1. Field of the Invention
The present invention relates to security systems for data and, more particularly, to security systems that protect data in an inter/intra enterprise environment.
2. Description of Related Art
As organizations become more dependent on networks for business transactions, data sharing and everyday communications, their networks have to be increasingly accessible to customers, employees, suppliers, partners, contractors and telecommuters. Unfortunately, as the accessibility increases, so does the exposure of critical data that is stored on the network. Hackers can threaten all kinds of valuable corporate information resources including intellectual property (e.g., trade secrets, software code and competitive data), sensitive employee information (e.g., payroll figures and HR records), and classified information (e.g., passwords, databases, customer records, product information and financial data).
In protecting the proprietary information traveling across networks, one or more cryptographic techniques are often used to secure a private communication session between two communicating computers on the network. Cryptographic techniques provide a way to transmit information across an unsecure communication channel without disclosing the contents of the information to anyone who may be eavesdropping on the communication channel. An encryption process is a cryptographic technique whereby one party can protect the contents of data in transit from access by an unauthorized third party, yet the intended party can read the data using a corresponding decryption process.
Many organizations have deployed firewalls, Virtual Private Networks (VPNs) and Intrusion Detection Systems (IDS) to provide protection. Unfortunately, these various security means have been proven insufficient to reliably protect proprietary information residing on internal networks.
Electronic data is often secured through use of passwords. The passwords can be document level, operating system level or system level. While passwords do provide some security to the electronic data, users tend to mismanage their passwords. For example, users may use short passwords which are easier for an attacker to crack, resulting in possible security breaches of a system. To facilitate the use of passwords, a system has to maintain somewhere information pertaining to the passwords. However, by doing so, the passwords are put in jeopardy of being discovered by an attacker.
Moreover, security policies often request passwords be periodically changed to improve security of a system. Also, in a security system that encrypts data based on user passwords, changing user passwords can be very complicated and result in time consuming updating of all affected encrypted data in the system.
Thus, there is a need for improved approaches to utilize passwords in a security system.