Historically computer security was a matter of managing physical access to equipment. However, with the development of computer networks, new vulnerabilities have been introduced. Today's modern distributed computing environment (referred to herein as an “enterprise”) is designed in such a way that at least a portion of the environment is vulnerable to many methods of tampering or eavesdropping or other security risks to the information contained within that environment. These risks are both internal to the enterprise and external. Existing solutions for addressing these vulnerabilities is to first try to identify where the vulnerabilities exist and then to add some sort of protection mechanism to each identified vulnerability. This typically results in a patchwork of independent protection mechanisms which are not only time consuming and expensive to construct, but also do not protect against vulnerabilities which may exist but have not been recognized. For a large enterprise, the security solutions are, typically, not enterprise wide.
Due to the very open nature of the common communications protocols used to knit a collection of devices (e.g., terminals, servers, applications, databases, etc.) together, the problem of ensuring all aspects of security is complex. In addition, as the use of computer systems becomes more pervasive, the challenge and importance of clearly authenticating the identity of every entity interacting with the enterprise increases as the concern over the risks associated with inappropriate access to information grows.
These risks are beginning to be recognized by current and planned legislation such as the “Health Insurance Portability and Accountability Act of 1996 (HIPAA).” Additionally, in the financial services area there are several interagency “Guidance” documents on “Authentication” and “Safeguarding Customer Information.” See: http://www.bmck.com/ecommerce/fedlegis-s-fi.htm for a list of such documents. Information quality can only be attained by capturing information from trusted, high quality sources.
Meaningful access controls can only be implemented when the identity of those entities requesting access can be reliably authenticated. Patchwork solutions to computer and network security problems are expensive and notoriously unreliable. Expensive, specialized skill human resources are required to install and maintain each element of the patchwork. One attempt at addressing these problems is the Kerberos system which is a network authentication protocol developed at MIT and documented in publications of the Internet Engineering Task Force (IETF). It is designed to provide strong authentication for client/server applications by using secret-key cryptography. The Kerberos protocol attempts to address the entity authentication problem but does not incorporate the “trust level” concept of the present invention. Further, it has no mechanism for access or authorization controls, or auditing.
Further, none of the prior art incorporates the elements of computer security within an enterprise where a user can use a single sign-on for authentication and authorization which can be carried from, for instance, server to server to application, ensuring that the user, server or application is authorized and trusted to perform whatever action is requested.
Moreover, no current approach addresses the concept of different levels of trust for each entity, depending on the access requested to a particular server, application or database, etc., and also on the type of authentication used to request that access. Treating all authentications as equal results in a single trust level that is universally granted to all properly authenticated entities regardless of what type of authentication information is presented or the method in which it is communicated. This universal trust level does not address the environments of real world distributed computing environments where some activities are low risk and thus a low quality authentication of the relevant entities is sufficient, while other activities entail very high risks and should be allowed only when strong, highly reliable, and attack resistant authentication of relevant entities are used. For instance, low risk activities might involve an entity accessing some sensitive information which is available to any entity willing to identify itself and give a reason for needing access. Higher risk activities might involve an entity accessing systems which handle financial transactions on behalf of that entity. Even higher risk activities might include initiating financial transactions on behalf of entities where the interests of multiple entities (e.g., institutions) are involved. Still higher level risks would be associated with administrative access to the systems providing services mentioned above. In some highly sensitive cases it would be appropriate to require collaboration among several entities (e.g., officials in an institution) in order to complete an activity.
Finally, the current security systems within distributed computing environments only have the capability to communicate to the server the identity of an entity requesting access to the enterprise. Once this authentication has taken place, that entity is then free to access any other target entity (e.g., another server, application or database) communicating within the environment without notifying those other target entities of the identity of the entity pursuing such communication, much less requiring further authentication from these other entities.
Therefore, what is needed is a communications protection system which extends to all elements within a distributed computing environment which provides assurances that each entity within the environment attempting to communicate with or access other entities within that environment is a discrete, authenticated entity with an associated trust level.