Generally, access control systems limit who or what can execute methods on objects. Permission to execute a method on an object is governed by which secrets or information a host application has proven that it knows. For example, in normal log on systems, the host application acts as an interface between the user and the client application that the user desires to access (such as reading a file). Typical access control systems are limited to particular types of authentication protocols, such as a password, a public key challenge/response, a symmetric key challenge/response, or a keyed-hash message authentication code (HMAC).
These protocols are often fixed to a single type of authentication by the operating system or the firmware of the device being accessed. As a result, access control systems are typically limited to a single or limited number of authentication protocols and have limited flexibility.
Improved access control systems and methods are therefore desired, which could provide increased versatility and extensibility to many different authentication protocols.
Various embodiments of the present invention address these problems, and offer other advantages over the prior art.