Increasingly, individuals are accessing resources over the World-Wide Web (WWW) using Internet browsers. In many instances, these communications are made in an insecure fashion using non-secure protocols, such as Hypertext Transfer Protocol (HTTP). In other instances, these communications are made in secure fashion using secure protocols, such as HTTP over Secure Sockets Layer (SSL) referred to as HTTPS.
Secure access is often needed when the resources are subject to security access policies. For example, an enterprise's Intranet website which includes internal enterprise resources and information is normally only available to employees through secure Internet communications, such as HTTPS. The employees authenticate to the Intranet website and then remotely communicate with the resources of the Intranet via the Internet using HTTPS.
During secure sessions with a secure site, an individual can use a browser to perform a variety of transactions. These transactions can reference links to internal or external information or can reference links to internal of external sites. External information or external sites may or may not be within the control or purview of the secure site. Thus, there is a potential that when a transaction attempts to access external information or an external site that the access attempt may create a security issue or security hole during the secure session.
As a result, traditional Internet browsers are equipped with logic to detect these situations and to generically issue security warnings via browser interfaces. However, in many instances, these messages are not correct, that is, the information or site that is attempting to be accessed is often not a security problem. Moreover, in many instances, these messages are not particularly informative to the individuals as to the true security risk associated with the information or site that is attempting to be accessed.
Thus, individuals experience numerous service interruptions during a secure session which requires them to manually inspect and disregard any unnecessary security warnings. Moreover, these security warnings are often too generic to provide individuals with any meaningful assessment as to the true security risk associated with access attempts to potentially insecure information or sites. Accordingly, these service interruptions affect an individual's overall efficiency and comprehension of information during the secure session and are not desired or useful.
Therefore, there is a need for improved techniques for managing secure communications, such that unnecessary security warnings are suppressed and security threats are more meaningfully communicated.