|Publication number||WO2001052076 A1|
|Publication date||19 Jul 2001|
|Filing date||13 Nov 2000|
|Priority date||13 Jan 2000|
|Publication number||PCT/2000/42156, PCT/US/0/042156, PCT/US/0/42156, PCT/US/2000/042156, PCT/US/2000/42156, PCT/US0/042156, PCT/US0/42156, PCT/US0042156, PCT/US042156, PCT/US2000/042156, PCT/US2000/42156, PCT/US2000042156, PCT/US200042156, WO 0152076 A1, WO 0152076A1, WO 2001/052076 A1, WO 2001052076 A1, WO 2001052076A1, WO-A1-0152076, WO-A1-2001052076, WO0152076 A1, WO0152076A1, WO2001/052076A1, WO2001052076 A1, WO2001052076A1|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (4), Referenced by (2), Classifications (6), Legal Events (5)|
|External Links: Patentscope, Espacenet|
Method and Apparatus for Automatically Filling On-Line Forms by a Third-Party Server by inventor(s) Ramakrishna Satyavolu
Field of the Invention
The present invention is in the field of Internet interaction including e- commerce processes, and pertains more particularly to filling in on-line forms by proxy (third party).
Cross-Reference to Related Documents
The present invention is a continuation in part to a U.S. patent application SN 09/208,740 entitled "Method and Apparatus for Providing and Maintaining a User- Interactive Portal System Accessible via Internet or other Switched-Packet- Network" filed on 12/8/98, disclosure of which is included herein by reference.
Background of the Invention
The information network known as the world wide web (WWW), which is a subset of the well-known Internet, is arguably the most complete source of publicly- accessible information available. Anyone with a suitable Internet appliance, such as a personal computer with Internet connectivity may access the Internet (go on-line) and navigate to information pages (termed web pages) stored on Internet-connected servers for the purpose of garnering information and initiating transactions with hosts of such servers and pages.
Many companies offer various subscription services accessible via the Internet. For example, many people now do their banking, stock trading, shopping, and so forth from the comfort of their own homes via Internet access. Typically, a user, through subscription, has access to personalized and secure WEB pages for such functions. By typing in a user name and a password or other personal identification code, a user may obtain information, initiate transactions, buy stock, and accomplish a myriad of other tasks. One problem that is encountered by an individual who has several or many such subscriptions to Internet-brokered services is that there are invariably many passwords and/or log-in codes to be used. Often a same password or code cannot be used for every service, as the password or code may already be taken by another user. A user may not wish to supply a code unique to the user such as perhaps a social security number because of security issues, including quality of security, that may vary from service to service. Additionally, many users at their own volition may choose different passwords for different sites so as to have increased security, which in fact also increases the number of passwords a user may have.
Another issue that can plague a user who has many passworded subscriptions is the fact that they must bookmark many WEB pages in a computer cache so that they may quickly find and access the various services. For example, in order to reserve and pay for airline travel, a user must connect to the Internet, go to his/her book-marks file and select an airline page. The user then has to enter a user name and password, and follow on-screen instructions once the page is delivered. If the user wishes to purchase tickets from the WEB site, and wishes to transfer funds from an on-line banking service, the user must also look for and select the personal bank or account page to initiate a funds transfer for the tickets. Different user names and passwords may be required to access these other pages, and things get quite complicated. Although this preceding example is merely exemplary, it is generally known that much work related to finding WEB pages, logging in with passwords, and the like is required to successfully do business on the WEB.
A system known to the inventor and referenced under the cross-reference to related documents section provides an interactive portal server that enables subscribers to store their WEB pages, user names, and passwords in a secure fashion at the portal site. The system also compiles user profile information with regard to user data and WEB data associated with registered WEB sites frequented by subscribers. Using this data, the system may navigate to such sites on behalf of users and perform user-requested tasks such as updating data from WEB sites and the like. In several different aspects of the above described service, a software suite known to the inventors as the password all suite is implemented to perform described services on behalf of users. The password all suite includes any described browser plug-ins that may be required to perform certain services.
The system known to the inventor is able to perform auto log-in procedures on behalf of users at user-registered WEB sites requiring passwords and the like. However, such auto log-in procedures require that a WEB service is aware of the proxy relationship between the user's browser and the portal server. Through prior agreement, such a WEB service provider may allow auto log-in functions and even transparent registration to services including the acquisition of new user-name and password pairs, which are subsequently managed by the portal service on behalf of users.
In normal operation, a WEB service requires, in many instances, that a user return a cookie at the time of log-in to a secure WEB page subscribed to by the user. In this way, a service may insure that an un-authorized user operating from a remote station other than the user's station is not attempting to use stolen password information to gain access to a secure page. Therefore, any auto-log-in functions performed by a third party must have pre-approval from the secure WEB site being accessed if cookies are required.
A problem with the above case is that some WEB services will not agree to participate in auto log-in by third parties on behalf of users. Therefore, the number of services that a user may transparently log into using the password all service is limited.
What is clearly needed is a method that will provide third party form filling such as used in auto log-in procedures that is transparent to WEB services requiring cookie exchange during the secure log-in procedure. Such a method would allow a user to automatically be logged into any WEB service that he or she is subscribing to without being dependent on a prior agreement. Summarv of the Invention
In a preferred embodiment of the present invention, in interaction between an Internet-connected computer station and an Internet subscription server, a method for providing a filled-in form by the computer station to the subscription server, transparently to the computer station is provided, comprising steps of (a) making a form request to the subscription server by the computer station; (b) sending an unfilled form addressed to the computer station by the subscription server; (c) receiving the unfilled form by a third-party server having pre-stored information provided by the computer station; (d) filling the form by the third-party server; (e) sending the form by the third-party server to the computer station; and (f) sending the form by the computer station to the subscription server along with a cookie originally provided by the subscription server.
In a preferred embodiment the form request is for a log-in form, and the filled in form provided by the computer station to the subscription server is a log-in form with the user name and password of a user of the computer station.
In an alternative embodiment of the invention a system for transparently filling a form by a first Internet-connected server, is provided, comprising first software executing on the computer station; second software operating on the first Internet- connected server; and user data for filling the form stored at the first Internet- connected server. The computer station requests the form from the second Internet- connected server, the first Internet-connected server, executing the first software intercepts the form, fills the form with the stored user data, and sends the filled form to the computer station, and the computer station, executing the second software sends the filled form with the cookie to the second Internet-connected server.
In one embodiment the form is a log-in form required by the second Internet- connected server, and the cookie is originally provided by the second Internet- connected server to the computer station.
For the first time, in situations where a form requested is required to be filled and returned with an identifying cookie for validation, a third-party server can execute the form for a computer station and return it to the computer station to be sent along with the cookie to the form provider.
Brief Description of the Drawing Figures
Fig. 1 is an overview of an Internet portal-system and network according to an embodiment of the present invention.
Fig. 2 is an exemplary plan view of a personalized Portal home page application as it may be seen on a display monitor according to an embodiment of the present invention.
Fig. 3 is a flow diagram illustrating user interaction with the Internet portal of fig. I-
Fig. 4 is a block diagram illustrating a third-party brokerage of a transparent log-in on behalf of a user wherein a cookie is required according to an embodiment of the present invention.
Fig. 5 is a flow diagram illustrating steps for enabling a third party log-in on behalf of a user wherein a cookie is required according to an embodiment of the present invention.
Description of the Preferred Embodiments
According to a preferred embodiment of the present invention, a unique Internet portal is provided and adapted to provide unique services to users who have obtained access via an Internet or other network connection from an Internet-capable appliance. Such an interface provides users with a method for storing many personal WEB pages and further provides search function and certain task-performing functions. The methods and apparatus of the present invention are taught in enabling detail below. Fig. 1 is an overview of an Internet portal system 11 and Internet network 13 according to an embodiment of the present invention. Portal system 11, in this embodiment, operates as an ISP in addition to a unique network portal, but may, in other embodiments be implemented as a stand-alone Internet server. In yet other embodiments the service and apparatus described herein may also be provided by such as a search and listing service (AltaVista™, Yahoo™) or by any other enterprise hosting a WEB-connected server.
Internet 13 is representative of a preferred use of the present invention, but should not be considered limiting, as the invention could apply in other networks and combinations of networks.
ISP 15 in this embodiment comprises a server 31, a modem bank 33, represented here by a single modem, and a mass storage repository 29 for storing digital data. The modem bank is a convenience, as connection to the server could be by another type of network link. ISP 15, as is typical in the art, provides Internet access services for individual subscribers. In addition to well-known Internet access services, ISP 15 also provides a unique subscription service as an Internet portal for the purpose of storing many WEB pages or destinations along with any passwords and or personal codes associated with those pages, in a manner described in more detail below. This unique portal service is provided by execution of Portal Software 35, which is termed by the inventors the Password- All suite. The software of the invention is referred to herein both as the Portal Software, and as the Password-all software suite. Also, in much of the description below, the apparatus of the invention is referred to by the Password- All terminology, such as the Password-All Server or Password-All Portal. ISP 15 is connected to Internet 13 as shown. Other equipment known in the art to be present and connected to a network such as Internet 13, for example, IP data routers, data switches, gateway routers, and the like, are not illustrated here but may be assumed to be present. Access to ISP 15 is through a connection-oriented telephone system as is known in the art, or through any other Internet/WEB access connection, such as through a cable modem, special network connection (e.g. Tl), ISDN, and so forth. Such connection is illustrated via access line 19 from Internet appliance 17 through modem bank 33.
In a preferred embodiment a user has access to Internet Password- All Portal services by a user name and password as is well-known in the art, which provides an individualized WEB page to the subscriber. In another embodiment wherein a user has other individuals that use his or her Internet account, then an additional password or code unique to the user may be required before access to portal 31 is granted. Such personalized Portal WEB pages may be stored in repository 29, which may be any convenient form of mass storage. Three Internet servers 23, 25, and 27, are shown in Internet 13, and represent
Internet servers hosted by various enterprises and subscribed to by a user operating appliance 17. For example, server 23 may be a bank server wherein interactive online banking and account managing may be performed. Server 25 may be an investment server wherein investment accounts may be created and managed. Server 27 may be an airline or travel server wherein flights may be booked, tickets may be purchased, and so on. In this example, all three servers are secure servers requiring user ID and password for access, but the invention is not necessarily limited to just secure services.
In a preferred embodiment of the present invention, a subscribing user operating an Internet-capable appliance, such as appliance 17, connects to Password- All Portal system 11 hosted by ISP 15, and thereby gains access to a personalized, interactive WEB page, which in turn provides access to any one of a number of servers on Internet 13 such as servers 23, 25, and 27, without being required to enter additional passwords or codes. In a preferred embodiment the software that enables this service is termed Password- All by the inventors. Password- All may be considered to be a software suite executing on the unique server, and in some instances also on the user's station (client). Additional interactivity provided by portal software 35 allows a connected user to search his listed pages for information associated with keywords, text strings, or the like, and allows a user to program user- defined tasks involving access and interaction with one or more Internet-connected servers such as servers 23, 25, and 27 according to a pre-defined time schedule. These functions are taught in enabling detail below.
Fig. 2 is an illustration of a personalized portal page as may be seen on a display monitor according to an embodiment of the present invention, provided by Password- All Portal software 35 executing on server 31, in response to secure access by a subscriber. Page 32 presents an interactive listing 34 of user-subscribed or member WEB pages, identified in this example by URL, but which may also be identified by any convenient pseudonym, preferably descriptive, along with user name and typically encrypted password information for each page. Listed in a first column under destination, are exemplary destinations LBC.com, My Bank.com, My
Stocks.com, My shopping.com, Mortgage.com, and Airline.com. These are but a few of many exemplary destinations that may be present and listed as such on page 33. In order to view additional listings listed but not immediately viewable from within application 33, a scroll bar 35 is provided and adapted to allow a user to scroll up or down the list to enable viewing as is known in the art.
Items listed in list 34 in this example may be considered destinations on such as servers 23, 25, and 27 of Fig. 1. Typically the URL associated with an item on this list will not take a user to a server, per se, but to a page stored on a server. User names and password data associated with each item in list 34 are illustrated in respective columns labeled user name, and password, to the right of the column labeled destination. Each listing, or at least a portion of each listing, is a hyperlink invoking, when selected, the URL to that destination. In some instances a particular service may have more than one associated URL. For example, My Bank.com may have more than one URL associated for such as different accounts or businesses associated also with a single subscriber. In this case there may be a sub-listing for different destinations associated with a single higher-level listing. This expedient is not shown, but, given this teaching the mechanism will be apparent to those with skill in the art.
In some embodiments one page 33 may be shared by more than one user, such as a husband and wife sharing a common account and subscription. An instance of this is illustrated herein with respect to the server labeled Mortgage.com wherein both a John and a Jane Doe are listed together under the column labeled user name. In another embodiment, a network of individuals, perhaps business owners, authorized co-workers, investment parties, or the like may share one application. In this way, system 11 may be adapted for private individuals as well as business uses. After gaining access to application 33 which is served via Internet portal server 31 of Fig. 1, a user may scroll, highlight, and select any URL in his or her list 34 for the purpose of navigation to that particular destination for further interaction. Application 33 already has each password and user name listed for each URL. It is not necessary, however, that the password and user name be displayed for a user or users. These may well be stored transparently in a user's profile, and invoked as needed as a user makes selections. Therefore, a user is spared the need of entering passwords and user names for any destinations enabled by list 34. Of course, each list 34 is built, configured and maintained by a subscribing user or users, and an editing facility is also provided wherein a user may edit and update listings, including changing URL's adding and deleting listings, and the like.
In another aspect of the invention new listings for a user's profile, such as a new passthrough to a bank or other enterprise page, may be added semi-automatical ly as follows: Typically, when a user opens a new account with an enterprise through interaction with a WEB page hosted by the enterprise, the user is required to provide certain information, which will typically include such as the user's ID, address, e-mail account, and so forth, and typically a new user name and password to access the account. In this process the user will be interacting with the enterprise's page from his/her browser. A Password- All plug-in is provided wherein, after entering the required information for the new enterprise, the user may activate a pre-determined signal (right click, key stroke, etc.), and the Password-All suite will then enter a new passthrough in the user's Password. All profile at the Password- All Portal server.
In a related method for new entries, the enterprise hosting the Password- All Portal may, by agreement with other enterprises, provide log-in and sign-up services at the Password- All Portal, with most action transparent to the user. For example, there may be, at the Password- All Portal, a selectable browser list of cooperating enterprises, such as banks, security services, and the like, and a user having a Password-All Portal subscription and profile may select among such cooperating enterprises and open new accounts, which will simultaneously and automatically be added to the Password-All Portal page for the user and to the server hosted by the cooperating enterprise. There may be some interactivity required for different accounts, but in the main, much information from the user's profile may be used directly without being re-entered.
The inventors have anticipated that many potential users may well be suspicious of providing passwords and user names to an enterprise hosting a Password- All Portal Server executing a service like Password- All according to embodiments of the present invention. To accommodate this problem, in preferred embodiments, it is not necessary that the user provide the cleartext password to Password. All. Instead, an encrypted version of each password is provided. When a user links to his passthrough page in Password- All at the Password- All Portal server, when he/she invokes a hyperlink, the encrypted password is returned to the user's system, which then, by virtue of the kept encryption key or master password, invokes the true and necessary password for connection to the selected destination. It is thus not necessary that cleartext passwords be stored at the Password- All Portal server, where they may be vulnerable to attack from outside sources, or to perceived misuse in other ways as well. In a related safety measure, in a preferred embodiment of the invention, a user's complete profile is never stored on a single server, but is distributed over two or more, preferably more, servers, so any problem with any one server will minimize the overall effect for any particular user.
Password- All, as described above, allows a user to access a complete list of the user's usual cyberspace destinations, complete with necessary log-on data, stored in an encrypted fashion, so a user may simply select a destination (a hyperlink) in the Password- All list, and the user's browser then invokes the URL for the selected destination. In an added feature, Password- All may display banner ads and other types of advertisement during the navigation time between a hyperlink being invoked and the time the destination WEB page is displayed. In yet another embodiment of the invention, a user/subscriber need not access the Password- All page to enjoy the advantages of the unique features provided. In this variation, a Plug-In is provided for the subscriber's WEB browser. If the subscriber navigates by use of the local browser to a WEB page requiring a secure log-in, such as his/her on-line banking destination, when the subscriber is presented with an input window for ID and Password, the plug in may be activated by a predetermined user input, such as a hot key or right click of the mouse device. The plug-in then accesses, transparently, the Password-All page (which may be cached at the client), and automatically accesses and provides the needed data for log-on. In yet another aspect of the invention a search option 37 allows a user to search list 34 for specific URL's based on typed input such as keywords or the like. In some cases, the number of URL's stored in list 34 can be extensive making a search function such as function 37 an attractive option. A criteria dialog box 51 illustrated as logically separated from and below list 34 is provided and adapted to accept input for search option 37 as is known in the art. In one embodiment, search option 37 may bring up a second window wherein a dialog box such as box 51 could be located.
In another aspect of the invention the search function may also be configured in a window invoked from window 33, and caused to search all or selected ones of listed destinations, and to return results in a manner that may be, at least to some extent, configured by a user. For example, a dialog box may be presented wherein a user may enter a search criteria, and select among all of the listed destinations. The search will then be access each of the selected destinations in turn, and the result may be presented to the user as each instance of the criteria is found, or results may be listed in a manner to be accessed after the search.
Preferably the search function is a part of the Password- All Portal software, available for all users, and may be accessed by hyperlinks in user's personal pages. In some embodiments users may create highly individualized search functions that may be stored in a manner to be usable only by the user who creates such a function. In many aspects of the present invention a knowledge of specific WEB pages, and certain types of WEB pages, is highly desirable. In many embodiments characteri sties of destination WEB pages are researched by persons (facilitators) maintaining and enhancing Password-All Portal software 35, and many characteristics may be provided in configuration modules for users to accomplish specific tasks. In most cases these characteristics are invoked and incorporated transparent to the user. In yet another aspect of the present invention, the Password- All suite is structured to provide periodic reports to a user, in a manner to be structured and timed by the user, through the user's profile. For example, reports of changes in account balances in bank accounts, stock purchases, stock values, total airline travel purchases, frequent-flier miles, and the like may be summarized and provided to the users in many different ways. Because the Password- All Portal server with the Password- All software site handles a broad variety of transactional traffic for a user, there is an opportunity to summarize and collect and process statistics in many useful ways. In preferred embodiments of the invention such reports may be furnished and implemented in a number of different ways, including being displayed on the user's secure personal WEB page on the Password- All Portal.
In addition to the ability of performing tasks as described above, task results including reports, and hard documents such as airline tickets may be sent over the Internet or other data packet-networks to user-defined destinations such as fax machines, connected computer nodes, e-mail servers, and other Internet-connected appliances. All tasks may be set-up and caused to run according to user-defined schedules while the user is doing something else or is otherwise not engaged with the scheduled task.
In another embodiment of the present invention, recognizing the increasing use of the Internet for fiscal transactions, such as purchasing goods and services, a facility is provided in a user's profile to automatically track transactions made at various destinations, and to authorize payment either on a transaction-by-transaction basis, or after a session, using access to the user's bank accounts, all of which may be pre-programmed and authorized by the user.
Other functions or options illustrated as part of application 35 include a last URL option 41, an update function 43, and an add function 45. Function 41 allows a user to immediately navigate to a last visited URL. Update function 43 provides a means of updating URL's for content and new address. An add function enables a user to add additional URL's to list 34. Similarly, function 45 may also provide a means to delete entries. Other ways to add accounts are described above. It should be noted that the services provided by the unique Password- All Portal in embodiments of the present invention, and by the Password- All software suite are not limited to destinations requiring passwords and user names. The Password- All Portal and software in many embodiments may also be used to manage all of a user's bookmarks, including editing of bookmarks and the like. In this aspect, bookmarks will typically be presented in indexed, grouped, and hierarchical ways. There are editing features provided with Password- All for adding, acquiring, deleting, and otherwise managing bookmarks. As a convenience, in many embodiments of the invention, bookmarks may be downloaded from a user's Password-All site, and loaded onto the same user's local browser. In this manner, additions and improvements in the bookmark set for a user may be used without the necessity of going to Password- All. Further, bookmarks may be uploaded from a user's local PC to his/her home page on the Password- All site by use of one or more Password-All plug-ins.
It will be apparent to the skilled artisan, given the teaching herein, that the functionality provided in various embodiments of the invention is especially applicable to Internet-capable appliances that may be limited in input capability. For example, a set-top box in a WEB TV application may well be without a keyboard for entering IDs and Passwords and the like. In practice of the present invention keyboard entry is minimized or eliminated. The same comments apply to many other sorts of Internet appliances. In preferred embodiments of the invention, once a subscriber-user is in
Password- All, only an ability to point-and-click is needed for all navigation. To get into the Password-All site, using a limited apparatus, such as an appliance without a keyboard or keypad, a Smartcard or embedded password may be used, or some other type of authentication. It will be apparent to one with skill in the art that an interactive application such as application 33 may be provided in a form other than a WEB page without departing from the spirit and scope of the present invention. For example, an application such as application 33 may be provided as a downloadable module or program that may be set-up and configured off-line and made operational when online. Fig. 3 is a flow diagram illustrating user interaction with the Internet
Password- All Portal of fig. 1. The following process steps illustrated, according to an embodiment of the present invention, are intended to illustrate exemplary user-steps and automated software processes that may be initiated and invoked during interaction with an Internet portal of the present invention such as portal 31 of Fig. 1. In step 53 a user connects to the Internet or another previously described switched-packet network via a compatible appliance such as Internet appliance 17 of Fig. 1.
At step 55, a user enters a user-name and password which, in one embodiment, may simply be his ISP user name and password. In another embodiment, a second password or code would be required to access an Internet portal such as portal server 31 of Fig. 1 after logging onto the Internet through the ISP. In some cases, having a special arrangement with the ISP, there may be one password for both Internet access through the ISP and for Password-All. At step 57 a personal WEB page such as page 32 of Fig. 2 is displayed via Internet portal server 31. At minimum, the personalized WEB page will contain all user configured URL's, and may also be enhanced by a search function, among other possibilities.
In step 58 a user will, minimally, select a URL from his or her bookmarked destinations, and as is known by hyperlink technology, the transparent URL will be invoked, and the user will navigate to that destination for the purpose of normal user interaction. In this action, the Password- All Portal software transparently logs the user on to the destination page, if such log-on is needed.
At step 60 the user invokes a search engine by clicking on an option such as described option 37 of Fig. 2. At step 62, the user inputs search parameters into a provided text field such as text field 51 of Fig. 2. After inputting such parameters, the user starts the search by a button such as button 52. The search engine extracts information in step 64. Such information may be, in one option, of the form of URL's fitting the description provided by search parameters. A searched list of URL's may be presented in a separate generated page in step 66 after which a user may select which URL to navigate to. In an optional search function, the user may provide search criteria, and search any or all of the possible destinations for the criteria.
In another embodiment wherein WEB pages are cached in their presentable form, information extracted in step 64 may include any information contained in any of the stored pages such as text, pictures, interactive content, or the like. In this case, one displayed result page may provide generated links to search results that include the URL associated with the results. Perhaps by clicking on a text or graphic result, the associated WEB page will be displayed for the user with the result highlighted and in view with regards to the display window.
Transparent Third Party Form Filling
In one aspect of the present invention, a method is provided that allows a user to have forms automatically filled in by proxy in a fashion that is transparent to both the user and a WEB service offering the form. Such a method is described in detail below.
Fig. 4 is a block diagram illustrating a third-party brokerage of a transparent log- in on behalf of a user in an embodiment of the present invention. In some such cases a cookie is required with log-in according to an embodiment of the present invention, and in some cases no cookie is required, or the cookie may be a persistent cookie used over multiple sessions. As previously described in the background section, many WEB services require a returned cookie from a user before a user-filled form will be accepted and validated as coming from the user. This process typically prevents third party form filling, including auto-log-in procedures from being performed by a third party on behalf of users without pre-agreement between the enterprise hosting the proxy and the enterprise offering the form.
The example presented herein illustrates a transactional interaction sequence between a proxy 69, a user 71, and a target WEB service 67, that allows user 71 to have proxy 69 automatically fill in a form even though a cookie may be required by service 67 in order to validate the completed form as coming from user 71. It will be assumed in this example that proxy 69 is a portal server analogous to portal server 31 of Fig. 1. As such, user 71 subscribes to service offered by server 69 including provision of a personal portal page containing links to user-registered WEB services, to which user 71 subscribes. Server 69 may also be assumed to provide storage and data-management services on behalf of user 71. Therefore, server 69 has a suitable data repository (not shown) connected thereto and adapted for storing user data such as user-names, passwords, credit card numbers, and other sensitive data along with user profile data about user 71 and WEB services that are registered at server 69 by user 71. User 71, using portal server 69 as a proxy, begins a session by logging on to server 69 via the Internet as illustrated by a transaction (A) labeled "Log On - Receive Personal Page". User 71 supplies a user name and password pair to access services offered by server 69.
Once authenticated at server 69, a personal page is sent to user 71 in transaction (A) containing user links and other data, and appears in a WEB browser application labeled with element number 73 and illustrated within user premise 71. A URL 75 is illustrated within browser 73 and represents a URL to WEB service 67, which is subscribed to by user 71 and accessible to user 71 through server 69. User 71 may have many displayed hyperlinks to WEB services on his or her personal portal page, however only one is displayed in this example for illustration purposes and is deemed adequate for explaining the present invention.
User 71 invokes URL 75 manually using a cursor action (i.e. click or double click) to navigate to that URL. At this stage, server 69 is brokering the navigation and is aware of the actions of user 71. Invoking the URL of Web service 67 sends a log- in request to Web site 67, represented in Fig. 4 by transaction (B) "Exert URL of 67". In response to the log-in request from the user, site 67 sends a blank log-in form, represented by transaction (C).
Server 69, by virtue of monitoring the activity of user 71, and by having profile information on user 71, is able to accept the log-in form sent by site 67. The cooperation between portal 69 and the user's browser is such that the user's browser does not accept or display the form at this time. Form 79 at server 69 is filled in using data provided in advance by user 71 and stored on behalf of user 71. This process is accomplished by portal software 77 running on server 69.
Form 79 cannot be returned to WEB server 67 directly from server 69 in a successful manner because WEB server 67 may require a cookie from user 71, which can only come from user 71 and which must be returned with form 79 to authenticate form 79 as being from user 71. Therefore, server 69, instead, sends completed, filled- in form 79 to user 71 as illustrated by transaction (D) labeled "Filled Form". Completed form 79 is then sent to server 67 by user 71 with a cookie (if required) as illustrated by transaction (E) labeled "Filled Form With or Without Cookie". Cooperation by user 71 with the process is provided by software provided to the user as, for example, a browser "plug-in". The process by which user 71 receives a filled-in form from server 69 to the point at which form 79 is sent to server 67 is transparent to user 71. That is to say he or she never sees the form in display. The next visible display in browser 73 after the auto-log-in process is the resulting page from successful log-in served to user 71 by server 67. The entire sequence is transparent to server 67 as well. Server 67 receives completed form 79 from user 71 with the cookie as required in normal practice. Therefore, no prior arrangement must be made between the enterprise hosting server 69 and the enterprise hosting server 67 in order to practice auto-form filling by proxy. It will be apparent to one with skill in the art that the method taught herein may be used for auto-log- in services on behalf of users to any WEB site whether or not requiring a cookie during log-in procedures. The method may also be used to fill in other types of forms which may be required to access services. It is important to note here that once auto-log-in is successfully performed by proxy 69 as taught herein, user 71 and server 67 are communicating directly without the services of portal 69. However, if user 71 navigates back to his or her personal portal page and invokes another URL, then proxy 69 will broker the next transaction (auto log-in) on behalf of the user.
As mentioned above, some services do not require a returned cookie with a completed log-in form, and of those who do, some use a persistent cookie that does not change over multiple sessions. There are many, however, that send a new cookie to a user with each new log-in request, and who may also change the log-in form in some fashion. For these cases a new form must be requested for each session. In the case of no cookie needed, or in some cases of persistent cookie use, the portal server can cache copies of log-in forms. Fig. 5 is a flow diagram illustrating steps for enabling a third party log-in on behalf of a user wherein a cookie is required according to an embodiment of the present invention. The flow diagram illustrated herein presents steps for practice of the present invention. At step 81 a user logs on to the proxy server. At step 83, the proxy of step 81 returns data to the requesting user such as a personal page containing service registered hyperlinks. At step 85, the user invokes a desired URL presented to him or her along with data sent from the proxy in step 83, which results in a log- in request to server 67. At step 87, the service sends a log-in form on the Internet. At step 89, the proxy, which has monitored the transaction, receives the blank form.
At step 95, the proxy fills in the form with data pre-supplied by the user. At step 97, the proxy sends the completed form to the user. At step 99 the completed form is sent by the user's station to the issuing WEB server along with a cookie for authentication as required by the issuing server. At step 101, the user has been successfully logged on to the target service and is presented a next WEB page containing offered services. It will be appreciated by one with skill in the art that the simple interaction flow as presented herein may be altered in some embodiments without departing from the spirit and scope of the present invention.
The method and apparatus of the present invention may be practiced by private individuals on the Internet, businesses operating on a WAN connected to the Internet, businesses operating via private WAN, and so on. There are many customizable situations. The present invention as taught herein and above should be afforded the broadest of scope. The spirit and scope of the present invention is limited only by the claims that follow.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US5768521 *||2 Feb 1996||16 Jun 1998||Intel Corporation||General purpose metering mechanism for distribution of electronic information|
|US5961593 *||22 Jan 1997||5 Oct 1999||Lucent Technologies, Inc.||System and method for providing anonymous personalized browsing by a proxy system in a network|
|US6192380 *||31 Mar 1998||20 Feb 2001||Intel Corporation||Automatic web based form fill-in|
|US6199079 *||20 Mar 1998||6 Mar 2001||Junglee Corporation||Method and system for automatically filling forms in an integrated network based transaction environment|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|WO2003046676A2 *||21 Sep 2002||5 Jun 2003||Wincor Nixdorf International Gmbh||Filter for adapting internet pages|
|WO2003046676A3 *||21 Sep 2002||22 Apr 2004||Wincor Nixdorf Int Gmbh||Filter for adapting internet pages|
|International Classification||G06Q40/00, G06F17/24|
|Cooperative Classification||G06F17/243, G06Q40/04|
|European Classification||G06Q40/04, G06F17/24F|
|19 Jul 2001||AK||Designated states|
Kind code of ref document: A1
Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW
|19 Jul 2001||AL||Designated countries for regional patents|
Kind code of ref document: A1
Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG
|12 Sep 2001||121||Ep: the epo has been informed by wipo that ep was designated in this application|
|8 May 2002||REG||Reference to national code|
Ref country code: DE
Ref legal event code: 8642
|5 Feb 2003||122||Ep: pct application non-entry in european phase|