US20140359716A1 - Web page security system - Google Patents

Web page security system Download PDF

Info

Publication number
US20140359716A1
US20140359716A1 US14/307,332 US201414307332A US2014359716A1 US 20140359716 A1 US20140359716 A1 US 20140359716A1 US 201414307332 A US201414307332 A US 201414307332A US 2014359716 A1 US2014359716 A1 US 2014359716A1
Authority
US
United States
Prior art keywords
web page
user
fid
identifier
item
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/307,332
Inventor
Srinivas V. Dasari
Kevin Harvey
Cathy Sockrider
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Liberty Peak Ventures LLC
Original Assignee
III Holdings 1 LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by III Holdings 1 LLC filed Critical III Holdings 1 LLC
Priority to US14/307,332 priority Critical patent/US20140359716A1/en
Assigned to III HOLDINGS 1, LLC reassignment III HOLDINGS 1, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC.
Publication of US20140359716A1 publication Critical patent/US20140359716A1/en
Assigned to LIBERTY PEAK VENTURES, LLC reassignment LIBERTY PEAK VENTURES, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: III HOLDINGS 1, LLC
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2119Authenticating web pages, e.g. with suspicious links

Definitions

  • the invention relates to a security application for a computer, and more particularly, to a multi-tiered security application for a computer.
  • Web pages typically display one or more objects (e.g., buttons, fields, screens, and the like) and an entity operating a web page often wishes to block access to the entire web page or portions of the web page (e.g., the objects). More particularly, the entity operating the web page may wish to block display of an object included on the web page, block the ability to input data, block the ability to use an object on the web page, and/or block the ability to edit/modify an object on the web page to some users.
  • objects e.g., buttons, fields, screens, and the like
  • the entity operating the web page may wish to block display of an object included on the web page, block the ability to input data, block the ability to use an object on the web page, and/or block the ability to edit/modify an object on the web page to some users.
  • Current security systems e.g., Resource Access Control Facility (RACF) map a single sign on (SSO) security identifier to, for example, a single Information Management System (IMS) identifier for an entire application.
  • the IMS identifier is used for every transaction and grants the user access to each web page.
  • current security systems are configured such that when the user gains access to the web page, the user has access to the entire web page and each object included on the web page. Therefore, a security application that is capable of providing different levels of access to a plurality of web pages, to different portions of a single web page, and to different objects included on a single web page is needed in the art.
  • a computer-implemented method to control access to a plurality of web pages and to control access to an object included on each of the web pages includes the steps of assigning, in a first data table, at least one function identifier (FID) of a plurality of FIDs to a plurality of users; assigning, in a second data table, a first object identifier (OID) to a first web page; assigning, in the second data table, a second OID to a first object on the first web page; assigning, in a third data table, a first FID of the plurality of FIDs to the first OID; assigning, in the third data table, a second FID of the plurality of FIDs to the second FID; granting access, by a server, to the first web page when at least one FID of a user matches the first FID; and granting access, by the server, to the first object when at least one FID of the user matches the second FID, the plurality
  • step of assigning at least one user FID includes the steps of assigning, in the first data table, a first user FID to the user, and assigning, in the first data table, a second user FID to the user, wherein the first user FID and the second user FID are different FIDs.
  • granting access to the first web page includes granting display access to the first web page.
  • the second user FID is input FID and the second FID is input FID
  • granting access to the first object includes granting input access to the first object.
  • the second user FID is edit FID and the second FID is edit FID
  • granting access to the first object includes granting edit access to the first object.
  • the method further includes the steps of assigning, in the second data table, a third OID to a second web page; assigning, in the third data table, a third FID to the third OID; and granting access, by the server, to the second web page when one of the first FID and the second FID match the third FID.
  • the method includes the steps of assigning, in the second data table, a fourth OID to a second object on the second web page; assigning, in the third data table, a fourth FID to the fourth OID; and granting access, by the server, to the second object when one of the first user FID and the second user FID match the fourth FID.
  • a computer including a multi-tiered security application includes a server configured to operate a plurality of web pages, the plurality of web pages each comprising an object; a first data table configured to assign at least one FID to a plurality of users; a second data table configured to assign an OID to each web page and to assign an OID to each object; and a third data table configured to assign an FID to each OID, each FID comprising a function level.
  • the server is configured to compare a user FID to a first FID assigned to a first OID assigned to a web page when a user attempts to access the web page, grant function access corresponding to the matched FID, to the user, to the web page when the user FID matches the FID assigned to the OID assigned to the web page, compare a user FID to a second FID assigned to a second OID assigned to an object when a user attempts to access the object, and grant function access corresponding to the matched FID, to the user, to the object when the user FID matches the FID assigned to the OID assigned to the object.
  • the server is further configured to enable the user to view the web page when the user FID is the display FID and the first FID are both a display FID, enable the user to input information into the web page when the user FID and the first FID are both an input FID, and enable the user to edit the web page when the user FID and the first FID are both an edit FID.
  • the server is configured to enable the user to view the object when the user FID is the display FID and the first FID are both a display FID, enable the user to input information into the object when the user FID and the first FID are both an input FID, and enable the user to edit the object when the user FID and the first FID are both an edit FID.
  • FIG. 1 is a block diagram of a computer including a multi-tiered security application in accordance with one embodiment of the present invention
  • FIG. 2 is a block diagram of data tables and web pages included in the computer of FIG. 1 in accordance with one embodiment of the present invention
  • FIG. 3 is a screenshot of display FID access to one web page included in FIG. 2 in accordance with one embodiment of the present invention
  • FIG. 4 is screenshot of display FID and input FID access one web page included in FIG. 2 in accordance with one embodiment of the present invention
  • FIG. 5 is screenshot of display FID, input FID, and edit FID accessing one web page included in FIG. 2 in accordance with one embodiment of the present invention.
  • FIG. 6 is a flow diagram of a method to control access to one or more web pages and one or more objects included on each of the web pages, in accordance with one embodiment of the present invention.
  • Various embodiments of the present invention are directed to a security application and method for selectively granting access to a user to one or more web pages and one or more objects included on each web page according to the user's function level.
  • Each web page is assigned a function level, which is also assigned to a user, to access the web site.
  • each object on each web page is also assigned its own individual function level, which is separate from the function level required to access the web page on which it resides.
  • a user is assigned one or more function levels and the user is able to access (or access and perform various functions on various web pages, and objects on each web page) according to the user's function level in relation to the function level for each web page and each object on each web page.
  • a user assigned only a display function level is not able to access a web page requiring an input or edit function level.
  • the user may be able to access a web page with a display function level, but objects on the web page having an input or edit function level would not be displayed (i.e., blocked) to the user.
  • the objects are viewable by the user, but the user is unable to perform pre-defined functions to the objects.
  • embodiments of the present invention are capable of providing real-time changes to security within the application without the need for changing the programs/code operating the web pages and the programs/code operating any objects included on the web pages.
  • embodiments of the present invention are capable of being utilized and/or implemented in conjunction with existing security systems (e.g., Resource Access Control Facility (RACF) systems).
  • RAF Resource Access Control Facility
  • FIG. 1 is a block diagram of an exemplary embodiment of a computer 100 including a multi-tiered security application.
  • computer 100 typically includes an operating system (e.g., Windows NT, 95/98/2000, Linux, Solaris, etc.) as well as various conventional support software and drivers typically associated with computers.
  • Computer 100 may be in a home or business environment with access to a network.
  • computer 100 is accessed through the Internet via a commercially-available web-browser software package or through an intranet connection.
  • Access to the Internet or intranet may be accomplished through any suitable communication means, such as, for example, a telephone network, point of interaction device (e.g., personal digital assistant, cellular phone, kiosk, and the like), online communications, off-line communications, wireless communications, transponder communications and/or the like.
  • a telephone network e.g., a telephone network, point of interaction device (e.g., personal digital assistant, cellular phone, kiosk, and the like), online communications, off-line communications, wireless communications, transponder communications and/or the like.
  • point of interaction device e.g., personal digital assistant, cellular phone, kiosk, and the like
  • online communications e.g., online communications, off-line communications, wireless communications, transponder communications and/or the like.
  • Computer 100 includes one or more central processing units (CPUs) 110 , wherein CPU 110 may be any hardware and/or software suitably configured to read and execute computer programs and/or software instructions.
  • CPU 110 may include any processor for processing digital data, a memory coupled to the processor for storing digital data, an input digitizer coupled to the processor for inputting digital data, an application program stored in the memory and accessible by the processor for directing processing of digital data by the processor, a display coupled to the processor and memory for displaying information derived from digital data processed by the processor and a plurality of databases, the databases including, for example, client data, merchant data, financial institution data, and/or other suitable data capable of being used in association with the present invention.
  • Computer 100 also includes one or more security servers 120 connected to CPU 110 , wherein security server 120 includes any hardware and/or software suitably configured to receive authentication credentials, encrypt and decrypt credentials, authenticate credentials, and grant access rights according to a user's pre-determined privileges attached to the credentials.
  • security server 120 includes any hardware and/or software suitably configured to receive authentication credentials, encrypt and decrypt credentials, authenticate credentials, and grant access rights according to a user's pre-determined privileges attached to the credentials.
  • Computer 100 also includes one or more web servers 130 connected to CPU 110 , wherein web server 130 includes any hardware and/or software suitably configured to store and operate one or more web pages (e.g., web pages 150 , 160 , and/or 170 ) or other Internet/intranet-based graphical user interface (GUI) accessible by users.
  • web pages 150 , 160 , and/or 170 include any information and are appropriately configured to suit the needs of the entity operating computer 100 .
  • the term “web page” as it is used herein is not meant to limit the type of documents and applications that might be used to interact with the user.
  • a typical website may include, in addition to standard HTML documents, various forms, Java applets, Javascript, active server pages (ASP), common gateway interface scripts (CGI), extensible markup language (XML), dynamic HTML, cascading style sheets (CSS), helper applications, plug-ins, and the like.
  • standard HTML documents various forms, Java applets, Javascript, active server pages (ASP), common gateway interface scripts (CGI), extensible markup language (XML), dynamic HTML, cascading style sheets (CSS), helper applications, plug-ins, and the like.
  • web pages 150 , 160 , and 170 each include one or more objects (e.g., objects 155 , 165 , and 175 , respectively) on them.
  • objects e.g., objects 155 , 165 , and 175 , respectively.
  • object includes any object, GUI, and the like known in the art or later developed. Examples of suitable objects include, but are not limited to, text fields, text displays, links, portals, modules, screen buttons, radio buttons, and the like.
  • Computer 100 also includes one or more security databases 140 associated with web pages 150 , 160 , and 170 .
  • Security database 140 includes any type of database, such as relational, hierarchical, object-oriented, and/or the like. Common database products that may be used to implement the databases include DB2 by IBM (White Plains, N.Y.), any of the database products available from Oracle Corporation (Redwood Shores, Calif.), Microsoft Access or MSSQL by Microsoft Corporation (Redmond, Wash.), or any other database product.
  • Security database 140 may be organized in any suitable manner, including as data tables or lookup tables. Association of certain data may be accomplished through any data association technique known and practiced in the art. For example, the association may be accomplished either manually or automatically.
  • Automatic association techniques may include, for example, a database search, a database merge, GREP, AGREP, SQL, and/or the like.
  • the association step may be accomplished by a database merge function, for example, using a “key field” in each of the manufacturer and retailer data tables.
  • a “key field” partitions the database according to the high-level class of objects defined by the key field. For example, a certain class may be designated as a key field in both the first data table and the second data table, and the two data tables may then be merged on the basis of the class data in the key field.
  • the data corresponding to the key field in each of the merged data tables is preferably the same. However, data tables having similar, though not identical, data in the key fields may also be merged by using AGREP, for example.
  • security database 140 includes a plurality of data tables (e.g., data table 142 , data table 144 , and data table 146 ) for storing various identifiers (e.g., function identifiers (FIDs) and object identifiers (OIDs)) assigned to users; web pages 150 , 160 , and 170 ; and objects 155 , 165 , 175 .
  • the FIDs are used to gain function access to web pages, objects on the web pages, databases, and/or the like.
  • the FIDs include a display FID, an input FID, and an edit FID, each of which corresponds to a functional capability and/or a function level granted to a user.
  • a display FID allows a user to view web pages and objects that have a display FID assigned to them.
  • a user would be required to have an input FID or an edit FID to have input access or edit access to web pages and/or objects having an input FID or edit FID assigned to them, respectively.
  • the current discussion references a display FID, an input FID, and an edit FID, the present invention is not limited to such, and notably, the invention contemplates that additional FIDs having a variety of corresponding functions may be implemented.
  • additional FIDs may include, but are not limited to, a CASE FID for reviewing merchant cases and disputes, a characteristic (CHAR) FID for inquiring about merchant overall characteristics and data), a duplicate override (DUP OVD) FID for overriding duplicate merchant functions, an electronic data capture update (EDC UPDT) FID for updating merchant electronic data capture characteristics, a financial details (FIN DET) FID for submitting merchant financial details, a hierarchy (HIER) FID for entering a merchant's hierarchy regarding chain locations, an inquiry FID for any kind of merchant inquiry, inquiry banking FID for inquiring into merchant banking information, inquiry pending and paid (INQUIRY PND-PD) FID for inquiring into merchants' pending and paid transactions, set up FID for setting up new merchants, supplies FID for ordering/viewing merchant supplies, update memo (UPDT MEMO) FID for adding/updating merchant memorandums, a special memorandum update (UPDT MEMO999) FID for updating merchant memorandum
  • a different OID is assigned to each of web pages 150 , 160 , and 170 ; and each of objects 155 , 165 , and 175 .
  • the OIDs enable security/function changes to be made to computer 100 without any of the programs/codes operating web pages 150 , 160 , and 170 ; and operating each of objects 155 , 165 , and 175 needing to be changed.
  • Data table 142 is configured to store and assign one or more FIDs to each user according to a function level associated with that particular user.
  • Data table 144 is configured to store and assign a different OID for each of web pages 150 , 160 , and 170 , and store and assign a different OID for each of objects 155 , 165 , and 175 .
  • Data table 146 is configured to store and assign one or more FIDs to each OID, the FIDs corresponding to pre-determined functions available for users to perform on the web page or object assigned to each particular OID.
  • an Internet Information Server In one embodiment, an Internet Information Server, Microsoft Transaction Server, and Microsoft SQL Server, are used in conjunction with a Microsoft operating system, Microsoft NT web server software, a Microsoft SQL database system, and a Microsoft Commerce Server.
  • the invention is implemented utilizing Web Sphere Application Server, IBM MQ series, IMS transaction server, and DB2 in with conjunction Z/OS operating system.
  • components such as Access or SQL Server, Oracle, Sybase, Informix MySQL, Intervase, etc., may be used to provide an ADO-compliant database management system.
  • the present invention is described herein in terms of functional block components, screenshots, optional selections and various processing steps. It should be appreciated that such functional blocks may be realized by any number of hardware and/or software components configured to perform the specified functions.
  • the present invention may employ various integrated circuit components, e.g., memory elements, processing elements, logic elements, look-up tables, and the like, which may carry out a variety of functions under the control of one or more microprocessors or other control devices.
  • the software elements of the present invention may be implemented with any programming or scripting language such as C, C++, Java, COBOL, assembler, PERL, Visual Basic, SQL Stored Procedures, extensible markup language (XML), with the various algorithms being implemented with any combination of data structures, objects, processes, routines or other programming elements.
  • the present invention may employ any number of conventional techniques for data transmission, signaling, data processing, network control, and the like.
  • the invention could be used to detect or prevent security issues with a client-side scripting language, such as JavaScript, VBScript or the like.
  • client-side scripting language such as JavaScript, VBScript or the like.
  • the network may include any system for exchanging data or transacting business, such as the Internet, an intranet, an extranet, WAN, LAN, satellite communications, and/or the like. It is noted that the network may be implemented as other types of networks, such as an interactive television (ITV) network.
  • ITV interactive television
  • the users may interact with the system via any input device such as a keyboard, mouse, kiosk, personal digital assistant, handheld computer (e.g., Palm Pilot®), cellular phone and/or the like.
  • the invention could be used in conjunction with any type of personal computer, network computer, workstation, minicomputer, mainframe, or the like running any operating system such as any version of Windows, Windows NT, Windows XP, Windows 2000, Windows 98, Windows 95, MacOS, OS/2, BeOS, Linux, UNIX, Solaris, Z/OS, or the like.
  • any operating system such as any version of Windows, Windows NT, Windows XP, Windows 2000, Windows 98, Windows 95, MacOS, OS/2, BeOS, Linux, UNIX, Solaris, Z/OS, or the like.
  • the invention is frequently described herein as being implemented with TCP/IP communications protocols, it will be readily understood that the invention could also be implemented using IPX, Appletalk, IP-6, NetBIOS, OSI or any number of existing or future protocols.
  • the system contemplates the use, sale or distribution of any goods, services or information over any network having similar functionality described herein.
  • a variety of conventional communications media and protocols may be used for data links.
  • ISP Internet Service Provider
  • the system may also reside within a local area network (LAN) which interfaces to network via a leased line (T1, D3, etc.).
  • LAN local area network
  • T1, D3, etc. Such communication methods are well known in the art, and are covered in a variety of standard texts. See, e.g., Gilbert Held, “Understanding Data Communications” (1996), hereby incorporated by reference.
  • FIG. 2 is a block diagram of one exemplary embodiment of data tables 142 , 144 , and 146 ; and web pages 150 , 160 , and 170 .
  • data table 142 for example, John only has a display FID assigned to him. Thus, John is only able to view web pages and objects that have display FID assigned to them.
  • Mary has both display FID and input FID assigned to her. Thus, Mary is able to view web pages and objects that have display FID assigned to them, and Mary is able to input data into web pages and objects that have input FID assigned to them.
  • Mike has display FID, input FID, and edit FID assigned to him. Thus, Mike is able to view web pages and objects that have display FID assigned to them, input data into web pages and objects that have input FID assigned to them, and edit web pages and objects that have edit FID assigned to them.
  • web page 150 is assigned ID 00001
  • screen button 152 assigned ID 00002
  • text field 154 is assigned ID 00003
  • text display 156 is assigned ID 00004
  • radio buttons 158 are assigned ID 00005
  • web page 160 is assigned ID 00006
  • screen button 162 assigned ID 00007
  • text field 164 is assigned ID 00008
  • text display 166 is assigned ID 00009
  • radio buttons 168 are assigned ID 00010
  • web page 170 is assigned ID 00011
  • screen button 172 assigned ID 00012
  • text field 174 is assigned ID 00013
  • text display 176 is assigned ID 00014
  • radio buttons 178 are assigned ID 00015 .
  • ID 00001 is assigned display FID
  • ID 00002 is assigned input FID and edit FID
  • ID 00003 is assigned input FID and edit FID
  • ID 00004 is assigned display FID
  • ID 00005 is assigned edit FID
  • 00006 ID is assigned display FID and edit FID
  • 00007 ID is assigned input FID
  • 00008 ID is assigned input FID
  • 00009 ID is assigned input FID and edit FID
  • 00010 ID is assigned input FID
  • 00011 ID is assigned input FID and edit FID
  • 00012 ID is assigned edit FID
  • 00013 ID is assigned edit FID
  • 00014 is assigned input FID
  • ID 00015 is assigned edit FID.
  • FIG. 3 is a screenshot of an example of how web page 150 would appear to John, in accordance with one embodiment of the invention.
  • John is granted display access web page 150 since both John and web page 150 have display FID assigned to them.
  • John is granted display access to text display 156 since both John and text display 156 have display FID assigned to them. Therefore, because display access enables a user to perform the function of viewing web pages and objects, John is able to view web page 150 and text display 156 .
  • John (or any other user) is not granted any other type of function access (e.g., input and edit) to web page 150 and text display 156 because these items do not have any other FID assigned to them.
  • John is unable to perform any functions on screen button 152 , text field 154 , and radio buttons 158 .
  • screen button 152 , text field 154 , and radio buttons 158 may be “shaded” out to prevent John from performing any functions with them, but John may still be able to view them.
  • FIG. 4 is a screenshot of an example of how web page 150 would appear to Mary, in accordance with one embodiment of the invention.
  • Mary is granted display access web page 150 since both Mary and web page 150 have display FID assigned to them, and Mary is granted display access to text display 156 since they both have display FID assigned to them.
  • Mary is able to view web page 150 and text display 156 .
  • web page 150 and text display 156 do not have any other FIDs assigned to them, Mary is unable to perform any other functions to these items even though Mary also has input FID assigned to her.
  • Mary is granted input access to screen button 152 and text field 154 because Mary and screen button 152 both have input FID assigned to them, and Mary and text field 154 both have input FID assigned to them.
  • input FID grants a user the ability to input data into a web page or object assigned input FID
  • Mary is able to input data into text field 154 and submit that data via screen button 152 .
  • Mary is not granted edit access to text field 154 and radio buttons 158 because Mary does not have the required edit FID assigned to her to access these items.
  • Mary is blocked from performing edit functions on text field 154 , and blocked from performing any function on radio buttons 158 .
  • Mary is blocked from even viewing radio buttons 158 .
  • radio buttons 158 may be “shaded” out to prevent Mary from performing functions to radio buttons 158 , but Mary may still be able to view them.
  • FIG. 5 is a screenshot of an example of how web page 150 would appear to Mike, in accordance with one embodiment of the invention.
  • Mike is granted the same function access to web page 150 , text display 156 , screen button 152 , and text field 154 as Mary because, like Mary, Mike has both display FID and input FID assigned to him.
  • Mike has edit access to text field 154 and radio buttons 158 because he has the required edit FID assigned to him.
  • edit FID allows a user to edit the content of a web page or object assigned edit FID
  • Mike is able to edit the contents of text field 154 and radio buttons 158 , and submit those edits via screen button 152 .
  • access to web pages 160 and 170 and each of their respective objects would be analyzed in a manner similar to the above discussion.
  • FIG. 6 is a flow diagram of an exemplary embodiment of a method 600 to control access to one or more web pages (e.g., web pages 150 , 160 , and/or 170 ) and one or more objects (e.g., objects 155 , 165 , and/or 175 ) included on the web pages.
  • method 600 initiates by storing and assigning, in a data table (e.g., data table 142 ) of a security database (e.g., security database 140 ), one or more FIDs (e.g., display FID, input FID, and edit FID) to one or more users (step 610 ).
  • a data table e.g., data table 142
  • a security database e.g., security database 140
  • FIDs e.g., display FID, input FID, and edit FID
  • Method 600 also includes the steps of storing and assigning, in a second data table (e.g., data table 144 ), an OID to each web page (e.g., web pages 150 , 160 , and 170 ) and each object (e.g., objects 155 , 165 , and 175 ) on the web pages (step 620 ). Furthermore, method 600 includes storing and assigning an FID to each OID assigned in step 620 (step 630 ).
  • a second data table e.g., data table 144
  • OID to each web page
  • each object e.g., objects 155 , 165 , and 175
  • a web server e.g., web server 130
  • a web server is programmed to compare the FID(s) assigned to the user to the FID assigned to web page 150 and object 155 when a user attempts to access web page 150 (step 640 ).
  • Web server 130 grants access to web page 150 to the user if the FID assigned to the user substantially matches the FID assigned to web page 150 (step 650 ).
  • the access granted to web page 150 corresponds to the function of the mutually assigned FID (step 655 ). For example, a substantially matched display FID grants the user the ability to view the web page, a matched input FID grants the user the ability to input data into the web page, and a matched edit FID allows the user to edit the web page.
  • Web sever 130 grants access to object 155 if the FID assigned to the user substantially matches the FID assigned to object 155 (step 660 ).
  • the access granted to object 155 corresponds to the function of the mutually assigned FID (step 665 ).
  • a substantially matched display FID grants the user the ability to view the object
  • a matched input FID grants the user the ability to input data into the object
  • a matched edit FID allows the user to edit the object.
  • substantially matches includes identical, algorithmic, matching within a margin of error, matching within a range of values, and the like.
  • Method 600 also includes repeating steps 640 through 665 for one or more additional web pages (e.g., web page 160 and/or 170 ) and each object (e.g., objects 165 and/or 175 ) on each of web page 160 and/or 170 (step 670 ). Furthermore, method 600 includes changing one or more FIDs of a user or an OID (step 680 ). In accordance with one embodiment of the invention, a change to the FID of a web page or object is made without having to change the program and/or code operating the web page or object because all that is needed is a change to the FID assigned to the appropriate OID in data table 146 .
  • the function access of a user to web pages and/or objects can likewise be changed.
  • a user may be able to perform different functions, more functions, or less functions to a web page or object than prior to the change.
  • web server 130 denies access to the user by omitting display of any web pages and/or objects that include an FID that does not match any FID(s) assigned to the user. In another embodiment, web server 130 denies access to the user by shading objects with an FID that does not match any FID(s) assigned to the user.
  • the present invention may be embodied as a method, a data processing system, a device for data processing, and/or a computer program product. Accordingly, the present invention may take the form of an entirely software embodiment, an entirely hardware embodiment, or an embodiment combining aspects of both software and hardware. Furthermore, the present invention may take the form of a computer program product on a computer-readable storage medium having computer-readable program code means embodied in the storage medium. Any suitable computer-readable storage medium may be utilized, including hard disks, CD-ROM, optical storage devices, magnetic storage devices, and/or the like.
  • These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart block or blocks.
  • the computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer-implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart block or blocks.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

A security application for granting different access rights to web pages and objects on each web page is disclosed. A data table assigns one or more function identifiers (FIDs) to users. A second data table assigns a different object identifier (OID) to each web page, and to assign a different OID for each object on each web page. A third data table assigns an FID to each OID. When a user attempts to access a web page or an object on the web page, a web server compares each of the user's FIDs to the FID assigned to the web page or object. The web server grants access to the web page or object if one of the user's FIDs matches the FID assigned to the web page or object, the user is granted access to the web page or object according to the function of the matched FID.

Description

    CROSS REFERENCE TO RELATED APPLICATIONS
  • This application is a divisional of U.S. Ser. No. 11/161,658, entitled “WEB PAGE SECURITY SYSTEM AND METHOD” filed on Aug. 11, 2005. The '658 application claims priority to, and the benefit of, U.S. Provisional Application Ser. No. 60/600,584, filed Aug. 11, 2004. All of which are hereby incorporated by reference in their entirety.
  • FIELD OF THE INVENTION
  • The invention relates to a security application for a computer, and more particularly, to a multi-tiered security application for a computer.
  • BACKGROUND OF THE INVENTION
  • Web pages typically display one or more objects (e.g., buttons, fields, screens, and the like) and an entity operating a web page often wishes to block access to the entire web page or portions of the web page (e.g., the objects). More particularly, the entity operating the web page may wish to block display of an object included on the web page, block the ability to input data, block the ability to use an object on the web page, and/or block the ability to edit/modify an object on the web page to some users.
  • Current security systems (e.g., Resource Access Control Facility (RACF)) map a single sign on (SSO) security identifier to, for example, a single Information Management System (IMS) identifier for an entire application. The IMS identifier is used for every transaction and grants the user access to each web page. Furthermore, current security systems are configured such that when the user gains access to the web page, the user has access to the entire web page and each object included on the web page. Therefore, a security application that is capable of providing different levels of access to a plurality of web pages, to different portions of a single web page, and to different objects included on a single web page is needed in the art.
  • SUMMARY OF THE INVENTION
  • A computer-implemented method to control access to a plurality of web pages and to control access to an object included on each of the web pages according to various exemplary embodiments of the invention includes the steps of assigning, in a first data table, at least one function identifier (FID) of a plurality of FIDs to a plurality of users; assigning, in a second data table, a first object identifier (OID) to a first web page; assigning, in the second data table, a second OID to a first object on the first web page; assigning, in a third data table, a first FID of the plurality of FIDs to the first OID; assigning, in the third data table, a second FID of the plurality of FIDs to the second FID; granting access, by a server, to the first web page when at least one FID of a user matches the first FID; and granting access, by the server, to the first object when at least one FID of the user matches the second FID, the plurality of FIDs comprising, for example, a display FID, an input FID, and an edit FID. In one embodiment, when the first FID and second FID are different FIDs, and step of assigning at least one user FID includes the steps of assigning, in the first data table, a first user FID to the user, and assigning, in the first data table, a second user FID to the user, wherein the first user FID and the second user FID are different FIDs. When the first user FID is display FID and the first FID is display FID, granting access to the first web page includes granting display access to the first web page. When the second user FID is input FID and the second FID is input FID, granting access to the first object includes granting input access to the first object. Furthermore, when the second user FID is edit FID and the second FID is edit FID, granting access to the first object includes granting edit access to the first object.
  • In accordance with another exemplary embodiment, the method further includes the steps of assigning, in the second data table, a third OID to a second web page; assigning, in the third data table, a third FID to the third OID; and granting access, by the server, to the second web page when one of the first FID and the second FID match the third FID. Furthermore, the method includes the steps of assigning, in the second data table, a fourth OID to a second object on the second web page; assigning, in the third data table, a fourth FID to the fourth OID; and granting access, by the server, to the second object when one of the first user FID and the second user FID match the fourth FID.
  • A computer including a multi-tiered security application according to various exemplary embodiments of the invention includes a server configured to operate a plurality of web pages, the plurality of web pages each comprising an object; a first data table configured to assign at least one FID to a plurality of users; a second data table configured to assign an OID to each web page and to assign an OID to each object; and a third data table configured to assign an FID to each OID, each FID comprising a function level. In one embodiment, the server is configured to compare a user FID to a first FID assigned to a first OID assigned to a web page when a user attempts to access the web page, grant function access corresponding to the matched FID, to the user, to the web page when the user FID matches the FID assigned to the OID assigned to the web page, compare a user FID to a second FID assigned to a second OID assigned to an object when a user attempts to access the object, and grant function access corresponding to the matched FID, to the user, to the object when the user FID matches the FID assigned to the OID assigned to the object. In addition, the server is further configured to enable the user to view the web page when the user FID is the display FID and the first FID are both a display FID, enable the user to input information into the web page when the user FID and the first FID are both an input FID, and enable the user to edit the web page when the user FID and the first FID are both an edit FID. Furthermore, the server is configured to enable the user to view the object when the user FID is the display FID and the first FID are both a display FID, enable the user to input information into the object when the user FID and the first FID are both an input FID, and enable the user to edit the object when the user FID and the first FID are both an edit FID.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • A more complete understanding of the present invention may be derived by referring to the detailed description and claims when considered in connection with the drawing Figures, where like reference numbers refer to similar elements throughout the Figures, and:
  • FIG. 1 is a block diagram of a computer including a multi-tiered security application in accordance with one embodiment of the present invention;
  • FIG. 2 is a block diagram of data tables and web pages included in the computer of FIG. 1 in accordance with one embodiment of the present invention;
  • FIG. 3 is a screenshot of display FID access to one web page included in FIG. 2 in accordance with one embodiment of the present invention;
  • FIG. 4 is screenshot of display FID and input FID access one web page included in FIG. 2 in accordance with one embodiment of the present invention;
  • FIG. 5 is screenshot of display FID, input FID, and edit FID accessing one web page included in FIG. 2 in accordance with one embodiment of the present invention; and
  • FIG. 6 is a flow diagram of a method to control access to one or more web pages and one or more objects included on each of the web pages, in accordance with one embodiment of the present invention.
  • DETAILED DESCRIPTION
  • The detailed description of exemplary embodiments of the invention herein makes reference to the accompanying drawings and screenshots, which show the exemplary embodiment by way of illustration and its best mode. While these exemplary embodiments are described in sufficient detail to enable those skilled in the art to practice the invention, it should be understood that other embodiments may be realized and that logical and mechanical changes may be made without departing from the spirit and scope of the invention. Thus, the detailed description herein is presented for purposes of illustration only and not of limitation. For example, the steps recited in any of the method or process descriptions may be executed in any order and are not limited to the order presented. Moreover, any of the functions or steps may be outsourced to or performed by one or more third parties.
  • For the sake of brevity, conventional data networking, application development and other functional embodiments of the systems (and components of the individual operating components of the systems) may not be described in detail herein. Furthermore, the connecting lines shown in the various figures contained herein are intended to represent exemplary functional relationships and/or physical couplings between the various elements. It should be noted that many alternative or additional functional relationships or physical connections may be present in a practical system.
  • Various embodiments of the present invention are directed to a security application and method for selectively granting access to a user to one or more web pages and one or more objects included on each web page according to the user's function level. Each web page is assigned a function level, which is also assigned to a user, to access the web site. In addition, each object on each web page is also assigned its own individual function level, which is separate from the function level required to access the web page on which it resides. In various exemplary embodiments, a user is assigned one or more function levels and the user is able to access (or access and perform various functions on various web pages, and objects on each web page) according to the user's function level in relation to the function level for each web page and each object on each web page. For example, a user assigned only a display function level is not able to access a web page requiring an input or edit function level. Furthermore, the user may be able to access a web page with a display function level, but objects on the web page having an input or edit function level would not be displayed (i.e., blocked) to the user. Alternatively, the objects are viewable by the user, but the user is unable to perform pre-defined functions to the objects.
  • Notably, embodiments of the present invention are capable of providing real-time changes to security within the application without the need for changing the programs/code operating the web pages and the programs/code operating any objects included on the web pages. In addition, embodiments of the present invention are capable of being utilized and/or implemented in conjunction with existing security systems (e.g., Resource Access Control Facility (RACF) systems).
  • FIG. 1 is a block diagram of an exemplary embodiment of a computer 100 including a multi-tiered security application. As those skilled in the art will appreciate, computer 100 typically includes an operating system (e.g., Windows NT, 95/98/2000, Linux, Solaris, etc.) as well as various conventional support software and drivers typically associated with computers. Computer 100 may be in a home or business environment with access to a network. In various exemplary embodiments, computer 100 is accessed through the Internet via a commercially-available web-browser software package or through an intranet connection. Access to the Internet or intranet may be accomplished through any suitable communication means, such as, for example, a telephone network, point of interaction device (e.g., personal digital assistant, cellular phone, kiosk, and the like), online communications, off-line communications, wireless communications, transponder communications and/or the like. One skilled in the art will also appreciate that, for security reasons, any databases, systems, or components of the present invention may consist of any combination of databases or components at a single location or at multiple locations, wherein each database or system includes any of various suitable security features, such as firewalls, access codes, encryption, de-encryption, compression, decompression, and/or the like.
  • Computer 100, in one exemplary embodiment, includes one or more central processing units (CPUs) 110, wherein CPU 110 may be any hardware and/or software suitably configured to read and execute computer programs and/or software instructions. As such, CPU 110 may include any processor for processing digital data, a memory coupled to the processor for storing digital data, an input digitizer coupled to the processor for inputting digital data, an application program stored in the memory and accessible by the processor for directing processing of digital data by the processor, a display coupled to the processor and memory for displaying information derived from digital data processed by the processor and a plurality of databases, the databases including, for example, client data, merchant data, financial institution data, and/or other suitable data capable of being used in association with the present invention.
  • Computer 100 also includes one or more security servers 120 connected to CPU 110, wherein security server 120 includes any hardware and/or software suitably configured to receive authentication credentials, encrypt and decrypt credentials, authenticate credentials, and grant access rights according to a user's pre-determined privileges attached to the credentials.
  • Computer 100 also includes one or more web servers 130 connected to CPU 110, wherein web server 130 includes any hardware and/or software suitably configured to store and operate one or more web pages (e.g., web pages 150, 160, and/or 170) or other Internet/intranet-based graphical user interface (GUI) accessible by users. In accordance with various exemplary embodiments, web pages 150, 160, and/or 170 include any information and are appropriately configured to suit the needs of the entity operating computer 100. Notably, the term “web page” as it is used herein is not meant to limit the type of documents and applications that might be used to interact with the user. For example, a typical website may include, in addition to standard HTML documents, various forms, Java applets, Javascript, active server pages (ASP), common gateway interface scripts (CGI), extensible markup language (XML), dynamic HTML, cascading style sheets (CSS), helper applications, plug-ins, and the like.
  • Furthermore, web pages 150, 160, and 170 each include one or more objects (e.g., objects 155, 165, and 175, respectively) on them. The term “object” as used herein includes any object, GUI, and the like known in the art or later developed. Examples of suitable objects include, but are not limited to, text fields, text displays, links, portals, modules, screen buttons, radio buttons, and the like.
  • Computer 100 also includes one or more security databases 140 associated with web pages 150, 160, and 170. Security database 140 includes any type of database, such as relational, hierarchical, object-oriented, and/or the like. Common database products that may be used to implement the databases include DB2 by IBM (White Plains, N.Y.), any of the database products available from Oracle Corporation (Redwood Shores, Calif.), Microsoft Access or MSSQL by Microsoft Corporation (Redmond, Wash.), or any other database product. Security database 140 may be organized in any suitable manner, including as data tables or lookup tables. Association of certain data may be accomplished through any data association technique known and practiced in the art. For example, the association may be accomplished either manually or automatically. Automatic association techniques may include, for example, a database search, a database merge, GREP, AGREP, SQL, and/or the like. The association step may be accomplished by a database merge function, for example, using a “key field” in each of the manufacturer and retailer data tables. A “key field” partitions the database according to the high-level class of objects defined by the key field. For example, a certain class may be designated as a key field in both the first data table and the second data table, and the two data tables may then be merged on the basis of the class data in the key field. In this embodiment, the data corresponding to the key field in each of the merged data tables is preferably the same. However, data tables having similar, though not identical, data in the key fields may also be merged by using AGREP, for example.
  • In accordance with one exemplary embodiment, security database 140 includes a plurality of data tables (e.g., data table 142, data table 144, and data table 146) for storing various identifiers (e.g., function identifiers (FIDs) and object identifiers (OIDs)) assigned to users; web pages 150, 160, and 170; and objects 155, 165, 175. The FIDs are used to gain function access to web pages, objects on the web pages, databases, and/or the like. The FIDs, in one exemplary embodiment, include a display FID, an input FID, and an edit FID, each of which corresponds to a functional capability and/or a function level granted to a user. For example, a display FID allows a user to view web pages and objects that have a display FID assigned to them. Likewise, a user would be required to have an input FID or an edit FID to have input access or edit access to web pages and/or objects having an input FID or edit FID assigned to them, respectively. Although the current discussion references a display FID, an input FID, and an edit FID, the present invention is not limited to such, and notably, the invention contemplates that additional FIDs having a variety of corresponding functions may be implemented. For example, additional FIDs may include, but are not limited to, a CASE FID for reviewing merchant cases and disputes, a characteristic (CHAR) FID for inquiring about merchant overall characteristics and data), a duplicate override (DUP OVD) FID for overriding duplicate merchant functions, an electronic data capture update (EDC UPDT) FID for updating merchant electronic data capture characteristics, a financial details (FIN DET) FID for submitting merchant financial details, a hierarchy (HIER) FID for entering a merchant's hierarchy regarding chain locations, an inquiry FID for any kind of merchant inquiry, inquiry banking FID for inquiring into merchant banking information, inquiry pending and paid (INQUIRY PND-PD) FID for inquiring into merchants' pending and paid transactions, set up FID for setting up new merchants, supplies FID for ordering/viewing merchant supplies, update memo (UPDT MEMO) FID for adding/updating merchant memorandums, a special memorandum update (UPDT MEMO999) FID for updating merchant memorandums where the memorandum does not expire, and/or any other FID will a function suitable to the needs of the entity operating the plurality of web pages and objects.
  • A different OID is assigned to each of web pages 150, 160, and 170; and each of objects 155, 165, and 175. The OIDs enable security/function changes to be made to computer 100 without any of the programs/codes operating web pages 150, 160, and 170; and operating each of objects 155, 165, and 175 needing to be changed.
  • Data table 142 is configured to store and assign one or more FIDs to each user according to a function level associated with that particular user. Data table 144 is configured to store and assign a different OID for each of web pages 150, 160, and 170, and store and assign a different OID for each of objects 155, 165, and 175. Data table 146 is configured to store and assign one or more FIDs to each OID, the FIDs corresponding to pre-determined functions available for users to perform on the web page or object assigned to each particular OID.
  • In one embodiment, an Internet Information Server, Microsoft Transaction Server, and Microsoft SQL Server, are used in conjunction with a Microsoft operating system, Microsoft NT web server software, a Microsoft SQL database system, and a Microsoft Commerce Server. In another embodiment, the invention is implemented utilizing Web Sphere Application Server, IBM MQ series, IMS transaction server, and DB2 in with conjunction Z/OS operating system. Additionally, components such as Access or SQL Server, Oracle, Sybase, Informix MySQL, Intervase, etc., may be used to provide an ADO-compliant database management system. The present invention is described herein in terms of functional block components, screenshots, optional selections and various processing steps. It should be appreciated that such functional blocks may be realized by any number of hardware and/or software components configured to perform the specified functions. For example, the present invention may employ various integrated circuit components, e.g., memory elements, processing elements, logic elements, look-up tables, and the like, which may carry out a variety of functions under the control of one or more microprocessors or other control devices. Similarly, the software elements of the present invention may be implemented with any programming or scripting language such as C, C++, Java, COBOL, assembler, PERL, Visual Basic, SQL Stored Procedures, extensible markup language (XML), with the various algorithms being implemented with any combination of data structures, objects, processes, routines or other programming elements. Further, it should be noted that the present invention may employ any number of conventional techniques for data transmission, signaling, data processing, network control, and the like. Still further, the invention could be used to detect or prevent security issues with a client-side scripting language, such as JavaScript, VBScript or the like. For a basic introduction of cryptography and network security, the following may be helpful references: (1) “Applied Cryptography: Protocols, Algorithms, And Source Code In C,” by Bruce Schneier, published by John Wiley & Sons (second edition, 1996); (2) “Java Cryptography” by Jonathan Knudson, published by O'Reilly & Associates (1998); (3) “Cryptography & Network Security: Principles & Practice” by William Stalling, published by Prentice Hall; all of which are hereby incorporated by reference.
  • It will be appreciated, that many applications of the present invention could be formulated. One skilled in the art will appreciate that the network may include any system for exchanging data or transacting business, such as the Internet, an intranet, an extranet, WAN, LAN, satellite communications, and/or the like. It is noted that the network may be implemented as other types of networks, such as an interactive television (ITV) network. The users may interact with the system via any input device such as a keyboard, mouse, kiosk, personal digital assistant, handheld computer (e.g., Palm Pilot®), cellular phone and/or the like. Similarly, the invention could be used in conjunction with any type of personal computer, network computer, workstation, minicomputer, mainframe, or the like running any operating system such as any version of Windows, Windows NT, Windows XP, Windows 2000, Windows 98, Windows 95, MacOS, OS/2, BeOS, Linux, UNIX, Solaris, Z/OS, or the like. Moreover, although the invention is frequently described herein as being implemented with TCP/IP communications protocols, it will be readily understood that the invention could also be implemented using IPX, Appletalk, IP-6, NetBIOS, OSI or any number of existing or future protocols. Moreover, the system contemplates the use, sale or distribution of any goods, services or information over any network having similar functionality described herein.
  • A variety of conventional communications media and protocols may be used for data links. Such as, for example, a connection to an Internet Service Provider (ISP) over the local loop as is typically used in connection with standard modem communication, cable modem, Dish networks, ISDN, Digital Subscriber Line (DSL), or various wireless communication methods. The system may also reside within a local area network (LAN) which interfaces to network via a leased line (T1, D3, etc.). Such communication methods are well known in the art, and are covered in a variety of standard texts. See, e.g., Gilbert Held, “Understanding Data Communications” (1996), hereby incorporated by reference.
  • FIG. 2 is a block diagram of one exemplary embodiment of data tables 142, 144, and 146; and web pages 150, 160, and 170. In data table 142, for example, John only has a display FID assigned to him. Thus, John is only able to view web pages and objects that have display FID assigned to them. Mary has both display FID and input FID assigned to her. Thus, Mary is able to view web pages and objects that have display FID assigned to them, and Mary is able to input data into web pages and objects that have input FID assigned to them. Furthermore, Mike has display FID, input FID, and edit FID assigned to him. Thus, Mike is able to view web pages and objects that have display FID assigned to them, input data into web pages and objects that have input FID assigned to them, and edit web pages and objects that have edit FID assigned to them.
  • In data table 144, web page 150 is assigned ID 00001, screen button 152 assigned ID 00002, text field 154 is assigned ID 00003, text display 156 is assigned ID 00004, radio buttons 158 are assigned ID 00005, web page 160 is assigned ID 00006, screen button 162 assigned ID 00007, text field 164 is assigned ID 00008, text display 166 is assigned ID 00009, radio buttons 168 are assigned ID 00010, web page 170 is assigned ID 00011, screen button 172 assigned ID 00012, text field 174 is assigned ID 00013, text display 176 is assigned ID 00014, and radio buttons 178 are assigned ID 00015. Furthermore, in data table 146, ID 00001 is assigned display FID, ID 00002 is assigned input FID and edit FID, ID 00003 is assigned input FID and edit FID, ID 00004 is assigned display FID, ID 00005 is assigned edit FID, 00006 ID is assigned display FID and edit FID, 00007 ID is assigned input FID, 00008 ID is assigned input FID, 00009 ID is assigned input FID and edit FID, 00010 ID is assigned input FID, 00011 ID is assigned input FID and edit FID, 00012 ID is assigned edit FID, 00013 ID is assigned edit FID, 00014 is assigned input FID, and ID 00015 is assigned edit FID.
  • FIG. 3 is a screenshot of an example of how web page 150 would appear to John, in accordance with one embodiment of the invention. In this example, John is granted display access web page 150 since both John and web page 150 have display FID assigned to them. Furthermore, John is granted display access to text display 156 since both John and text display 156 have display FID assigned to them. Therefore, because display access enables a user to perform the function of viewing web pages and objects, John is able to view web page 150 and text display 156. John (or any other user) is not granted any other type of function access (e.g., input and edit) to web page 150 and text display 156 because these items do not have any other FID assigned to them. To enable ID 00001 and/or ID 00004 to have additional functions performed on them, each would have to have additional FIDs assigned to them in data table 146 (which John would still not have access to since he only has display FID assigned to him). Furthermore, John does not have access to screen button 152, text field 154, and radio buttons 158 because these objects do not have display FID assigned to them, and John does not have the FID required to access the other available functions. Thus, John is unable to perform any functions on screen button 152, text field 154, and radio buttons 158. Notably, in the embodiment illustrated in FIG. 3, John is blocked from viewing screen button 152, text field 154, and radio buttons 158. In other embodiments, screen button 152, text field 154, and radio buttons 158 may be “shaded” out to prevent John from performing any functions with them, but John may still be able to view them.
  • FIG. 4 is a screenshot of an example of how web page 150 would appear to Mary, in accordance with one embodiment of the invention. In this example, Mary is granted display access web page 150 since both Mary and web page 150 have display FID assigned to them, and Mary is granted display access to text display 156 since they both have display FID assigned to them. Thus, Mary is able to view web page 150 and text display 156. Notably, because web page 150 and text display 156 do not have any other FIDs assigned to them, Mary is unable to perform any other functions to these items even though Mary also has input FID assigned to her. Furthermore, Mary is granted input access to screen button 152 and text field 154 because Mary and screen button 152 both have input FID assigned to them, and Mary and text field 154 both have input FID assigned to them. Thus, because input FID grants a user the ability to input data into a web page or object assigned input FID, Mary is able to input data into text field 154 and submit that data via screen button 152. Notably, Mary is not granted edit access to text field 154 and radio buttons 158 because Mary does not have the required edit FID assigned to her to access these items. Thus, Mary is blocked from performing edit functions on text field 154, and blocked from performing any function on radio buttons 158. In the embodiment illustrated in FIG. 4, Mary is blocked from even viewing radio buttons 158. In other embodiments, radio buttons 158 may be “shaded” out to prevent Mary from performing functions to radio buttons 158, but Mary may still be able to view them.
  • FIG. 5 is a screenshot of an example of how web page 150 would appear to Mike, in accordance with one embodiment of the invention. In this example, Mike is granted the same function access to web page 150, text display 156, screen button 152, and text field 154 as Mary because, like Mary, Mike has both display FID and input FID assigned to him. In addition, Mike has edit access to text field 154 and radio buttons 158 because he has the required edit FID assigned to him. Thus, since edit FID allows a user to edit the content of a web page or object assigned edit FID, Mike is able to edit the contents of text field 154 and radio buttons 158, and submit those edits via screen button 152. Notably, access to web pages 160 and 170 and each of their respective objects would be analyzed in a manner similar to the above discussion.
  • FIG. 6 is a flow diagram of an exemplary embodiment of a method 600 to control access to one or more web pages (e.g., web pages 150, 160, and/or 170) and one or more objects (e.g., objects 155, 165, and/or 175) included on the web pages. In accordance with one exemplary embodiment, method 600 initiates by storing and assigning, in a data table (e.g., data table 142) of a security database (e.g., security database 140), one or more FIDs (e.g., display FID, input FID, and edit FID) to one or more users (step 610). Method 600 also includes the steps of storing and assigning, in a second data table (e.g., data table 144), an OID to each web page (e.g., web pages 150, 160, and 170) and each object (e.g., objects 155, 165, and 175) on the web pages (step 620). Furthermore, method 600 includes storing and assigning an FID to each OID assigned in step 620 (step 630).
  • Furthermore, a web server (e.g., web server 130) is programmed to compare the FID(s) assigned to the user to the FID assigned to web page 150 and object 155 when a user attempts to access web page 150 (step 640). Web server 130 grants access to web page 150 to the user if the FID assigned to the user substantially matches the FID assigned to web page 150 (step 650). The access granted to web page 150 corresponds to the function of the mutually assigned FID (step 655). For example, a substantially matched display FID grants the user the ability to view the web page, a matched input FID grants the user the ability to input data into the web page, and a matched edit FID allows the user to edit the web page.
  • Web sever 130 grants access to object 155 if the FID assigned to the user substantially matches the FID assigned to object 155 (step 660). The access granted to object 155 corresponds to the function of the mutually assigned FID (step 665). For example, a substantially matched display FID grants the user the ability to view the object, a matched input FID grants the user the ability to input data into the object, and a matched edit FID allows the user to edit the object. Notably, as used herein the term “substantially matches” includes identical, algorithmic, matching within a margin of error, matching within a range of values, and the like.
  • Method 600 also includes repeating steps 640 through 665 for one or more additional web pages (e.g., web page 160 and/or 170) and each object (e.g., objects 165 and/or 175) on each of web page 160 and/or 170 (step 670). Furthermore, method 600 includes changing one or more FIDs of a user or an OID (step 680). In accordance with one embodiment of the invention, a change to the FID of a web page or object is made without having to change the program and/or code operating the web page or object because all that is needed is a change to the FID assigned to the appropriate OID in data table 146. Furthermore, by changing an FID, adding an FID to, or subtracting an FID from, a user in data table 142, the function access of a user to web pages and/or objects can likewise be changed. By doing so, a user may be able to perform different functions, more functions, or less functions to a web page or object than prior to the change.
  • In accordance with one exemplary embodiment, web server 130 denies access to the user by omitting display of any web pages and/or objects that include an FID that does not match any FID(s) assigned to the user. In another embodiment, web server 130 denies access to the user by shading objects with an FID that does not match any FID(s) assigned to the user.
  • As discussed above, the present invention may be embodied as a method, a data processing system, a device for data processing, and/or a computer program product. Accordingly, the present invention may take the form of an entirely software embodiment, an entirely hardware embodiment, or an embodiment combining aspects of both software and hardware. Furthermore, the present invention may take the form of a computer program product on a computer-readable storage medium having computer-readable program code means embodied in the storage medium. Any suitable computer-readable storage medium may be utilized, including hard disks, CD-ROM, optical storage devices, magnetic storage devices, and/or the like.
  • Furthermore, the present invention is described herein with reference to screenshots, block diagrams and flowchart illustrations of methods, apparatus (e.g., systems), and computer program products according to various aspects of the invention. It will be understood that each functional block of the block diagrams and the flowchart illustrations, and combinations of functional blocks in the block diagrams and flowchart illustrations, respectively, can be implemented by computer program instructions. These computer program instructions may be loaded onto a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions which execute on the computer or other programmable data processing apparatus create means for implementing the functions specified in the flowchart block or blocks.
  • These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart block or blocks. The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer-implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart block or blocks.
  • Accordingly, functional blocks of the block diagrams and flowchart illustrations support combinations of means for performing the specified functions, combinations of steps for performing the specified functions, and program instruction means for performing the specified functions. It will also be understood that each functional block of the block diagrams and flowchart illustrations, and combinations of functional blocks in the block diagrams and flowchart illustrations, can be implemented by either special purpose hardware-based computer systems which perform the specified functions or steps, or suitable combinations of special purpose hardware and computer instructions.
  • Benefits, other advantages, and solutions to problems have been described herein with regard to specific embodiments. However, the benefits, advantages, solutions to problems, and any element(s) that may cause any benefit, advantage, or solution to occur or become more pronounced are not to be construed as critical, required, or essential features or elements of any or all the claims or the invention. The scope of the present invention is accordingly to be limited by nothing other than the appended claims, in which reference to an element in the singular is not intended to mean “one and only one” unless explicitly so stated, but rather “one or more.” All structural, chemical, and functional equivalents to the elements of the above-described exemplary embodiments that are known to those of ordinary skill in the art are expressly incorporated herein by reference and are intended to be encompassed by the present claims.

Claims (21)

1-7. (canceled)
8. A system, comprising:
a processor; and
memory having program instructions stored therein, wherein the program instructions are executable by the processor to cause the system to:
store a first set of criteria specifying one or more functions that are permissible with respect to an entire content of a web page;
store a second set of criteria specifying one or more functions that are permissible with respect to an item within the web page; and
restrict access to content of the web page in accordance with the first and second sets of criteria.
9. The system of claim 8, wherein the program instructions are executable to cause the system to:
assign a user to at least one of a plurality of security tiers, wherein the first set of criteria specifies that the user, in response to being assigned to the at least one security tier, is permitted to perform a first set of functions with respect to the entire content of the web page, and wherein the second set of criteria specifies that the user, in response to being assigned to the at least one security tier, is permitted to perform a second set of functions with respect to the item within the web page.
10. The system of claim 9, wherein the first set of functions includes viewing the entire content of the web page, and wherein the second set of functions includes inputting data into the item within the web page.
11. The system of claim 8, wherein the second set of criteria includes criteria for each of a plurality of items within the web page.
12. The system of claim 12, wherein the plurality of items includes a radio field and a text field.
13. The system of claim 8, wherein the second set of criteria specifies that a user is permitted to view the item, but not to edit data in the item.
14. The method of claim 13, wherein the program instructions are executable to cause the system to:
in response to the second set of criteria, display the item as shaded out to prevent the user from editing data in the item.
15. The system of claim 8, wherein the first set of criteria specifies a first identifier indicative of one of a plurality of security tiers, wherein the security tier permits displaying the entire content of the web page;
wherein the program instructions are executable to cause the system to:
assign a user a second identifier indicative of one of the plurality of security tiers; and
determine whether the user is permitted to view the entire content of the web page by comparing the second identifier with the first identifier.
16. The system of claim 15, wherein the second set of criteria specifies a third identifier indicative of another one of the plurality of security tiers, wherein the other security tier permits editing content within the item;
wherein the program instructions are executable to cause the system to:
determine whether the user is permitted to edit content within the item by comparing the second identifier with the third identifier.
17. A method, comprising:
a web server receiving, from a client device, a request to access a web page;
the web server determining whether to grant a user of the client device access to the web page, by accessing a database, wherein the database specifies access criteria for an entire content of the web page; and
the web server determining whether to the user is permitted to perform a particular function with respect to an item in the web page, by accessing the database, wherein the database further specifies one or more performable functions within respect to the item.
18. The method of claim 17, wherein the database specifies an identifier for the item, wherein the identifier is indicative of one of a plurality of function levels, wherein each function level is associated with a respective set of functions performable with respect to the item.
19. The method of claim 18, wherein the identifier is indicative of a function level that permits viewing of the item, but not editing of the item.
20. The method of claim 19, further comprising:
in response to the identifier being indicative of the function level, the web server causing the web page to be displayed with the item shaded out.
21. The method of claim 17, wherein the database specifies access criteria for a plurality of web pages served by the web server, and wherein the database further specifies functions performable with respect to items in the plurality of web pages.
22. The method of claim 17, wherein the database specifies an identifier for the user, wherein the identifier is indicative of one of a plurality of function levels, wherein each function level is associated with a respective set of functions performable by the user; and
wherein the determining whether to grant the user access to the web page includes determining whether the identifier indicates that the user has a sufficient function level to access the web page.
23. The method of claim 22, wherein the database specifies respective identifiers for a plurality of users, wherein each identifier is indicative of one of the plurality of function levels.
24. A non-transitory computer readable medium having program instructions stored thereon, wherein the program instructions are executable by a computer system to cause the computer system to perform operations comprising:
maintaining a database, wherein the database specifies a first set of criteria indicative of functions that are performable with respect to a web page as a whole, wherein the database specifies a second set of criteria indicative of functions that are performable with respect to one or more items within the web page;
the computer system receiving a request from a client device to access the web page; and
the computer system granting the client device access in accordance with the first and second sets of criteria.
25. The computer readable medium of claim 24, wherein the database specifies a user identifier for a user, wherein the user identifier is indicative of functions that are performable by the user;
wherein the second set of criteria includes a function identifier indicative of functions that are performable with respect to an item in the web page; and
wherein the granting includes comparing the user identifier with the function identifier.
26. The computer readable medium of claim 24, wherein the database assigns a respective object identifier for each of the one or more items, and wherein the database associates each of the object identifiers with a respective function identifier indicative of functions performable with respect to an item in the web page.
27. The computer readable medium of claim 26, wherein the database specifies an object identifier for a text field within the web page and associates the object identifier with a function identifier indicative of the text field being editable by a user.
US14/307,332 2004-08-11 2014-06-17 Web page security system Abandoned US20140359716A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US14/307,332 US20140359716A1 (en) 2004-08-11 2014-06-17 Web page security system

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US60058404P 2004-08-11 2004-08-11
US11/161,658 US8307291B2 (en) 2004-08-11 2005-08-11 Web page security system and method
US12/394,813 US20090177972A1 (en) 2004-08-11 2009-02-27 Web page security system
US14/307,332 US20140359716A1 (en) 2004-08-11 2014-06-17 Web page security system

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US12/394,813 Continuation US20090177972A1 (en) 2004-08-11 2009-02-27 Web page security system

Publications (1)

Publication Number Publication Date
US20140359716A1 true US20140359716A1 (en) 2014-12-04

Family

ID=35801383

Family Applications (3)

Application Number Title Priority Date Filing Date
US11/161,658 Expired - Fee Related US8307291B2 (en) 2004-08-11 2005-08-11 Web page security system and method
US12/394,813 Abandoned US20090177972A1 (en) 2004-08-11 2009-02-27 Web page security system
US14/307,332 Abandoned US20140359716A1 (en) 2004-08-11 2014-06-17 Web page security system

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US11/161,658 Expired - Fee Related US8307291B2 (en) 2004-08-11 2005-08-11 Web page security system and method
US12/394,813 Abandoned US20090177972A1 (en) 2004-08-11 2009-02-27 Web page security system

Country Status (1)

Country Link
US (3) US8307291B2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140279489A1 (en) * 2013-03-15 2014-09-18 Capital One Financial Corporation Systems and methods for providing alternative logins for mobile banking

Families Citing this family (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007128331A (en) * 2005-11-04 2007-05-24 Inter Net Inishiateibu:Kk Automatic generation mechanism for network connection equipment
US8312033B1 (en) 2008-06-26 2012-11-13 Experian Marketing Solutions, Inc. Systems and methods for providing an integrated identifier
US8744956B1 (en) 2010-07-01 2014-06-03 Experian Information Solutions, Inc. Systems and methods for permission arbitrated transaction services
US8931058B2 (en) 2010-07-01 2015-01-06 Experian Information Solutions, Inc. Systems and methods for permission arbitrated transaction services
US9147042B1 (en) 2010-11-22 2015-09-29 Experian Information Solutions, Inc. Systems and methods for data verification
US9665854B1 (en) 2011-06-16 2017-05-30 Consumerinfo.Com, Inc. Authentication alerts
JP5575071B2 (en) 2011-08-26 2014-08-20 株式会社東芝 Information processing apparatus, information processing method, and program
US9106691B1 (en) 2011-09-16 2015-08-11 Consumerinfo.Com, Inc. Systems and methods of identity protection and management
US10192262B2 (en) 2012-05-30 2019-01-29 Ncino, Inc. System for periodically updating backings for resource requests
US10282461B2 (en) 2015-07-01 2019-05-07 Ncino, Inc. Structure-based entity analysis
US9268819B1 (en) * 2014-08-01 2016-02-23 Ncino, Inc. Financial-service structured content manager
US10013237B2 (en) 2012-05-30 2018-07-03 Ncino, Inc. Automated approval
US8856894B1 (en) 2012-11-28 2014-10-07 Consumerinfo.Com, Inc. Always on authentication
US10664936B2 (en) 2013-03-15 2020-05-26 Csidentity Corporation Authentication systems and methods for on-demand products
US9633322B1 (en) 2013-03-15 2017-04-25 Consumerinfo.Com, Inc. Adjustment of knowledge-based authentication
US9721147B1 (en) 2013-05-23 2017-08-01 Consumerinfo.Com, Inc. Digital identity
US10373240B1 (en) 2014-04-25 2019-08-06 Csidentity Corporation Systems, methods and computer-program products for eligibility verification
US9529994B2 (en) 2014-11-24 2016-12-27 Shape Security, Inc. Call stack integrity check on client/server systems
WO2017007705A1 (en) 2015-07-06 2017-01-12 Shape Security, Inc. Asymmetrical challenges for web security
US10567363B1 (en) * 2016-03-03 2020-02-18 Shape Security, Inc. Deterministic reproduction of system state using seeded pseudo-random number generators
US10216488B1 (en) 2016-03-14 2019-02-26 Shape Security, Inc. Intercepting and injecting calls into operations and objects
US10225255B1 (en) 2016-05-27 2019-03-05 Shape Security, Inc. Count-based challenge-response credential pairs for client/server request validation
CN108279966B (en) * 2018-02-13 2021-08-20 Oppo广东移动通信有限公司 Webpage screenshot method, device, terminal and storage medium
US10911234B2 (en) 2018-06-22 2021-02-02 Experian Information Solutions, Inc. System and method for a token gateway environment
US11941065B1 (en) 2019-09-13 2024-03-26 Experian Information Solutions, Inc. Single identifier platform for storing entity data

Citations (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5872915A (en) * 1996-12-23 1999-02-16 International Business Machines Corporation Computer apparatus and method for providing security checking for software applications accessed via the World-Wide Web
US20010054155A1 (en) * 1999-12-21 2001-12-20 Thomas Hagan Privacy and security method and system for a World-Wide-Web site
US20020091798A1 (en) * 2000-07-10 2002-07-11 Joshi Vrinda S. Providing data to applications from an access system
US20020091975A1 (en) * 2000-11-13 2002-07-11 Digital Doors, Inc. Data security system and method for separation of user communities
US20020147706A1 (en) * 2001-04-05 2002-10-10 International Business Machines Corporation Method for attachment and recognition of external authorization policy on file system resources
US20020188696A1 (en) * 2001-06-07 2002-12-12 International Business Machines Corporation Web page monitoring system and methods therefor
US20030018910A1 (en) * 2001-07-18 2003-01-23 Ge Capital Mortgage Corporation System and methods for providing multi-level security in a network at the application level
US20030020746A1 (en) * 2001-01-31 2003-01-30 Computer Associates Think, Inc. System and method for dynamically generating a web page
US20030023670A1 (en) * 2001-07-24 2003-01-30 Steve Walrath System and method for client-server networked applications
US6522738B1 (en) * 1998-12-16 2003-02-18 Nortel Networks Limited Web site content control via the telephone
US6532463B1 (en) * 1998-12-01 2003-03-11 University Of Florida Web page accessing of data bases and mainframes
US20030061482A1 (en) * 2001-08-23 2003-03-27 Efunds Corporation Software security control system and method
US6567918B1 (en) * 1999-01-28 2003-05-20 Microsoft Corporation Saved Web page security system and method
US20030236996A1 (en) * 2002-06-24 2003-12-25 International Business Machines Corporation Security objects controlling timed access to resources
US20030237006A1 (en) * 2002-06-24 2003-12-25 International Business Machines Corporation Security objects controlling access to resources
US20030236979A1 (en) * 2002-06-24 2003-12-25 International Business Machines Corporation Group security objects and concurrent multi-user security objects
US20040039819A1 (en) * 1998-01-20 2004-02-26 Dell Usa L.P. Method and system for receiving and providing access to information at a web site
US20040054931A1 (en) * 2002-09-12 2004-03-18 International Business Machines Corporation Calendar based security object management
US20040064724A1 (en) * 2002-09-12 2004-04-01 International Business Machines Corporation Knowledge-based control of security objects
US20040073634A1 (en) * 2000-09-14 2004-04-15 Joshua Haghpassand Highly accurate security and filtering software
US6725425B1 (en) * 1998-12-08 2004-04-20 Yodlee.Com Method and apparatus for retrieving information from semi-structured, web-based data sources
US20040123112A1 (en) * 2002-12-19 2004-06-24 International Business Machines Corporation Security object providing encryption scheme and key
US20040123146A1 (en) * 2002-12-19 2004-06-24 International Business Machines Corporation Security objects with language translation and speech to text conversion
US20040260952A1 (en) * 2003-05-28 2004-12-23 Newman Gary H. Secure user access subsystem for use in a computer information database system
US20050154888A1 (en) * 2003-07-11 2005-07-14 Tom Chen System and method for providing java server page security
US6934697B1 (en) * 2000-08-04 2005-08-23 Netzero, Inc. Creating customized internet access client user interface
US20050240857A1 (en) * 2004-04-02 2005-10-27 Jason Benedict Methods and systems of information portal construction
US6978381B1 (en) * 1999-10-26 2005-12-20 International Business Machines Corporation Enhancement to a system for automated generation of file access control system commands
US7149960B1 (en) * 2002-07-17 2006-12-12 Novell, Inc. Method and apparatus for controlling creation and management of pages of portal content in a directory
US7210163B2 (en) * 2002-07-19 2007-04-24 Fujitsu Limited Method and system for user authentication and authorization of services
US7552136B2 (en) * 2001-10-31 2009-06-23 International Business Machines Corporation Context management super tools and filter/sort model for aggregated display webpages
US7865545B1 (en) * 1999-12-28 2011-01-04 International Business Machines Corporation System and method for independent room security management
US20110004943A1 (en) * 2000-01-07 2011-01-06 Naren Chaganti Online personal library
US20120226745A1 (en) * 1997-03-31 2012-09-06 Apple Inc. Method and apparatus for updating and synchronizing information between a client and a server
US20130124977A1 (en) * 2004-07-29 2013-05-16 Cisco Technology, Inc. Editing web pages

Family Cites Families (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6185614B1 (en) 1998-05-26 2001-02-06 International Business Machines Corp. Method and system for collecting user profile information over the world-wide web in the presence of dynamic content using document comparators
US6489954B1 (en) 1998-10-13 2002-12-03 Prophet Financial Systems, Inc. System and method for permitting a software routine having restricted local access to utilize remote resources to generate locally usable data structure
US7131062B2 (en) 1998-12-09 2006-10-31 International Business Machines Corporation Systems, methods and computer program products for associating dynamically generated web page content with web site visitors
US20020022962A1 (en) * 1999-05-28 2002-02-21 Marybelle, Inc. Payment methods for on-line funeral home memorials
US6332424B1 (en) * 1999-06-02 2001-12-25 Stephen B. Frink Hands free signal device
US6822663B2 (en) 2000-09-12 2004-11-23 Adaptview, Inc. Transform rule generator for web-based markup languages
US20030056173A1 (en) 2001-01-22 2003-03-20 International Business Machines Corporation Method, system, and program for dynamically generating input for a test automation facility for verifying web site operation
US20020097268A1 (en) 2001-01-22 2002-07-25 Dunn Joel C. Method, system, and program for a platform-independent, browser-based, client-side, test automation facility for verifying web site operation
US7089243B1 (en) * 2001-02-20 2006-08-08 Liping Zhang Method and apparatus for a professional practice application
US7117504B2 (en) * 2001-07-10 2006-10-03 Microsoft Corporation Application program interface that enables communication for a network software platform
US20060085275A1 (en) * 2002-01-16 2006-04-20 Stokes Patricia L System and method for facilitating online transactions
US20040148341A1 (en) 2003-01-29 2004-07-29 Web.De Ag Web site having an individual event settings element
US7246306B2 (en) 2002-06-21 2007-07-17 Microsoft Corporation Web information presentation structure for web page authoring
US7885889B2 (en) * 2002-12-30 2011-02-08 Fannie Mae System and method for processing data pertaining to financial assets
US20040139092A1 (en) * 2003-01-10 2004-07-15 Jones Robert W. Document access system supporting an application user in accessing external documents
US20040157193A1 (en) 2003-02-10 2004-08-12 Mejias Ulises Ali Computer-aided design and production of an online learning course
US7200860B2 (en) 2003-03-05 2007-04-03 Dell Products L.P. Method and system for secure network service
JP4340566B2 (en) * 2003-04-01 2009-10-07 株式会社リコー Web page generation apparatus, embedded apparatus, Web page generation control method, Web page generation program, and recording medium
US7809608B2 (en) * 2003-07-25 2010-10-05 Peter Kassan System and method to prevent termination of on-line transactions
US8051014B2 (en) * 2003-11-25 2011-11-01 Pitney Bowes Inc. Method for providing a shortcut to shipping information
US7368653B2 (en) * 2004-01-08 2008-05-06 Yamaha Corporation Electronic musical apparatus and program for controlling the same

Patent Citations (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5872915A (en) * 1996-12-23 1999-02-16 International Business Machines Corporation Computer apparatus and method for providing security checking for software applications accessed via the World-Wide Web
US20120226745A1 (en) * 1997-03-31 2012-09-06 Apple Inc. Method and apparatus for updating and synchronizing information between a client and a server
US20040039819A1 (en) * 1998-01-20 2004-02-26 Dell Usa L.P. Method and system for receiving and providing access to information at a web site
US6532463B1 (en) * 1998-12-01 2003-03-11 University Of Florida Web page accessing of data bases and mainframes
US6725425B1 (en) * 1998-12-08 2004-04-20 Yodlee.Com Method and apparatus for retrieving information from semi-structured, web-based data sources
US6522738B1 (en) * 1998-12-16 2003-02-18 Nortel Networks Limited Web site content control via the telephone
US6567918B1 (en) * 1999-01-28 2003-05-20 Microsoft Corporation Saved Web page security system and method
US6978381B1 (en) * 1999-10-26 2005-12-20 International Business Machines Corporation Enhancement to a system for automated generation of file access control system commands
US20010054155A1 (en) * 1999-12-21 2001-12-20 Thomas Hagan Privacy and security method and system for a World-Wide-Web site
US7865545B1 (en) * 1999-12-28 2011-01-04 International Business Machines Corporation System and method for independent room security management
US20110004943A1 (en) * 2000-01-07 2011-01-06 Naren Chaganti Online personal library
US20020091798A1 (en) * 2000-07-10 2002-07-11 Joshi Vrinda S. Providing data to applications from an access system
US6934697B1 (en) * 2000-08-04 2005-08-23 Netzero, Inc. Creating customized internet access client user interface
US20040073634A1 (en) * 2000-09-14 2004-04-15 Joshua Haghpassand Highly accurate security and filtering software
US20020091975A1 (en) * 2000-11-13 2002-07-11 Digital Doors, Inc. Data security system and method for separation of user communities
US20030020746A1 (en) * 2001-01-31 2003-01-30 Computer Associates Think, Inc. System and method for dynamically generating a web page
US20020147706A1 (en) * 2001-04-05 2002-10-10 International Business Machines Corporation Method for attachment and recognition of external authorization policy on file system resources
US20020188696A1 (en) * 2001-06-07 2002-12-12 International Business Machines Corporation Web page monitoring system and methods therefor
US20030018910A1 (en) * 2001-07-18 2003-01-23 Ge Capital Mortgage Corporation System and methods for providing multi-level security in a network at the application level
US20030023670A1 (en) * 2001-07-24 2003-01-30 Steve Walrath System and method for client-server networked applications
US20030061482A1 (en) * 2001-08-23 2003-03-27 Efunds Corporation Software security control system and method
US7552136B2 (en) * 2001-10-31 2009-06-23 International Business Machines Corporation Context management super tools and filter/sort model for aggregated display webpages
US20030237006A1 (en) * 2002-06-24 2003-12-25 International Business Machines Corporation Security objects controlling access to resources
US20030236996A1 (en) * 2002-06-24 2003-12-25 International Business Machines Corporation Security objects controlling timed access to resources
US20030236979A1 (en) * 2002-06-24 2003-12-25 International Business Machines Corporation Group security objects and concurrent multi-user security objects
US7149960B1 (en) * 2002-07-17 2006-12-12 Novell, Inc. Method and apparatus for controlling creation and management of pages of portal content in a directory
US7210163B2 (en) * 2002-07-19 2007-04-24 Fujitsu Limited Method and system for user authentication and authorization of services
US20040064724A1 (en) * 2002-09-12 2004-04-01 International Business Machines Corporation Knowledge-based control of security objects
US20040054931A1 (en) * 2002-09-12 2004-03-18 International Business Machines Corporation Calendar based security object management
US20040123112A1 (en) * 2002-12-19 2004-06-24 International Business Machines Corporation Security object providing encryption scheme and key
US20040123146A1 (en) * 2002-12-19 2004-06-24 International Business Machines Corporation Security objects with language translation and speech to text conversion
US20040260952A1 (en) * 2003-05-28 2004-12-23 Newman Gary H. Secure user access subsystem for use in a computer information database system
US20050154888A1 (en) * 2003-07-11 2005-07-14 Tom Chen System and method for providing java server page security
US20050240857A1 (en) * 2004-04-02 2005-10-27 Jason Benedict Methods and systems of information portal construction
US20130124977A1 (en) * 2004-07-29 2013-05-16 Cisco Technology, Inc. Editing web pages

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140279489A1 (en) * 2013-03-15 2014-09-18 Capital One Financial Corporation Systems and methods for providing alternative logins for mobile banking

Also Published As

Publication number Publication date
US8307291B2 (en) 2012-11-06
US20090177972A1 (en) 2009-07-09
US20060036870A1 (en) 2006-02-16

Similar Documents

Publication Publication Date Title
US8307291B2 (en) Web page security system and method
US6941376B2 (en) System and method for integrating public and private data
US7016959B2 (en) Self service single sign on management system allowing user to amend user directory to include user chosen resource name and resource security data
US9117064B2 (en) Method and system for transmitting authentication context information
US8291088B2 (en) Method and system for providing single sign-on user names for web cookies in a multiple user information directory environment
US7757271B2 (en) Computer system security service
US7802174B2 (en) Domain based workflows
US7428523B2 (en) Portal bridge
US7334039B1 (en) Techniques for generating rules for a dynamic rule-based system that responds to requests for a resource on a network
US20020143961A1 (en) Access control protocol for user profile management
US20020138572A1 (en) Determining a user's groups
US20150135296A1 (en) Catalog driven order management for rule definition
AU2001271596A1 (en) System and method for integrating public and private data
US7243138B1 (en) Techniques for dynamic rule-based response to a request for a resource on a network
US6760844B1 (en) Secure transactions sessions
US9237156B2 (en) Systems and methods for administrating access in an on-demand computing environment
US8925052B2 (en) Application integration
US20080294639A1 (en) System and Method For Delegating Program Management Authority
US8819814B1 (en) Secure access infrastructure
US10021107B1 (en) Methods and systems for managing directory information
US20040073667A1 (en) System and method for providing access to computer program applications

Legal Events

Date Code Title Description
AS Assignment

Owner name: III HOLDINGS 1, LLC, DELAWARE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:AMERICAN EXPRESS TRAVEL RELATED SERVICES COMPANY, INC.;REEL/FRAME:033295/0327

Effective date: 20140324

AS Assignment

Owner name: LIBERTY PEAK VENTURES, LLC, TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:III HOLDINGS 1, LLC;REEL/FRAME:045611/0193

Effective date: 20180315

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION