It is common practice to restrict a user's access to an application program until the user establishes his/her identity to the program. Such an identification is generally accomplished by the user's typing in certain identity information and one or more passwords. This act is generally called "logging-on" and thereafter enables the user to fully utilize the program. The log-on procedure is accomplished by entry of user credential data into a dialog box (i.e., a class of window). Such a log-on procedure is tedious and, at times, annoying, especially when the user has already established a right of access to the data processing system via other security interface arrangements.
To expedite the log-on procedure, the prior art has utilized a number of techniques. One involves the user's activation of a macro program which automatically enters the necessary data/password(s) into a dialog box and, causes actuation of an enter signal to enable access to the application program. The prior art has further enabled such a macro program to be activated by the user's clicking on a sign-on icon to cause execution of the underlying macro. Several "shareware" programs such as Webpass and Password Tracker can automate the feeding of user credentials to a dialog box without requiring user intervention. They detect when a dialog box with a specified title/caption is displayed. While this procedure operates for simple cases, if an application changes the caption, for instance, the automated system does not work correctly.
An expedited sign-on product (i.e., a "single sign-on" or "SSO") entitled "Persauth", utilized by the Union Bank of Switzerland, implements an expedited sign-on wherein a terminal emulation can automatically be given a user ID and a password at the right spot during the log-on sequence. The Persauth product requires customization of all applications that make use of it. While the passwords are stored securely on users' smart cards and are retrieved from there, the actual password transmission is performed exactly as before, which is often in clear text.
The Praesidium SSO, marketed by the Assignee hereof, is based on the BoKS family of SSO software, a product of DynaSoft AB. It provides application connectivity via SSO Application Connectivity Agents (ACA), which are server based application filters which call an SSO server for credential mapping and then insert the correct secondary credentials (user name/password) in the applications data stream. Oracle and Sybase databases are examples of some of the supported applications. Praesidium SSO relies upon a Winsock 2 (a Windows interface) layered service provider on the windows client to transparently intercept/modify the traffic it is sending to a remote application. For each application for which connectivity is provided, it requires writing an ACA specific to that application, which usually involves reverse engineering that application's network protocol. It also requires moving the server application to another port on the server, and installing the ACA on the server as a proxy.
A characteristic of prior art expedited log-on procedures is that explicit identification of the application program is required so as to enable the program's log-on dialog box to be accessed, filled in and the data thereby entered. Such an automated log-on procedure often requires customization of the application program to accept the automated input. There is thus a clear need for an automated log-on procedure which will enable a user's access to an application program, without involvement of the user. Further, such log-on procedure should preferably be invisible to the user and be able to interface with a variety of application programs, without requiring modifications to the application programs. Also, in view of the wide usage of the Windows Operating System (Windows is a registered trademark of the Microsoft Corporation, Redmond, Wash.), such an expedited sign-on procedure should be usable with Windows-based application programs.
The Windows Operating System includes various "hooks" which enable calls to be made to call back functions when specified events occur. For example, a WH.sub.-- GETMESSAGE hook traps every call to "::GETMESSAGE", whereas a WH.sub.-- CBT (computer based training) hook traps only certain events, like window creation, destruction and/or activation, among others. Such a hook can be either thread-specific or system-wide. Such a hook enables a dynamic-link library (DLL) to automatically be inserted into an executing application program. A DLL file is one that contains one or more functions that are compiled, linked and stored separately from application processes that use them. Upon a call being made to a DLL, the Windows Operating System maps the DLL data into the process's address space when the process is either starting up or running. The process then executes the functions in the DLL.
Accordingly, a framework exists in the presently available Windows Operating System to enable automatic insertion of a subroutine action upon detection of an event--through the hook procedure.