The present disclosure relates to the field of computers, and specifically to computers on a network. Still more particularly, the present disclosure relates to protecting resources on a network.
Computer networks often include resources (e.g., hardware resources such as storage devices, actuators, sensors, etc. as well as software resources such as applications, webpages, operating systems, etc.) that are accessible by a server computer and one or more client computers. The server computer often handles operations on behalf of the client computer, such as providing access to hardware resources, executing applications, providing memory and computing resources, etc. Such operations performed by the server often require a high level of trust between the client and the server and the hardware resources, which may or may not be warranted, due to insecure connections between the server and client, distrust of who is able to access the hardware resources, etc.
Various approaches to protecting resources on a network have been proposed in the prior art.
For example, in U.S. Patent Application Publication No. 2002/0188868 filed by Budka et al., teaches a network that maintains a list of rogue mobile devices that failed authentication. If a mobile device is on the list and fails authentication more than a predetermined number of times, then that mobile device is denied access to a wireless network. However, such a process requires that untrusted devices be previously identified. Thus, newly added resources remain exposed to improper access.
In another example of the relevant prior art, U.S. Patent Application Publication No. 2001/0056550 filed by Lee teaches a protective device for an internal resource protection in a network. A firewall performs authentication and access control for a request for accessing to an external network from the internal user, thus allowing a network operator to monitor and trace the transmission and reception of FTP service from an internal network to an external network. However, firewalls can be breached by a user who has “sniffed” the firewall, and thus knows the protection scheme of the firewall.
In another example of the relevant prior art, U.S. Pat. No. 8,555,054 issued to Kuo et al. teaches an apparatus and method for protecting an organization's network resources, particularly in association with automatic provisioning of new client devices within the organization. Securing the resources from unauthorized access, while fully supporting access to all authorized personnel, is based in the use of two cooperating PKI (Public Key Infrastructure) schemes that enable certificate-based authentication of all entities attempting to use the resources. However, PKI systems use digital certificates and keys that are fairly easy to usurp by nefarious actors.
Thus, the present invention provides a new and novel solution to these and other problems found in the prior art.