1. The Field of the Invention
The present invention pertains to the field of client-server computer networking. More particularly, the present invention relates to a method of using electronic tickets containing privileges for improved security.
2. The Prior State of the Art
The number of people using personal computers has increased substantially in recent years, and along with this increase has come an explosion in the use of the Internet. One particular aspect of the Internet which has gained widespread use is the World-Wide Web (xe2x80x9cthe Webxe2x80x9d). The Web is a collection of formatted hypertext pages located on numerous computers around the world that are logically connected by the Internet. Advances in network technology and software providing user interfaces to the Web (xe2x80x9cWeb browsersxe2x80x9d) have made the Web accessible to a large segment of the population. However, despite the growth in the development and use of the Web, many people are still unable to take advantage of this important resource.
Access to the Web has been limited thus far mostly to people who have access to a personal computer. However, many people cannot afford the cost of even a relatively inexpensive personal computer, while others are either unable or unwilling to learn the basic computer skills that are required to access the Web. Furthermore, Web browsers in the prior art generally do not provide the degree of user-friendliness desired by some people, and many computer novices do not have the patience to learn how to use the software. Therefore, it would be desirable to provide an inexpensive means by which a person can access the Web without the use of a personal computer. In particular, it would be desirable for a person to be able to access the Web pages using an ordinary television set and a remote control, so that the person feels more as if he or she is simply changing television channels, rather than utilizing a complex computer network.
Prior art Web technology also has other significant limitations which can make a person""s experience unpleasant when browsing the Web. Web documents are commonly written in HTML (Hypertext Mark-up Language). HTML documents sometimes contain bugs (errors) or have features that are not recognized by certain Web browsers. These bugs or quirks in a document can cause a Web browser to fail. Thus, what is needed is a means for reducing the frequency with which client systems fail due to bugs or quirks in HTML documents.
Another problem associated with browsing the Web is latency. People commonly experience long, frustrating delays when browsing the Web. It is not unusual for a person to have to wait minutes after selecting a hypertext link for a Web page to be completely downloaded to his computer and displayed on his computer screen. There are many possible causes for latency, such as heavy communications traffic on the Internet and slow response of remote servers. Latency can also be caused by Web pages including images. One reason for this effect is that, when an HTML document references an image, it takes time to retrieve the image itself after the referencing document has been retrieved. Another reason is that, in the prior art, if the referencing document does not specify the size of the image, the client system generally cannot display the Web page until the image itself has been retrieved. Numerous others sources of latency exist with respect to the Web. Therefore, what is needed is a means for reducing such latency, to eliminate some of the frustration which typically has been associated with browsing the Web.
Security is another concern associated with the Internet. Internet service providers (ISPs) generally maintain certain information about each customer in a database. This information may include information which a customer may not wish to become publicly known, such as social security numbers and credit card numbers. Maintaining the confidentiality of this information in a system that is connected to an expensive publicly-accessible computer network like the Internet can be problematic. Further, the problem can be aggravated by the fact that an ISP often provides numerous different services, each of which has access to this database. Allowing access to the database by many different entities creates many opportunities for security breaches to occur. Therefore, what is needed is a way to improve the security of confidential customer information in a server system coupled to the Internet.
According to the present invention, a server is coupled to a client, the client having an authorized user. The server provides the client with a number of on-line services including a log-in service. The other services might include, for example, e-mail. The server also has a user database containing information about each user including the authorized user that is associated with the client.
The present invention has the advantage of improved security because only the log-in service has access to the user database. Once the server receives the request from the user for initiating access to the server, the log-in service obtains information from the user database. This information includes access privileges of the authorized user in relation to the other services available on the server. The server then generates an information packet containing this information, and transmits the information packet to the client.
After the client logs into the server and receives the information packet, the client transmits another request to the server. This request is for requesting use of another service offered by the server other than the log-in service. The information packet provided by the server in response to the log-in request is transmitted along with the second request to the server. The server then regulates access by the client to this other service by using the information packet transmitted back to the server from the client.
Note that the second service does not need to re-access the user database to determine whether the client should be granted access to the second service. Instead, the second service determines the access privileges of the client by reading the information packet provided by the client to the second service without resorting to a direct access of the user database. Thus, the only time when the user database is directly accessed is during the initial log-in procedure. Thus, the number of direct accesses of the user database is reduced compared to the database accessing of the prior art server systems in which each service of the server directly accesses the database. Furthermore, only the log-in service needs to have access to the user database. By minimizing the number of services that have access to the user database, the risk of security breaches of the user database is likewise minimized.
Other features of the present invention will be apparent from the accompanying drawings and from the detailed description which follow.