Computer systems today are insecure. They suffer from a multitude of security problems, including system cracking, system disruption, and malicious impersonation of users. Some malicious persons (“system crackers”) break into systems, bypassing or cracking their security mechanisms. These system crackers can gain access to secure data and systems, change or corrupt important data, change or corrupt the security systems themselves to install back doors or permit physical access to restricted premises, or commit any number of secondary crimes using their unauthorized access to sensitive data. Other malicious persons can disrupt system function, for example committing denial-of-service (DoS) attacks by flooding a computer system with an overwhelming torrent of unwanted and disrupting data, thereby changing or delaying the way a system responds. Such DoS attacks may disrupt important aviation, public transportation, and emergency response systems, leaving our key infrastructure systems vulnerable. Other malicious persons may impersonate doctors, lawyers, law enforcement, or other trusted personnel to gain access to restricted data and services. For example, a false identity may allow a malicious person having weapons to gain access to the sterile area at an airport, and board an airplane.
Several solutions to these security problems exist in the art, and include: login names and passwords; firewalls to exclude unauthorized access to computer systems; one-time passwords for isolated transactions; smartcards, such as those compliant with HSPD-12 and FIPS 201; access control lists; and virtual private computer networks, among others. One such solution in the prior art is shown in FIG. 1. Here, a requester 100 wishes to gain access to network data and services, represented in the figure by a “processing cloud” 130 that may be a single server computer or a network of computing resources. The requester 100 has access to a requester device 110. Typically, the requester 100 will login to the requester device 110 using a user name and password, as noted above. Next, requester 100 will direct a software application running on requester device 110 to attempt to contact a network service in the cloud 130 using a computer network (not shown). Requester device 110 will normally look up an Internet address associated with a name provided for the service, such as www.google.com, using a database service such as the Domain Name Service (DNS), as is known in the art. Requester device 110 then attempts to contact the service using the Internet address. Conversely, the service routes all such incoming requests through a firewall 120. The firewall provides security services, such as prevention of DoS attacks, authorization and authentication challenges to access the service, port forwarding, virus scanning, and so on. If the firewall 120 determines that the attempted access is legitimate, then it provides requester device 110 a data channel that permits access to the service. Typically, firewall 120 maintains this data channel, but does not otherwise monitor the data that pass through it. This data channel may be encrypted by both the requester device 110 and the service in the cloud 130, using techniques known in the art such as SSL. Once the transaction is complete, the data channel is “torn down” to free up processing resources on requester device 110, firewall 120, and cloud service 130.
Such prior art security measures generally establish system protection once, at the perimeter of the system being secured, not within the system itself. They are concerned with protecting access to the secure computing resources, such as the communications channels, rather than protecting the data that is transmitted to and from these resources-once a malicious person has gained access, they may remove sensitive data without further challenge. Further, the access restrictions of the prior art are performed before, or as part of, any determination of the identity of the person requesting the access. Thus, they suffer from impersonation attacks and man-in-the-middle (MitM) attacks. Even worse, in systems that perform encryption and decryption operations, these operations must be conducted by and on “thin” client devices, such as smart phones, that do not have a great deal of computing power in the first instance. The systems in the art for distributing encryption and decryption keys to the millions of such devices are cumbersome, expensive, and do not scale well.
End user systems, even those that use encryption, cannot be fully trusted in a secure environment due to the threat of compromise. Once system security is cracked by a malicious user (“system cracker”), the system cracker can masquerade as a legitimate user by accessing the data and algorithms stored in and used by the system. These “artifacts” of the identity processes, present on all end user systems that perform secure transactions, provide an unwanted attack vector against transaction systems that rely on verified identities, decreasing the security and reliability guarantees offered by these systems.