Security is often maintained in organizations by segregating physical networks used by each group of users. This acts to restrict access to data available on computers and databases used in such networks. For example, it prevents someone in engineering from gaining access to data used in the payroll department's network and vice versa. While separate local network infrastructures help to maintain security of data, superfluous equipment and maintenance is required to maintain these segregated networks. This adds expense, and complexity to the data infrastructures of such organizations.
Furthermore, regardless of the organizational structure of networks used in commercial, governmental, and other settings, there is an ever increasing security concern that sensitive data transmitted or stored on local networks will be accessed by an unauthorized individual or accidentally accessed or disclosed outside of a community-of-interest, hence compromising the secret data. Exacerbating this problem is the fact that security threats can also often originate from insiders. Whether the threat is intentional or unintentional, transmitting data exclusively in one security level partitioned network or another does not protect the data if it is in plaintext format. This is because even strict physical segregation of a network by security level is no guarantee that data will not be disseminated to end-users outside that security level.
The above security concerns are only further exacerbated when access to open or public networks is provided or required, for example in the case of accessing secure networks remotely via the Internet. For example, the growth of the Internet and related network communication networks has given rise to increasingly larger numbers of distributed information processing systems in which individual users obtain information from an ever increasing number of sources. For example, in the banking industry, electronic communications by customers to their banking institutions to engage in electronic financial transactions is an increasing form of interaction between the customers and the banks. Other organizations or institutions requiring highly secured communications over typically-unsecure networks have analogous problems.
In making these transactions possible, customers use any number of computing systems attached to the Internet to communicate with servers operated by their banking institutions to send commands and receive data associated with these transactions. Banks are typically not able to control the customer's computing systems in a meaningful way that may give rise to potential security issues. A summary of some of these security threats are described in detail in a Unisys White Paper entitled “Zeus Malware: Threat Banking Industry” that is incorporated herein by reference in its entirety.
Still further issues arise when attempting to accommodate different types of connections to a secure enterprise, because traditional secure connection types (e.g., VPN) do not allow users attempting to connect to a network from within that network to establish such secure communications. As such, for individuals who may wish to use a portable computing system either within or outside of a network, all usage with secure connectivity solutions tend to remain unaddressed.
The present invention addresses these limitations of the prior computing systems.