1. Technical Field
This invention generally relates to interactions on the world-wide web, and more specifically relates to an apparatus and method that allow a web user to interact with a software application on another computer system that is accessible via the world-wide web.
2. Background Art
The development of the EDVAC computer system of 1948 is often cited as the beginning of the computer era. Since that time, computer systems have evolved into extremely sophisticated devices, and computer systems may be found in many different settings. Computer systems typically include a combination of hardware (e.g., semiconductors, circuit boards, etc.) and software (e.g., computer programs). As advances in semiconductor processing and computer architecture push the performance of the computer hardware higher, more sophisticated computer software has evolved to take advantage of the higher performance of the hardware, resulting in computer systems today that are much more powerful that just a few years ago.
Computer systems typically include operating system software that control the basic function of the computer, and one or more software applications that run under the control of the operating system to perform desired tasks. For example, a typical IBM Personal Computer may run the OS/2 operating system, and under the control of the OS/2 operating system, a user may execute an application program, such as a word processor. As the capabilities of computer systems have increased, the software applications designed for high performance computer systems have become extremely powerful.
Other changes in technology have also profoundly affected how we use computers. For example, the widespread proliferation of computers prompted the development of computer networks that allow computers to communicate with each other. With the introduction of the personal computer (PC), computing became accessible to large numbers of people. Networks for personal computers were developed to allow individual users to communicate with each other. In this manner, a large number of people within a company could communicate at the same time with a software application running on one computer system.
One significant computer network that has recently become very popular is the Internet. The Internet grew out of the modem proliferation of computers and networks, and has evolved into a sophisticated worldwide network of computer systems linked together by web pages that collectively make up the "world-wide web", or WWW. A user at an individual PC (i.e., workstation) that wishes to access the WWW typically does so using a software application known as a web browser. A web browser makes a connection via the WWW to other computers known as web servers, and receives information from the web servers that is displayed on the user's workstation. Information displayed to the user is typically organized into pages that are constructed using a specialized language called Hypertext Markup Language (HTML).
As the WWW has experienced explosive growth in the last few years an ever increasing concern is web security. In particular, where web browsers and web servers are being used to provide web-based access to other computer resources (i.e., software applications, data files, HTML web pages, etc.) those resources must be kept secure. This involves assuring that access to those resources is granted only to approved web users.
In some cases, a system must be provided where different users are granted access to different resources accessible through the web server. For example, one web server may provide web access to two software applications, and each software application accesses multiple databases. Some users access one software application, but not the other, while other users access to both software applications, but only specified databases for those software applications. If a user is authorized to access one of the two software applications, and security checking is only performed at the web server level, gaining access to the user will grant access to both software applications even though the user is not authorized to access the second software application. Even if security checking is performed before granting access to each software application, granting access would allow the user to access any of the databases that are accessible to the software application. Thus, more sophisticated security checking techniques are needed to assure that unapproved users cannot gain access to sensitive resources while access for approved users is maintained.
Typical web security uses a password and userID combination to authenticate a particular web user to access a particular web server or specific resources through that web server. When a web user attempts to access such a protected resource, he is prompted to supply a userID and password. This is typically done by web server issuing a request that requires the web user to enter a userID and password, which is then stored by the web browser and transmitted back to the web server application.
This process is typically repeated for each specific resource that is accessible through the web server application. Thus, a web user that accesses several secure resources is prompted and required to enter his or her password and userIDs for each resource. For example, a user might have to enter his or her password and userID to gain access to a web server, a second password and userID to gain access to a software application through the web server and a third password and third userID to gain access to a particular software application database. This requires the user to memorize a large number of passwords and userIDs in addition to the inconvenience of having to submit them multiple times. Even if the password and userID are the same at each level, it becomes annoying to repetitively enter the same information again and again.
In traditional web server authentication systems, the web browser resends the password an userID each time a submission is sent to the web server. Thus, the password and userID repeatedly subjected to the risk of "snooping" (i.e., the unauthorized and unwanted interception of the transmissions between web server and web browser). Some systems try to limit this problem by regularly requiring the users to change their passwords and userID's, but this can be major problem where multiple passwords and multiple userID's are required to access multiple software applications.
The problems associated with the prior art solutions have lead some system operators to remove additional security protection measures and rely only on the web server authentication with a userID and password. Again, this solution is acceptable only where a high risk of unauthorized access to the web-accessible resources is acceptable. Without improved methods for security checking of web users, computer systems will remain less secure and will be inconvenient when used to access multiple secure resources via the World-Wide Web.