1. Field of the Invention
The present invention relates to computer networks, and, more specifically, to providing data security for computers communicating across an unsecured computer network communications link. The present invention has applications in the areas of computer science and computer network security.
2. The Related Art
Computer network traffic has grown exponentially over the past two decades. Disconnected desktop computers have been transferred to large networks of networked computers due, in part, to advances in networking technology such as modem and Ethernet connections that have made the formation of computer networks financially practical. Over the past decade, the reach of computer communications has become global due to the expansion of users on the Internet. This worldwide computer network has provided millions of computer users with access to information and commerce opportunities unparalleled in history.
Access to these resources and opportunities has not come without a price. The rise of computer networks has also spawned new risks for users in the form of information theft and/or sabotage. Such theft and sabotage can be wrought by "hackers": individuals who attempt to gain access to data stored on another's computer system, often for the sheer sport of the activity. Some hackers are more malicious, using software to install computer "viruses" on client computers to alter or destroy data or steal trade secrets. However, even organizations such as governments and businesses also "lift" and/or modify user data when the user connects to apparently "innocuous" servers over the World-Wide Web. For example, a business or government agency could establish an engine to scan surreptitiously the contents of a client computer's drive(s) when that computer logs-in to a Web server. The data obtained from the drive could be used for marketing or espionage purposes.
To counter these threats, many local area networks ("LANs") use firewalls to protect connected to the local network from the above-described threats. However, firewalls suffer from drawbacks. First, firewall protection is generally designed for computer networks; thus, protection for individual users is not readily available. Second, firewall protection is expensive. Thorough firewall protection often requires the purchase and maintenance of one or more specialized computer systems. Third, firewalls can only protect against known threats. Thus, the firewall software must be reconfigured repeatedly as new threats appear.
For individual users, some protection is available using various software packages that monitor certain actions taken by software running on the computer and/or scan files for known anomalies, such as code patterns that are consistent with a computer virus. As with firewalls, these software packages must be constantly updated to scan for the latest virus code patterns. Also, these packages offer limited protection for more dynamic forms of intrusion, such as snooping and/or copying performed by malicious Web sites.
Thus, there is a need for cheaper, simpler software and methods to protect the integrity of data stored on computers used to communicate over computer networks, especially unregulated networks such as the Internet. More particularly, such software and methods will protect against attacks by viruses as well as attempts to copy or alter information on the user's computer by sever computers across in communication with the user's computer across a computer network. The present invention meets these and other needs.