Currently there is an exponential increase in the number of banks and other businesses that use the Internet to conduct transactions. The Internet is often a less expensive and less time consuming business medium than paper or the telephone. Electronic commerce and data interchange are increasing efficiency and giving companies a competitive edge in the global economy. With this growth in Internet electronic commerce, it becomes essential that greater security be provided for network-enabled transactions and collaboration.
The demand for information security is further elevated by the increasing prevalence of virtual private networks (VPNs), which are configurations by which private business is conducted over public media, such as the Internet. Sharing an existing public communications infrastructure is far more cost-effective than building a separate network for every business. However, security is required to create this "private" logical network over existing public wire. To create this VPN, security operations are invoked at both the source and destination nodes to ensure properties such as confidentiality, integrity, and authentication, for proof of origination and non-repudiation, of data.
Although some Internet commerce applications have been developed, they do not provide sufficiently strong security for trusted transfer of private data over a public medium. The very essence of strong security is the notion that the security medium employed to protect data cannot be compromised in a sufficiently short time to allow use or alteration of those data by an unauthorized party. Therefore, data protection mechanisms for strong security are required to be complex, and they thus have a high computation overhead which detracts from overall application performance. In the interest of performance, security procedures are often omitted. If Internet commerce applications are to succeed, they cannot compromise performance or security. In the best possible case, security mechanisms would be transparent to users. However, so far, security in the world wide web security is poor. It is relatively few vendors that can delivery invisible security. The inherent tradeoffs in realizing both security and performance comprise the challenge we face in providing them.
In addition, law enforcement officials are becoming increasingly dependent on the availability of real-time, network collaborative and shared applications. For example, police officers are assisted by real-time photos and data delivered directly to their vehicles. This often requires strong authentication measures which are admissible in court as proof of origin, identity, and integrity of certain data and electronic evidence. The ability to dynamically vary levels of authentication to match available resources and current requirements provides users of law enforcement applications options to employ strong security and use data as evidence while still receiving these data in a timely manner. This option was previously unavailable.
In addition, the healthcare industry is another example of a business relying heavily on shared or collaborative applications to provide greater customer service. For example, electronic communications infrastructures such as the Internet facilitate and expedite potentially worldwide collaboration on x-ray images or case studies. These materials, however, contain personal data, and for patient privacy and safety, are often required to be encrypted, for confidentiality and/or authenticated, for identification of the image. Again, security is necessary for these applications that enable the networked collaboration, yet the security could be detrimental if it hampers the speed with which the information can be used to help the patient.