Integrating user specified extensions into an information access system
First Claim
1. A method of securely invoking an access control function, the method comprising the steps of:
- receiving a digital signature for the access control function;
generating a mapping of the access control function to the digital signature;
determining that the digital signature is mapped to the access control function based on the mapping when execution of the access control function is requested;
generating a plurality of records mapping access control events to access control functions along with an indication whether access control function invocation is active for each mapped access control event wherein said plurality of records are stored in a configuration file;
detecting that an access control event related to controlling access to information resources on a computer system has occurred;
determining that the access control event is mapped to the access control function;
retrieving an executable element if the access control event is mapped to the access control function and if access control function invocation is active for the access control event;
generating a digital signature for the retrieved executable element;
determining whether the retrieved executable element matches the access control function by comparing the digital signature of the retrieved executable element and the digital signature for the access control function; and
executing the retrieved executable element only when the retrieved executable element matches the access control function.
7 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus is provided for securely executing access control functions that may be customized by or on behalf of administrators of information access systems. Examples of such functions include changing a password of a user, determining whether or not data specifying a user and a password identifies an authentic user, and displaying a message indicating whether a login attempt was successful. An access control function is mapped to a digital signature. The digital signature is used to verify that an executable element retrieved for executing the access control function is the proper executable element. The access control functions may be invoked upon the occurrence of access control events, such as a user successfully logging onto an information access system or the modification of a user'"'"'s password. A mapping contains data used to determine what events are tied to what access control functions, and whether the access control function should be executed. Upon the occurrence of an extension event that is tied to an extension, an executable element for the extension is retrieved. After executing an extension, data is returned to the caller of the extension. The returned data may be a hash table that includes other objects, such as strings or even other hash tables. The access control functions are developed in manner that exploits the power and simplicity of the inheritance feature of object oriented programming.
-
Citations
30 Claims
-
1. A method of securely invoking an access control function, the method comprising the steps of:
-
receiving a digital signature for the access control function; generating a mapping of the access control function to the digital signature; determining that the digital signature is mapped to the access control function based on the mapping when execution of the access control function is requested; generating a plurality of records mapping access control events to access control functions along with an indication whether access control function invocation is active for each mapped access control event wherein said plurality of records are stored in a configuration file; detecting that an access control event related to controlling access to information resources on a computer system has occurred; determining that the access control event is mapped to the access control function; retrieving an executable element if the access control event is mapped to the access control function and if access control function invocation is active for the access control event; generating a digital signature for the retrieved executable element; determining whether the retrieved executable element matches the access control function by comparing the digital signature of the retrieved executable element and the digital signature for the access control function; and executing the retrieved executable element only when the retrieved executable element matches the access control function. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An access control system, comprising:
-
a processor; a memory coupled to the processor; a first mapping that maps each of a set of access control functions to a digital signature of that access control function; the processor configured to retrieve an executable element in response to a request to execute a first access control function; the processor configured to generate a plurality of records mapping access control events to access control functions along with an indication whether access control function invocation is active for each mapped access control event wherein said plurality of records are stored in a configuration file; the processor configured to detect that an access control event related to controlling access to information resources on a computer system has occurred; the processor configured to determine that the access control event is mapped to the access control function; the processor configured to retrieve an executable element if the access control event is mapped to the access control function and if access control function invocation is active for the access control event; the processor configured to generate a digital signature for the retrieved executable element; the processor configured to determine whether the retrieved executable element matches the first access control function by comparing the digital signature of the retrieved executable element and the digital signature for the first access control function; and the processor configured to execute the retrieved executable element when the retrieved executable element matches the first access control function. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer-readable medium carrying one or more sequences of one or more instructions for securely invoking an access control function, the one or more sequences of one or more instructions including instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
-
receiving a digital signature for the access control function; generating a mapping of the access control function to the digital signature; determining that the digital signature is mapped to the access control function based on the mapping when execution of the access control function is requested; generating a plurality of records mapping access control events to access control functions along with an indication whether access control function invocation is active for each mapped access control event wherein said plurality of records are stored in a configuration file; detecting that an access control event related to controlling access to information resources on a computer system has occurred; determining that the access control event is mapped to the access control function; retrieving an executable element if the access control event is mapped to the access control function and if access control function invocation is active for the access control event; generating a digital signature for the retrieved executable element; determining whether the retrieved executable element matches the access control function by comparing the digital signature of the retrieved executable element and the digital signature for the access control function; and executing the retrieved executable element only when the retrieved executable element matches the access control function. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification