A common problem for computer systems is the control of access to different computers through a network. This control is useful for a number of reasons. For example, access control can be used as a means of identifying a user or resource within a computer system so that certain data can be presented to that specific resource or user. Another example of access control may be to only allow certain resources or individuals to be able to access particular information stored on a computer system.
One implementation of access control is through the use of authentication information. Prior to allowing access to certain information, a computer system requests authentication information from the user or resource making the information request. For example, one form of authentication information can be a username and password pair. A username and password are created and stored on a computer system. When a user wishes to access the computer system, the user must input (e.g., type) this username and password combination into the computer system through a user-interface (e.g., keyboard, browser, electronic card reader). The computer system then matches the information as inputted by the user against the information previously stored in the computer system's database. If the user inputs a username/password combination that matches a username/password combination as stored in the computer system's database, the computer system considers the user authenticated and allows the user access to data on the computer system. The username/password pair is just one example of a way of authenticating a user or resource. For example, instead of a username/password, a resource might need to provide a number, a text string, or some other information. This access control is particularly important when using a large number of computers on an network, where sharing data between different computers allows for an increased amount of services and functionality.
The Internet comprises a vast number of computers and computer networks that are interconnected through communication links. The interconnected computers exchange information using various services, such as electronic mail, Gopher and the World Wide Web (“WWW”). The WWW services allows a server computer system (i.e., Web server or Web site) to send graphical pages of information and other data (“Web pages”) to a remote client computer system. A particular Web page may be set up as accessible by anyone on the WWW, a “Public page”. Alternatively, the publisher of Web page may restrict access to a particular Web page (“Private Page”) and only allow access to a Private Page upon certain authentication, such as requiring the user to provide a username and password. Then, depending on whether authentication is required, or such proper authentication is provided, the remote client computer system can then display the Web pages. Each resource (e.g., computer or Web pages) of the WWW is uniquely identifiable by a Uniform Resource Locator (“URL”). To view a specific Web page, a client computer system specifies the URL for that Web page in a request (e.g., a HyperText Transfer Protocol (“HTTP”) request). The request is then forwarded to the Web server that supports the Web page. When that Web server receives the request, it sends that Web page to the client computer system. In the case of a private page, the Web server first determines whether or not the client computer system is properly authenticated, and only then does it send the page. When the client computer system receives that Web page, it typically displays the Web page using a browser. A browser is a special-purpose application program that effects the requesting of Web pages and the displaying of Web pages.