It becomes more and more difficult to think of a domain where computers are not involved. Their use is now ubiquitous and we have learned to rely and depend on them. Consequently, we are almost disorganized if they are temporarily unavailable for any reasons. Indeed, computers are used to store personal information, companies' data, research, calculate, trade, contact, perform word processing, etc, and they have to be secure whereby access to a computer or a network is limited to authorized persons only. Therefore, protecting stored information from unauthorized access is a very important concern and is of growing concern for the future.
Security systems already exist for protecting access to a computer or a network of a company. A multi-login security system for example is a system wherein access to any particular system from a computer network automatically displays the security window of this particular system. When a user wants to access Windows®, for example, a display prompts the user to enter his security clearance in the form of a password, for example, that has to be recognized by Windows it prior to authorizing the user. A similar routine will operate if the user wants to access another system. With such a security system, a user has to go through as many security operations as the number of systems he has to access. A security system is for protecting a network, for example, from unauthorized individuals, not for preventing the authorized individuals from using a computer because it is such a burden to reiterate security operations.
Conversely, a single login security system is a system wherein a user is prompted to enter his security clearance in the form of a password, for example, which upon acceptance of the password allows the user to access any particular system within a network. However, for obvious security reasons, the operations the user is authorized to perform are limited in any of the particular systems. Therefore, to perform more operations, the user must qualify for an increased security level.
Computer networks typically store information such as user profiles, user authorization for access, and vast amounts of data. End user terminals are a critical component of the computer network, in that they provide external access to the network by offering a way of transmitting input data to the network and by offering a way of reading information from the network. Each of these terminals poses a security risk to data stored on the network and controlling unauthorized access to the data stored on the network is of critical importance.
U.S. Pat. No. 5,229,764 to Matchett et al. discloses a method of continuously analyzing biometric data from a biometric input device at intermittent intervals and selectively granting or denying access to a particular protected system based on the biometric input. The system is a continuous biometric authentication, which reads from a variety of biometric personal identification devices. The system acts as a continuously functioning “gate” between a protected system and a prospective user. Biometric data pertaining to a prospective user is stored for reference within the system. Upon a prospective user wishing to gain access to the protected system the user must interface with the system, which compares the prospective user's biometric data to the stored reference data. This comparison must not only be acceptably close in similarity in order to gain access to the protected system, it must also continue to be close in subsequent comparisons in order for access to the protected system or device to continue.
There are two different paradigms in computer network security. A first paradigm, the distributed network security model, provides for security at each of numerous points of network entry that are each independent. Thus, every computer within a network would require a user authorization operation in order to provide network access, but that operation is provided wholly within the computer itself. In the centralized security model, the process of user authorization is performed by a small number of central processors, typically one or two. In order to support such a system, every computer provides access only upon receiving from the central processors a signal indicative of proper user authorization. Of course, the latter model is less susceptible to tampering and therefore considered far more secure. The former model is less susceptible to communication delays and is therefore considered more convenient.
For example, a financial trading company following the centralized security model that employs 7,000 employees that use 7,000 computers for trading operation is inundated with authorization requests when the market opens at 9:30 am. It is most likely that the 7,000 employees arrive between 9:00 and 9:30 am and log in to the server for performing their job shortly after arrival. As will be evident to a person with skill in the art, at such a company requests for a security system to authorize employees are numerous during peak hours. When this security system is in the form, for example, of biometric system based on recognition of fingerprint information, the processing required may be onerous. Even if the recognition system is fast, imaging a fingertip, characterizing and processing the fingerprint and authorizing an individual based on a comparison of the imaged fingertip and a stored template of the fingerprint takes some time. If such a process lasts 1 second, to authorize each of 7,000 employees takes almost 2 hours, and there is just half an hour between 9:00 and 9:30 am. Further, due to the load the company server may fail due to processing overload or get bogged down with authentication requests.
To avoid this inconvenience, a network is implemented with a faster more reliable security server, which though effective, is quite costly. Unfortunately, when it is time to upgrade the authentication method, the server often needs upgrading. This limits flexibility in authentication method upgrades. Upgrading a server is costly due to data transfer and testing requirements therefor. Alternatively, a simpler less robust form of user authorization is used to alleviate performance requirements of the server. This is undesirable since it affects the ability to adequately secure data and operations. Another alternative is to spread the employee arrival times over a longer period of time, in this case 3 hours instead of 30 minutes. This results in all the personal of a company not being present for a large part of a working day; this is not optimal because employees often need to communicate with each other or with customers during a normal business day.
Using a server for performing all the operations and storing all the data of a networking system and overall for verifying, recognizing and authenticating a user loads the server processor. Therefore, it is advantageous to offload processing by performing the processing tasks on a workstation in communication with the server.
The obvious solution is to employ the distributed security model. For example, a fingerprint recognition system is provided at each workstation. In this example, a user presents a fingertip to an imager; an image corresponding to the fingerprint is characterized, analyzed, compared to templates stored in a memory of the workstation in order to determine a user authorization. Depending upon the determined user authorization, the user is recognized and a message is sent from the computer to the server indicating that the server is accessible to the user. Alternatively, if the user is not recognized and no message is sent to the server, the user has no access to the server. However, it is possible to temporarily disconnect a computer from the server. The disconnected computer can be hacked, for example by introducing a Trojan horse application thereto. When the computer is reconnected to the server, the Trojan horse application detects a password or authorization code for example, which renders the security system obsolete. Alternatively, the workstation is hacked such that the user authorization process succeeds even when incorrect data is provided thereto. Such a modification would circumvent network security and would pose a significant threat to data security and operations.
A solution to overcome such inconvenience is to use a smart card wherein user authorization information are stored in a fingerprint recognition system such that upon recognition of a user, the smart card authorizes access to the server. However, this solution also presents some limitations. For example, it does not overcome the time problem for processing the fingerprint and comparing an image of the fingerprint with the smart card information in order to authorize or not authorize a user. Furthermore, it does not prevent the system from being breached because smart cards can be hacked too, which renders the security system obsolete.
In essence, there are competing concerns in network security. Clearly a centralized security system is advantageous for upgradability, monitoring, and fixing of security problems therewith. A distributed security systems is advantageous for load distribution, and user convenience. Unfortunately, heretofore, effective compromises between the advantages of each system have been hard to achieve.
An object of this invention is to provide a security system that relies on specific security policy.
A further object of the present invention is to provide a security system that performs security verifications according to pre-determined security levels.
A further object of the present invention is to provide a security system wherein a server performs part of the security verification and a further system completes the verification.