The present invention is generally related to the field of computer networks and more particularly, is directed to a method and apparatus for secure access to a computer network and for safeguarding the confidentiality and privacy of data stored and distributed by the network.
The wide spread use of computers and the emergence of the Internet has lead to a revolution in data collection, storage and distribution. (Herein, the terms “data” and “information” are used interchangeably). Today, most organizations could not conduct their affairs without the aid of computerized information systems which help to collect, process, and distribute information. Such systems are taken for granted as a necessity for conducting business on even a modest scale.
Prior to the advent of personal computers and computer networks, most information was collected manually and stored in hard copy form in physical file drawers. Because there were usually no more than one or two copies of each document, their location and safeguarding were easy to control. Even when mainframe computers became available, the information had to be collected manually and in many cases manually entered into the computer as well. The labor intensive nature of the process necessarily limited the amount of information that was collected and entered into the computer.
Access to the stored information also was limited. The information could only be retrieved by outputting to an associated terminal unit, printer and/or magnetic tape drive. Security of the information usually was not an issue as the entire computer infrastructure was under the control of the business owner. Security resulted from a limited number of trusted employees having the skill set needed to gain access to information stored on the mainframe computer and by in-house mainframes typically not being networked with outside computers. Thus, a company's physical infrastructure, the limited number of employees with the requisite skill set and the lack of networking with other computers provided the ultimate firewall. Accordingly, the likelihood that the computer could be “hacked” from the outside was greatly reduced and the company and its customers felt secure from unauthorized access to company records.
Today, the situation is much different. The relationship that most customers have, for example, with their bank allows the customer online access to his or her banking records. In most cases the customer can transfer funds from one account to another, including the accounts of a third party. Both the customer and the bank benefit from this relationship. The customer can bank at a time that is convenient for him or her and the bank has the opportunity to collect a service fee with almost no human intervention. The third beneficiaries to this relationship are those who wish to engage in mischief, fraud and theft by gaining unauthorized access to the records of bank customers and initiating transactions for their own benefit.
Because computer technology has been developed to the point that it can be readily understood, the skill set required to engage in mischievous conduct is low and can be easily acquired. It is the unintended beneficiaries of online relationships who engage in such conduct that require that attention be paid to computers and network security.
While the advantages of conducting business transactions that involve confidential and private information online are many, these advantages give rise to many security challenges. The challenges are two-fold. The first challenge is to deny entry to those who are not authorized to gain access to the system. The second challenge is in maintaining the privacy of user information once it has been collected and stored in the system. While neither of these challenges are new, they have been greatly aggravated and made more difficult by the number of people and commercial establishments who now use online systems and the amount of data that these systems collect and store. The opportunity to engage in mischief by unscrupulous computer users has risen at a corresponding rate.
Unlike in the past when collecting and entering information into a computer system was very labor intensive and thus the volume of information was low, today there are many fast and efficient ways in which the information can be collected and entered. Modern computer systems are replete with user friendly forms that information providers can fill out themselves and not have to rely on company computer operators to complete. Thus, the bottle neck of information collection and entry that existed in the past has been eliminated in large measure. This has lead to more information being collected and stored from many more people.
In addition, modern computers and computer networks can be programmed to automatically collect information about users, sometimes without their knowledge. For example, the log files in a web server maintains a record of what websites were visited by a web surfer, the time and date, the Internet Protocol address of the computer being used, and in some cases, user identities and passwords. Many people consider this information confidential and private.
The concern with protecting the confidentiality and privacy of online information in today's world is evident from the actions being taken or planned by most governments of developed countries. For example, in the United States, there are national laws that regulate the use and collection of personal data by financial institutions and government agencies. In addition, the United States enacted legislation entitled the Health Insurance Portability and Accountability Act of 1996 which took effect on Aug. 21, 1996. The act is intended to improve the efficiency and effectiveness of the U.S. health care system by facilitating the electronic exchange of information in the health care industry. The Act recognized the challenges to confidentiality of health related information and included specific provisions for its confidentiality and privacy.
In Europe, the European Union Privacy Directive went into effect on Oct. 25, 1998. This Directive, also known as the EU Data Protection Directive, requires that each EU member state enact legislation to protect personal data. According to the Directive, personal data policies must require, among other things, that:                Data be processed fairly;        Data be collected and possessed for specified, legitimate purposes and be kept no longer than necessary to fulfill the stated purpose for which the data was collected;        Data be accurate and up to date; and        Authorizes users of personal data must not transfer that data to third parties without the permission of the individual providing the data. Personal data can only be transferred across national borders when the receiving country has an adequate level of protection for the data.        
The Directive also requires that the person about whom the data concerns be given adequate notice of activity regarding the data. The notice must include the identity of the party collecting or using the data; the purpose for which the data may be used; and such other information as is necessary to ensuring that the processing of the date is “fair” to the individual.
The implications and practical difficulty of implementing the EU Directive are great and go beyond the boundaries of the 15 European Union countries. As the Directive requires that no person data can be transferred across borders unless the receiving country has an adequate level of protection for the data, the effect of the Directive has international dimensions. Moreover, compliance with the notice requirement mentioned above will be difficult to achieve using conventional methods given an increasingly global market place, which by its nature, knows no international boundaries.
While attempts have been made to address the security needs of computers and computer networks with respect to preventing unauthorized access and misuse, of confidential information, these attempts increasingly fall short of what is needed to fully address the problem. Unlike in the past, most mainframe computer systems are now networked to other computers that are outside of the control of the mainframe owner. The natural fire wall that existed in the past is no longer present today. Also, the skill level required to operate and access information stored in these computers, while still high compared to prior standards, is easily within reach of most who wish to acquire the skill. Moreover, the number of people who are computer savvy beyond just a casual knowledge of how to use a computer continues to grow. In additional, criminal enterprises naturally move to targets of opportunity whenever they arise. Online confidential and proprietary information represent such targets.
E-mail, for example, has become one of the most prevalent means for communicating information within and across organizations. Thus, the need for securing and validating that only authorized users can access their own e-mail accounts becomes mission critical in many situations. The security of e-mail messages are particularly problematic due to the propensity that many e-mail users have to send copies to multiple recipients. Thus, not only must the originator of the e-mail be validated for access, the universe of recipients must be as well.
Thus, approaches to computer and network security that were sufficient in the past are no longer equal to the challenge that today's security risks present. Accordingly, there is a need in the art for a more effective solution.