The present invention relates to networked computer systems, and more specifically to user authentication in a network system that includes multiple separately-controlled restricted access resources.
The World Wide Web includes a network of servers on the Internet, each of which is associated with one or more HTML (Hypertext Markup Language) pages. The HTML pages associated with a server provide information and hypertext links to other documents on that and (usually) other servers. Servers communicate with clients by using the Hypertext Transfer Protocol (HTTP). The servers listen for requests from clients for their HTML pages, and are therefore often referred to as xe2x80x9clistenersxe2x80x9d.
Users of the World Wide Web use a client program, referred to as a browser, to request, decode and display information from listeners. When the user of a browser selects a link on an HTML page, the browser that is displaying the page sends a request over the Internet to the listener associated with the Universal Resource Locator (URL) specified in the link. In response to the request, the listener transmits the requested information to the browser that issued the request. The browser receives the information, presents the received information to the user, and awaits the next user request.
Because servers on the Internet can be accessed by a multitude of unidentifiable clients, several protection schemes have been developed to protect against unauthorized access to restricted information. One approach used to prevent unauthorized access to restricted information is to require clients to provide certain authorization information before they can have access to information on a particular server. This authorization information typically consists of such items as a userid/password combination, a particular IP address, specific domain name or other information that can identify a particular user and/or machine attempting to access information.
Of the various types of authorization information that may be used to authenticate a user, the userid/password combination is often favored because it is not tied to a particular machine or service provider. Thus, as long as users can remember their userids and passwords, they can gain access to restricted sites from any machine connected to the Internet. When the authorization information consists of a userid/password combination, the user provides the userid/password combination to the web server, in some manner, before the web server will deliver the restricted information to the user.
Once the user has submitted the authorization information to the server, the server determines whether the user is in fact authorized to access the restricted information. If the server determines that the user is authorized to access the restricted information, then the restricted information is sent to the user. Otherwise, the user is not allowed to access the restricted information.
For any given user, authorization information is frequently required to access the restricted resources of numerous on-line service providers. Each separately-controlled web server requests a user to provide authorization information (e.g. a userid/password combination) before allowing access to its products or services. Hence, if a user is subscribed with two separately-controlled on-line services, such as a news provider and a financial services provider, each service provider will request a userid/password combination before allowing the user access to its services.
This creates a problem for users because they must recall the password for each separately-controlled restricted resource. That is, when any given user subscribes to a multitude of such services, the user must remember a multitude of passwords. Consequently, users have adopted various techniques to avoid having to retain a multitude of distinct passwords in their memory.
One approach to avoid memorizing multiple passwords is for users to retain a written copy of their authorization information on or near their computer terminals. Thus, when asked for their userid/password combination, they can simply read it rather than recall it from memory. However, this approach jeopardizes security because third parties may easily obtain the authorization information from the written notes, and thereby gain unauthorized access to all of the service providers listed.
In another approach to avoid memorizing multiple passwords, users use the same password for all of their service providers. Again, this approach jeopardizes security because an employee of one service provider may try to use a user""s password for unauthorized access to restricted resources controlled by another service provider. For example, a user may use the password xe2x80x9cmypassxe2x80x9d to access a site for reading sporting news, and also to access a separately-controlled site for managing the user""s bank account. An employee of the provider of the sporting news site knows the user""s password for the sporting news site, and may attempt to access the user""s bank account using the same password. Because the user uses the same password for both services, the sporting news employee can break in to the user""s bank account.
Based on the foregoing, it is desirable to provide a way to allow users to avoid having to memorize multiple passwords without jeopardizing security.
A method and system are provided for authenticating users in a client-server system in a way that allows a user to sign-on to numerous servers using a different password for each server, while still only having to remember a single master password.
According to one aspect of the invention, a client generates a first set of site-specific authentication information for a first server based on master authentication information stored at the client and data associated with the first server. The client then supplies the first site-specific authentication information to the first server to access restricted resources controlled by the first server. The client generates a second set of second site-specific authentication information for a second server based on the same master authentication information. However, to generate the site-specific authentication information for the second server, the master resource information is combined with data associated with the second server. The client supplies the second site-specific authentication information to the second server to access restricted resources controlled by the second server.
Both the first and the second site-specific authentication information are different from the master authentication information, and the first site-specific authentication information is different from the second site-specific authentication information. Thus, the administrators of the various servers do not have information that would allow them to access the user""s account at the other servers.