1. Field of the Invention
This invention relates to data processing, and in particular, to generating and maintaining passwords. Still more particularly, the present invention provides a method, system, and program for automatically generating a separate distinct password for each user and for each resource, and for regenerating that same password each time that same password is needed by that user for that resource.
2. Description of the Related Art
The Internet, initially referred to as a collection of “interconnected networks”, is a set of computer networks, possibly dissimilar, joined together by means of gateways that handle data transfer and the conversion of messages from the sending network to the protocols used by the receiving network. When capitalized, the term “Internet” refers to the collection of networks and gateways that use the TCP/IP suite or protocols.
Currently, the most commonly employed method of transferring data over the Internet is to employ the World Wide Web environment, referred to herein as “the Web”. Other Internet resources exist for transferring information, such as File Transfer Protocol (FTP) and Gopher, but have not achieved the popularity of the Web. In the Web environment, servers and clients effect data transfer using the Hypertext Transfer Protocol (HTTP), a known protocol for handling the transfer of various data files (e.g., text, still graphic images, audio, motion video, etc.).
Each computer connected to the Internet has an IP address which is used by other computers for contacting each other. The IP addresses are resolved by a Domain Name Server so that the addresses used by users may be comprised of English words, referred to as domain names, instead of numbers. For efficiency purposes, the Internet has been organized into a number of major domains including .com (commercial); .edu (education); .gov (government); mil (military); net (companies and groups concerned with the organization of the Internet); and .org (organizations). Domains are organized in an hierarchical manner. Underneath the major domains are many minor domains. By design, each Web site has a unique domain name.
Some Web sites require the user to have a password before allowing the user access to the Web site and the pages within the Web site. Because of the numerous Web sites requiring passwords, this can become burdensome to a user. Although some users try to use the same password for each Web site, some Web sites have different format requirements for the password which forces the user to have to maintain different passwords for each site. Also, over time, passwords expire. At any given time, this may require the user to come up with a new password for the Web site where the old password expired, while still maintaining the old password on those sites for which the old password has not expired. Consequently, the user is forced into maintaining separate passwords for different Web sites.
Some users write down all of their user IDs and passwords in case they are forgotten. However, this creates a security risk if the paper on which the user IDs and passwords is lost or stolen. Other users may simply forget their passwords, placing a burden on support personnel who must answer support calls and repeatedly change passwords for users.
Other users may utilize a password management tool that automatically accesses a database that contains the passwords for each secure resource. Depending on the number of resources and passwords, this may require more memory than what is available if a mobile device is used for storing passwords as described in co-pending U.S. patent application Ser. No. 10/042,095. If a mobile device is not used for storing the user's passwords, then the user's use of the database may be limited to the times in which the user is accessing the resources from the computer on which the database resides. Otherwise, the user would need to access the database over a network. Nevertheless, the user still has the burden of updating the database when passwords expire, or adding passwords when new resources are accessed. Furthermore, the password security may be compromised if the database is ever broken into.
Other users may utilize a password tool that automatically generates a random password to be used by the user. The problem with this is that the user would not get the same password the next time that the user accessed that same resource. A further problem is that the user would then have to remember the generated password.