Distributed computer networks, or so-called computer network infrastructures, describe a plurality of computer systems capable of communicating with one another via data connections. Part of the exchanged data is confidential, and access to the information shall be denied to non-authorized persons. In particular in computer network infrastructures including server-client-topologies, confidential data such as customer data or user data is exchanged between client and server, where access of a third party to the data is to be suppressed.
Conventional security strategies that increase data protection include, on the one hand, provisions (processes to be observed) as well as rules (orders or limitations) for third parties, e.g. administrators, to ensure merely limited or controlled access to confidential data. In particular, access to confidential data is limited in a computer system by predefined access rights (login rights or user rights) so that only (reliable) persons having respective rights are granted access to confidential data.
On the other hand, technical measures on or in the computer systems are provided to prevent physical and/or logic access to computer systems or restrict access to authorized persons only.
In fact, such approaches to improving data protection are beneficial to data security, but come with the disadvantage that they usually do not necessarily present measures that prevent access to confidential data. For example, employees (e.g. administrators or operators) of a service provider may be criminal or corrupt or be in a dilemma so that the above provisions and rules are misused.
Further, current computer network infrastructures require access options or options for addressability of computer systems (e.g. via a network) for data exchange or communication which make computer systems vulnerable to external attacks.
It could therefore be helpful to improve protection against non-authorized access particularly to confidential data within a computer system that processes and stores data by technical measures and nevertheless ensures satisfactory communication and information processing between the computer systems of a computer network infrastructure.