The need for providing security to computing systems has never been so critical as it is today. It is believed that traditional system security methods are no longer sufficient since access and duplication methods may still be available. Also, secure gateways for sending sensitive information between organizations may not be present. Security issues that need to be addressed include: limit access to system resources and data; provide controls regarding interactions with software programs, software file access, and utilities on a user-by-user basis; eliminate “super user” access by dividing super user functions into multiple roles to decrease security risks; provide an independent evaluation and auditing authority to the operating system to validate the security functions; prevent “eavesdropping” in the operating environment and provide a trusted path; prevent spoofing programs; and protect local devices against unauthorized users or use.
Therefore, Common Criteria Certification, a globally accepted standard for security certification for computer networks, was developed. This certification is upheld by an independent third party organization that performs security evaluations. However, in order to maximize security when utilizing an untrusted computer network, e.g., global computer system such as, but not limited to, the Internet, to achieve Common Criteria Certification, requires a significant duplication of hardware, software, server compartments, vendors and software languages. This security need involves protection of content available from the untrusted computer network as well as provide a safe passage of the data from this untrusted system access to an organization's secure computing environment. This need is for any organization that transmits and receives personal, confidential, proprietary and/or financial data. This applies to virtually every industry with particular applicability to organizations that conduct financial transactions over an untrusted computer network such as the financial services industry. A financial transaction of special interest includes a credit card transaction. Other industries that could benefit from this type of security include the government, e.g., military organizations, healthcare and the airline industry. Control of inventory data is crucial to having a secure system. Moreover, there is a strong need to prevent the hacking and associated defacing of websites that are accessible to the public.
The present invention is directed to overcoming one or more of the problems set forth above.