The expansive growth of the Internet changed the world. In the late 1970s and early 1980s, the Internet was still in its nascency and was comprised primarily of interconnected computers dedicated to defense and academia disciplines. In the early 1990s, the Internet gained a public face. As the Internet became more accessible to the public, it also became significantly larger and more complex. As a result, the Internet grew to become heterogeneous—particularly in the sense that software and hardware developers created myriad devices that could be attached to the Internet. These creations continued to evolve to the point where, today, devices capable of being attached to the Internet are highly diverse. It is common to have PC clients, servers, Personal Digital Assistants (PDAs), mobile phones, routers, and other network-connected devices all interconnected via the Internet. These interconnected devices present challenges—on both a local and global scale—in the areas of security and authentication.
In the often wild frontier of the Internet, undesirable trends are stirring. Unscrupulous individuals illegally sell counterfeit hardware and software components into grey-markets. Software piracy, viruses, worms, and other dangers also pose threats. Such dangers threaten the security and well-being of the Internet, its users, and their data. Business owners, who rely on the Internet to facilitate business transactions, realize the need to confront these ever-increasing threats, where it is considered paramount to the survival of their businesses. Similarly, individual users of the Internet worry about the integrity and safety of their own data, which can include private information such as personal financial banking information. The integrity of end-points on a network has become a major issue of concern for the businesses and networking industry.
Antivirus software, spam filters, and other software products that exist today attempt to address some of these problems by identifying, thwarting, and eliminating computer viruses, other malicious software, and other attempts to take advantage of users. But thwarting viruses, by itself, does not solve the problem of ensuring the integrity of software and hardware components of a client platform. In particular, these software products are incapable of determining whether hardware and software are genuine components that conform to a trusted and known standard. For example, antivirus software fails to stop problematic computer systems from logging onto a network, even where the computers systems are suspected of carrying malicious software and does not check the integrity of hardware components, nor does it take any preventative action in the event where a client platform may have illegitimate components.
Despite efforts by antivirus software manufacturers, an increasing amount of malware is being introduced into corporate networks through “tainted” machines. For example, this can happen when an employee takes a laptop computer on a business trip and connects to a network, such as the Internet, which is external to the corporate network. The machine is then “tainted” by some form of malware. The “tainted” machine is then brought back into the corporate network, where it can pose a threat to the integrity of the entire corporate network. In light of recent legislation such as the Sarbanes-Oxley Act, which requires Chief Information Officers (CIOs) to be responsible for the security, accuracy, and the reliability of the systems that manage and report financial data, machine integrity can be particularly important.
Banks are a good example of an institution that is especially vulnerable to client platforms containing malware and other illegitimate components. Inherently, banks store sensitive financial information, and naturally have a desire to ensure that the information remains secure. Today, it is difficult for banks to know—to any degree of certainty—whether a given client platform requesting access to the banks' networks has the required overall integrity necessary to transact, and does not pose a significant threat to their networks.
Accordingly, a need remains for a way to identify and authenticate components of a client platform—both hardware and software—that are in a potentially improper state before the client platform is given access to network services or resources. The present application addresses these and other problems associated with the prior art.