1. Field of the Invention
This invention relates to a system and method for establishing secured communications pathways over an unsecured open network, and in particular to a system and method for using mobile code to secure data transfers between an application running on a remote server and a client connected to the remote server via the Internet.
2. Description of Related Art
Methods and systems for establishing secured communications pathways over an unsecured open network such as the Internet are well-known.
An especially effective method for securing communications over an unsecured open network is to use a gateway or authentication server, such as V-One Corporation's SmartGate® server, to authenticate users seeking to communicate with the application server over the open network and to protect communications between the users and application servers connected to the gateway or authentication server. The gateway or authentication server cooperates with a key-holding hardware or software token pre-installed on or connected to the user's computer to authenticate the hardware or software by verifying that the secret key held by the hardware or software corresponds to a key assigned to the user, and to generate session keys which may be used to protect further communications between the user's computer and the authentication server. During the further communications, the gateway or authentication server decrypts communications from the user and forwards the decrypted communications directly to the application server, if the communications line to the application server is secure, or re-encrypts the decrypted communications before forwarding them to the application server over a more open network. Aspects of the SmartGate® server are described, by way of example, in U.S. Pat. No. 5,602,918 and in U.S. patent application Ser. No. 08/917,341, filed Aug. 26, 1997, and now allowed.
Recently, there has been an increase in demand for “thin-client” or “server-based” computing. In server-based computing, applications are run on a remote server, and a minimal amount of display information and data input is transferred between the user's computer and an application server on which the application is run, either over the Internet or over various wireless networks. In general, by running the application remotely and using the user's computing device only for display and data input purposes, an application can be run on any type of computing device capable of network communications irrespective of internal memory or processor configuration including, as shown in FIG. 1, cross-platform (non-Windows™) desktops 2, remote computing devices 3, branch office systems 4, thin client terminals 5, and wireless terminals 6, whether connected to a local area network (LAN) 7, the Internet 8, or a corporate wide area network (WAN) 9.
For a large organization, the use of server based computing eliminates the need to load and configure a desired software program on every computer in the organization, greatly reducing both installation and update costs, and allowing uniform distribution of software and updates to all computing devices in the organization, including international offices and even to individual representatives with mobile computing devices, or computing devices that do not belong to the organization.
While server-based computing offers the possibility of enabling any computing device capable of network communications to run sophisticated application programs or request other services from virtually anywhere in the world, a problem exists in that the minimal nature of the communications necessary to enable services to be provided irrespective of platform also makes it difficult to provide adequate security using conventional communications systems and methods.
Even systems secured by an authentication server such as the SmartGate® server, which can provide any desired level of encryption, are currently not capable of meeting the needs of multiple platform, thin client, and mobile computing device users, because of the requirement that software with the keys and algorithms necessary to provide authentication and establish communications with the authentication server be pre-installed on the user's computing device. As a result, in the environment shown in FIG. 1, only computer 5 with pre-installed gateway client software, and LAN 6 with pre-installed software from both the gateway server and another application server 1, are able to access the services offered by either of the servers 1.
The situation depicted in FIG. 1 is unacceptable. In a server-based computing environment, the user should be able to access application servers 1 from any computing device without having to pre-install certificates or other software, and furthermore should be able to access different application servers having different security protocols and requirements without having to install a different set of certificates or protocols for each application server to be accessed.
The present application solves the problem of eliminating the need for pre-installed software in order to establish secured communications channels to a gateway or authentication server by using a mobile authentication and encryption client to establish the secured communications channel. The resulting system and method is similar to the one described in U.S. Pat. Nos. 5,870,544 and 6,023,764. The system and method described in U.S. Pat. Nos. 5,870,544 and 6,023,764 utilize mobile code in the form of Java applets to establish communications between a user's computer and an application or “web” server, by using a web browser's installed certificates to set up and establish communications with the server, but the system and method described in these patents is not designed to be used for facilitating server-based or thin client computing. Instead, the system described in U.S. Pat. Nos. 5,870,544 and 6,023,764 uses a web browser's pre-installed certificates to set up and establish communications with the server. Before any communications can occur, the user's web browser must verify a certificate sent by the server, after which a secure socket layer (SSL) connection is established and a Java applet sent to the web browser. The Java applet then retrieves keys from the web server for use in opening a secure socket or stream to the web server.
The system and method described in U.S. Pat. Nos. 5,870,544 and 6,023,764 possesses two features which prevent application to server-based computing. First, since the two patents are concerned with authentication not only of the user but also of the server, authentication necessitates the inclusion of the above-mentioned preinstalled certificates and corresponding software unique to each service to be accessed. This eliminates the principal advantage of server-based computing, which is to permit a registered user to access a service from any computing device using a standard communications protocol, regardless of the computing devices configuration.
Second, the system and method described in U.S. Pat. Nos. 5,870,544 and 6,023,764 fails to provide for authentication of the mobile code itself before sending a “key certificate” to the applet containing the code, leaving the application server vulnerable to anyone capable of re-creating or copying the mobile code and requesting the key certificate for use in protecting further communications.
In general, therefore, the prior systems and methods for securing communications over an open network, including prior systems and methods using mobile code as described in U.S. Pat. Nos. 5,870,544 and 6,023,764, have failed to take into account the needs of server-based computing users to access servers in a secure manner from any computing device without having to pre-install client software or certificates.
A need therefore exists to extend the secured communications concepts disclosed in U.S. Pat. No. 5,602,918 and U.S. patent application Ser. No. 08/917,341, and to modify the concepts disclosed in the IBM patents, so as to eliminate the need for pre-installation of client software for each applications server by using mobile code to establish pathways to the application server from any platform, including mobile and thin client platforms, regardless of the specific authentication method, while at the same time providing authentication of the mobile code at the time the pathways are established.