1). Field of the Invention
This invention relates to a security protocol for a computer system, and in particular, it relates to a structure of security domains and a method of authenticating a user for access to the computer system.
2). Discussion of Related Art
The task of protecting information stored on computers is becoming increasingly difficult and complex as more and more companies are storing an ever increasing amount of data electronically. The job of keeping such information secure is even further hampered by the fact that many of the computers and databases on which this information is stored are remotely accessible through various public networks, such as the internet.
FIG. 1 illustrates an example of a typical computer network system 10, including a client 12, a network 14, and a container 16. The client 12 is, for example, a computer, or an individual using a computer, attempting to access the container 16 through the network 14. The network 14 includes a series of points or nodes (e.g., switches, routers, etc.) interconnected by communication paths. The network may include one or more of the following: the internet, a public network, or a local area network (LAN), and a private network.
The container 16, which may be a implemented upon a server, contains resources of various kinds of information, such as applications 18a, 18b, 18c, and 18d. The information stored within the container 16 has different levels of “sensitivity” and therefore, different levels of security domains are required to prevent the more secure information from clients 12 who the system administrator has decided should not be able to view it.
For example, the system 10 illustrated in FIG. 1 could be a private network for a corporation having four levels of employees: regular employees, managers, senior managers, and information technology (IT) personnel. Likewise, the corporation could have four resources of information stored in the container as illustrated by the four applications 18a-18d within the container 16 in FIG. 1. Each of the resources contains information of varying sensitivity. For instance, one resource contains relatively low-level security information such as the business address and phone number and employee identification number for every employee. Other resources contain moderately secure, or mid-level security, information such as the home address and phone number, along with the social security number, of every employee and the network user identification and password for every employee. High-level security resources contain very sensitive information such as the salary and performance appraisal for every employee.
In all likelihood, only the senior managers would have access to all of the resources of information, except perhaps the network user ID and password for every employee. The managers would probably have access to some of the mid and all of the low security information, not the high security information. A regular employee would only have access to the low security information.
Whenever an employee attempts to access a particular resource of information, he or she must be authenticated and authorized. Authentication is the process of determining whether someone or something is actually who or what it is claiming to be. One common authentication tool uses a user identification and a password, other such tools may use digital certificates. Authorization is the process of giving someone or something permission to do or have something. Thus authentication determines who the employee is, and authorization determines what information the employee will be able to access.
When a manager accesses the mid-level security information, he is first authenticated and authorized. If the manager then attempts to access the high-level security information, he must again be authenticated to do so. Under the security protocol described above, the manager would not be granted access to the high-level security information.
However, a problem is that every time an employee attempts to access a security level that is lower than the one to which he has already been granted access, he must again be authenticated and authorized. Therefore, if the manager attempts to access the low-level security information, he will also have to be authenticated and authorized to do so, even through he has already been granted access to a higher security level.