1. Field of the Invention
The present invention is in the field of electronic services, including Internet-based services, and pertains particularly to a method and system for automatically accessing a password-protected Web site on behalf of a client.
2. Discussion of the State of the Art
In the field of network-based electronic services there are services that aggregate Web-based data for clients and that provide dash-board style summary presentations of the most current information aggregated on behalf of the client. The inventors are aware of an automated browser-driven system that is able to log on to a password-protected Web site using authentication data provided by the client, to affect a successful login on behalf of the client.
The system utilizes a software agent which is activated to perform the login task for the client. In this way the system may access and aggregate data from a plurality of Web pages to which the client subscribes and has authorization to access. The system works by emulation of the client, and once logged in and representing a client, the system can perform certain pre-defined tasks on behalf of the client. The service provides protected access to summary and transactional information aggregated for a client, and in this way the client need only remember one username/password pair to access their information from all of their subscribed sites through a single interface and provide a full Personal Finance Management Solution.
More recently more sophisticated authentication procedures have been developed that attempt to thwart automatic machine-initiated methods for accessing Web sites that provide protected information. “Completely Automated Public Turing test to tell Computers and Humans Apart” (CAPTCHA) is a login validation procedure that attempts to determine if a human or a machine (software agent) is making the login attempt.
CAPTCHA is a series of distorted characters presented in an image with perhaps other distractive graphics. In order to login successfully, a user must decipher the characters in the image, type them into a data entry field and submit the result to the server for verification before login can be completed. The concept behind CAPTCHA is that a software agent or “bot” cannot “see” the distorted characters and can not then enter them into a data field.
Another recent development that attempts to prevent automated login by a software agent involves a virtual interactive keypad presented as an image wherein the characters presented are sufficient for a user to use the keypad to enter his/her password. The user navigates the presentation by locating the correct characters of his or her password in the keypad and clicking on their locations in the correct order of the characters as they exist in the password, just as one would use a mechanical keypad input.
With the development of these regimens, legitimate services that provide data aggregation for subscribing clients, including bill pay and financial management services, where automated login is periodically required by a software agent, are finding that they can no longer login to some of the client Web sites to retrieve data or perform tasks for the client.
In a data aggregation system known to the inventor, if a CAPTCHA interface is presented for validating that a user is human, then the system may capture the interface and send it to the client whose credentials are to be used to log in to the site, and the client provides the correct character input, which is used to login to the site in the data aggregation sessions made by the software agent. With respect to a keypad touch interface containing standardized characters, the characters required for login may be randomly located anywhere on the keypad, and the characters are typically not in a standard font, but may be distorted, and additional intelligence is then required to affect a successful login.
Therefore, what is clearly needed is a system and methods for automatically deciphering a virtual keypad presentation of characters so that automated login to protected client Web sites can still be achieved by legitimate proxy services in a fully automated manner.