This application relates generally to information security. More specifically, this application relates to methods and systems for secure transmission of identification information over public networks.
There are numerous instances in which parties may wish to access a host system over a public network. In many instances, the host system is configured with security protocols to limit access to legitimate parties, and such security protocols typically rely on the receipt and verification of identification information. For example, the identification information might comprise a combination of a user identifier and a secret password, with access to the host system being granted only upon presentation by the user of both pieces of the identification information. While the ability for parties to access a host system over a public network presents numerous conveniences, it also presents a danger that the security of the identification information might be comprised as a result of interception by an eavesdropper.
A basic arrangement that is currently commonly used in connecting parties to a host system over a public network is illustrated in FIG. 1. The public network 108 is configured to establish a connection between the host system 112 and the party 104 in response to a request from the party 104. Usually, the host system 112 includes a security protocol 116 that verifies identification information provided by the party 104 and transmitted with the public network 108. In many instances, the security protocol 116 is equipped with fraud-detection algorithms, a simple example of which is an algorithm that flags repeated attempts to gain access to the host system 112. For example, one such fraud-detection algorithm permits a party 104 to make no more than three incorrect attempts at entering a password; if a fourth incorrect attempt is made, the algorithm locks out that party 104 until some corrective action is taken, perhaps initiated by a telephone call from the party 104.
Such a security protocol 116 thus aids in preventing a hostile party from attempting to guess a legitimate party's password, but is less effective when the identification information may be intercepted by an eavesdropper 120. The danger of interception by eavesdroppers 120 has, moreover, been increasing as public networks are more widely used. Rather than remember multiple different passwords, parties 104 frequently use the same password to access multiple different host systems 112. If an eavesdropper intercepts a transmission from a particular party 104 for any host system 112, he may obtain information to gain access to multiple host systems 112.
One technique that has been used to compensate for such possibilities is to provide an intermediate system that maintains a record of identification information for multiple host systems 112 on behalf of a party, and requiring only a single password for that party 104. When the party wishes to access a certain host system 112, the transmission is routed through the intermediate system, which detects whether the single password is correct, transmitting the appropriate host password only if it is. Such a technique protects the host system 112 from potential fraud by truncating the transmission when an incorrect password is provided.
One disadvantage of such an arrangement, however, is that this technique also circumvents the security protocol 116 that may exist at the host system 112. This is true of all arrangements that use truncation of transmission to the host system 112 as part of fraud prevention. Circumvention of the host system's security protocol 116 thus deprives that protocol of information that may be useful in analyzing patterns of attempted security breaches. Furthermore, it is generally undesirable to implement the host system's security protocol 116 at the intermediate system. Not only would such implementation require duplication of the significant investment already made by multiple host systems 112, but it would also remove control of the security protocol from the host systems 112. This is particularly disadvantageous since the security protocols for each host system 112 frequently reflect security concerns specific to that host system 112 and may benefit from periodic revision as those particular security concerns change.
There is accordingly a general need in the art for improved methods and systems for secure transmission of identification information over public networks.