because this other entity may not work for the enterprise, and this other network is not under control of the enterprise, this other entity and network cannot be thoroughly trusted. It is possible that a user on this other network can attempt to learn a userID and password of a user within the firewall and then, using this userID and password, view or tamper with sensitive data within the firewall. Therefore, a firewall may be installed at the gateway to the intranet. The firewall is responsible for enforcing a security policy for incoming communications. This security policy may define which types of networks that the intranet is permitted to communicate and what protocols are permitted for the communications. The firewall also may (a) limit incoming traffic to certain source IP addresses and through certain firewall ports, (b) limit outgoing traffic to certain destination IP addresses and through certain firewall ports, and (c) detect viruses to thwart hackers.
For additional security, the enterprise that controls and uses the Blue zone intranet may also create and control a “Demilitarized zone” (“DMZ”) or “Yellow zone” between the Blue zone and the Red zone. The Yellow zone would include one or more servers and respective data bases managed by the enterprise. However, the Yellow zone data bases typically would not include sensitive data or the only copy of sensitive data. Therefore, if the server(s) in the enterprise's DMZ are corrupted by a communication from another network, the damage is repairable. The firewall for the enterprise's intranet or Blue Zone may only permit communications with the enterprise's “Yellow Zone”. The management of the servers and related devices in the enterprise's DMZ allows the enterprise a measure of security in the enterprise's DMZ. Therefore, the Yellow zone serves as a buffer for the Blue zone. The enterprise's DMZ may be authorized to communicate with an untrusted server or workstation in the “Red zone” directly or through another firewall. It is also possible to connect the enterprise's intranet with its firewall directly to one or more untrusted networks in a Red zone, and rely on the enterprise intranet's firewall to provide security.
Some applications support simultaneous participation from users located within a Blue zone and a Red zone. For example, an existing e-meeting application executes in a Yellow zone of a host enterprise and may involve participants from different companies. The participants from the host enterprise are in the Blue zone and the other participants are in the Red zone and access the e-meeting application. Currently, all the users, regardless of their location, must log-on with a userID and password. While this is effective in authenticating the users to the application, there is the potential for a hacker in the Red zone to learn the userID and password of a user in the Blue zone. With this userID and password, it would then be possible for the hacker to access sensitive data within the Blue zone.
Accordingly, an object of the present invention is to shield the Blue zone users' passwords from the Red zone users who can simultaneously access the same application in the Yellow zone.