The ways in which people exchange information have been dramatically changed by the continued evolution of data communication capabilities. Today, more and more individuals have access to data networks by which they obtain news, entertainment and business information. In fact, as the data communication capabilities have increased, commerce along the data communication networks has appeared and increased as well. Today, the wide area network commonly referred to as the Internet provides its users with access to almost incomprehensible amounts of information.
FIG. 1 shows, in a schematic way, a network orientation in which a user 10 may attempt to get information from servers 15 and 20 via a wide area network (WAN) 50. In this arrangement the user, via a terminal device such as a PC 60, can connect to a gateway into the wide area network, here shown as Internet 30 service provider (ISP) 40. Typically, the user's terminal facility is connected to the ISP via a standard telephone network 30 such as the Public Switched Telephone Network (PSTN). Other configurations are possible where direct connections into the ISP or into the wide area network are available. In this arrangement either one of the servers, or both, may desire to either charge for access to the information on the server or limit the access to information on the server based on some predetermined criteria. For example, the server 1, 15, may provide an on-line version of a particular publication. The producer of the publication may desire to limit access to the publication to only those users willing to pay a subscription fee for the publication. Whenever the server decides to limit access to its resources, it must provide some facility by which it can authorize and/or authenticate a user who wishes to access a given resource. Typically today, each server that wishes to limit access to its resources must also provide a separate authentication/authorization facility. This is represented in each of the servers illustrated in FIG. 1. This arrangement creates a tremendous burden for those who wish to limit access to the resources. As the number of subscribers grows, the authentication and authorization facility resource for each server must be adapted to this growth. It also requires each individual who wishes to limit access to somehow incorporate additionally complex application software at additional cost to limit the access in the manner desired.
One alternative to this configuration has been presented by enCOMMERCE with an authorization program referred to as GetAccess. In this arrangement, a centralized server includes an authorization database. Even though some of the facilities are centralized, each location interacting with GetAccess requires its own server to load a GetAccess interface and to communicate with the central facility in such a manner as to build its own authorization table with the aid of the centralized facility. While this off-loads some of the responsibility for some of the authorization, it still requires complex interactions between the end servers and the centralized authority as well as the loading of authorization information at individual servers that are seeking to limit access to their resources.
It would be desirable to provide a technique by which the end point service providers or resource providers could off-load substantially all responsibility for authorizing and authenticating access-requesting users in a manner which does not overly tax the resource providers or the communication network.