Clients routinely access application programs containing sensitive data. To verify that a client has access rights to an application program, the application program receives credentials from the client. The credentials can comprise a domain name, a level of security access, a password, and other secure information about the client. The application programs can comprise human resources programs having sensitive personal information, retirement plan programs having sensitive information regarding a client's accounts, or other programs having sensitive data. Such application programs having sensitive data are commonly called “line-of-business” application programs.
For example, a large organization can have a human resources web page to provide information to the organizations employees (the clients). The web page can comprise an application program having sensitive information about each client. For instance, the sensitive information can comprise home address and telephone number, spouse's name, annual salary, previous pay sheets, and other information. When the client tries to access the application program on the human resources web page, the application program can request the client's credentials to verify the access rights of the client.
One conventional authentication method for verifying access rights requires the client to input manually the client's credentials each time the client accesses the application program. Problems associated with that type of authentication system include forgetting the credentials and the repeated, manual task of inputting the credentials.
A conventional process to improve the authentication method described above involves saving the client's credentials in a memory of the client's console. The credentials then are retrieved from the client's memory when requested by the application program. However, if the client accesses the application program from another client console, then the saved credentials are not available.
Furthermore, conventional methods save credentials by associating them with a particular uniform resource locator (URL) of the web page comprising the application program. Accordingly, if the URL of the web page changes, then the saved credentials become obsolete. Additionally, if the client accesses the same application program at a web page having a different URL, then the saved credentials do not apply. Furthermore, because the credentials are saved per web page, only one application program can be accessed at a time for each web page. A web page cannot provide automatic, simultaneous access to multiple application programs when the credentials are associated with a particular URL.
As an alternative to saving credentials in a local memory, another conventional authentication method involves hard coding all employee credentials into the application program. While removing the repeated step of manually inputting credentials, hard coding typically provides all clients with the same credentials. Accordingly, the security level of such a conventional system is lower than a system having unique credentials for each client. Additionally, the hard coded credentials typically are transmitted across a network, further decreasing the security level of the system. Finally, if the credentials change, then the computer code for the application program must be changed.
Accordingly, there is a need in the art for making the transfer of credentials to an application program transparent to the client. Specifically, a need exists for a single signon system and method that can allow future access to an application program after an initial input of the client's credentials for that application program. A need in the art also exists for remotely storing client credentials to allow access to any client's credentials from any client console. Furthermore, a need in the art exists for securely storing client credentials in a remote location. A need in the art also exists for storing credentials in relation to an application program, rather than in relation to a URL of a web page.