1. Field of the Invention
The present invention relates to password re-entry.
Portions of the disclosure of this patent document contain material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure as it appears in the Patent and Trademark Office file or records, but otherwise reserves all copyright rights whatsoever.
2. Background Art
The Internet currently has millions of web pages that can be accessed. Some of the web pages require the input of passwords, for instance when creating or accessing a user account. Oftentimes, these passwords reside on a web page that contains other data input fields as well. It is desirable to include password entries and data input fields in the same form.
Sometimes, when errors occur, the web page must be re-transmitted to the user (if a password must be re-entered or if the other data input is incorrect in some way). In the prior art when this occurs, the web page is returned in a form that compromises the password. This problem can be better understood by first reviewing what the Internet is and how it works.
Internet
The information network known as the “Internet” has become ever increasingly popular. The Internet provides a vast body of information which may be accessed by users via computers for such purposes as business, education, and entertainment. In particular, the Internet includes a large collection of interconnected documents which are stored in computers in a system known as the World Wide Web or simply “the web”. The documents are organized into web spaces, where a web space includes a home page and links to other documents which may be in the local web space or in an external web space. Such links are known as hyperlinks. Documents may include moving images, text, graphical displays, and sound.
Internet resources are typically accessed in a two-way environment via a network connection. For example, connectivity to the network may be via a conventional twisted-pair telephone line which has a relatively low data-carrying capacity (e.g., bandwidth), or via a higher bandwidth path, which may comprise optical fiber, coaxial cable, or other transmission mechanism, such as the newly emerging wireless technologies. To retrieve data from a network destination (e.g., an Internet site), a user sends a message to the network destination to request the transfer of information to the user's computer, referred to as a client. The network destination typically includes a computer known as a server. The server then sends a request signal to a source function, which may be a memory which is coupled to the server. The source function includes the user-requested information which may comprise, for example, text, graphics, audio and/or video data. In response to the request signal from the server, the source function provides the requested information to the client.
HTML
Source information which is stored in the source function is often stored in a format known as “Hypertext Markup Language (HTML)”. This file or script format allows the display of text, graphics and audio information, and provides links to other pages of information through “hyperlinks.” Hyperlinks are strings of characters in a particular format that specify the address of the desired page of information.
In particular, HTML is a system for marking documents to indicate how the document should be displayed, and how various documents should be linked together. HTML is a form of Standard Generalized Markup Language (SGML), defined by the International Standards Organization. HTML specifies the grammar and syntax of markup tags which are inserted into a data file to define how the data will be presented when read by a computer program known as a “web browser”. Conventional web browsers include Internet Explorer, Netscape Navigator, and others.
The data file, which is typically stored on a server, includes one or more web pages which are visited by users who have computers which may run different browsers. When a page is visited, HTML data output from the server is downloaded to the client computer. The client computer's browser processes the data to format a layout for the page so the page can be viewed by the user on a computer screen. Generally, HTML tags provide text formatting, hypertext links to other pages, and links to sound and picture elements. HTML tags also define input fields for interactive web pages. Another use for HTML is to generate forms. Form HTML allows the web browser to display a plurality of locations in the web page where a user can provide input which can then be transmitted to the server. Often form HTML is useful to process such data as a user ID, a password, a user's address, and a user's phone number, for instance.
An HTML application is made available to users on the web by storing the HTML file in a directory that is accessible to a server. Such a server is typically a web server which conforms to a web browser-supported protocol known as Hypertext Transfer Protocol (HTTP). Servers that conform to other protocols such as the File Transfer Protocol (FTP) or GOPHER may also be used, but do not support interactive HTML files.
HTTP defines a set of rules that servers and browsers follow when communicating with each other. Typically, the process begins when a user accesses an icon in an HTML page which is the anchor of a hyperlink, (for instance, by positioning a cursor on the icon and depressing a mouse button), or the user inputs a Uniform Resource Locator (URL) to his or her web browser, described below. A connection is then made to the server at the address and port number specified by the URL. Next, the browser sends a request to retrieve an object from the server, or to post data to an object on the server. The server sends a response to the browser including a status code and the response data. The connection between the browser and server is then closed.
URL
A URL is a unique address which identifies virtually all files and resources on the Internet. A URL has the form:                method://server:port/path/file#anchor.The “method” of accessing the resource is the web browser-supported protocol, and may include, for example, HTTP, FTP, GOPHER, TELNET, NEWS, or MAILTO. The “server:port” indicates the name of the server which is providing the resource, and is alternatively known as the Internet domain name. For example, many businesses will use their business name as part of the server field. The port designation is the port number on the server, but is usually not used since a default port is assumed. The “path” indicates the directory path to the resource. The file indicates the file name of the resource. The “anchor” indicates the named element in the HTML a document. Not all fields are required.        
Thus, it can be seen that web browsers operate in a two-way communication environment to access information by sending a request signal defined by a URL command to a server, and receiving information in return.
Password and Data Entry
Most web pages that require a password to be entered normally require the user to enter the password twice, so that a verification can occur as to whether the user has made a typographical error. In addition, these password fields normally echo characters with a rather than the original letter, for security purposes. Thus, a person maliciously peering over the shoulder of the user will be unable to determine his or her password.
Referring to FIG. 1, web browser 100, includes display area 110 for displaying the HTML output of a web server which in this example is a form. FIG. 1 substantially represents the screen of a computer user displaying a form. In operation, the user inputs data to the form, which includes input areas for a user ID 120, other data fields 125-127, a first password field 130, and a second password field 140. After the user has completed inputting data, it will appear substantially as shown in FIG. 2. Thus, a user ID entry 200 in the user ID field 120, other data field entries, data1, data2, and data3, (205-207), in other data fields (125-127), a first password entry 210 in the first password field 130, and a second password entry 220 in the second password field 140 have been entered. First and second password entries 210 and 220 are represented as strings of “*” characters as is common in the prior art.
Take, for example, the case where a user intends his or her password to be “dog”. The user is presented with two fields for password entry, such as fields 130 and 140 of FIG. 2. Assume, for instance that the user inputs “dog” into the first field instead of “dog”. The user would see “***” and believe the password to be dog. Thus, in the future, the user would be unable to utilize the password because the computer would recognize the password as “dog” while the user believes the password to be “dog”. With the more common two field entry, as in FIGS. 1 and 2, the computer will obviate this problem because the two differing entries will indicate that a typographical error has been made. Thus, fields 130 and 140 will display only strings of “*” characters, but by comparing the actual characters of the strings, the server will determine that an error occurred and notify the user.
Re-sending Forms
In the prior art, when an error occurs in a two field password entry, or another type of error occurs, such as an invalid user ID entry 200, or an invalid other type of data entry 205-207, one solution is for the server to re-send the form and prompt the user to fill out the form again. The re-sent page is exemplified by FIG. 3, which includes error message 300, which prompts the user to fill out the form again.
Note that all data entries from FIG. 2 have been removed from the re-sent form. While this solution does not compromise the password, it is disadvantageous because if user ID field 120, or other data fields 125-127 were entered correctly, they must be-re-entered again. This can be time consuming and unnecessarily repetitive for users, often causing them to forego filling out the form altogether. In addition, many forms are extremely detailed and could have hundreds of other field entries, many of them comprising large blocks of text. Forcing a re-entry because of a mistyped letter in a password or other data field is disadvantageous.
To avoid forcing a re-entry of the entire form, one prior art solution causes the server to construct a new HTML form document, such as the document described in connection with FIG. 4. In reconstructing the document, the server generates HTML code. The code can include the data that was correctly entered into the field, which will include the password in clear text. This code is not readily visible in FIG. 4, but HTML source code is freely available through various other techniques.
Most conventional web browsers include the functionality to view the source of an HTML document, such as by depressing view source button 400 of web browser 100. The HTML code could also be cached on the workstation and retrieved later from the cache. This is a problem because an unauthorized user accessing the cache could discover the password as re-constructed in clear text in the HTML code of the document and later maliciously use the password.
Another solution to the problem of re-sending a password in a re-constructed HTML document is to divide the data entries and the password entries into separate web pages. Thus, a data field error will cause re-sending only the data fields in the re-constructed form, while a password error can be re-turned without the password data with little cost. This solution, however, is clearly inadequate because it creates two forms that a user must fill out, which creates additional time, complexity, and is therefore disadvantageous. A method and apparatus is needed which will reconstruct a web page that includes password fields and one or more data fields when a user must re-enter the password or data fields, in a manner that does not compromise the password.