1. Field of the Invention
The present invention relates in general to computer software, and more particularly to a security methodology for connecting users to an enterprise network or extranet over the public Internet.
2. Background Art
In conventional remote connect computer systems, a connection is made with a large legacy system via a dial-up connection from a customer owned terminal, personal computer or workstation. This connection frequently, although not always, is a fixed copper connection through one or more telco central offices and emulates a terminal addressable by the legacy systems and employs a security methodology dictated by the legacy system. The dial-up access requires custom hardware for a terminal or custom software for a workstation to provide a remote connection. This includes dial-up services, communication services, emulation and/or translation services and generally some resident custom form of the legacy application to interface with the midrange or mainframe computer running the legacy system.
There are several problems associated with the approach. First, the aforementioned software is very hardware dependent, requiring multiple versions of software compatible with each of a wide range of workstations customers generally have. In addition, an extensive inventory of both software and user manuals for distribution to the outside customers is required if an enterprise desires to make its resources available to its customers. Moreover, installing the software generally requires an intensive effort on the customer and the software support team before any reliable and secure sessions are possible.
Secondly, dial-up, modem, and communications software interact with each other in many ways which are not always predictable to a custom application, requiring extensive trouble shooting and problem solving for an enterprise desiring to make the legacy system available to the customer, particularly where various telephone exchanges, dialing standards or signal standards are involved.
Thirdly, although businesses are beginning to turn to the Internet to improve customer service and lower costs by providing Web-based support systems, when an enterprise desires to make more than one system available to the customer, the custom application for one legacy system is not able to connect to a different legacy system, and the customer must generally logoff, logon and re-authenticate to switch from one to the other. The security and entitlement features of the various legacy systems may be completely different, and vary from system to system and platform to platform. The security methodology used by the two legacy systems may be different, requiring different logon interfaces, user or enterprise IDs and passwords. Different machine level languages may be used by the two systems, as for example, the 96 character EBCDIC language used by IBM, and 127 ASCII character language used by contemporary personal computers.
It is therefore desired to provide customers with secure remote connectivity to enterprise legacy systems over the public Internet. The public Internet provides access connectivity world wide via the TCP/IP protocol, without need to navigate various disparate security protocols, telephone exchanges, dialing standards or signal standards, thereby providing a measure of platform independence for the customer.
As contemplated with the present invention the customer can run their own Internet Web browser and utilize their own platform connection to the Internet to enable services. This resolves many of the platform hardware and connectivity issues in the customers favor, and leaves the choice of platform and operating system to the customer. Web-based programs can minimize the need for training and support since they utilize existing client software which the user has already installed and already knows how to use. Further, if the customer later changes that platform, then, as soon as the new platform is Internet enabled, service is restored to the customer. The connectivity and communications software burden is thus resolved in favor of standard and readily available hardware and the browser and software used by the public Internet connection.
Secure World Wide Web (Web)-based online systems are now starting to emerge, generally using security protocols supplied by the browser or database vendors. These Web-based online systems usually employ HTTPS and a Web browser having Secure Sockets Layer (SSL) encryption, and they display Hypertext Markup Language (HTML) pages as a graphical user interface (GUI), and often include Java applets and Common Gateway Interface (CGI) programs for customer interaction.
For the enterprise, the use of off-the-shelf Web browsers by the customer significantly simplifies the enterprise burden. Software development and support resources are available for the delivery of the enterprise legacy services and are not consumed by a need for customer support at the workstation level.
However, the use of the public Internet also introduces new security considerations not present in existing copper wire connections, as an open system increases the exposure to IP hijackers, sniffers and various types of spoofers that attempt to collect user id""s and passwords, and exposes the availability of the service to the users when the system is assaulted by syn-flooding, war dialers or ping attacks. These measures also need to be combined with traditional security measures used to prevent traditional hacker attacks, whether by copper wire or the internet, that might compromise the enterprise system and its data.
The present invention is directed to a series of security protocols and an integrated system for the same that enables a user to interact with one or more application services provided by remote servers over the public Internet, or an enterprise extranet. The present invention utilizes the Web paradigm and an integrated graphical user interface to allow easy and convenient access from the user""s perspective, wherein the security provisions are transparent to the user, other than the entry of a customary user id and a strong password.
In order to provide cross-platform software operability that is not dependent on a specific operating system or hardware, the present invention is implemented using programming languages, such as Java(trademark) which only requires a Java(trademark) enabled Web browser. The system of the present invention includes an application backplane unit for controlling and managing the overall user interface system to a number of Web enabled application services, and a common security object for managing security and Java(trademark) applets for a number of disparate services available from the remote servers.
Each remote service includes its own user interface unit, referred heretofore as a client application, independently implemented of one another and the backplane. Although the client applications are independently developed as separate modules, the system of the present invention provides a capability of integrating the client applications and secured access thereto into one unified system, allowing users to access the individual client applications via the backplane unit and the security object.
The present invention includes centralized user authentication to insure that the user has valid access to the system. The authentication procedure generally includes a logon object which prompts for and accepts the user""s name and password. The logon object then communicates the logon transaction to a remote server responsible for screening those users attempting to access remote services. Once a user has been authenticated by the system of the present invention, the user need not re-enter their name and password each time the user accesses another remote server via the respective server""s user interface program. In addition, each application may supplement the provided authentication procedure, with its own method of authentication by communicating with its respective servers independently.
Once a validated user is logged onto the system, the user is presented with a set of remote services which the user may obtain. The set of remote services available for each user is unique and depends on each user""s subscriptions to the services. The set of service subscription, then forms the user""s entitlements for the services. Thus, for example, if a user subscribes to a toll free network management service, the user is entitled to access information regarding the service. On the other hand, if the user does not subscribe to the toll free network manager service, that option is not available for the user to select.
The present invention includes a user object to represent a current user logged onto the system. This user object, inter alia, is responsible for obtaining from a remote server the current user""s information including the user""s entitlements to various remote services. The backplane uses the entitlement information to provide only those services available to the user. As explained previously, the backplane will not enable the services to which the user does not have entitlements, effectually blocking the user from accessing those services.
In addition, the user information is maintained for the duration of a logon session, allowing both the backplane and the client applications to access the information as needed throughout the duration of the session. The backplane and the client applications use the information to selectively provide remote services to users. Accordingly, it is yet another object of the present invention to provide a mechanism for retrieving and maintaining user information and entitlements such that they are available to processes and threads running on the client platform without having to communicate with a remote server every time the information is needed.
The system of the present invention implements a xe2x80x9ckeep alive messagexe2x80x9d passed between a client and a server, also called a xe2x80x9cheartbeat.xe2x80x9d For example, a keep alive message is sent every predefined period, e.g., 1 minute from a client application to the server. When the client application fails to heartbeat consecutively for a predetermined period of time, for example, one hour, the server treats this client application as having exited by closing the application and performing cleanup routines associated with the application. This mechanism assists in restricting authorized access by effectively preventing sessions from remaining open in the event of client application failure or user neglect. Accordingly, it is a further object of the present invention to provide a mechanism for detecting communication failures among the xe2x80x9cstatelessxe2x80x9d processes running the present invention.