The commercial availability of more efficient, reliable and cost effective computers has enabled businesses and individuals to rely ever increasingly upon the same, as well as on related peripheral devices, to meet their information and processing needs. In recent years, the immeasurable gains in technology experienced by the computer and communications industries have enabled the growth of global communications networks (e.g., the Internet). The Internet is an ever extending communications network of interconnected computers throughout the world. Together, these interconnected computers form a vast repository of hyperlinked information effortlessly accessible by any of the connected computers from virtually anywhere and at anytime. As a direct result, there has been exponential growth in businesses that provide information and execute transactions via the Internet, these business are commonly said to be engaged in “electronic commerce.”
In addition, wireless computing devices were introduced to provide mobile access to the Internet. These devices are capable of communicating, via wireless data networks, with the computers on the Internet. With the wireless data networks, people, as they move about, are able to perform, through the wireless computing devices, exactly the same tasks they could with computers wired directly to the Internet.
A common remote access standard today is the use of a laptop computer equipped with a wireless communication mechanism, for instance, a wireless modem. This standard is useful for many applications and users, but there has been a growing need for another mobile standard in which the Internet can be instantly accessed by mobile devices, such as cellular phones, personal digital assistants (“PDAs”) and other two-way messaging devices. Such mobile devices are generally designed to be small in size and light in weight.
With increasing data processing capabilities in the mobile devices, increasing numbers of users are carrying devices around to materialize their unproductive time into productive time. As more commonly seen, regular mobile phones can return calls, check voice mail or make their users available for teleconferences anywhere and at anytime, but desired mobile phones, not just reactive to calls but also proactive, can meld voice, data, and personal information manager-like functionality into a single handset that can effectively, through a host computer, access a myriad of public and enterprise information services in the Internet.
The progress of mobile connectivity, coupled with the increased access to and ever increasing power of wired communication systems, has been fueled by the demand for immediate access to the information that users require. In conventional systems, a user logs on to a client machine, establishing a connection to a database located on a server machine across a communications network. In the typical scenario, to establish access, the user must pass security mechanisms provided by the server machine's operating system, database management system, or both.
For instance, a traveling businessman requests flight information on his way to airport, or a stock broker places an order for shares of stock at a certain price. Likely information garnered from these transactions may respectively include the airline and the flight number for the traveler and the number of shares and the price at which the broker purchased. To be timely informed, a preferable way is to communicate the information requests electronically into a communications network. The communications network, for example, connects to a flight information database server or stock quote database server so that the desired flight information or the current stock price can be retrieved therefrom on demand.
At this point, there are generally two methods of determining whether a user is permitted to establish access to such a database. In a first method, a database manager omits implementing its own security mechanisms, thus relying solely upon the security mechanisms inherent in the operating system of the database server. In this type of configuration, if a user wishes to connect to a database on a remote database server, the standard operating system's security checks are performed upon the user's request for access. If the user satisfies the operating system's security checks, then access is not only permitted to the server machine, but to the database itself.
An obvious drawback to this method is that rights granted by the operating system may exceed those needed to merely access the database. This situation creates unnecessary security risks if the remote user has only need to access the database, and has no reason or purpose in accessing anything else on the server.
To address the shortcomings of the first method, a second method provides that a database maintain its own file of valid users. When a remote user requests access to a database on a server, the remote user is checked against the file of valid users. Remote users found in the file are permitted access to the database on the server. In these database systems, a critical step in the security mechanism is to receive the user identification and the password and then verify that this combination is found in a repository of valid combinations of user identifications and passwords.
A problem with the second method is that the security mechanisms provided by database systems are typically not as secure as those provided by operating systems. Typically database systems merely check for valid combinations of user identifications and passwords. User identifications are most often based on names of users, names of projects, or some other easily guessed item related to the user. If a password is also selected in the same predictable manner, a hacker/infiltrator cannot only easily guess the valid password, but the whole combination. Consequently, database systems are often vulnerable to commonly known techniques of hacking computer systems.
Even more carefully generated passwords that are not susceptible to presumption are vulnerable. A hacker in possession of a stolen or inappropriately disseminated password who knows the associated user can easily guess at valid combinations of user identifications and passwords. A hacker can also employ computer automated methods of attempting numerous passwords based on common words or randomly generated strings of characters. Passwords consisting of a small number of characters are especially vulnerable. The smaller the number of characters the smaller number of permutations that have to be tried before uncovering the password.
Based on the foregoing, it is clearly desirable that a database system provide its own security features and forego reliance on the security mechanisms of the operating systems. It is further desirable that the database system employ security techniques that make the database system less vulnerable to infiltration than current database systems.