Computer networks have become ubiquitous in business, industry, and education. Networks have one or more resources, such as application programs that provide various computing functions, which are available to all users. Organizations that operate networks are referred to as network operators.
Development of the globally accessible, packet-switched network known as the Internet has enabled network resources to become available worldwide. Development of hypertext protocols that implement the World Wide Web (“the Web”) enables networks to serve as a platform for global electronic commerce. In particular, through the Web a business easily exchanges information with its customers, suppliers and partners worldwide. Because some exchanged information is valuable and sensitive, access to it should be limited to selected users. Thus, there is a need to provide selective access to network resources and information over the Web.
One approach to solve the foregoing problems is to provide each network resource or application program with an access control mechanism. Typically, the access control mechanism is commercial software, which is purchased as off-the-shelf software from vendors of access control mechanisms.
Commercial access control mechanisms have several advantages. First, they are developed by developers that specialize in network security. Second, businesses operating networks may purchase commercial access control mechanisms at a price much less than the cost of producing comparable software in house.
Vendors of commercial access control mechanisms develop access control functionality demanded by network operators. The functionality demanded varies between network operators. One approach to providing functionality that meets the varying demands is to incorporate, into the access control mechanisms, configuration mechanisms that enable network operators to customize security functions.
For example, access control mechanisms often request a valid password from a user who is requesting access to the network that is protected by the access control mechanism. Some network operators may desire that the password contain a relatively small number of characters, while other network operators may prefer more secure passwords, such as passwords that contain relatively larger number of characters that include both alpha and numeric characters. To meet the functionality desired by both groups of network operators, access control mechanisms may provide a configuration mechanism that enables network administers to specify the format of passwords.
Some security functionality is demanded by a relatively large subset of network operators, while other functionality is demanded by a relatively small subset of network operators. Vendors of access control mechanisms are more likely to develop the more heavily demanded functionality, and less likely to develop the less demanded functionality. Less demanded functionality is less economical for vendors to develop, and consequently, less likely to be offered commercially. Therefore there is a need for a mechanism that provides functionality that is less demanded or special to a particular set of network operators.
One approach to providing specialized functionality is the “external call” approach. Under the external call approach, the access control mechanism has an external call mechanism that invokes, under particular circumstances, software supplied by network operators themselves. This approach enables network operators to tailor commercial access control software to provide desired functionality.
For example, an external call mechanism may call a routine supplied by a network operator. The routine is called while logging in a user, after the user has supplied a valid password, but before access to the network is granted to the user. The access control mechanism expects the routine to return data that indicates whether or not access should be granted. When invoked, the routine accesses via the internet a service that verifies whether or not the user is a terminated employee of the network operator, and returns data that indicates whether access should be denied when the user is a terminated employee.
The external call approach, however, leaves network operators vulnerable to those who may maliciously alter externally invoked software, thereby circumventing the access control mechanism and exposing network resources. There is therefore a need to prevent the access control system from calling external call routines that have been altered maliciously or otherwise.