Distributed computer networks or so-called computer network infrastructures, describe a plurality of computer systems capable of communicating with one another via data connections. Part of the exchanged data is confidential, and access to the information is denied to non-authorized persons. In particular in computer network infrastructures including server-client-topologies, confidential data such as customer data or user data is exchanged between client and server, wherein access of a third party to the data is to be suppressed.
Conventional security strategies to increase data protection include, on the one hand, provisions (processes to be observed) as well as rules (orders or prohibitions) for third parties, e.g., administrators, which is to ensure merely limited or controlled access to confidential data. In particular, access to confidential data is limited in a computer system by predefined access rights (login rights or user rights) so that only (reliable) persons having respective rights are granted access to confidential data.
On the other hand, technical measures on or in the computer systems are provided to prevent physical and/or logic access to computer systems or restrict access to authorized persons only.
In fact, such approaches to improve data protection are beneficial to data security, but come with the disadvantage that they usually do not necessarily present measures to prevent access to confidential data.
Further, current computer network infrastructures operate via access options or options for addressability of computer systems (e.g., via a network) for data exchange or communication which make computer systems vulnerable toward external attacks. For addressability of services a running program is required on one or multiple network ports of a computer system. The running program poses a potential security gap for external attacks via network.
There is thus a risk that a hacker or an internal employee who obtains access to a computer system may pick up confidential data on the computer system and/or may get access to further computer systems in the computer network infrastructure by the attack, e.g., because he or she pretends to be reliable through a manipulated signature.
On the other hand, there is a need for a computer network infrastructure for communication and processing of information between individual computer systems of required communication structures to be able to instruct a task of a target computer system by another computer system in the computer network infrastructure, for example.
It could therefore be helpful to improve protection against attacks to computer systems within a computer network infrastructure, in particular the non-permitted access to confidential data, by technical measures and nevertheless provide a communication structure that ensures a satisfactory and more secure forwarding of data within the computer network infrastructure.