1. Technical Field
The present invention relates to information retrieval methods and systems. In particular, the present invention relates to computer networks in which data may be accessed, stored, updated, and retrieved. Still more particularly, the present invention relates to methods and systems for protecting confidential data that may be accessed, stored, updated, and retrieved from a database within a computer network.
2. Description of the Related Art
Certain network management data stored within a Management Information Base (MIB) of an agent system within a computer network are highly confidential. Access to the network management data stored within the MIB must be provided to network devices, such as network managers and so-called World Wide Web "browsers," well known in the art of computer networking. Normal network management operational procedures within agent systems of a computer network must be capable of utilizing confidential MIB data to perform arithmetic operations, comparisons, and initializations. Therefore, such confidential MIB data must operate within existing operating systems and hardware. Unauthorized access and changes to the confidential data by network managers or browsers should not be allowed. While retrieval of the confidential MIB data must be allowed, the viewing of the actual contents of the confidential MIB data must only be allowed to authorized network managers or browsers.
Any network manager or browser may access the MIB data information and learn its contents. The only access limitation is the use of "community name" strings, which are analogous to passwords, which limit access to the MIB data and the ability to modify the MIB data. The MIB data itself is not restricted, rather the ability to access this data and perform changes to the data is limited via such "community name" strings. The "community name" string and the MIB data can still be viewed by eavesdropping of messages, because there is not an explicit requirement to protect data in transit. Such password strings are administered to managers or browsers and are designed to apply to the whole MIB, or to MIB "views," which are subsets of one or more individual MIB objects or related objects referred to collectively as a MIB "subtree". Therefore, unless the ability to access and perform changes upon the MIB data is protected in some manner, little or no security can be offered to customers in need of confidential MIB data.
Current techniques for securing network management data are limited by several factors. First, current methods for securing network management data are administratively cumbersome. For example, password or community strings must be given out to all network managers or browsers needing access to confidential data. An orthogonal set of MIB objects can exist for each MIB user for which network management operations are allowed. Therefore, the list of authorized users, combined with the list of network management permissible MIB objects, may become large. Second, current methods for securing network management data do not provide password security. Community strings typically are set and changed in network management messages in the clear. Therefore, the very secret, that is to be used to gain access to secure data, is itself not secure. Finally, the MIB data itself is not protected. The MIB data that is protected by the community string password flows in the clear in network management messages.
Recent developments in the area of securing access to network management data include the "SNMP Version 3.0," which is a user based security method and system for the authentication and encryption of SNMP messages containing MIB data. SNMP messages containing MIB data is authenticated and encrypted, according to "SNMP Version 3.0" by securing the complete message, and screening requests and responses for permission through the use of "context views." Such "views" are established by the prior coordination of the "user name" with a password key through manager or off-line interaction. The password does not flow in the encrypted message. Rather, only the user name that is utilized to access the password key to encrypt or decrypt the message flow in the encrypted message. Each target system is assigned a unique "engine identification," which coupled with "engine boot" and "engine time" parameters that flow in the message allow the target system to verify that the message has not been replayed (i.e., not fresh) or captured and replayed to a different target system. Such an approach is quite elaborate and expensive to implement and administer.
Confidentially sensitive MIB data must be able to be sent to all requesters, but be able to be revealed only to those readers who are authorized. Only authorized network managers or browsers may be permitted to change the confidential MIB data. Only authorized network managers or browsers may be permitted to change the confidential MIB data by creating or deleting the context in which the secure MIB data exists. Furthermore, sensitive MIB data must be able to coexist in the same SNMP table construct as non-sensitive data and the non-sensitive data must be read and set as normal operational needs require. Based on the foregoing, it can thus be appreciated that a need exists for a method and system which would insure that confidential data released from a network database, such as an MIB, is efficiently and effortlessly secured.