1. Field of the Invention
The present invention relates to client-server computing and, more particularly, to client-server computing for securely accessing resources over a network.
2. Description of the Related Art
Network browsers (browser applications), such as Netscape Navigator or Microsoft Explorer, allow users of client machines to request and retrieve resources from remotely located server machines via the Internet. These network browsers can display or render HyperText Markup Language (HTML) documents provided by the remotely located server machines. Additionally, browsers are able to execute script programs embedded in the HTML documents to provide some local functionality.
Further, applets (e.g., Java™ applets) can also be embedded in the HTML documents. In such case, the browser will fetch the bytecode for the applet from a web server by issuing HTTPS requests to get the appropriate class and/or archive files for the applet. The received bytecode is then loaded into a virtual machine (e.g., Java Virtual Machine). During runtime, the applet typically communicates with an application server over a secure connection, such as HTTPS or socket connections. Further, in the case of Java, the Java Sandbox operates to restrict the applet from communicating with a network domain (host) other than the network domain from which the applet was obtained.
Conventionally, network browsers are used to access public networks, such as the Internet. Private networks are normally protected by firewalls so that network browsers residing on computing machines outside the private network are not able to gain access to any resources on the private network.
While firewalls are effective at protecting against external access to private networks, there is often the need for external persons or businesses to gain at least limited access to the private networks of other persons or businesses. For example, a supplier of parts to a business customer may be able to better serve their business customer by having access to information (e.g., inventory levels or orders) maintained on the private network of the business customer. One conventional approach is to allow the supplier's machine to access the private network through the firewall via a public network. This provides a “hole” in the firewall that seriously compromises the security of the private network. Hence, this conventional approach is normally not permitted if security is an important concern. Another conventional approach is to establish a Virtual Private Network (VPN) with the supplier's machine. Here, the supplier's machine is also able to access the private network through the public network and the firewall, but all data transmissions are encrypted. Some firewalls support VPNs and protocols providing encrypted communications, such as Point-to-Point Tunneling Protocol (PPTP). While VPNs offer remote secure access, they are difficult to arrange, configure and manage. Each VPN must also be provided for each external person or business given access to the private network. Still further, VPNs are costly and each VPN provides some security exposure to the entire private network.
Thus, there is a need for improved approaches to providing secure remote access to resources maintained on private networks.