With the advent of computer networks has come the problem of secure communication over a network. In addition it is important in networks dealing with critical business transactions of an organization to have controls over who can send what information over the network and, as an added precaution, what network resources are permitted to accept what kinds of information.
Network architectures have been the subject of a great deal of inventive effort. For example, U.S. Pat. No. 5,548,726 to Pettus is granted for a "System For Activating New Service in Client Server Network by Reconfiguring the Multi-layer Network Protocol Stack Dynamically Within the Server Node." This invention allows for a client, in a client server network, to access remote services by means of a communications directory located in each node of the network. The activities of the client are then controlled by the server which allows only certain activities to take place. Thus the client is effectively controlled by the server.
U.S. Pat. No. 5,577,209 to Boyle et al. was granted for an "Apparatus Invented for Providing Multi-level Security for Communication Among computers and terminals on a Network." This system is a multi-level security system employing a secure network interface unit between each host computer, user computer and the network. This system also provided for security management architecture for controlling operation and configuration of the secure network interface units. Each secure network interface unit is configured to perform certain defined activities. Thus control in the network is achieved by virtue of a secure network interface unit. Presumably limitations on activities of workstations on the network are also controlled by the secure network interface unit.
Other types of architectures have attempted to control processing on the network by imparting to servers or network computers certain controls over the processing taking place on the network. U.S. Pat. No. 5,355,453 to Rew et al. describes a system where all networks are connected to a network controller unit for controlling what traffic is permitted on the network.
U.S. Pat. No. 5,287,537 to Newmark et al. was granted for "Distributing Processing System Having a Plurality of Computers Each Using Identical Retaining Information to Identify Another Computer For Executing a Received Command." This system causes a computer that receives a command to forward that command to another if the first computer can not fulfill the command. The emphasis here is on the ability to shift processing to computers that can perform the desired task.
U.S. Pat. No. 5,502,576 to Ramsay et al was granted for a "Method and Apparatus for the Transmission, Storage, and Retrieval of Documents in An Electronic Domain." This invention has a particular structure that facilitates processing time and achieving higher bandwidth over a network. Traffic on the network is concerned with maximizing the bandwidth of information that is sent over the network.
U.S. Pat. No. 5,109,385 to Tseung was granted for a "Guaranteed Reliable Broadcast Network." This invention introduces a concept of an "arbitrator node" which manages traffic over the network in order to guarantee that a message is received by a particular network resource even though the resource may be busy, slow, or temporarily out of service. Thus the arbitrator node performs the function of a "traffic cop."
Other inventions in the network security arena relate to methodologies of encryption, for example U.S. Pat. No. 5,295,188 to Wilson et al for "Public Encryption and Decryption Circuitry and Method," U.S. Pat. No. 5,351,293 to Michener et al for a "System Method and Apparatus for Authenticating an Encrypted Signal," and U.S. Pat. No. 5,226,079 to Holloway for "Non-repudiation in Computer Networks."
Other patents have been granted for authentication and signature verification. For example, U.S. Pat. No. 5,189,700 to Blandford was granted for "Devices to 1) Supply Authenticated Time and 2) Time Stamp and Authenticate Digital Documents," and U.S. Pat. No. 4,326,098 to Bouricius et al for a "High Security System for Electronic Signature Verification." These and other tools provide certain software solutions whereby one party can sign a digital document and another party can authenticate from the source that the message is truly from a desired party.
These various approaches deal with control over the messages on a network as well as various forms of centralized control over traffic on the network.
However, it would be extremely useful if controls over network traffic, once established by a central authority were automatically enforced by every single network resource (that is, without limitation, all manner of workstations, modems, servers, and other equipment and software residing on the network). Thus, the solution to not only network security but also to the security of the types of transactions on a network could best be enforced if rules existed not only at the network server or node level but also at the workstations originating the traffic, the various network resources along the way to the transaction destination, and enforced by the destination network resource as well. By having these enforcement mechanisms at all locations within the network, network security is enhanced for all manner of transactions or operations on the network. Further, network bandwidth usage decreases since, typically, only those communications that are permitted are ever transmitted on the net.