1. Technical Field
The invention relates generally to Internet based authentication technology. More particularly, the invention relates to a method and system for monitoring Web browsing activity across an Internet based network of affiliated sites and for enabling said sites to detect and to force re-authentication upon a user who has had a period of network-wide inactivity longer than a site-specific maximum allowable inactivity period.
2. Description of the Prior Art
To request a service or conduct other electronic transaction in an Internet based network, a user is usually required to go through an authentication process. In other words, the user must provide the seller or service provider with some information such as his personal identification, contact information, or even financial information. The authentication process may take from several seconds to several minutes. Because each seller or service provider usually maintains its own authentication server and database, millions of sellers and service providers might share thousands or millions of consumers or users. Some of the consumers or users might be required to go through the same or substantially similar authentication process again and again if they have transactions with many sellers or service providers. This repetitive authentication not only wastes consumers' precious time, but also burdens the sellers or service providers because they have to expand their databases to keep detailed authentication information for a growing number of users. This situation brings forth a technical need to create a universal, unified, single-logon infrastructure wherein a specific user may be authenticated once for all and the authentication result is widely recognized by a large number of sellers or service providers.
In responding to that need, several approaches have been developed. For example, Microsoft Corporation has introduced a “.NET Passport” single sign-in system. With “.NET Passport”, a user does not need to register a member name and password at each new site he visits. The user may simply use his e-mail address and password that registered as his “.NET Passport” to sign in to any participating site. The information the user registers with “.NET Passport” is stored online, securely, in the “.NET Passport” database as the user's “.NET Passport profile.” When the user signs on to a “.NET Passport” participating site by typing his e-mail address and password in the “.NET Passport” sign-in box, “.NET Passport” confirms that (1) the e-mail address he typed is registered with “.NET Passport”, and (2) the password he typed is correct. “.NET Passport” then notifies the site that the user has provided valid “sign-in credentials,” and he is given access to the participating site. Once the user signs in to one “.NET Passport” participating site during an Internet session, he can sign in to other sites simply by clicking the “.NET Passport” sign-in button available at each site.
Another example is America Online Incorporated (AOL)'s “Screen Name Service” system, which provides free service allowing anyone with a “Screen Name” to easily and securely register at a variety of Web sites. As with to Microsoft's “.NET Passport” system, the “Screen Name Service” eliminates a user's need to remember multiple names and passwords for all the places he visits on the Web. With the “Screen Name Service” system, each user has a “My Profile”, which stores the user's personal information used to make registration at sites across the Web simple and secure. When the user registers at a participating site using the service, he has the opportunity to choose which fields of information stored by AOL, if any, he would like to share with that site. No information is shared with any site without the user's explicit permission. When the user agrees to share certain information with a participating site, that information is conveyed to the site at which he is registering. Another feature is that the user is provided with a “My Site List”, which is an effective way to manage personal information because it shows the user with which sites he has registered using the service. The user can view the privacy policy of a site to see how it uses information it knows about the user. The user can also decide if he would like to be signed into the site without being prompted and if the site should be updated with information when “My Profile” changes.
The common characteristic of these approaches is that they implement a centralized solution for authentication and authentication information management. Undoubtedly, the centralized solution may overcome the repetitive authentication and repetitive storage problems that exist in the scattered, disorganized situation.
In these networks, a user's inactivity is typically tracked only upon individual sites versus at the network level, and thus the user who is active in a network but inactive on a particular site gets inadvertently timed out on that site. For example, if the user had not completed and sent his message in Site A before he switched to Site B, after a predefined duration of a single, continuous session is over, his workflow in Site A will interrupted and the data he created in the session will be lost. Because of this, time has been wasted, efficiency lost, resources wasted, and distraction, annoyance and stress increased.
What is desired is a mechanism to monitor Web browsing activity across an Internet based network of affiliated Web sites so that a Web site does not time-out a session for a user who has been inactive in the Web site for period of time longer than a predefined maximum allowable inactivity period Pmax but his network-wide inactivity duration has not been longer than Pmax, so that the Web site forces the user to re-authenticate if his network-wide inactivity duration has been longer than Pmax.