 |
Claims  |
|
|
We claim:
1. A computer system that provides a common user interface for communicating between a plurality of web browsers and a software application over the World-Wide Web, the computer system
comprising:
at least one Central Processing Unit (CPU);
a memory coupled to the CPU; and
a transaction support mechanism, the transaction support mechanism residing in the memory and being executed by the at least one CPU, wherein the transaction support mechanism is capable of receiving and transmitting data to and from the
plurality of web browsers via the common user interface, the transaction support mechanism using an identifier mechanism to identify and track the data.
2. The computer system of claim 1, further comprising a security mechanism, the security mechanism residing in the memory and being executed by the at least one CPU, the security mechanism coupled to and providing an interface between the
software application and the plurality of web browsers, the security mechanism receiving user input from the plurality of web browsers, the security mechanism retrieving authentication parameters for the software application corresponding to the received
input.
3. The computer system of claim 1, further comprising an interface mechanism, the interface mechanism comprising a gateway mechanism for handling at least one variable, the gateway mechanism residing in the memory and being executed by the at
least one CPU, the gateway mechanism comprising a universal common gateway interface for communicating between the plurality of web browsers and the software application without requiring reprogramming for the software application.
4. The computer system of claim 1, further comprising a disconnect mechanism, the disconnect mechanism residing in the memory and being executed by the at least one CPU, the disconnect mechanism storing state data and a conversation identifier
relating to each conversation between one of the plurality of web browsers and a software application process when the software application process is suspended such that the data can be retrieved when the software application process is resumed.
5. The computer system of claim 1, further comprising:
a security mechanism, the security mechanism residing in the memory and being executed by the at least one CPU, the security mechanism coupled to and providing an interface between the software application and the plurality of web browsers, the
security mechanism receiving user input from the plurality of web browsers, the security mechanism retrieving authentication parameters for the software application corresponding to the received input;
an interface mechanism, the interface mechanism comprising a gateway mechanism for handling at least one variable, the gateway mechanism residing in the memory and being executed by the at least one CPU, the gateway mechanism comprising a
universal common gateway interface for communicating between the plurality of web browsers and the software application without requiring reprogramming for the software application; and
a disconnect mechanism, the disconnect mechanism residing in the memory and being executed by the at least one CPU, the disconnect mechanism storing state data and a conversation identifier relating to each conversation between one of the
plurality of web browsers and a software application process when the software application process is suspended such that the data can be retrieved when the software application process is resumed.
6. The computer system of claim 1, wherein the transaction support mechanism further comprises a mechanism for communicating with a native interface to the software application.
7. The computer system of claim 1 wherein the transaction support mechanism comprises:
an application gateway in communication with the web server application and the software application, the application gateway residing in the memory and being executed by at least one of the plurality of CPUs, the application gateway including
the identifier mechanism, the identifier mechanism generating an identifier for each of the plurality of web browsers and routing data from the software application to the selected one of the plurality of web browsers that correspond to the identifier.
8. The computer system of claim 7 wherein the application gateway processes data received from the plurality of web servers and processes data received from the application program.
9. The computer system of claim 1 wherein the software application is a process engineering software application.
10. The computer system of claim 1 further comprising at least one activity program interface (API) in communication with at least one activity program that executes under the direction of the software application, the at least one activity
program interface communicating between the at least one activity program and the application gateway.
11. A computer system that provides a common user interface for communicating between a web browser and a software application over the World-Wide Web, the computer system comprising:
a plurality of Central Processing Units (CPUs);
a memory coupled to the plurality of CPUs;
each of the plurality of web browsers residing in the memory and being executed by at least one of the plurality of CPUs;
a web server application in communication with at least one of the plurality of web browsers, the web server application residing in the memory and being executed by at least one of the plurality of CPUs; and
the software application residing in the memory and being executed by at least one of the plurality of CPUs; and
an application gateway in communication with the web server application and a native interface to the software application, the application gateway residing in the memory and being executed by at least one of the plurality of CPUs, the
application gateway including:
an identifier mechanism, the identifier mechanism generating an identifier for each of the plurality of web browsers and routing data from the software application to the selected one of the plurality of web browsers that correspond to the
identifier.
12. The computer system of claim 11 wherein the application gateway processes data received from the web server application and the application program.
13. The computer system of claim 11 wherein the software application is a process engineering software application.
14. The computer system of claim 11 further comprising at least one activity program interface (API) in communication with at least one activity program that executes under the direction of the software application, the at least one activity
program interface communicating between the at least one activity program and the application gateway.
15. The computer system of claim 11 wherein the web server application comprises:
an authenticator, the authenticator determining from authentication data passed from one of the plurality of web browsers whether the selected web browser is authorized to access the web server application; and
wherein the web server processes data received from the plurality of web browsers and data received from the application gateway.
16. The computer system of claim 11 wherein the web browser is executed on a client workstation by at least one of the plurality of CPUs.
17. The computer system of claim 11 wherein the web server application is executed on a web server computer by at least one of the plurality of CPUs.
18. The computer system of claim 11 wherein the application gateway is executed on the web server computer by at least one of the plurality of CPUs.
19. The computer system of claim 11 wherein the application gateway is executed on a first computer by at least one of the plurality of CPUs.
20. The computer system of claim 11 wherein the software application is executed on a second computer by at least one of the plurality of CPUs.
21. The computer system of claim 11 wherein the application gateway is executed on the second computer by at least one of the plurality of CPUs.
22. A program product for providing a common user interface for communicating between a plurality of web browsers and a software application, the program product comprising:
(1) an application gateway in communication with the plurality of web browsers and the software application, the application gateway comprising:
an identifier mechanism, the identifier mechanism generating an identifier for each of the plurality of web browsers and routing data from the software application to a selected one of the plurality of web browsers that correspond to the
identifier via the common user interface; and
a mechanism for communicating with a native interface to the software application; and
(2) signal bearing media bearing the application gateway.
23. The program product of claim 22 wherein the signal bearing media comprises recordable media.
24. The program product of claim 22 wherein the signal bearing media comprises transmission media.
25. The program product of claim 22 wherein the software application is a process engineering software application.
26. The program product of claim 22 further comprising at least one activity program interface (API) in communication with at least one activity program that executes under the direction of the software application, the at least one activity
program interface communicating between the at least one activity program and the application gateway.
27. A computer-implemented method for providing a common user interface for communicating between a web browser and a software application over the World-Wide Web, the method comprising the steps of:
providing a plurality of Central Processing Units (CPUs );
providing a memory coupled to the plurality of CPUs;
executing at least one of the plurality of web browsers residing in the memory by at least one of the plurality of CPUs;
providing a web server application residing in the memory and being executed by at least one of the plurality of CPUs;
providing a software application residing in the memory and being executed by at least one of the plurality of CPUs;
providing an application gateway residing in the memory and being executed by at least one of the plurality of CPUs;
a selected one of the plurality of web browsers initiating an access to the software application by sending authentication data and environment data to the web server application;
processing the environment data if the authentication data authorizes the selected web browser to access the web server application;
outputting the processed environment data to the application gateway;
generating an identifier corresponding to the selected web browser and a desired process to be executed by the software application;
providing a security mechanism, the security mechanism residing in the memory and being executed by the at least one CPU, the security mechanism receiving user input from the web browser, the security mechanism retrieving authentication
parameters for the software application corresponding to the received input
providing an interface mechanism residing in the memory and being executed by the at least one CPU, wherein the interface mechanism receives and transmits variables and templates between the web browser and the software application; and
providing a disconnect mechanism residing in the memory and being executed by the at least one CPU, the disconnect mechanism storing state and a conversation identifier relating to a conversation between the web browser and the software
application when the conversation is suspended such that the state data can be retrieved when the conversation is resumed executing the desired process by the software application;
returning the results of executing the desired process to the application gateway with the identifier;
determining which of the plurality of browsers should be sent the results based on the identifier;
sending the results from the application gateway to the web server application; and
sending the results from the web server to the selected one web browser corresponding to the identifier.
28. The method of claim 27 wherein the software application is a process engineering software application.
29. A system for providing a common user interface for communicating between a web browser and a software application over the World-Wide Web, the system comprising:
a client workstation running the web browser;
a web server computer running a web server application;
a first computer running an application gateway;
a second computer running the software application;
a communication mechanism between the web browser and the web server application which allows data to be transmitted between the web browser and the web server application;
a communication mechanism between the web server application and the application gateway which allows data to be transmitted between the web server application and the application gateway;
a communication mechanism between the application gateway and the software application which allows data to be transmitted between the application gateway and the software application;
an interface mechanism wherein the interface mechanism receives and transmits variables and templates between the web browser and the software application;
a security mechanism coupled to and providing an interface between the web browser and the software application;
a disconnect mechanism wherein the disconnect mechanism stores state and a conversation identifier relating to a conversation between the web browser and the software application when the conversation is suspended such that the state data can be
retrieved when the conversation is resumed executing the desired process by the software application; and
a plurality of application programming interfaces that allow the web browser to communicate with the software application over the World-Wide Web.
30. The system of claim 29 wherein the software application is a process engineering software application.
31. The system of claim 29 wherein the web server computer comprises the first computer.
32. The system of claim 29 wherein the first computer comprises the second computer. |
|
 |
|
 |
Claims |
|
|
|
Description |
|
|
RELATED APPLICATION
This application is related to the following U.S. patent applications: "Computer Apparatus and Method for Communicating Between Software Applications and Computers on the World-Wide Web Using Universal Variable Handling", Ser. No. 08/780,014,
filed Dec. 23, 1996, "Computer Apparatus and Method for Providing Security Checking for Software Applications Accessed via the World-Wide Web", Ser. No. 08/772,737, filed Dec. 23, 1996; "Computer Apparatus and Method Including a Disconnect Mechanism
for Communicating Between Software Applications and Computers on the World-Wide Web", Ser. No. 08/772,738, filed Dec. 23, 1996; and "Computer Apparatus and Method for Communicating Between Software Applications and Computers on the World-Wide Web",
Ser. No. 08/780,013, filed Dec. 23, 1996.
BACKGROUND OF THE INVENTION
1. Technical Field
This invention generally relates to interactions on the world-wide web, and more specifically relates to an apparatus and method for providing access to software applications via the world-wide web.
2. Background Art
The development of the EDVAC computer system of 1948 is often cited as the beginning of the computer era. Since that time, computer systems have evolved into extremely sophisticated devices, and computer systems may be found in many different
settings. Computer systems typically include a combination of hardware (e.g., semiconductors, circuit boards, etc.) and software (e.g., computer programs). As advances in semiconductor processing and computer architecture push the performance of the
computer hardware higher, more sophisticated computer software has evolved to take advantage of the higher performance of the hardware, resulting in computer systems today that are much more powerful than those that existed just a few years ago.
Computer systems typically include operating system software that control the basic function of the computer, and one or more software applications that run under the control of the operating system to perform desired tasks. For example, a
typical IBM Personal Computer may run the OS/2 operating system, and under the control of the OS/2 operating system, a user may execute an application program, such as a word processor. As the capabilities of computer systems have increased, the
software applications designed for high performance computer systems have become extremely powerful.
Other changes in technology have also profoundly affected how we use computers. For example, the widespread proliferation of computers prompted the development of computer networks that allow computers to communicate with each other. With the
introduction of the personal computer (PC), computing became accessible to large numbers of people. Networks for personal computers were developed to allow individual users to communicate with each other. In this manner, a large number of people within
a company could communicate simultaneously over a network with a software application running on a single computer system.
One significant computer network that has recently become very popular is the Internet. The Internet grew out of the modern proliferation of computers and networks, and has evolved into a sophisticated worldwide network of computer systems
linked together by web pages that collectively make up the "world-wide web", or WWW. A user at an individual PC (i.e., workstation) that wishes to access the WWW typically does so using a software application known as a web browser. A web browser makes
a connection via the WWW to other computers known as web servers, and receives information from the web servers that is displayed on the user's workstation. Information displayed to the user is typically organized into pages that are constructed using a
specialized language called Hypertext Markup Language (HTML). Web browsers that use HTML are now available for almost every computer system on the market, making the WWW accessible to practically anyone who has access to a computer and a modem.
Although the WWW is becoming increasingly popular, the rapid growth and expansion of computer users accessing the WWW has brought along with it concomitant problems. Some of these problems are identified below.
With the growing popularity of the Internet and the WWW, businesses have recognized that the Internet provides a new way to boost both sales and efficiency. If a user with a web browser can interact directly with a company's software
application, a given transaction will be simplified. For example, let's evaluate how a person typically reserves a rental car. The person calls the rental car agency, and then gives his or her information (i.e., name, address, credit card number, etc.)
to the rental car agent over the phone. The agent must enter the information into the car rental software application to initialize the process to reserve a car. A more efficient car reservation system for web users would allow the user to interact
directly with the car rental software application. This would eliminate many of the tasks that the car rental agent now performs. However, devising a car rental software application that is capable of interacting directly with web users would require
creating custom interface software. Likewise, a custom user interface must be created for each different software application that is to be accessed via the WWW. The preferred interface would be a graphical user interface (GUI). The process of
generating a custom GUI for a software application is time consuming and expensive, and typically results in a proprietary user interface that cannot be used for communicating with other software applications. This means that a company has a significant
disincentive that would prevent them from providing access to their software applications via the WWW.
In addition, many computer users have adopted very different forms of hardware/software computer platforms. For example, while the IBM-compatible personal computer is the most common type of computer system available today, other vendors have
developed very different product lines with significant numbers of computer systems presently installed and in use. These disparate hardware systems typically utilize completely different operating systems. The existence of these various different
hardware and software systems will typically require a completely new programming and development effort to "port" or translate the custom GUI for a given software application to each different hardware platform. Many companies will only support the
most popular hardware/software combinations, thereby limiting market share and reducing the number of users who have access to the software application.
The problem of multiple unrelated user interfaces highlights yet another problem that may also prevent the rapid adoption of software applications via the WWW. Assuming a company has absorbed the cost of developing a custom GUI for a given
software application, the GUI developed by one company will most likely differ significantly from the GUI developed by another company for their respective software applications. Typically, each software vendor will create a custom GUI for each specific
software application so that whenever a user accesses the software application via the WWW, the user can access the specific features of the software application. However, since every product has different features and every vendor has differing
standards for application/user interaction, the result is often a vastly different user interface for each and every software application that the user encounters. The user is often forced to "re-learn" basic skills for interacting with each and every
software application they wish to access.
The current situation for accessing software over the WWW is somewhat analogous to the early days of the personal computer. In the early 1980s, the IBM personal computer (PC) was introduced and was quickly adopted as the industry standard
hardware platform. However, even though the hardware platform was relatively standard, each independent software vendor created significantly different user interfaces for their respective application programs. This, in turn, proved to be an impediment
to the rapid adoption of new application programs by the users of personal computers. Because users were unable to efficiently use new software applications without extensive training, many new software applications were not adopted.
Today, however, new standards have been developed and adopted for personal computer software applications which dramatically reduce the amount of re-learning that must take place for new software applications. State-of-the-art GUI operating
systems such as IBM's OS2 have standardized many common user actions and provided independent software developers and vendors with the "hooks" or programming tools necessary to access most standard user interface components and features, thereby
dramatically reducing the learning curve for end-users. Unfortunately, this standardization effort has not yet penetrated the WWW In fact, the ready availability of the WWW as a delivery system for software applications has exacerbated the rapid
proliferation of the disparate software now available over the WWW. In addition, some of the most powerful software applications available have non-intuitive, non-graphical user interfaces. The process of re-learning a new interface for each new
application tends to be tedious, time-consuming and non-productive. Therefore, even though many software applications may be accessible over the WWW today, learning how to access these various programs can be time-consuming, frustrating, and
intimidating for the end-user.
DISCLOSURE OF INVENTION
Recognizing both the importance of providing access to software applications over the WWW, and the current limitations of existing solutions, the present invention provides the capability to easily access many different application programs over
the WWW via a standardized GUI. By providing standard procedures, routines, tools, and software "hooks" for accessing software applications over the WWW, software developers can concentrate on the functionality of the application program and easily use
HTML to provide a GUI interface for the application program.
As mentioned above, HTML is a well-known language which can be used by almost any computer system on the market today. In addition, since HTML is a fairly well controlled and standardized language, new software application features can be added
as they are developed and supported by HTML. In addition, since HTML is a widely adopted, non-proprietary technology, the present invention can provide open access to a large market for even very small software developers. Further, the present
invention also allows software developers to adopt a standard access protocol, which allows them to provide support for any computer system which is capable of utilizing a HTML cognizant browser. Finally, by providing easy-to-implement, standardized
solutions to the issues of user interface, authentication/security, and web transaction support, the common user interface of the present invention overcomes the limitations existing in previous solutions.
The foregoing and other features and
advantages of the invention will be apparent from the following more particular description of preferred embodiments of the invention, as illustrated in the accompanying drawings.
BRIEF DESCRIPTION OF DRAWINGS
The preferred embodiments of the present invention will hereinafter be described in conjunction with the appended drawings, where like designations denote like elements, and:
FIG. 1 is a block diagram of a preferred embodiment of the present invention;
FIG. 2 is a block diagram of a transaction between a client workstation and a web server;
FIG. 3 is a block diagram of a system according to a preferred embodiment of the present invention that allows access to a software application over the World-Wide Web from a standard web browser;
FIG. 4 is a more detailed block diagram of the system of FIG. 3, further adapted to access FlowMark workflow application software over the World-Wide Web;
FIG. 5 is a flow diagram of a method in accordance with a preferred embodiment of the present invention that illustrates some of the features of the common user interface;
FIG. 6 is a process flow diagram of the security checking feature of FIG. 5;
FIG. 7 is a process flow diagram of the template/HTML variable feature of FIG. 5;
FIG. 8 is a process flow diagram of the resume/disconnect API features of FIG. 5;
FIG. 9 is a tabular representation of a portion of a user library;
FIG. 10 is a block diagram of a preferred embodiment of the present invention when expanded to a multi-user environment;
FIG. 11 is an example of HTML code used to generate a car rental reservation form in accordance with a preferred embodiment of the present invention;
FIG. 12 is an example of a data stream generated by a user request from a web browser in accordance with a preferred embodiment of the present invention;
FIG. 13 is an example of HTML code used to generate a reservation confirmation template in accordance with a preferred embodiment of the present invention;
FIG. 14 is an example of the HTML code of FIG. 10 after processing by a CGI in accordance with a preferred embodiment of the present invention;
FIG. 15 is an example of web browser formatted data in accordance with a preferred embodiment of the present invention;
FIG. 16 is an example of HTML code used to generate a web page for a car rental reservation agent in accordance with a preferred embodiment of the present invention;
FIG. 17 is an example of web server generated data in accordance with a preferred embodiment of the present invention;
FIGS. 18a and 18b provide an example of HTML code used to generate a car rental agent work list in accordance with a preferred embodiment of the present invention;
FIGS. 19a, 19b, and 19c provide an example of HTML code of FIG. 15 after processing by a CGI in accordance with a preferred embodiment of the present invention;
FIG. 20 is an example of the data stream received from a web browser by a CGI in accordance with a preferred embodiment of the present invention;
FIG. 21 is an example of HTML code used to generate an automobile availability page in accordance with a preferred embodiment of the present invention;
FIG. 22 is an example of the HTML code of FIGS. 18a and 18b after processing by a CGI in accordance with a preferred embodiment of the present invention; and
FIG. 23 is a process model diagram that describes a WWW transaction with a software application using a preferred embodiment of the present invention .
BEST MODE FOR CARRYING OUT THE INVENTION
The present invention relates to transactions via the WWW. For those individuals who are not Internet or WWW experts, the Overview section below presents many basic concepts that will help to understand the invention.
OVERVIEW
Web Transactions
Referring now to FIG. 2, a typical transaction between a standard web browser 212 running on a client workstation 210 and a web server application 222 running on a web server computer system 220 occurs over a connection 216. Client workstation
210 may be coupled to other computer systems via a local area network (LAN) or via any other type of computer network or other interconnection. Likewise, web server computer system 220 may be coupled to other computer systems as well. Client
workstation 210 may be any computer that is capable of providing access to the WWW by using web browser 212. This would include handheld, portable or laptop computers, standard desktop computer systems, Personal Digital Assistants (PDAs),
non-programmable terminals connected to a mainframe, etc.
Web browser 212 is a software program running on client workstation 210 that allows a user at client workstation 210 to communicate with other computers over connection 216. Web browser 212 would include any web browser which is capable of
transmitting and receiving data over the WWW. This includes commercial software applications such as IBM's WebExplorer, Netscape Navigator, Microsoft Internet Explorer, Apple Computer's CyberDog, and any other software application which now exists or
which may be developed in the future for accessing or processing information over the WWW. A preferred embodiment for connection 216 is any suitable connection to the Internet, including a hardwired connection, telephone access via a modem or high-speed
T1 line, infrared or other wireless communications, computer network communications (whether over a wire or wireless), or any other suitable connection between computers, whether currently known or developed in the future.
It should be noted that client workstation 210 and web server computer system 220 may be the same physical and/or logical computer system. Web browser 212 typically displays pages of HTML data to a user at client workstation 210. Other types of
data (besides HTML) may also be transmitted to web browser 212, including text data, graphical data (e.g., Graphic Image Format (GIF) files), audio data or sound files (e.g., WAV files), Java applets (executable code) and a specialized data form known as
Multipurpose Internet Mail Extensions (MIME) data (which may include combinations of the foregoing and other data types).
Web server application 222 is a software program running on web server computer system 220 that allows a user at client workstation 210 to access information controlled by web server 220. One preferred embodiment of web server application 222 in
accordance with the present invention is a commercial web server application such as IBM's Internet Connection Server. Other applications are also compatible with the present invention. Web server computer system 220 typically outputs pages of HTML
data to WEB browser 212 in response to requests by web browser 212 that reflect action taken by the user at client workstation 210. In addition, as explained above, web server computer system 220 may output other types of data to web browser 212 as
well. Output data may include static HTML pages (meaning that the content of the page does not vary), or may include data that must be dynamically determined and inserted into the output data. Web server application 222 may dynamically build output
data (e.g., an HTML page) from parts that it retrieves from memory within web server computer system 220 or from other computer systems, or may simply pass through an HTML page or other information that has been developed at an earlier time or by another
computer.
Web browser 212 typically interacts with web server application 222 by transmitting input (e.g., a Uniform Resource Locator (URL) or an HTML page) over connection 216 to web server computer system 220. This input is typically transmitted using
Hypertext Transfer Protocol (HTTP) 1.0. Web server computer system 220 running web server application 222 receives the input from web browser 212, and in response, outputs data (e.g., an HTML page) to browser 212. The process described above
illustrates a basic transaction over the Internet, recognizing that many details and variations that are within the scope of the present invention are not disclosed herein for the purpose of providing a simple context for understanding the concepts of
the present invention.
Web server computer system 220 may also have numerous other software components, including Common Gateway Interface (CGI) modules. CGI modules may be used as an interface between web server application 222 and other software applications. For
example, a CGI module could provide a link between web server 222 and a calendar software application, allowing web server 222, for example, to insert dynamic calendar information into the web pages it outputs to web browsers 212. Thus, CGIs allow web
servers to distribute dynamic data from other software applications. Unfortunately, programming a CGI is a time-consuming task, given the numerous specifications that a CGI should satisfy. Furthermore, a separate CGI is generally needed for each
different software application to be interfaced with the web server 222. Additionally, different CGI's may be required to perform different functions, such as granting different users different levels of access to the same software application or data.
In general, as the number of CGIs increases, the performance of web server computer system 220 decreases.
Web Pages
Referring now to FIG. 3, a web page is primarily visual data that is intended to be displayed on the monitor of client workstation 210. Web pages are generally written in Hypertext Markup Language (HTML). When web server application 222 running
on web server computer system 220 receives a web page request from web browser 212, it will build a web page in HTML or retrieve a file containing a pre-built web page and send it across connection 216 to the requesting web browser 212. Web browser 212
understands HTML and interprets it and outputs the web page to the monitor of client workstation 210. This resulting web page, displayed on the user's screen, may contain text, graphics, and links (which are URL addresses of other web pages.) These
other web pages (i.e., those represented by links) may be on the same or on different web servers. The user can retrieve these other web pages by clicking on these links using a mouse or other pointing device. This entire system of web pages with links
to other web pages on other servers across the world collectively comprise the "World-Wide Web" (WWW).
Some web pages are designed to elicit input from web browser 212. For example, a web page may request the user's name in an HTML form and require the user to select a particular function using an HTML radio button. These requests are sent to
web browser 212 from web server 222. The web user responds by entering the requested information and resubmitting the page back to web server 222, which parses the inputted data received from the user. Unfortunately, the user may not respond
immediately to the request for input. In fact, it is foreseeable that a user may wait several minutes, hours, or even days before submitting the requested input or, alternatively, may disconnect without ever completing the transaction. During this
time, web server 222 typically waits for the input with various processes still running, waiting for the anticipated response. This can lead to problems where running processes are left active as they wait for input, inefficiently monopolizing the
resources of web server 222.
APIs
Application Programming Interfaces (APIs) are used by program developers to provide access to certain features of a given software application. Each application program will have APIs that allow third parties to access certain features, to
interface the application program with other programs, and to provide access for end-users. While each application program will typically have unique APIs, the functionality and use of different APIs provided by different vendors can often be fairly
similar. Some examples of APIs that are commonly found in many different software applications are presented below for software application 342 running on computer system 300 as shown in FIG. 3.
The SEND API is issued to send data (in the form of HTML pages or other types) to web browser 212. Software application 342 calls the SEND API which, in turn, transmits a send request and sends the data through Internet/application gateway 332
and web server 222 to the appropriate web browser 212.
The RECEIVE API is issued to receive data from web browser 212. This can include CGI data and environment data as needed. Software application 342 calls the RECEIVE API to direct Internet/application gateway 332 to wait for input. Once the
input has arrived, Internet/application gateway 332 will pass the data to software application 342 for processing.
Web Security
As the WWW has experienced explosive growth in the last few years an ever increasing concern is web security. In particular, where web browsers and web servers are being used to provide web-based access to other computer resources (i.e.,
software applications, data files, HTML web pages, etc.) those resources must be kept secure. This involves assuring that access to those resources is granted only to approved web users.
In some cases, a system must be provided where different users are granted access to different resources accessible through the web server. For example, one web server may provide web access to two software applications, and each software
application may provide access to multiple databases. Some users may need access to one software application, but not the other, while other users may need access to both software applications, but only to specified databases controlled by those
software applications. If a user is authorized to access one of the two software applications, and security checking is only performed at the web server level, granting access to the user will grant access to both software applications, even though the
user is not authorized to access the second software application. Even if security checking is performed before granting access to each software application, granting access would allow the user to access any of the databases that are accessible by the
software application. Thus, more sophisticated security checking techniques are needed to assure that unapproved users cannot gain access to sensitive resources while access for approved users is maintained.
Typical web security uses a password and userID combination to authenticate a particular web user to access a particular web server or specific resources through that web server. When a web user attempts to access such a protected resource, he
must supply a userID and password. This is typically accomplished by having the web server prompt the web user to enter a userID and password, which is then stored by the web browser and transmitted back to the web server application for
verification/authentication.
This authentication process is typically repeated for each specific resource that is accessible through the web server application. Thus, a web user that accesses several secure resources is prompted and required to enter his or her password and
userIDs for each resource. For example, a user might have to enter his or her password and userID to gain access to a web server, a second password and userID to gain access to a software application through the web server and a third password and third
userID to gain access to a particular software application database. This may require the user to memorize a large number of passwords and userIDs in addition to the inconvenience of having to submit them multiple times. Even if the password and userID
are the same at each level, it becomes tedious to repetitively enter the same information again and again.
In traditional web server authentication systems, the web browser resends the password and userID each time a submission is sent to the web server. Thus, the password and userID are repeatedly subjected to the risk of "snooping" (i.e., the
unauthorized and unwanted interception of the transmissions between web server and web browser). Some systems try to limit this problem by regularly the users to change their passwords and userID's, but this can be a significant problem where multiple
passwords and multiple userID's are required to access multiple software applications.
The problems associated with the prior art solutions have lead some system operators to remove additional security protection measures and rely only on the web server authentication with a userID and password. Again, this solution should be
adopted only where a high risk of unauthorized access to the web-accessible resources is acceptable.
DETAILED DESCRIPTION
According to the present invention, an apparatus and method for providing a graphical, common user interface to multiple software applications provided by multiple software vendors from a web browser over the WWW is disclosed. The system
includes one or more computers executing a web browser, a web server application, an application gateway, and at least one software application. The system and method allows a user of a web browser to access multiple software applications using a common
user interface. The user inputs data via the web browser, which data is communicated to the web server application. The web server application authenticates the web browser and passes appropriate input data to an application gateway, including dat | | |
