The increased popularity of the Internet and the development of the World Wide Web (WWW) has resulted in the creation of new business opportunities. One such business opportunity is that of Internet commerce or on-line commerce. On-line commerce involves the exchange of goods, services, and information as a result of transactions executed using an on-line computer system. On-line commerce is often achieved using a computer application and system that allows access to information from disparate data sources through a computer network, such as the Internet. To support on-line commerce, it is of paramount importance that the underlying computer application and system provide: (1) relevant information, often from disparate data sources, in a timely and accurate manner; and (2) a secure means for allowing access to a user's account and the disparate data sources used by the system. Primarily, users do not want unauthorized access to their account information and information providers do not want unauthorized access to their data sources and systems.
On-line commerce computer applications and systems are difficult to design and implement, frequently taking years to develop, and provide either too little security or a level of security that is too cumbersome in actual operation and hence unacceptable. In particular, the development of computer applications and systems requiring interprocess communication for access to disparate data sources is complex and time consuming. Disparate data sources include information or data from such sources as databases, application programs, or systems that reside on multiple and disparate platforms, database management systems, and environments that may be physically separated from one another. The design difficulties and complexities arise from the interface software that must be developed for each disparate data source to ensure that information can be accessed from each disparate data source in a timely and accurate manner. The interface software is difficult and complex to develop because each disparate data source may have a different or proprietary method and format or protocol for exchanging data. The format or protocol peculiarities of each disparate data source must be taken into account and coded into the interface software. Often, the difficulties and delays in designing the interface software adversely affect the development and implementation of other portions of the on-line commerce application and system, which further increases overall system development time and costs.
The proper exchange of information between disparate data sources is especially critical when the information is time sensitive. Time sensitive data is any data that frequently changes. For example, on-line commerce computer applications and systems involving the trading of securities, such as stocks, bonds, notes, options, futures, mutual funds, and the like, rely heavily on time sensitive data to ensure that trades are timely placed and that decisions are based on accurate and up-to-date information.
As mentioned above, another significant problem encountered when developing on-line commerce computer applications and systems is that of overall system security. Systems must be secure enough to prevent unauthorized access to a user's account and unauthorized access to the various disparate data sources. Unfortunately, security in many systems is either easily defeated by the unscrupulous computer hacker or is so tedious and cumbersome that users find the system too cumbersome to use. Security is especially a problem in systems implemented using the Internet or corporate intranets where clients are not continuously in direct communication with the on-line commerce system. In such arrangements, the client communicates with the on-line commerce system through a network of servers opening up the possibility to unauthorized access of sensitive information while in transit. This arrangement also presents the disadvantage of preventing the on-line system from determining when a session has started and when a session has ended because of the absence of the continuous communications path by which the system can easily determine when a user has logged on or out. This presents the opportunity for two users, the second of which may be an unauthorized user, to logon at the same time under the same account number or user identification number.
Some prior attempts at providing a system for securely accessing information from disparate data sources have provided too little security. For example, an unauthenticated security system allows access to one of the disparate data sources by anyone having access to a web server and may allow one user to break into another's session. This is unacceptable to most users and information providers.
Still other prior attempts at providing a system for securely accessing information from disparate data sources have provided a security system that is too burdensome and inflexible. For example, some of these security systems require user identification numbers that are different from a user's account number, thus requiring the user to remember yet another number, in addition to an account number and password. Also, some security systems require passwords and logon identifications for each disparate data source. This greatly increases the overall system administrative burden because databases containing valid passwords and logon identifications (or user account numbers) must be maintained at multiple locations using different technologies. Whenever a new user is added or deleted or when an existing user changes a password, this information must be changed at multiple locations. The availability of the user information at multiple locations also increases the risk of unauthorized internal access by personnel having access at the various locations. Some other security systems require an Internet or intranet user to exit their web browser before starting a new session with their on-line system or after changing a password. This is unacceptable to many users.
Other attempts at system security have focused on maintaining a user database of valid passwords and logon identifications at a database on a web server. These types of security systems do not provide the added security of insulating the user database from web server personnel. These security systems also frequently fail to provide the added security feature of allowing permissions and rights to be assigned to individual users or groups of users to limit access to certain data sources.