WO2002044861A2 - Method of establishing a connection between a remote computer device and server through off-line authentication - Google Patents

Method of establishing a connection between a remote computer device and server through off-line authentication Download PDF

Info

Publication number
WO2002044861A2
WO2002044861A2 PCT/US2001/046435 US0146435W WO0244861A2 WO 2002044861 A2 WO2002044861 A2 WO 2002044861A2 US 0146435 W US0146435 W US 0146435W WO 0244861 A2 WO0244861 A2 WO 0244861A2
Authority
WO
WIPO (PCT)
Prior art keywords
user
password
product
server
network
Prior art date
Application number
PCT/US2001/046435
Other languages
French (fr)
Other versions
WO2002044861A9 (en
WO2002044861A3 (en
Inventor
Robert P. Harrison
Mark Hoffman
Sean Mcleod
Russel Yeo
Gary Bonney
Andrew Milne
Andre Retief
Original Assignee
M-Web Connect (Proprietary) Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by M-Web Connect (Proprietary) Limited filed Critical M-Web Connect (Proprietary) Limited
Priority to AU2002230600A priority Critical patent/AU2002230600A1/en
Publication of WO2002044861A2 publication Critical patent/WO2002044861A2/en
Publication of WO2002044861A3 publication Critical patent/WO2002044861A3/en
Publication of WO2002044861A9 publication Critical patent/WO2002044861A9/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data

Definitions

  • This Invention relates to a method of establishing a connection between a remote computer device and a server. It also relates to a computer program product for establishing a connection between a remote computer device.
  • a method of establishing a connection between a remote computer device and a server including: requesting sign-on data from a user of the computer device; authenticating the sign-on data; activating a network connection component upon positive authentication thereby to establish the connection with the server; and activating a browser upon establishing a successful connection.
  • the sign-on data typically includes at least user identification data, the method including providing access to an associated mailbox linked to the user identification data prior to activating the network connection component.
  • the method includes: providing a display screen including user identification data in the form of a plurality of usemames; detecting which particular usemame of the plurality of usernames is selected; obtaining a user entered password associated with the username; authenticating the password; and providing access to the associated mailbox if the user entered password is correct.
  • the method may include downloading and uploading mail associated with the username when the network connection component is subsequently activated.
  • Authenticating the user entered password may include checking a cookie that includes a list of usernames and reference passwords.
  • the user entered password is typically obtained by providing a screen display including a password entry zone for a user to enter the password.
  • the reference password may be retrieved from a password storage facility of the remote computer device.
  • the method may include comparing the user entered password with reference password data in the cookie and, if the passwords match, activating the communication network component.
  • the method typically includes checking a cached user list for the last list of one of usernames and passwords used, if retrieving the cookie fails, e.g. the relevant cookie cannot be found.
  • the method may include displaying the data on users included in the cached list on the screen display and comparing the user entered password with the reference password data in the cache and, if the passwords match, activating the network component.
  • the connection is typically established via the Internet.
  • the remote computer device is typically one of an interactive television (TV), a personal computer (PC), a WAP enabled telephone, and a PDA.
  • the server is typically a web server that is accessed through a web portal.
  • the method may include activating a mail client application together with the browser.
  • the mail client application may be integrally formed with the browser.
  • Authentication of the sign-on data typically defines a first authentication instance which is carried out off-line, the method typically including a second authentication instance in which a user is authenticated when the network connection component communicates with the network server in an on-line state.
  • the second authentication instance typically authenticates a primary subscriber with an Internet Service Provider. Accordingly, The network communication component may establish a TCP/IP connection between the server and the remote computer device whereafter the browser is activated.
  • third and fourth authentication instances occur to authenticate the user with a content provider server and a mail server respectively.
  • the subscriber may include a plurality of users and, the third and fourth authentication instances may authenticate a specific user with a content provider server and mail server respectively.
  • the network communication component is typically a dial-up network component.
  • the dial-up network component may form an integral part of computer program product.
  • the network communication component establishes communications via a local area network (LAN).
  • LAN local area network
  • a computer program product for establishing a connection between a remote computer device and a server, the product including a machine readable medium which, when run on a computer, causes the computer to: request sign-on data from a user of the computer device; authenticate the sign-on data; activate a network connection component upon positive authentication thereby to establish the connection with the server; and activate a browser upon establishing a successful connection.
  • the sign-on data includes at least user identification data, the product providing access to an associated mailbox linked to the user identification data prior to activating the network connection component.
  • the product provides a display screen including user identification data in the form of a plurality of usernames; detects which particular username of the plurality of usernames is selected; obtains a user entered password associated with the username; authenticates the password; and provides access to the associated mailbox if the user entered password is correct.
  • the product may download and upload mail associated with the username when the network connection component is subsequently activated.
  • Authenticating the user entered password may include checking a cookie that includes a list of usernames and reference passwords.
  • the user entered password may obtained by providing a screen display including a password entry zone for a user to enter the password.
  • the reference password may be retrieved from a password storage facility of the remote computer device.
  • the product may compare the user entered password with reference password data in the cookie and, if the passwords match, activating the communication network component.
  • the product typically checks a cached user list for the last list of one of usernames and passwords used, if retrieving the cookie fails.
  • the product may display the data on users included in the cached list on the screen display and compare the user entered password with the reference password data in the cache and, if the passwords match, activate the network component.
  • the connection is typically established via the Internet.
  • the remote computer device may be one of an interactive television (TV), a personal computer (PC), a WAP enabled telephone, and a PDA.
  • the server is typically a web server that is accessed through a web portal.
  • the product may activate a mail client application together with the browser.
  • the mail client application may be integrally formed with the browser.
  • Authentication of the sign-on data may define a first authentication instance which is carried out off-line, and the product may include a second authentication instance in which a user is authenticated when the network connection component communicates with the network server in an on-line state.
  • the second authentication instance may authenticate a primary subscriber with an Internet Service Provider. Accordingly, the network communication component typically establishes a TCP/IP connection between the server and the remote computer device whereafter the browser is activated.
  • Third and fourth authentication instances may occur to authenticate the user with a content provider server and a mail server respectively.
  • the subscriber typically includes a plurality of users and, the third and fourth authentication instances may thus authenticate a specific user with a content provider server and mail server respectively.
  • the network communication component is typically a dial-up network component.
  • the dial-up network component may form an integral part of computer program product. Instead, the network communication component may establish communications via a local area network (LAN).
  • LAN local area network
  • the dial up network component may be a conventional component similar to the dial up network component included in WINDOWS 98TM, WINDOWS 2000TM, WINDOWS NTTM, or the like.
  • Figure 1 shows a schematic block diagram of a typical arrangement of hardware forming part of the Internet, the arrangement including a plurality of remote PCs connected via the Internet to Internet servers;
  • Figure 2 shows a schematic representation of the prior art connection process executed by software on the PC to connect the PC to a service provider
  • Figure 3 shows a schematic representation of a connection process or method, in accordance with the invention, for connecting the PC to the service provider;
  • Figure 4 shows a schematic representation of an off-line authentication process of the connection process of Figure 3;
  • Figure 5 shows a schematic flow chart of a sign-on procedure of the connection process
  • Figure 6 shows a schematic representation of a sign-on screen generated during the sign-on procedure
  • Figure 7 shows a schematic representation of a Write Mail screen
  • Figure 8 shows a schematic representation of a screen display to advise a user of new mail
  • Figure 9 shows a schematic representation of a New Mail screen
  • Figure 10 shows a schematic representation of a Read Mail screen
  • Figure 11 shows a schematic representation of a Saved Mail screen
  • Figure 12 shows a schematic representation of a screen display of a browser which has the connection process integrated therein;
  • Figure 13 shows a schematic representation of a process of redirecting a browser by default to a home page of a service provider
  • Figure 14 shows a schematic flow chart of a further embodiment of a sign-on procedure of the connection process.
  • Figure 15 shows a schematic block diagram of a computer.
  • reference numeral 10 generally indicates a typical arrangement of hardware forming part of the Internet.
  • the hardware includes a plurality of remote personal computers (PCs) 12 connected via the Internet 14 to servers 16 of an Internet Service Provider (ISP).
  • ISP Internet Service Provider
  • the hardware 10 includes a network authentication server 18, a personalized content server/database 20, a content database 22, a mail server 24, and a mail database 26.
  • Each PC 12 includes a browser application and a computer program product 28 (see Figure 3) which provides a method of establishing a connection between a remote computer device in the form of the PCs 12 and a server defined by the servers 16 as described in more detail below.
  • the computer program product 28 may however form an integral part of the browser application.
  • reference numeral 30 generally indicates a prior art connection process for connecting remote PCs via the Internet to servers of an ISP.
  • the process 30 forms part of the America Online (AOL) browser.
  • AOL America Online
  • the browser is first launched as shown at step 32 which results in on-line authentication as shown by line 34 with a content server 36. Thereafter, the user signs on and user authentication takes place as shown at step 38. It is important to note that no off-line authentication takes place in the prior art and, accordingly, the browser is first launched prior to any user authentication.
  • the conventional browsers After sign on at step 38, the conventional browsers initialize or activate a dial-up network (DUN) which performs further on-line authentication as shown by line 42 with a network server 44. Following on-line authentication (see line 42) an e-mail or mail client component or application 46 is activated which then communicates with the mail server 48.
  • DUN dial-up network
  • e-mail or mail client component or application 46 is activated which then communicates with the mail server 48.
  • authentication of a user with one or more servers 16 of the service provider takes place on-line requiring use of the communication line e.g. a telephone line or the like, to effect authentication.
  • the computer program product 28 includes a new connection process in which the sequence of events in effecting authentication differs from the sequence of events for effecting communication in the prior art.
  • the computer program product 28 includes a method whereby sign-on authentication (see step 50) takes place off-line and prior to the launching or activation of a DUN/LAN (local area network) or browser application.
  • the off-line authentication defines a first authentication instance and, once completed, the DUN/LAN application is activated as shown at step 52 where after on-line authentication with the network server 44 takes place as shown by arrow 54.
  • the on-line authentication defines a second authentication instance.
  • the browser and e-mail applications are launched or activated.
  • the browser may then communicate with the content server 36 (after a third authentication instance) and, in the event of the user requiring mail client services, the e- mail or mail client application then communicates with the mail server 48 during which a fourth on-line authentication instance takes place as generally indicated by arrow 50.
  • the authentication instances are described in more detail below.
  • reference numeral 60 generally indicates the off-line authentication process of the computer program product 28.
  • the product 28 checks the CMDET cookie 66 (see line 68) to obtain the latest list of usernames and one-way hash encoded passwords. If no CMDET cookie is located (see line 70) the method or process generally indicated by arrow 72 is then followed or executed. If, however, the correct CMDET cookie 66 is located, the product 24 opens a sign-on screen 74 (see also Figure 6) which includes data obtained from the CMDET cookie 66.
  • a user In order to proceed, a user is required to insert a password into the password entry zone 78 or retrieve a password from a password store where after the user may select the Sign-On button 80 in order to sign on.
  • the password entered by the user is then validated against the password data in the cookie 66 for the specific username 76 that has been selected. Accordingly, each different user 76 may have a different password and, as will be described in more detail below, mail functionality e.g. reading and writing e-mail is restricted to the specific user.
  • on-line authentication of users ( Figure 3) takes place prior to activation or initiation of the connection with the server 16 of the ISP. Only after off-line authentication has taken place are the DUN/LAN, browser, and e-mail applications launched as shown at step 84 (see Figure 4).
  • the software routine checks a cached user list for the last list of usernames and passwords used. Thereafter, as shown at step 88, the cached list of usernames and passwords is retrieved and the sign-on screen 74 is displayed (see arrow 90) which includes the usernames that were retrieved from the cache. Thereafter, a user is required to insert a password or a password is retrieved from a user password store whereafter the user selects the Sign-On button (see step 75) in a similar fashion to that described above.
  • the password is validated off-line (see step 92) against the password in the cache for the particular username selected and, if the match is positive, the DUN initiates the dial connection or LAN connection and launches the browser and e-mail client (see step 94) in a similar fashion to that shown at step 84.
  • reference numeral 96 shows a more detailed schematic flow chart of the sign-on procedure of the connection process.
  • the procedure or process starts off at step 98 whereafter it checks whether or not the CMDET cookie 66 is present as shown at decision step 100. If the cookie is present, the procedure then checks to see if a primary username and password matches the primary username and password stored in cache as shown at step 102 and decision step 104. If there is no match, then the process reverts to step 106 where the sign-on dialog or sign-on screen 74 is opened including the usernames that have been stored in cache.
  • the sign-on screen 74 is displayed including the usernames that are retrieved from the cookie 66 as shown at step 108.
  • a user is prompted to select a screen name (see step 110 and usernames 76 in Figure 6) whereafter, as shown at decision step 112, the procedure checks whether or not it is the first time the particular screen name has been used. If it is the first time the screen has been used, a password store dialog is displayed as shown at step 114 whereafter an option is provided to the user to store the password as shown at decision step 116. If the user selects a button to store the password, the password is saved to a password store as shown at step 118 or the user may select or decide not to store the password.
  • step 128 If, however, the Sign-On button 80 is selected, off-line authentication of the password is effected as shown at decision step 128 and, if the password fails, then an appropriated dialog box is displayed as shown at step 130. Only after the password has been authenticated is the DUN/LAN connection initiated whereafter connection to an ISP network is effected as shown at step 130. If the connection to the network authentication server 18 is established (see decision step 134), a default browser is launched as shown at step 136 followed by the launching of the e-mail client as shown at step 138.
  • the default browser which may include the computer program product 28 as an integral part thereof, allows the writing and reading of mail after user authentication has taken place but before on-line authentication takes place. Accordingly, as can be seen on the sign-on screen 74, a Write Mail button 140 and a New Mail button 142 are provided. In addition, a Screen Name button 144 for selecting a particular screen name (which is the same as the username in this embodiment) and a facility to determine the connection type, e.g. a DUN or LAN connection (see arrow 146), is also provided. A Setup button 148 for altering the set up of the computer program product 28 as well as Close and Help buttons 150, 152 respectively are provided.
  • the Screen Name button 144 allows a specific user to access the web-based servers 16 thereby to manage (e.g. delete, add, or the like) screen names linked to a primary screen name or username.
  • manage e.g. delete, add, or the like
  • screen names linked to a primary screen name or username e.g. delete, add, or the like.
  • only a primary user can select the Screen Name button 144 after off-line authentication.
  • the Screen Name button 144 is thus disabled if any other screen name, besides the primary user, is selected.
  • the Write Mail screen 154 includes a dialog box 156 for a destination e-mail address, a dialog box 158 for an e- mail address to which a copy is to be sent, a dialog box 160 for receiving details of the subject matter of the e-mail, and various other features generally indicated by arrow 162. Further, an Attach button 164, an Address Book button 166 and an E-card button 168 is provided. The E-card button 168 links the specific user to a website for creating personal greeting cards to send to other e-mail users.
  • the user can write messages and insert either a picture or a background picture or text into the body of the message as generally shown by arrow 170, add attachments by means of the Attach button 164, perform a spell check on a particular message, add a signature to the message or set a default signature, select a name or a group of names from the address book by means of the Address Book button 166, or the like. If the user is on-line, the message can be sent by activating the Send Now button 172 or the message may be saved for subsequent sending via the Save button 174. When the Address Book button 166 is activated, the address book of each individual user (see specific username 76 in Figure 6) can each be saved and replaced thereby to provide enhanced functionality when working on more than one PC e.g. at home and at work.
  • the computer program product 28 checks for new e-mail every 10 minutes when connected to the service provider.
  • the time interval for checking for new mail may be selectively adjusted and, if the particular user has new mail, a New Mail screen 176 is displayed.
  • the New Mail screen 176 provides the user with an option to read the mail immediately (see Read Now button 178) or to read the mail later by means of activating a Read Later button 180.
  • a further New Mail screen 182 (see Figure 9) is provided.
  • Various buttons are provided on the New Mail screen 182 including a Read button 184 which allows a user to read a particular item of e-mail displayed in the display zone 186, a Mark as Unread button 186, a Delete button 188 to delete one or more e-mails which have been highlighted in the display zone 186, and a Download button 190 which allows' a user to download selected e-mail onto the PC 12.
  • the Read button 184 allows a user to read mail while on-line, and the Download button 198 thus allows a user to download the mail and read the mail off-line at a later stage.
  • the New Mail screen 182 includes a New Mail button 192 which displays the new mail screen as shown in Figure 9, and a Save Mail button 194 which provides a saved mail screen generally indicated by reference numeral 196 in Figure 11.
  • the save mail screen 196 includes a Read button 198, a Mark as Unread button 200, and a Delete button 202.
  • the saved mail screen display 196 further includes a New Folder button 204 for opening a new folder.
  • the Read Mail screen 206 includes an Address button 208, a Reply button 210, a Forward button 212, a Reply All button 214, a Delete button 216, a Save button 218, in order to provide the user with the functionality mentioned above.
  • the computer program product 28 checks to see whether or not a correct password was provided prior to displaying the display screen 196. If the correct password was provided, the user can then read saved mail from his particular folder and create new personal folders (see button 204) as well as move mail between folders.
  • mail is grouped in such a fashion that it is accessible by an associated user who, in order to access the mail, must provide a correct password during the off-line authentication procedure.
  • Each username is authenticated so that only the particular user can access his or her mailbox when the correct password is provided.
  • the browser application is launched in the following manner. Firstly, the computer program product will call the MicrosoftTM WIN32 API passing the URL and user screen name and encrypted/encoded password (see step 222). WIN32 then launches the default browser, e.g. IE5 or Netscape, with the URL (see step 224). The browser application then sends the username and password of the screen name (see below) to the content server 36 where further online content authentication may take place. Personalized HTML content of the specific user (see Figure 6 which is described in more detail below) is then passed to the browser application (see step 226 in Figure 13).
  • reference numeral 250 generally indicates a further embodiment of a sign-on procedure in accordance with the invention. The sign-on procedure 250 resembles the sign-on procedure 96 and, accordingly, like reference numerals have been used to indicate the same or similar steps.
  • the procedure When the procedure is started at 252 it first checks, as shows at decision step 100, whether or not a cookie is present which includes the usernames and passwords. If no cookie is present, then a "no cookie present" flag is set (see step 254) and a check is conducted to see whether or not a cookie is present in the registry of the computer system as shown as decision step 256. If a cookie is present in the registry, then the procedure 250 compares a primary username and password obtained from the stored cookie with that of a primary account username and password stored in registry as shown at step 258. If the primary username and password match the primary account username and password (see decision step 260) then a sign-on screen and display displaying the username stored in the cookie retrieved from the registry is opened, shown at step 262.
  • step 106 a sign-on screen is opened which displays the primary account username stored in the registry.
  • step 256 the stored cookie is not present in the registry, the procedure 250 proceeds to decision step 106.
  • the procedure 250 proceeds to decision step 264 which checks whether or not a cookie is present in the registry of the computer system. If no cookie is present in the registry then the registry is updated with a cookie including the relevant user data as shown at step 266. Thereafter, a sign-on screen is opened which displays the username as retrieved from the cookie (see step 108).
  • decision step 264 if a cookie is present in the registry, then the procedure 250 checks if the primary username and password in the cookie matches that of the stored cookie in the registry and, if the two match, then the sign-on screen is opened as shown at step 108. If, the primary username and password in the cookie do not match the cookie stored in the registry, then the procedure 250 proceeds to step 266 where the cookie in the registry is updated.
  • the screen display 74 includes a plurality of screen names or usernames 76, a Screen Name button 144, a Sign-on button 80, a Write Mail button 140, a New Mail button 142, a Close button 150, a Help button 152, a facility 146 to determine the connection type (e.g. DUN or LAN), and a Set-up button 148.
  • a user selects his or her particular username whereafter the procedure 250 checks at step 112 whether or not it is the first time that the particular screen name or username has been selected.
  • a password store dialog box (see step 114) is opened whereafter the user is asked whether or not the password must be stored for future reference (see decision step 116). If the password is to be stored, then the password is saved (see step 118) into a password store for future use. If, however, the user selects not to store the password, the procedure 250 proceeds to step 124 where the user enters his or her password into the password entry zone 78 (see Figure 6).
  • the procedure 250 proceeds to decision step 120 to determine whether or not the password is stored and, if not, the user then enters the password as shown at step 124. If, however, the password has been stored, the procedure 250 then retrieves the password for the particular screen or username from the password store (see step 122) and then populates the password entry zone 78 on the screen, typically, with a plurality of "*" characters as shown at step 268. Thereafter, the procedure 250 proceeds to step 126 where it awaits the activation of the Sign-on button 80 (see Figure 6). The procedure 250 then enters a loop to detect when the Sign-on button 80 or the New Mail button 142 (see decision step 270) are clicked or activated.
  • the procedure 250 Once the procedure 250 has detected when the Sign-on button 80 or the New Mail button 142 has been activated, it then checks the password against the cookie stored in the registry or stored in the primary account password in the registry, as the case may be, depending on the source of the username as shown at step 272. Thereafter, as shown at decision step 128, the password is checked to see whether or not it is correct and, if not, a password failed dialog box (see step 130) is displayed and the procedure 250 returns to step 124. If, however, the password is correct, the procedure 250 checks as shown at decision step 274, if the New Mail button 142 has been activated and, if so, the mail client is opened which shows the saved mail for the particular username (see step 276 in Figure 9 and 14).
  • the user may then work in an off-line environment (see step 278) or the user may then sign-on from the mail client, as shown at decision step 280. If the user does not sign-on from the mail client, and the user does not close the mail client (see step 282), the procedure 250 returns to step 278. If, however, the user signs on from the mail client at step 280 then a connection is initiated to the ISP's network via the LAN or DUN as the case may be (see the connection type 146 in Figure 6). The procedure 250 then enters a loop (see step 134) in order to attempt to establish a connection.
  • decision step 282 if the user closes the mail client, then the procedure 250 opens a sign-on screen at step 284. If a Close button 191 (see Figure 9) is activated then the main procedure 250 ends as shown at step 286. However, if the Close button 191 is not activated then the procedure 250 returns to step 110 where a user may select a further screen or username.
  • step 288 a check is conducted to see whether or not the "no cookie present" flag is set (see step 254) and, if not, the sub-enquiry terminates at step 290. If, however, the "no cookie present" flag is set, then a new cookie is downloaded from the server using the primary account details in the registry as shown at step 292. Thereafter, the cookie in the registry is updated and stored in the registry and, accordingly, updated usernames and passwords are then provided on the computer (see step 294) and the sub-enquiry terminates at step 296.
  • step 136 the procedure 250 launches a default browser with the particular ISP's URL and username including a hash encoded password of the user signing on. Thereafter as shown at decision step 298, the procedure 250 checks whether or not the mail client has already been launched and, if so, a check is then conducted to see if there is any new mail and any out going mail is then sent whereafter the sub-enquiry terminates at step 302. If, however, the mail client has not already been launched, then the email client with a username and hash encoded password associated with the username 76 which has been selected is launch and, thereafter, the sub-enquiry terminates as shown at step 304. After any one of the sub-enquiries terminate, other procedural steps may be executed.
  • the PC may thus request specific mail from the ISP that is associated with the specific user.
  • the computer program product 28 ensures that both the correct on-line and off-line mail is accessible to a particular user. Off-line authentication thus ensures that the user only has access to his/her own e-mail.
  • the installed dialog networking (DUN) entry is called and a dialog connection is established to the service provider's network.
  • the network authentication server authenticates the username and password in the DUN entry.
  • the username and password may be independent of the username and password of the user signing onto the service provider's portal, and/or signing on to check for e-mail.
  • the username and encoded password are passed to the e- mail client and the e-mail client is then launched.
  • the e-mail client connects to the mail server and does an on-line authentication of the mail server. This ensures that the correct mailbox is checked.
  • the username and hash coded passwords are passed to the browser and the browser is launched with the service providers portal URL and the username and the hash coded password.
  • the username and password is authenticated on the service provider's portal to ensure that the correct. content is presented to the user signing onto the service provider.
  • the computer program product 28 may form an integral part of a browser 220 (see Figure 12).
  • the application software on the user's PC may be modular and, accordingly, the computer program product 28 may interface with a conventional browser and/or DUN.
  • Figure 15 shows a diagrammatic representation of a computer system 400 within which a set of instructions, for causing the machine to perform any one of the methodologies discussed above, may be executed.
  • the machine may comprise a network router, a network switch, a network bridge, Personal Digital Assistant (PDA), a cellular telephone, a web appliance or any machine capable of executing a sequence of instructions that specify actions to be taken by that machine.
  • PDA Personal Digital Assistant
  • the computer system 400 includes a processor 402, a main memory 404 and a static memory 406, which communicate with each other via a bus 408.
  • the computer system 400 may further include a video display unit 410 (e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT)).
  • the computer system 400 also includes an alpha-numeric input device 412 (e.g., a keyboard), a cursor control device 414 (e.g., a mouse), a disk drive unit 416, a signal generation device 418 (e.g., a speaker) and a network interface device 420.
  • the disk drive unit 416 includes a machine-readable medium 422 on which is stored a set of instructions (i.e., software) 424 embodying any one, or all, of the methodologies described above.
  • the software 424 is also shown to reside, completely or at least partially, within the main memory 404 and/or within the processor 402.
  • the software 424 may further be transmitted or received via the network interface device 420.
  • the term "machine-readable medium” shall be taken to include any medium that is capable of storing or encoding a sequence of instructions for execution by the machine and that cause the machine to perform any one of the methodologies of the present invention.
  • the term “machine-readable medium” shall accordingly be taken to included, but not be limited to, solid-state memories, optical and magnetic disks, and carrier wave signals.

Abstract

A method of establishing a connection between a remote computer device and a server is provided. The method includes requesting sign-on data from a user of the computer device and authenticating the sign-on-data (50). Thereafter, a network connection component is activated upon positive authentication thereby to establish the connection with the server. A browser (56) is then activated upon a successful connection. The sign-on-data typically includes at least user identification data, and the method includes providing access to an associated mailbox linked to the user identification data prior to activating the network connection component.

Description

METHOD OF ESTABLISHING A CONNECTION BETWEEN A REMOTE COMPUTER DEVICE AND A SERVER
FIELD OF THE INVENTION
This Invention relates to a method of establishing a connection between a remote computer device and a server. It also relates to a computer program product for establishing a connection between a remote computer device.
SUMMARY OF THE INVENTION
In accordance with the invention, there is provided a method of establishing a connection between a remote computer device and a server, the method including: requesting sign-on data from a user of the computer device; authenticating the sign-on data; activating a network connection component upon positive authentication thereby to establish the connection with the server; and activating a browser upon establishing a successful connection.
The sign-on data typically includes at least user identification data, the method including providing access to an associated mailbox linked to the user identification data prior to activating the network connection component.
In certain embodiments, the method includes: providing a display screen including user identification data in the form of a plurality of usemames; detecting which particular usemame of the plurality of usernames is selected; obtaining a user entered password associated with the username; authenticating the password; and providing access to the associated mailbox if the user entered password is correct.
The method may include downloading and uploading mail associated with the username when the network connection component is subsequently activated.
Authenticating the user entered password may include checking a cookie that includes a list of usernames and reference passwords. The user entered password is typically obtained by providing a screen display including a password entry zone for a user to enter the password. In addition or instead, the reference password may be retrieved from a password storage facility of the remote computer device.
The method may include comparing the user entered password with reference password data in the cookie and, if the passwords match, activating the communication network component. The method typically includes checking a cached user list for the last list of one of usernames and passwords used, if retrieving the cookie fails, e.g. the relevant cookie cannot be found.
The method may include displaying the data on users included in the cached list on the screen display and comparing the user entered password with the reference password data in the cache and, if the passwords match, activating the network component. The connection is typically established via the Internet.
The remote computer device is typically one of an interactive television (TV), a personal computer (PC), a WAP enabled telephone, and a PDA. The server is typically a web server that is accessed through a web portal.
The method may include activating a mail client application together with the browser. The mail client application may be integrally formed with the browser.
Authentication of the sign-on data typically defines a first authentication instance which is carried out off-line, the method typically including a second authentication instance in which a user is authenticated when the network connection component communicates with the network server in an on-line state.
The second authentication instance typically authenticates a primary subscriber with an Internet Service Provider. Accordingly, The network communication component may establish a TCP/IP connection between the server and the remote computer device whereafter the browser is activated.
In certain embodiments, third and fourth authentication instances occur to authenticate the user with a content provider server and a mail server respectively. The subscriber may include a plurality of users and, the third and fourth authentication instances may authenticate a specific user with a content provider server and mail server respectively.
The network communication component is typically a dial-up network component. The dial-up network component may form an integral part of computer program product. In other embodiments, the network communication component establishes communications via a local area network (LAN).
Further in accordance with the invention, there is provided a computer program product for establishing a connection between a remote computer device and a server, the product including a machine readable medium which, when run on a computer, causes the computer to: request sign-on data from a user of the computer device; authenticate the sign-on data; activate a network connection component upon positive authentication thereby to establish the connection with the server; and activate a browser upon establishing a successful connection.
The sign-on data includes at least user identification data, the product providing access to an associated mailbox linked to the user identification data prior to activating the network connection component.
In certain embodiments, the product: provides a display screen including user identification data in the form of a plurality of usernames; detects which particular username of the plurality of usernames is selected; obtains a user entered password associated with the username; authenticates the password; and provides access to the associated mailbox if the user entered password is correct.
The product may download and upload mail associated with the username when the network connection component is subsequently activated.
Authenticating the user entered password may include checking a cookie that includes a list of usernames and reference passwords. The user entered password may obtained by providing a screen display including a password entry zone for a user to enter the password. The reference password may be retrieved from a password storage facility of the remote computer device.
The product may compare the user entered password with reference password data in the cookie and, if the passwords match, activating the communication network component. The product typically checks a cached user list for the last list of one of usernames and passwords used, if retrieving the cookie fails. The product may display the data on users included in the cached list on the screen display and compare the user entered password with the reference password data in the cache and, if the passwords match, activate the network component. The connection is typically established via the Internet.
The remote computer device may be one of an interactive television (TV), a personal computer (PC), a WAP enabled telephone, and a PDA. The server is typically a web server that is accessed through a web portal.
The product may activate a mail client application together with the browser. The mail client application may be integrally formed with the browser.
Authentication of the sign-on data may define a first authentication instance which is carried out off-line, and the product may include a second authentication instance in which a user is authenticated when the network connection component communicates with the network server in an on-line state.
The second authentication instance may authenticate a primary subscriber with an Internet Service Provider. Accordingly, the network communication component typically establishes a TCP/IP connection between the server and the remote computer device whereafter the browser is activated.
Third and fourth authentication instances may occur to authenticate the user with a content provider server and a mail server respectively. The subscriber typically includes a plurality of users and, the third and fourth authentication instances may thus authenticate a specific user with a content provider server and mail server respectively. The network communication component is typically a dial-up network component. The dial-up network component may form an integral part of computer program product. Instead, the network communication component may establish communications via a local area network (LAN).
The application of the invention in an Internet environment should be predominantly, but not exclusively, borne in mind.
The dial up network component may be a conventional component similar to the dial up network component included in WINDOWS 98™, WINDOWS 2000™, WINDOWS NT™, or the like.
Other features of the present invention will be apparent from the accompanying drawings and from the detailed description that follows.
BRIEF DESCRIPTION OF THE DRAWINGS.
The invention is now described, by way of non-limiting example, with reference to the accompanying diagrammatic drawings.
In the drawings,
Figure 1 shows a schematic block diagram of a typical arrangement of hardware forming part of the Internet, the arrangement including a plurality of remote PCs connected via the Internet to Internet servers;
Figure 2 shows a schematic representation of the prior art connection process executed by software on the PC to connect the PC to a service provider;
Figure 3 shows a schematic representation of a connection process or method, in accordance with the invention, for connecting the PC to the service provider;
Figure 4 shows a schematic representation of an off-line authentication process of the connection process of Figure 3;
Figure 5 shows a schematic flow chart of a sign-on procedure of the connection process;
Figure 6 shows a schematic representation of a sign-on screen generated during the sign-on procedure;
Figure 7 shows a schematic representation of a Write Mail screen;
Figure 8 shows a schematic representation of a screen display to advise a user of new mail;
Figure 9 shows a schematic representation of a New Mail screen;
Figure 10 shows a schematic representation of a Read Mail screen;
Figure 11 shows a schematic representation of a Saved Mail screen;
Figure 12 shows a schematic representation of a screen display of a browser which has the connection process integrated therein;
Figure 13 shows a schematic representation of a process of redirecting a browser by default to a home page of a service provider;
Figure 14 shows a schematic flow chart of a further embodiment of a sign-on procedure of the connection process; and
Figure 15 shows a schematic block diagram of a computer.
DETAILED DESCRIPTION OF THE DRAWINGS
A method of, and computer program product for, establishing a connection between a remote computer device and a server are described below. In the description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It will be evident, however, to one skilled in the art that the present invention may be practiced without these specific details.
Referring to the drawings, reference numeral 10 generally indicates a typical arrangement of hardware forming part of the Internet. The hardware includes a plurality of remote personal computers (PCs) 12 connected via the Internet 14 to servers 16 of an Internet Service Provider (ISP). In the embodiment depicted in the drawings, separate servers are used for different services offered by the ISP and, accordingly, the hardware 10 includes a network authentication server 18, a personalized content server/database 20, a content database 22, a mail server 24, and a mail database 26. Each PC 12 includes a browser application and a computer program product 28 (see Figure 3) which provides a method of establishing a connection between a remote computer device in the form of the PCs 12 and a server defined by the servers 16 as described in more detail below. The computer program product 28 may however form an integral part of the browser application.
PRIOR ART
Referring in particular to Figure 2 of the drawings, reference numeral 30 generally indicates a prior art connection process for connecting remote PCs via the Internet to servers of an ISP. The process 30 forms part of the America Online (AOL) browser. In the prior art systems, when a user initiates the sign-on procedure, the browser is first launched as shown at step 32 which results in on-line authentication as shown by line 34 with a content server 36. Thereafter, the user signs on and user authentication takes place as shown at step 38. It is important to note that no off-line authentication takes place in the prior art and, accordingly, the browser is first launched prior to any user authentication. After sign on at step 38, the conventional browsers initialize or activate a dial-up network (DUN) which performs further on-line authentication as shown by line 42 with a network server 44. Following on-line authentication (see line 42) an e-mail or mail client component or application 46 is activated which then communicates with the mail server 48. As mentioned above, authentication of a user with one or more servers 16 of the service provider takes place on-line requiring use of the communication line e.g. a telephone line or the like, to effect authentication.
Unlike the prior art connection process 30, the computer program product 28 includes a new connection process in which the sequence of events in effecting authentication differs from the sequence of events for effecting communication in the prior art. In particular, the computer program product 28 includes a method whereby sign-on authentication (see step 50) takes place off-line and prior to the launching or activation of a DUN/LAN (local area network) or browser application. The off-line authentication defines a first authentication instance and, once completed, the DUN/LAN application is activated as shown at step 52 where after on-line authentication with the network server 44 takes place as shown by arrow 54. The on-line authentication defines a second authentication instance. Once the DUN/LAN has established a TCP/IP communication link or connection with the network server 44, the browser and e-mail applications (see step 56) are launched or activated. As shown in Figure 3, the browser may then communicate with the content server 36 (after a third authentication instance) and, in the event of the user requiring mail client services, the e- mail or mail client application then communicates with the mail server 48 during which a fourth on-line authentication instance takes place as generally indicated by arrow 50. The authentication instances are described in more detail below.
Referring in particular to Figure 4 of the drawings, reference numeral 60 generally indicates the off-line authentication process of the computer program product 28. At start up (see step 62), after a desktop icon 64 has been clicked, the product 28 checks the CMDET cookie 66 (see line 68) to obtain the latest list of usernames and one-way hash encoded passwords. If no CMDET cookie is located (see line 70) the method or process generally indicated by arrow 72 is then followed or executed. If, however, the correct CMDET cookie 66 is located, the product 24 opens a sign-on screen 74 (see also Figure 6) which includes data obtained from the CMDET cookie 66. In order to proceed, a user is required to insert a password into the password entry zone 78 or retrieve a password from a password store where after the user may select the Sign-On button 80 in order to sign on. The password entered by the user is then validated against the password data in the cookie 66 for the specific username 76 that has been selected. Accordingly, each different user 76 may have a different password and, as will be described in more detail below, mail functionality e.g. reading and writing e-mail is restricted to the specific user. Thus, as describe above, on-line authentication of users (Figure 3) takes place prior to activation or initiation of the connection with the server 16 of the ISP. Only after off-line authentication has taken place are the DUN/LAN, browser, and e-mail applications launched as shown at step 84 (see Figure 4).
If, however, the program cannot locate the CMDET cookie (see line 70) then the method or procedure 72 is followed. Firstly, as shown at step 86, the software routine checks a cached user list for the last list of usernames and passwords used. Thereafter, as shown at step 88, the cached list of usernames and passwords is retrieved and the sign-on screen 74 is displayed (see arrow 90) which includes the usernames that were retrieved from the cache. Thereafter, a user is required to insert a password or a password is retrieved from a user password store whereafter the user selects the Sign-On button (see step 75) in a similar fashion to that described above. Thereafter, the password is validated off-line (see step 92) against the password in the cache for the particular username selected and, if the match is positive, the DUN initiates the dial connection or LAN connection and launches the browser and e-mail client (see step 94) in a similar fashion to that shown at step 84.
Referring in particular to Figure 5 of the drawings, reference numeral 96 shows a more detailed schematic flow chart of the sign-on procedure of the connection process. The procedure or process starts off at step 98 whereafter it checks whether or not the CMDET cookie 66 is present as shown at decision step 100. If the cookie is present, the procedure then checks to see if a primary username and password matches the primary username and password stored in cache as shown at step 102 and decision step 104. If there is no match, then the process reverts to step 106 where the sign-on dialog or sign-on screen 74 is opened including the usernames that have been stored in cache. If, however, the primary username and primary password match, then the sign-on screen 74 is displayed including the usernames that are retrieved from the cookie 66 as shown at step 108. Once the sign-on screen 74 has been displayed, a user is prompted to select a screen name (see step 110 and usernames 76 in Figure 6) whereafter, as shown at decision step 112, the procedure checks whether or not it is the first time the particular screen name has been used. If it is the first time the screen has been used, a password store dialog is displayed as shown at step 114 whereafter an option is provided to the user to store the password as shown at decision step 116. If the user selects a button to store the password, the password is saved to a password store as shown at step 118 or the user may select or decide not to store the password.
If, however, it is not the first time the screen name has been used, then a check is conducted as shown at decision step 120 to ascertain whether or not the password has been stored. If the password has been stored, the password is then retrieved from the password store and inserted into the password entry zone 78 (see step 122). If the password has not been stored, or the user has decided not to store the password (see step 116), then the password is entered by the user as shown at step 124 whereafter the procedure monitors whether or not the Sign-On button 80 has been selected (as shown at decision step 126). If the Sign-On button 80 has not been selected, then the procedure or process reverts to step 110. If, however, the Sign-On button 80 is selected, off-line authentication of the password is effected as shown at decision step 128 and, if the password fails, then an appropriated dialog box is displayed as shown at step 130. Only after the password has been authenticated is the DUN/LAN connection initiated whereafter connection to an ISP network is effected as shown at step 130. If the connection to the network authentication server 18 is established (see decision step 134), a default browser is launched as shown at step 136 followed by the launching of the e-mail client as shown at step 138.
The default browser which may include the computer program product 28 as an integral part thereof, allows the writing and reading of mail after user authentication has taken place but before on-line authentication takes place. Accordingly, as can be seen on the sign-on screen 74, a Write Mail button 140 and a New Mail button 142 are provided. In addition, a Screen Name button 144 for selecting a particular screen name (which is the same as the username in this embodiment) and a facility to determine the connection type, e.g. a DUN or LAN connection (see arrow 146), is also provided. A Setup button 148 for altering the set up of the computer program product 28 as well as Close and Help buttons 150, 152 respectively are provided. The Screen Name button 144 allows a specific user to access the web-based servers 16 thereby to manage (e.g. delete, add, or the like) screen names linked to a primary screen name or username. In the embodiment depicted in the drawings, only a primary user can select the Screen Name button 144 after off-line authentication. The Screen Name button 144 is thus disabled if any other screen name, besides the primary user, is selected.
If the specific user selects the Write Mail button 140, a Write Mail screen 154 (see Figure 7) is generated. The Write Mail screen 154 includes a dialog box 156 for a destination e-mail address, a dialog box 158 for an e- mail address to which a copy is to be sent, a dialog box 160 for receiving details of the subject matter of the e-mail, and various other features generally indicated by arrow 162. Further, an Attach button 164, an Address Book button 166 and an E-card button 168 is provided. The E-card button 168 links the specific user to a website for creating personal greeting cards to send to other e-mail users. The user can write messages and insert either a picture or a background picture or text into the body of the message as generally shown by arrow 170, add attachments by means of the Attach button 164, perform a spell check on a particular message, add a signature to the message or set a default signature, select a name or a group of names from the address book by means of the Address Book button 166, or the like. If the user is on-line, the message can be sent by activating the Send Now button 172 or the message may be saved for subsequent sending via the Save button 174. When the Address Book button 166 is activated, the address book of each individual user (see specific username 76 in Figure 6) can each be saved and replaced thereby to provide enhanced functionality when working on more than one PC e.g. at home and at work.
Referring in particular to Figure 8 of the drawings, the computer program product 28 checks for new e-mail every 10 minutes when connected to the service provider. The time interval for checking for new mail may be selectively adjusted and, if the particular user has new mail, a New Mail screen 176 is displayed. The New Mail screen 176 provides the user with an option to read the mail immediately (see Read Now button 178) or to read the mail later by means of activating a Read Later button 180.
If the user clicks the Read Now button 178 to read the new mail, a further New Mail screen 182 (see Figure 9) is provided. Various buttons are provided on the New Mail screen 182 including a Read button 184 which allows a user to read a particular item of e-mail displayed in the display zone 186, a Mark as Unread button 186, a Delete button 188 to delete one or more e-mails which have been highlighted in the display zone 186, and a Download button 190 which allows' a user to download selected e-mail onto the PC 12. Once a user opens mail in the read mail dialog (see Read Mail button 184 in Figure 9), the mail is marked on the mail server as mail that has been read. The Mark as Unread button 186 changes the status of the mail on the server, i.e. it appears as unread mail again.
The Read button 184 allows a user to read mail while on-line, and the Download button 198 thus allows a user to download the mail and read the mail off-line at a later stage. The New Mail screen 182 includes a New Mail button 192 which displays the new mail screen as shown in Figure 9, and a Save Mail button 194 which provides a saved mail screen generally indicated by reference numeral 196 in Figure 11. The save mail screen 196 includes a Read button 198, a Mark as Unread button 200, and a Delete button 202. The saved mail screen display 196 further includes a New Folder button 204 for opening a new folder. If a user clicks the Read button 198 on the new mail screen display 182 or the Read button 198 on the saved mail screen display 196, the user may read mail, delete mail, save mail in a personal folder, save the sender=s e-mail address to his personal address book, view an attachment, perform normal mail functions such as forward reply or reply all, or the like.
An example of a read mail display screen is generally indicated by reference numeral 206 in Figure 10 of the drawings. The Read Mail screen 206 includes an Address button 208, a Reply button 210, a Forward button 212, a Reply All button 214, a Delete button 216, a Save button 218, in order to provide the user with the functionality mentioned above. When the Saved Mail button 194 is clicked, the computer program product 28 checks to see whether or not a correct password was provided prior to displaying the display screen 196. If the correct password was provided, the user can then read saved mail from his particular folder and create new personal folders (see button 204) as well as move mail between folders. Thus, mail is grouped in such a fashion that it is accessible by an associated user who, in order to access the mail, must provide a correct password during the off-line authentication procedure. Each username is authenticated so that only the particular user can access his or her mailbox when the correct password is provided.
Referring in particular to Figure 13 of the drawings, the browser application is launched in the following manner. Firstly, the computer program product will call the Microsoft™ WIN32 API passing the URL and user screen name and encrypted/encoded password (see step 222). WIN32 then launches the default browser, e.g. IE5 or Netscape, with the URL (see step 224). The browser application then sends the username and password of the screen name (see below) to the content server 36 where further online content authentication may take place. Personalized HTML content of the specific user (see Figure 6 which is described in more detail below) is then passed to the browser application (see step 226 in Figure 13). Referring in particular to Figure 14 of the drawings, reference numeral 250 generally indicates a further embodiment of a sign-on procedure in accordance with the invention. The sign-on procedure 250 resembles the sign-on procedure 96 and, accordingly, like reference numerals have been used to indicate the same or similar steps.
When the procedure is started at 252 it first checks, as shows at decision step 100, whether or not a cookie is present which includes the usernames and passwords. If no cookie is present, then a "no cookie present" flag is set (see step 254) and a check is conducted to see whether or not a cookie is present in the registry of the computer system as shown as decision step 256. If a cookie is present in the registry, then the procedure 250 compares a primary username and password obtained from the stored cookie with that of a primary account username and password stored in registry as shown at step 258. If the primary username and password match the primary account username and password (see decision step 260) then a sign-on screen and display displaying the username stored in the cookie retrieved from the registry is opened, shown at step 262. However, if there is no match then the procedure 250 proceeds to step 106 where a sign-on screen is opened which displays the primary account username stored in the registry. Likewise, if at decision step 256 the stored cookie is not present in the registry, the procedure 250 proceeds to decision step 106.
Returning to decision step 100, if a cookie is present then the procedure 250 proceeds to decision step 264 which checks whether or not a cookie is present in the registry of the computer system. If no cookie is present in the registry then the registry is updated with a cookie including the relevant user data as shown at step 266. Thereafter, a sign-on screen is opened which displays the username as retrieved from the cookie (see step 108). Returning to decision step 264, if a cookie is present in the registry, then the procedure 250 checks if the primary username and password in the cookie matches that of the stored cookie in the registry and, if the two match, then the sign-on screen is opened as shown at step 108. If, the primary username and password in the cookie do not match the cookie stored in the registry, then the procedure 250 proceeds to step 266 where the cookie in the registry is updated.
An example of the screen display generated in steps 262, 106, and 108 is shown in Figure 6 of the drawings. The screen display 74, as mentioned above, includes a plurality of screen names or usernames 76, a Screen Name button 144, a Sign-on button 80, a Write Mail button 140, a New Mail button 142, a Close button 150, a Help button 152, a facility 146 to determine the connection type (e.g. DUN or LAN), and a Set-up button 148. As shown at step 110 in Figure 14, a user then selects his or her particular username whereafter the procedure 250 checks at step 112 whether or not it is the first time that the particular screen name or username has been selected. If it is the first time the particular screen name or username has been selected, then a password store dialog box (see step 114) is opened whereafter the user is asked whether or not the password must be stored for future reference (see decision step 116). If the password is to be stored, then the password is saved (see step 118) into a password store for future use. If, however, the user selects not to store the password, the procedure 250 proceeds to step 124 where the user enters his or her password into the password entry zone 78 (see Figure 6).
Returning to decision step 112, if the screen name or username has been used before, then the procedure 250 proceeds to decision step 120 to determine whether or not the password is stored and, if not, the user then enters the password as shown at step 124. If, however, the password has been stored, the procedure 250 then retrieves the password for the particular screen or username from the password store (see step 122) and then populates the password entry zone 78 on the screen, typically, with a plurality of "*" characters as shown at step 268. Thereafter, the procedure 250 proceeds to step 126 where it awaits the activation of the Sign-on button 80 (see Figure 6). The procedure 250 then enters a loop to detect when the Sign-on button 80 or the New Mail button 142 (see decision step 270) are clicked or activated.
Once the procedure 250 has detected when the Sign-on button 80 or the New Mail button 142 has been activated, it then checks the password against the cookie stored in the registry or stored in the primary account password in the registry, as the case may be, depending on the source of the username as shown at step 272. Thereafter, as shown at decision step 128, the password is checked to see whether or not it is correct and, if not, a password failed dialog box (see step 130) is displayed and the procedure 250 returns to step 124. If, however, the password is correct, the procedure 250 checks as shown at decision step 274, if the New Mail button 142 has been activated and, if so, the mail client is opened which shows the saved mail for the particular username (see step 276 in Figure 9 and 14). The user may then work in an off-line environment (see step 278) or the user may then sign-on from the mail client, as shown at decision step 280. If the user does not sign-on from the mail client, and the user does not close the mail client (see step 282), the procedure 250 returns to step 278. If, however, the user signs on from the mail client at step 280 then a connection is initiated to the ISP's network via the LAN or DUN as the case may be (see the connection type 146 in Figure 6). The procedure 250 then enters a loop (see step 134) in order to attempt to establish a connection. Returning to decision step 282, if the user closes the mail client, then the procedure 250 opens a sign-on screen at step 284. If a Close button 191 (see Figure 9) is activated then the main procedure 250 ends as shown at step 286. However, if the Close button 191 is not activated then the procedure 250 returns to step 110 where a user may select a further screen or username.
Returning to decision step 134 once a connection is established the procedures starting at steps 136 and 288 are carried out. At step 288, a check is conducted to see whether or not the "no cookie present" flag is set (see step 254) and, if not, the sub-enquiry terminates at step 290. If, however, the "no cookie present" flag is set, then a new cookie is downloaded from the server using the primary account details in the registry as shown at step 292. Thereafter, the cookie in the registry is updated and stored in the registry and, accordingly, updated usernames and passwords are then provided on the computer (see step 294) and the sub-enquiry terminates at step 296. In step 136, the procedure 250 launches a default browser with the particular ISP's URL and username including a hash encoded password of the user signing on. Thereafter as shown at decision step 298, the procedure 250 checks whether or not the mail client has already been launched and, if so, a check is then conducted to see if there is any new mail and any out going mail is then sent whereafter the sub-enquiry terminates at step 302. If, however, the mail client has not already been launched, then the email client with a username and hash encoded password associated with the username 76 which has been selected is launch and, thereafter, the sub-enquiry terminates as shown at step 304. After any one of the sub-enquiries terminate, other procedural steps may be executed.
In use, the PC may thus request specific mail from the ISP that is associated with the specific user. Thus, the computer program product 28 ensures that both the correct on-line and off-line mail is accessible to a particular user. Off-line authentication thus ensures that the user only has access to his/her own e-mail.
In summary, when a user clicks the sign-on button the following steps take place. Initially, the installed dialog networking (DUN) entry is called and a dialog connection is established to the service provider's network. When the connection is established, the network authentication server authenticates the username and password in the DUN entry. The username and password may be independent of the username and password of the user signing onto the service provider's portal, and/or signing on to check for e-mail. Further, the username and encoded password are passed to the e- mail client and the e-mail client is then launched. The e-mail client connects to the mail server and does an on-line authentication of the mail server. This ensures that the correct mailbox is checked. Thereafter, the username and hash coded passwords are passed to the browser and the browser is launched with the service providers portal URL and the username and the hash coded password. The username and password is authenticated on the service provider's portal to ensure that the correct. content is presented to the user signing onto the service provider.
As mentioned above, the computer program product 28 may form an integral part of a browser 220 (see Figure 12). However, in other embodiments of the invention, the application software on the user's PC may be modular and, accordingly, the computer program product 28 may interface with a conventional browser and/or DUN.
Figure 15 shows a diagrammatic representation of a computer system 400 within which a set of instructions, for causing the machine to perform any one of the methodologies discussed above, may be executed. In alternative embodiments, the machine may comprise a network router, a network switch, a network bridge, Personal Digital Assistant (PDA), a cellular telephone, a web appliance or any machine capable of executing a sequence of instructions that specify actions to be taken by that machine.
The computer system 400 includes a processor 402, a main memory 404 and a static memory 406, which communicate with each other via a bus 408. The computer system 400 may further include a video display unit 410 (e.g., a liquid crystal display (LCD) or a cathode ray tube (CRT)). The computer system 400 also includes an alpha-numeric input device 412 (e.g., a keyboard), a cursor control device 414 (e.g., a mouse), a disk drive unit 416, a signal generation device 418 (e.g., a speaker) and a network interface device 420.
The disk drive unit 416 includes a machine-readable medium 422 on which is stored a set of instructions (i.e., software) 424 embodying any one, or all, of the methodologies described above. The software 424 is also shown to reside, completely or at least partially, within the main memory 404 and/or within the processor 402. The software 424 may further be transmitted or received via the network interface device 420. For the purposes of this specification, the term "machine-readable medium" shall be taken to include any medium that is capable of storing or encoding a sequence of instructions for execution by the machine and that cause the machine to perform any one of the methodologies of the present invention. The term "machine-readable medium" shall accordingly be taken to included, but not be limited to, solid-state memories, optical and magnetic disks, and carrier wave signals.
Thus, a method and system for establishing a connection between a remote computer device and a server have been described. Although the present invention has been described with reference to specific exemplary embodiments, it will be evident that various modifications and changes may be made to these embodiments without departing from the broader spirit and scope of the invention. Accordingly, the specification and drawings are to be regarded in an illustrative rather than a restrictive sense.

Claims

CLAIMS:What is claimed is:
1. A method of establishing a connection between a remote computer device and a server, the method including: requesting sign-on data from a user of the computer device; authenticating the sign-on data; activating a network connection component upon positive authentication thereby to establish the connection with the server; and activating a browser upon establishing a successful connection.
2. The method of Claim 1 , in which the sign-on data includes at least user identification data, the method including providing access to an associated mailbox linked to the user identification data prior to activating the network connection component.
3. The method of Claim 2, which includes: providing a display screen including user identification data in the form of a plurality of usernames; detecting which particular username of the plurality of usernames is selected; obtaining a user entered password associated with the username; authenticating the password; and providing access to the associated mailbox if the user entered password is correct.
4. The method of Claim 3, which includes downloading and uploading mail associated with the username when the network connection component is subsequently activated.
5. The method of Claim 3, in which authenticating the user entered password includes checking a cookie that includes a list of usernames and reference passwords.
6. The method of Claim 5, in which the user entered password is obtained by providing a screen display including a password entry zone for a user to enter the password.
7. The method of Claim 5, in which the reference password is retrieved from a password storage facility of the remote computer device.
8. The method of Claim 6, which includes comparing the user entered password with reference password data in the cookie and, if the passwords match, activating the communication network component.
9. The method of Claim 8, which includes checking a cached user list for the last list of one of usernames and passwords used, if retrieving the cookie fails.
10. The method of Claim 9, which includes displaying the data on users included in the cached list on the screen display and comparing the user entered password with the reference password data in the cache and, if the passwords match, activating the network component.
11. The method of Claim 1 , in which the connection is established via the Internet.
12. The method of Claim 1 , in which the remote computer device is one of an interactive television (TV), a personal computer (PC), a WAP enabled telephone, and a PDA.
13. The method of Claim 1 , in which the server is a web server that is accessed through a web portal.
14. The method of Claim 1 , which includes activating a mail client application together with the browser.
15. The method of Claim 14, in which the mail client application is integrally formed with the browser.
16. The method of Claim 1 , in which authentication of the sign-on data defines a first authentication instance which is carried out off-line, the method including a second authentication instance in which a user is authenticated when the network connection component communicates with the network server in an on-line state.
17. The method of Claim 16, which includes in the second authentication instance authenticating a primary subscriber with an Internet Service Provider.
18. The method of Claim 16, in which the network communication component establishes a TCP/IP connection between the server and the remote computer device whereafter the browser is activated.
19. The method of Claim 18, in which third and fourth authentication instances occur to authenticate the user with a content provider server and a mail server respectively.
20. The method of Claim 17, in which the subscriber includes a plurality of users and, the third and fourth authentication instances authenticate a specific user with a content provider server and mail server respectively.
21. The method of Claim 1 , in which the network communication component is a dial-up network component.
22. The method of Claim 21 , in which the dial-up network component forms an integral part of computer program product.
23. The method of Claim 1 , in which the network communication component establishes communications via a local area network (LAN).
24. A computer program product for establishing a connection between a remote computer device and a server, the product including a machine readable medium which, when run on a computer, causes the computer to: request sign-on data from a user of the computer device; authenticate the sign-on data; activate a network connection component upon positive authentication thereby to establish the connection with the server; and activate a browser upon establishing a successful connection.
25. The product of Claim 24, in which the sign-on data includes at least user identification data, the product providing access to an associated mailbox linked to the user identification data prior to activating the network connection component.
26. The product of Claim 25, which: provides a display screen including user identification data in the form of a plurality of usernames; detects which particular username of the plurality of usernames is selected; obtains a user entered password associated with the username; authenticates the password; and provides access to the associated mailbox if the user entered password is correct.
27. The product of Claim 25, which downloads and uploads mail associated with the username when the network connection component is subsequently activated.
28. The product of Claim 25, in which authenticating the user entered password includes checking a cookie that includes a list of usernames and reference passwords.
29. The product of Claim 27, in which the user entered password is obtained by providing a screen display including a password entry zone for a user to enter the password.
30. The product of Claim 27, in which the reference password is retrieved from a password storage facility of the remote computer device.
31. The product of Claim 28, which compares the user entered password with reference password data in the cookie and, if the passwords match, activating the communication network component.
32. The product of Claim 30, which checks a cached user list for the last list of one of usernames and passwords used, if retrieving the cookie fails.
33. The product of Claim 31 , which displays the data on users included in the cached list on the screen display and comparing the user entered password with the reference password data in the cache and, if the passwords match, activating the network component.
34. The product of Claim 23, in which the connection is established via the Internet.
35. The product of Claim 23, in which the remote computer device is one of an interactive television (TV), a personal computer (PC), a WAP enabled telephone, and a PDA.
36. The product of Claim 23, in which the server is a web server that is accessed through a web portal.
37. The product of Claim 23, which activates a mail client application together with the browser.
38. The product of Claim 36, in which the mail client application is integrally formed with the browser.
39. The product of Claim 23, in which authentication of the sign-on data defines a first authentication instance which is carried out off-line, and the product includes a second authentication instance in which a user is authenticated when the network connection component communicates with the network server in an on-line state.
40. The product of Claim 38, which in the second authentication instance authenticates a primary subscriber with an Internet Service Provider.
41. The product of Claim 38, in which the network communication component establishes a TCP/IP connection between the server and the remote computer device whereafter the browser is activated.
42. The product of Claim 40, in which third and fourth authentication instances occur to authenticate the user with a content provider server and a mail server respectively.
43. The product of Claim 39, in which the subscriber includes a plurality of users and, the third and fourth authentication instances authenticate a specific user with a content provider server and mail server respectively.
44. The product of Claim 23, in which the network communication component is a dial-up network component.
45. The product of Claim 43, in which the dial-up network component forms an integral part of computer program product.
46. The product of Claim 23, in which the network communication component establishes communications via a local area network (LAN).
PCT/US2001/046435 2000-12-01 2001-11-30 Method of establishing a connection between a remote computer device and server through off-line authentication WO2002044861A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2002230600A AU2002230600A1 (en) 2000-12-01 2001-11-30 Method of establishing a connection between a remote computer device and server through off-line authentication

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ZA2000/7113 2000-12-01
ZA200007113 2000-12-01

Publications (3)

Publication Number Publication Date
WO2002044861A2 true WO2002044861A2 (en) 2002-06-06
WO2002044861A3 WO2002044861A3 (en) 2003-03-06
WO2002044861A9 WO2002044861A9 (en) 2003-04-17

Family

ID=25588998

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/046435 WO2002044861A2 (en) 2000-12-01 2001-11-30 Method of establishing a connection between a remote computer device and server through off-line authentication

Country Status (2)

Country Link
AU (1) AU2002230600A1 (en)
WO (1) WO2002044861A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150278493A1 (en) * 2014-03-28 2015-10-01 International Business Machines Corporation Managing a password

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5623600A (en) * 1995-09-26 1997-04-22 Trend Micro, Incorporated Virus detection and removal apparatus for computer networks
US5710817A (en) * 1992-08-25 1998-01-20 Icl Systems Ab Method and device for preventing unauthorized access to a computer system
US6018583A (en) * 1994-09-16 2000-01-25 Chantilley Corporation Ltd Secure computer network
US6108790A (en) * 1997-02-28 2000-08-22 Casio Computer Co., Ltd. Authentication system using network
US6374359B1 (en) * 1998-11-19 2002-04-16 International Business Machines Corporation Dynamic use and validation of HTTP cookies for authentication
US6412073B1 (en) * 1998-12-08 2002-06-25 Yodiee.Com, Inc Method and apparatus for providing and maintaining a user-interactive portal system accessible via internet or other switched-packet-network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5710817A (en) * 1992-08-25 1998-01-20 Icl Systems Ab Method and device for preventing unauthorized access to a computer system
US6018583A (en) * 1994-09-16 2000-01-25 Chantilley Corporation Ltd Secure computer network
US5623600A (en) * 1995-09-26 1997-04-22 Trend Micro, Incorporated Virus detection and removal apparatus for computer networks
US6108790A (en) * 1997-02-28 2000-08-22 Casio Computer Co., Ltd. Authentication system using network
US6374359B1 (en) * 1998-11-19 2002-04-16 International Business Machines Corporation Dynamic use and validation of HTTP cookies for authentication
US6412073B1 (en) * 1998-12-08 2002-06-25 Yodiee.Com, Inc Method and apparatus for providing and maintaining a user-interactive portal system accessible via internet or other switched-packet-network

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
'Microsoft computer dictionary', 2002, MICROSOFT PRESS XP002953451 Fifth edition, pages 156, 279, 281, 292, 304, 396, 399, 413, 513, 572 *
SANDHU RAVI, SAMARATI PIERANGELA: 'Authentication access control and audit' ACM COMPUTING SURVEYS March 1996, BALTIMORE, MARYLAND, XP002953452 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150278493A1 (en) * 2014-03-28 2015-10-01 International Business Machines Corporation Managing a password
US20150278509A1 (en) * 2014-03-28 2015-10-01 International Business Machines Corporation Managing a password
US9569610B2 (en) * 2014-03-28 2017-02-14 International Business Machines Corporation Managing a password
US20170091442A1 (en) * 2014-03-28 2017-03-30 International Business Machines Corporation Managing a password
US9734324B2 (en) 2014-03-28 2017-08-15 International Business Machines Corporation Managing a password

Also Published As

Publication number Publication date
AU2002230600A1 (en) 2002-06-11
WO2002044861A9 (en) 2003-04-17
WO2002044861A3 (en) 2003-03-06

Similar Documents

Publication Publication Date Title
US7552172B2 (en) Multi-windowed online application environment
US6489980B1 (en) Software apparatus for immediately posting sharing and maintaining objects on a web page
US7689649B2 (en) Rendering destination instant messaging personalization items before communicating with destination
US9712469B2 (en) Systems and methods for forwarding electronic mail
US7779076B2 (en) Instant messaging personalization
US7890961B2 (en) Method and apparatus for providing desktop application functionality in a client/server architecture
US8010996B2 (en) Authentication seal for online applications
US6233608B1 (en) Method and system for securely interacting with managed data from multiple devices
US6610105B1 (en) Method and system for providing resource access in a mobile environment
US20030225847A1 (en) Sending instant messaging personalization items
US7676833B2 (en) Login screen with identifying data
US20060294196A1 (en) Method and system for storing a web browser application session cookie from another client application program
US20140164529A1 (en) Communication systems and methods
US20030005299A1 (en) User authorization management system using a meta-password and method for same
US8862677B2 (en) Authentication of electronic data
US20070244973A1 (en) Accessing web based email applications
CN1281187A (en) Customer control of world wide net browser customer data
KR100322719B1 (en) Information processing method and apparatus, and a recording medium storing a program for controlling a server
WO2002044861A2 (en) Method of establishing a connection between a remote computer device and server through off-line authentication
WO2006112617A1 (en) Hyper mailing server, transmitting server, hyper mailing system comprising the same, control method thereof, hyper message server and hyper message system
JP2002132665A (en) Electronic mail management system and electronic mail management method
WO2003103208A2 (en) Instant messaging personalization
WO2002047370A9 (en) Method for monitoring connection of a remote computer via a communication network
KR20030012285A (en) Web browzer and controlling method thereof and web browzing service system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
COP Corrected version of pamphlet

Free format text: PAGES 1/16-16/16, DRAWINGS, REPLACED BY NEW PAGES 1/16-16/16; DUE TO LATE TRANSMITTAL BY THE RECEIVING OFFICE

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP