Recently, technology has been developed that allows for wireless devices, such as personal digital assistants (PDAs), cell phones, and two-way pagers, to access computer networks; computer networks are no longer physically limited to a hard-wired environment. In the past, database or systems administrators for a computer network have been forced to work within the physical confines of a secure office computer network at a company or other organization. Access to a computer network through a wireless device allows the administrator to monitor and manage the computers within the network remotely. If the administrator does not happen to be physically near in the event of a crisis, then wireless access translates directly into a quicker response to problems and less downtime. This is extremely valuable to companies, such as banks, auction houses, brokerage firms, etc., which must keep their systems running uninterrupted in order to prevent a loss of revenue.
Thus, wireless devices provide an excellent solution to many old problems in systems and database administration, but they also introduce a new problem: how can communications within a network that includes wireless devices be kept secure? For a system or database to be administrated or managed remotely, communications within the network must be kept secure at all times and in all places to avoid a leak of confidential information. The difficulties of keeping a computer network secure are increased dramatically when wireless communications are allowed between computers within the network.
In the present state of the art in wireless communications, information is transmitted to and from a wireless device by electromagnetic radiation that will inevitably travel through public spaces. It is not desirable, and in some cases it may be a violation of law, for a company to allow public access to the information kept in its computer network. In addition, data must be transferred between a server inside, and a server outside a company's Intranet before it can be broadcast to a wireless device. Each connection must be secure to prevent unauthorized access to a secure computer network. Since private or confidential information may be kept in a computer within a secure computer network, it is extremely important that all communications within a network are secure.
Wireless devices present additional challenges to securing a computer network since they usually have fewer computing resources (e.g., processing power, memory, and bandwidth) available than do non-portable or handheld devices. Previous methods for securing a computer network have relied on algorithms that require a very fast processor or a long time to complete. Other methods have relied on a large amount of memory. The security methods used with non-wireless devices are not useful for securing a wireless device.
Currently, one of the most widely used methods for securing a computer network is with public key (also called “asymmetric”) encryption. The use of public key encryption, in which a secret key is securely exchanged between a client and a server using a public key, is so prevalent that most current versions of Web browsers, such as NETSCAPE NAVIGATOR or MICROSOFT INTERNET EXPLORER, come preinstalled with “Certificates” for the most often visited “Certificate Authorities” on the Web.
Public key encryption is not well adapted for use within a computer network that includes wireless devices. Public key encryption is slow and difficult to implement in hardware. Public key encryption algorithms may run 10,000 times slower than a comparable private key (or “symmetric”) encryption algorithm. Even in the future, when wireless devices are built with the computational resources today available only for desktop computers, public key encryption methods would be undesirable. In part because of their wide use there are many known ways for circumventing public key encryption.
One serious vulnerability in the public key encryption method exists in a step of requesting and transferring a private key from an internal server to a client within a network. This vulnerability can be exploited by “hijacking” a private key request from the client to the internal server. The request is hijacked by an “impostor” server, a server that acts in place of the internal server intended for communication with the client. The impostor server sends its own private key back to the client, and subsequent communication between the client and the impostor server is carried out with that private key—the client has no way of knowing that the impostor server is not the internal server it had intended for communication, and all information transferred to the impostor server is available for inspection by the impostor server's owner, usually a competing or hostile company that has specifically targeted the client will engage in this kind of attack. Use of a public key encryption method, in this case, would make all of the confidential information transferred within the computer network directly available to that competitor.