1. Field of the Invention
The present invention is directed to the field of securing computer communications.
2. Description of the Related Art
People frequently access data maintained on primary computer systems, such as file servers, from remote client computing devices. Examples of remote client devices include laptop computers, cellular telephones, personal digital assistants (“PDAs”), and personal computers. Intermediate entities facilitate clients' remote access to primary system data. In some instances, intermediate entities provide services for clients that use primary system data. For example, an intermediate entity may provide a data synchronization service—enabling a person to synchronize common data records maintained on both a primary system and a client computing device. Examples of common data records include calendars and address books, which are stored on a primary computer and a PDA. Alternatively, the intermediate entity may provide gateway access without synchronization.
In providing remote access services, intermediate entities strive to ensure that data on primary systems is neither stolen nor destroyed. Authenticating clients' rights to access primary system data plays a critical role. In some instances, intermediate entities control data access by maintaining copies of primary system data and regulating clients' access to the data.
Intermediate entities may regulate data access by maintaining a database of user authentication information, such as passwords, user identifications, and other confidential data used to authenticate a user and provide access to data and services residing on a primary system. When a client attempts to remotely access a primary system through an intermediate entity, the client submits authentication information. The intermediate entity then queries the database of authentication information to verify the client's access rights.
However, maintaining a database of client authentication information at the intermediate entity presents a security drawback. Computer hackers can illegitimately obtain the authentication information from the intermediate entity's computer system. The hackers can then use client passwords to modify, steal, or destroy data from primary systems. Storing a significant amount of primary system data at an intermediate entity also creates an unfavorable condition—intermediate entity computer systems expend considerable resources uploading and storing this data.