Public and private usage of distributed processing systems, such as the Internet, and other information wide area networks, continues to increase at a prodigious rate. Conducting commerce over such distributed systems (i.e., e-business) continues to gain in popularity. Users of e-business and other identity-sensitive, electronic applications are required to provide a user identifier and a password (e.g., PIN number) before the user is permitted access to such applications. When these and other applications operate within a multiple website environment, each website must get involved in a given transaction to authenticate the user prior to allowing access to these websites. A process authenticates a user generally by verifying that the user password is properly associated with the user identifier.
A conventional approach to authenticating a user, for purposes of performing a number of tasks on behalf of the user and by using a number of processes, involves caching the user identifier and password. Caching the user's identifier and password obviates the need to request this information repeatedly from the user by each of the processes involved in a particular transaction. From a security perspective, such an approach can be problematic and costly. Although encrypting the user identifier and password can provide some degree of increased security, increasing the encryption strength generally limits the ability to export the program encompassing the encryption algorithm(s) overseas. Therefore, caching can be very difficult when multiple websites are involved.
Thus, a need exists for an improved systematic approach to authenticating a user in multiple website environments. A need exists for such an approach that provides for a high degree of security, particularly with regard to user identity and authentication.
The certain embodiments of the invention meet these needs.