Because it facilitates electronic communications between vendors and purchasers, the Internet is increasingly being used to conduct “electronic commerce.” The Internet comprises a vast number of computers and computer networks that are interconnected through communication channels. Electronic commerce refers generally to commercial transactions that are at least partially conducted using the computer systems of the parties to the transactions. For example, a purchaser can use a personal computer to connect via the Internet to a vendor's computer. The purchaser can then interact with the vendor's computer to conduct the transaction. Although many of the commercial transactions that are performed today could be performed via electronic commerce, the acceptance and wide-spread use of electronic commerce depends, in large part, upon the ease-of-use of conducting such electronic commerce. If electronic commerce can be easily conducted, then even the novice computer user will choose to engage in electronic commerce. Therefore, it is important that techniques be developed to facilitate conducting electronic commerce.
The Internet facilitates conducting electronic commerce, in part, because it uses standardized techniques for exchanging information. Many standards have been established for exchanging information over the Internet, such as electronic mail, Gopher, and the World Wide Web (“WWW”). The WWW service allows a server computer system (i.e., web server or web site) to send graphical web pages of information to a remote client computer system. The remote client computer system can then display the web pages. Each resource (e.g., computer or web page) of the WWW is uniquely identifiable by a Uniform Resource Locator (“URL”). To view a specific web page, a client computer system specifies the URL for that web page in a request (e.g., a HyperText Transfer Protocol (“HTTP”) request). The request is forwarded to the web server that supports that web page. When that web server receives the request, it sends the requested web page to the client computer system. When the client computer system receives that web page, it typically displays the web page using a browser. A browser is typically a special-purpose application program that effects the requesting of web pages and the displaying of web pages.
Currently, web pages are generally defined using HyperText Markup Language (“HTML”). HTML provides a standard set of tags that define how a web page is to be displayed. When a user indicates to the browser to display a web page, the browser sends a request to the server computer system to transfer to the client computer system an HTML document that defines the web page. When the requested HTML document is received by the client computer system, the browser displays the web page as defined by the HTML document. The HTML document contains various tags that control the displaying of text, graphics, controls, and other features. The HTML document may contain URLs of other web pages available on that server computer system or other server computer systems.
The World Wide Web portion of the Internet is especially conducive to conducting electronic commerce. Many web servers have been developed through which vendors can advertise and sell product. The products can include items (e.g., music) that are delivered electronically to the purchaser over the Internet and items (e.g., books) that are delivered through conventional distribution channels (e.g., a common carrier). A server computer system may provide an electronic version of a catalog that lists the items that are available. A user, who is a potential purchaser, may browse through the catalog using a browser and select various items that are to be purchased. When the user has completed selecting the items to be purchased, the server computer system then prompts the user for information to complete the ordering of the items. This purchaser-specific order information may include the purchaser's name, the purchaser's credit card number, and a shipping address for the order. The server computer system then typically confirms the order by sending a confirming web page to the client computer system and schedules shipment of the items.
The World Wide Web is also being used to conduct other types of commercial transactions. For example, some server computer systems have been developed to support the conducting of auctions electronically. To conduct an auction electronically, the seller of an item provides a definition of the auction via web pages to a server computer system. The definition includes a description of the item, an auction time period, and optionally a minimum bid. The server computer system then conducts the auction during the specified time period. Potential buyers can search the server computer system for an auction of interest. When such an auction is found, the potential buyer can view the bidding history for the auction and enter a bid for the item. When the auction is closed, the server computer system notifies the winning bidder and the seller (e.g., via electronic mail) so that they can complete the transaction.
Commercial transactions may involve the transmittal of sensitive information (e.g., a credit card number) from a buyer to a seller. Because this information when transmitted over the Internet may pass through various intermediate computer systems on its way to its final destination, security is a concern. Sellers use various techniques to help ensure that their customers' sensitive information is secure. For example, sellers use various encryption techniques when transmitting such sensitive information to ensure its security.
Although the encryption of sensitive information may provide adequate security, it is very time-consuming and inconvenient for a buyer to re-enter such sensitive information for each commercial transaction. Some web sites store the sensitive information for a buyer so that the buyer does not need to re-enter the information when the next commercial transaction is conducted. When the buyer next conducts a commercial transaction, the buyer can identify themselves with a user identification and password, and the web site can then retrieve the sensitive information that it stored for the buyer. In this way, the sensitive information is not transmitted over the Internet and not re-entered by the buyer. If a buyer conducts multiple commercial transactions at one time, the buyer may need to re-enter the user identification and password for each commercial transaction. This entry of the user identification and password, referred to as “manual authentication,” can be cumbersome.
Some web sites avoid this manual authentication altogether. Such web sites store the identity of the buyer on the buyer's computer, for example, as a cookie. When the buyer next accesses the web site, the web site can automatically identify the buyer by retrieving the buyer's identification that was stored on the buyer's computer. The web site can then retrieve and use the buyer's sensitive information without requiring manual authentication. This approach, however, is only practical when the buyer knows that no unauthorized person can access the buyer's computer.