The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Computer access has become very commonplace. With the widespread use of Microsoft operating systems and applications, computers have become more of a commodity as just about any computer could be used to read email or edit a Microsoft Word document.
In addition, computers in a wide variety of locations can be used to access networked applications or the Internet. The ability to access applications and information from any location becomes more important users become more mobile. Users increasingly need to be able to check email and access important documents anywhere at any time. However, increased computer and Internet access have caused many security issues.
Typical users, especially people who use computers for business purposes, have a main computer. For a typical business user, the main computer may be provided through the user's employer corporation and set up for the user by the corporation's information technology (IT) department, for example. The set up of a user's main computer by IT typically includes installation of various security measures. These security measures protect information on the user's main computer and on the corporation's server that is accessed by the user through his main computer. This main computer can be considered to be a “trusted” computer, as its configuration is controlled by the corporation's IT department and is known to be secure.
However these users frequently require access to applications and information on the corporate server from a computer other than their main computer, such as a home personal computer, a friend's computer, or a public access computer at a library, public kiosk, business center, or airline lounge, for example. These computers are not secured in the same way that the main computer is. As discussed above, a user's main computer may be setup and managed by the IT department of the user's employer company to protect corporate information that will be accessed from the user's main computer. In addition, the user may configure his main computer to protect personal information using a number of known products and configurations.
In order to able to access applications and data during a session in which a user accesses a server from such a third party or “untrusted” computer, it would be desirable to be able to protect the confidentiality of the user and any information downloaded to the untrusted computer.
The advent of such technologies as Firewalls, DMZs (Demilitarized Zone—a computer host or small network inserted as a “neutral zone” between a company's private network and the outside public network), SSL (Secure Socket Layer) and VPN (Virtual Private Network) have allowed for reliable authentication and secure communications when the user accesses applications and information on a server through a web browser operating on almost any kind of computer. While known computer systems are capable of providing a secure communication process to access networked applications and information, these methods do nothing to protect what is being done on an untrusted third party computer. A method of providing this “last mile” of security is needed.
As an example scenario, consider the business traveler who uses a hotel business center to make last-minute revisions to a document. He logs on to his company's SSL VPN, authenticates and then finds and downloads the document. He edits the document using a word processing application and then e-mails the updated document to the home office. As shown in FIG. 1A, the authentication process 203, Firewall or DMZ 102 and SSL VPN connection 200 from the untrusted computer in the hotel's business center 201 to the corporate server 101 provide secure communications. However, these security measures do not address security on the untrusted computer 201. As discussed in detail below, malicious code 204, data spies 205 and data leakage 206 onto the untrusted computer 201 present a major source of security threat.
Accessing one's data on a server from an untrusted computer, such as an airport kiosk or public terminal, raises serious security issues. In particular, some confidential data typically remains on the computer or machine used to access an application or information through a server. In the example above, the business traveler using the hotel business center computer 201 may leave footprints of his activities on that computer through “data leakage” 206. For example, the browser he used stores the URLs he visited, and possibly any passwords used to access a site. Access to corporate Webmail may leave temporary files created when email attachments are downloaded and viewed. The browser and the application used to make revisions to the document may have saved a copy of the document in a temp directory. Malicious code resident on the untrusted computer could gather information from the user's use of the untrusted computer, such as what the user does in the browser, temporarily stored passwords and server addresses, and send it to a malicious person. Without realizing it, the business traveler has compromised the security of his company.
In the case of data leakage, even if the user manually deletes files after his networking session, data on a hard drive or other storage device can be easily recovered by another user. Usually, deleting a file only deletes the entry in the folder structure, not the data itself from the hard drive. Even if the data is erased, it is typically still accessible as it remains on the hard drive in a recoverable format. For example, data can be easily recovered through the Recycle Bin or through shareware applications if the Recycle Bin has been emptied. Many other methods are known to those skilled in the art.
This problem is especially critical when a user accesses applications and information on a public computer, such as a library computer or airport kiosk. Any data left on the computer at the conclusion of the user's session on that computer can be accessed by a great number of other users.
Traces of information left on an untrusted computer are a security issue for any user who accesses a networked server, not just business users. A user could use a public computer to access a website for personal use. Personal and private information, including credit card, social security numbers or other personal information, could be left on the public computer. Although the invention is described herein using the example of a user accessing a corporate server, it is applicable to any user accessing the Internet for any reason from an untrusted computer.
As a security measure, some Webmail server providers include features that automatically delete the user data at the end of the Webmail session. However, such known methods do not always work. For instance, the methods may require some privileges the user doesn't have on the untrusted computer. Furthermore, some files could be in use by another process, and therefore cannot be deleted. These known methods are after-the-fact approaches to the problem and consist of catching up with the user data to find out what the user has done. A different or new version of a browser could change the location of data, and render it impossible to determine what the user did in his session.
Even when these known methods do successfully delete user files, the data is not really wiped out and can still be recovered. The user is never completely sure that everything that was intentionally or unintentionally created has been erased.
Even non-publicly available computers, such as home computers, can represent a threat to data security. When important corporate data is accessed over a network on a home computer, some data will typically remain on the computer's hard drive. This data could be at risk for a number of reasons. For example, the user could leave the corporation, wherein traces of important corporate data could potentially be left on the user's home computer. The user could upgrade his home computer or send it in for repairs, thereby allowing persons outside the corporation access to data on the home computer, potentially including important confidential corporate information. In addition, many people simply discard their hard drives when they upgrade their home computer. In the vast majority of cases, those drives are not sanitized and may be discarded with valuable corporate information that can easily be recovered.
Thus, a solution securing the “last mile” of security when a user accesses applications and information over a network from an untrusted computer is needed. The method and system of the present invention provides end-point security by preventing any data leakage onto the untrusted computer. In addition the method and system of the present invention protect against security threats from malicious code that may reside on the untrusted computer.
In addition, when working on a computer other than their main computer, users do not have access to all their usual settings. For example, a pubic computer does not have the user's favorite or most used websites saved in the browser's “favorites” list. Users have to learn and adapt to many different work environments as they use different computers. This has an impact on productivity, even though the use may be short-lived and temporary.
A method of allowing users to customize any third party computer to use the user's preferred settings is also needed.