The past decade has been marked by a technological revolution driven by the convergence of the data processing industry with the consumer electronics industry. The effect has, in turn, driven technologies which have been known and available but relatively quiescent over the years. A major one of these technologies is the Internet or Web related distribution of documents, media and programs. The convergence of the electronic entertainment and consumer industries with data processing exponentially accelerated the demand for wide ranging communication distribution channels, and the Web or Internet (the terms are used interchangeably) commenced a period of phenomenal expansion. With this expansion, businesses and consumers have direct access to all matter of documents, media and computer programs.
In order for the Web to reach its full potential as the basic channel for all world wide business and academic transactions and communications, the providers and users of the Web and like networks must be assured an open communication environment, as well as protection of the data that is offered over the Web and the requests made for such data. With the rise of the Web, there has been an unfortunate increase in the number of malicious users who, at the least, try to disrupt Web and other network services and, at their worst, try to steal goods, services and data accessible over the Web. Of course, the industry has been working for many years to eliminate, or at least neutralize, the efforts of such malicious users.
In addition, although electronic and Web business have vast potential, many consumers and business organizations are just beginners in that marketplace and are skeptical and uneasy about making their files accessible to others based upon network authorization. Thus, a significant compromise of data files or theft of data files could be disastrous to vendors trying to establish a sense of stability in that marketplace.
Despite these security problems, the above factors have given rise to a new way of doing business, electronic business or E-business. This, of course, involves conducting all matter of business over the Web public network and/or private networks when greater security is demanded. Electronic business requires the electronic handling and collection of cumulatively vast quantities of money. As a result, there are great quantities of records tracking transactions stored as files at various network nodes, as well as in individual computer systems. In order for electronic business to function, it is necessary to make quantities of these stored files available to a wide variety of users with various “needs to know” to handle various electronic business billing and other transactions. Thus, there are established levels of authorizations granted to users for accessing the contents of files. At the various levels in any database, there are different users authorized to access the data files at that level. The database manager determines which users will be authorized to access data at that particular level.
In the Web, as well as in individual computer systems, routines must be made available to authenticate that the users requesting access to a particular database are indeed the same users who have been authorized for access. To that end the Web uses an authentication protocol known as Kerberos, which is a network authentication protocol developed by The Massachusetts Institute of Technology (MIT). Kerberos authenticates the identity of users attempting to logon to the Web or to access databases on the Web. It does this through a secret key cryptology. Authenticated users may also transmit Kerberos encrypted communications over the Web. Kerberos is available in many commercial products, and free implementations are available from MIT at site: (http://web.mit.edu/kerberos/www/).
Unfortunately, with the great sophistication in computer hacking of potential unauthorized intruders both within and on the outside of business organizations to access secure data, authorization is no longer just a simple comparison of user IDs to simple authorization lists and denying unauthorized requesters. For example, through a variety of “Confidence” ruses inside and outside of computer transactions in combination with other ploys, some skilled hackers can discover “root user” or “super user” identities which permit them to get inside of a database or directory. Once they have, thus, cracked into a database or directory, the hackers are in an excellent position to steal data from files or to trash files. While security is such that even inside of the database or directory, the hacker still needs authentication in order to access the data in individual files, he is in a much easier position to use iterative identifier routines to try to crack the authentication encryptions which protect individual files.