1. Field of the Invention
The present invention relates to system and methodology for securing sensitive user information, such as that commonly stored on personal computers or other data processing devices, for preventing unauthorized access to that information.
2. Description of the Background Art
Individuals and businesses are growing increasingly comfortable with conducting their affairs over the Internet. One side effect of this growing trust in technology is that the amount of personal or confidential information traveling through the Internet is increasing proportionally. This sensitive information can include personal identification numbers (PINs), user names, passwords, credit card numbers, Social Security numbers, phone numbers, and more. The consequences of this information falling into dishonest hands can include disasters such as identity theft, financial loss, and proprietary information theft, just to name a few.
A personal firewall featuring application control solves much of this problem of protecting sensitive information by disallowing network access to untrusted applications. However, firewalls alone cannot solve the problem of information leaking from legitimate, trusted applications, such as web browsers, email agents, or instant messenger applications.
Another solution that solves much of this growing problem involves running a software agent to monitor the PC's network traffic. This simplified or basic “lockbox” approach ensures that sensitive information is not transmitted outside the local host without the user's knowledge. If sensitive information is discovered during this process, the underlying security engine may give the user the ability to block or modify the outgoing request. Note that this type of protection differs from “electronic wallet” technology common today in that e-wallet technology is intended to make electronic commerce more convenient by safely optimizing the e-commerce checkout process, whereas this “lockbox” technology is intended to prevent sensitive data from leaving a PC without the user's knowledge.
The simplified lockbox approach has its problems, however. Storage of reference copies of the sensitive information in a simple lockbox creates a new point of vulnerability. The lockbox itself becomes a potential target for attack and compromise. Therefore, a better solution is sought.
What is needed is a system that includes methods for protecting sensitive information (as done with a simple lockbox), but which does not itself become a point of vulnerability. In particular, the solution itself should not provide a source of sensitive information that would be an attractive target to attack. The present invention fulfills this and other needs.