1. Field of the Invention
The present invention relates generally to a client/server authentication system used with Internet or intranet Web sites and/or Web pages, mail servers, or file transfer protocol (FTP) servers, and more particularly, to such a client/server authentication system that ensures that the client is operating from a specific, pre-authorized client machine.
2. Description of the Related Art
There has long been recognized a need for increasing the security of Internet and intranet Web sites and/or selected Web pages accessible via such Web sites. In some instances, access must be restricted to particular authorized employees due to the confidential and sensitive nature of information stored on the server computer; this is likely the case in many corporate intranet systems, in which travelers and tele-commuters need to log onto the intranet from remote locations. In other cases such as subscription-based Web sites, the data stored on the server has commercial value, and the owner of the Web site limits access to paying subscribers. In still other instances, such as on-line banking, access to portions of a financial institution's Web site must be limited to the authorized owner of a particular bank account.
Various security measures have been employed in the past to restrict the access of a client to data stored on a remote server. For example, it is common for Web site operators to save authorized user names and passwords, and to require the user to “log-in” by entering his or her user name and password in order to access information stored on the server. In other cases, the user must enter a key code assigned to the user. However, these security methods are easily defeated, as the user can provide his or her user name, password and/or key code to third parties, thereby allowing others to gain access to the “secured site” from virtually any personal computer. Likewise, if the user name and password and/or key code are stolen, then the thief can gain access to the system, at least until the user reports the theft of such information.
Another type of security measure that has been employed is a hardware-lock component, sometimes called a “dongle”, which must be plugged into a port of the user's computer; the dongle provides a code that can be read by the user's computer and transmitted to the server computer to verify the identity of the user. Once again, however, such security measures are defeated if the owner of the hardware-lock component loans it to third parties, who can then access the restricted data from any available computer. In addition, such “dongles” are often lost or stolen, posing a substantial inconvenience to genuine authorized users, and creating additional opportunities for security breaches.
Accordingly, it is an object of the present invention to provide a client/server authentication system which provides an increased level of security.
Another object of the present invention is to provide such an authentication system which does not require the user to possess any special hardware components, or “dongles”, in order to gain access to the server.
Still another object of the present invention is to provide such an authentication system capable of restricting a client to a particular personal computer or other client machine in order to gain access to a Web site and/or Web pages on an Internet and/or intranet site.
Yet another object of the present invention is to provide such an authentication system that easily allows for multiple levels of access wherein some authorized users have greater access to Web pages than other authorized users.
An additional object of the present invention is to provide such an authentication system that eliminates the need for the server administrator to store, or administer, user names, passwords or other user authentication data.
A further object of the present invention is to provide such an authentication system which avoids the necessity for a user to remember a user name, password and/or key code in order to gain authorized access to a protected site.
These and other objects of the present invention will become more apparent to those skilled in the art as the description of the present invention proceeds.