IMPROVEMENTS IN AND RELATING TO WEB SITE AUTHENTICATION
Field of the Invention
The present invention relates to methods of verifying an entity is associated with a web site and to computer programs therefor.
Background of the Invention
In recent years, there has been an explosion in the amount of information available on the World Wide Web, a hypertext system for publishing information on the Internet. World wide web documents (web pages) are typically document files coded using HTML (hypertext markup language) to include text and graphics; in some instances additional software may be utilised to include enhanced animation, video, sound and interactivity.
Associated with every page is a URL (uniform resource locator) , a unique address which tells a browser program (e.g. Netscape or Microsoft Explorer) the web page location. The majority of web pages contain hypertext links, enabling readers to navigate to related subject areas. Interlinked or nested web pages belonging to a single organisation are known as a web site.
The expansion of the World Wide Web has led to a huge increase in the number of web sites that originate from both trustworthy and untrustworthy sources. Untrustworthy sources can provide the reader with inappropriate information e.g. pornographic material.
The web sites of untrustworthy sources may be arranged to request information from readers and to subsequently misuse this information. For instance, a large growth area is in e-commerce, in which commercial transactions between individuals and /or companies take place by utilising the web. Typically, for such transactions to occur, sensitive information (e.g. bank account or credit card details) will be provided by an individual or a company to a web site. Provision of such information to a web site run by an untrustworthy individual or company is obviously undesirable.
Trust authorities (also known as certification authorities) exist, such authorities being able to provide information as to whether or not they consider a web site to be trustworthy.
It is an aim of preferred embodiments of the present invention to provide an authentication technique, which such trust authorities or others could utilise to determine whether an entity is indeed associated with a web site that the entity asserts they are associated with.
Statement of the Invention
In a first aspect, the present invention provides a method of verifying an entity is associated with a web site, the method comprising the steps of : transmitting a password to the entity; and inspecting the web site to determine if the password has been incorporated into the web site.
Preferably, the method further comprises the step of publishing, on a web page or otherwise, an indication that the entity is associated with said web site if said inspection determines that the password has been incorporated into the web site.
Preferably, the method further comprises the step of publishing, on a web page or otherwise, an indication that the entity is not associated with a web site if said inspection determines that the password has not been incorporated into the web site.
Preferably, the method further comprises the steps of: receiving information from said entity that the entity would like to have associated with said web site; and only treating the information as being associated with said web site if said inspection determines that the password has been incorporated into the web site. Preferably, the information is an alias for said web site.
Preferably, said inspection step occurs a predetermined time after said password is transmitted.
Preferably, said inspection step only occurs if notification has been received from said entity, indicating that said entity has incorporated the password into the web site.
Preferably, the web site is inspected periodically to determine if the password has been incorporated and/or is still incorporated in said web site.
In another aspect, the present invention relates to a method of verifying an entity is associated with a web site, the method comprising the steps of: the entity receiving a password from a verifying authority; and the entity incorporating the password into the web site such that it can be inspected by said verifying authority.
Preferably, the password is incorporated into an HTML document.
Preferably, said password is incorporated into a predetermined web page on said web site.
In a further aspect, the present invention provides a computer program arranged to perform any one of the methods as described above. Preferably, said computer program is stored on a machine readable medium.
Brief Description of Drawing
For a better understanding of the present invention, an embodiment will now be described, by way of example only, with reference to the accompanying drawing in which:
Figure 1 shows a flow chart illustrating the method steps according to a preferred embodiment of the present invention.
Detailed Description of Preferred Embodiment
Figure 1 shows the method steps to be performed by an entity A and a verifying authority B. The entity A and
the verifying authority B can, for instance, be an individual, a company, or indeed automated computer software owned by individuals or companies.
In this particular embodiment, entity A is the owner of a web site (www.acompany.com) B runs a web site incorporating a search engine. A would like the web site (www.acompany.com) to be searchable via the search engine and additionally for an alias ("best ever company") to be associated with the web site URL. This would mean that any reader utilising the search engine of B, to search for the term "best ever company" , would be directed towards the web site of A.
Before B will associate the alias with the URL of the web site, B requires verification that A is indeed associated with the web site, and not a troublemaker attempting to associate a misleading alias with the web site URL.
As shown in figure 1, A transmits a request for authentication to B (100) . Such a request includes the web site URL, as well as the alias that A would like associated with the URL.
Once B receives the authentication request (200) , B then transmits a password to A (202) .
Upon receipt of the password (102) , A then inserts the password into a predetermined page on the web site (104) . The predetermined page can either be a page indicated by B, or a page that A has indicated to B that the password has been (or will be) inserted into.
The password can appear as a visible word or graphical representation on the web site, or alternatively can be embedded into the HTML document forming a web page such that the password is not visible to a casual reader but would be discoverable if the source HTML document were directly accessed.
Subsequent to transmitting the password to A (202) , B checks the web site (www.acompany.com) that it believes to be associated with A (204) , so as to determine whether the password is present (206) .
Such a check of the web site (204, 206) can be performed a predetermined interval after step 202, or alternatively a predetermined interval after B received notification from A that the password has been received, or indeed simply subsequent to B having received notification from A that the password has been inserted into the web site (104) . Alternatively, B could periodically check the web site (www.acompany.com), or indeed check the web site at random intervals, to determine whether the password is present (206) .
If the password is determined to be present on the web site, then B will subsequently presume that A is indeed associated with the relevant web site (208) . In this particular example, B will thus ensure that the alias
(best ever company) is associated with the web site
(www.acompany.com) on B's search engine.
If it is determined (206) that the password is not present, then one or more other actions could be arranged to occur (212) .
For instance, B could be arranged to transmit a notification to A that no password was detected. Such a notification could, for instance, either request that A resubmit the request for authentication (100) such that a new password can be transmitted to A (202) , or alternatively request that A insert the password into the web page (104) within a predetermined time such that B can once again check the web site (204) so as to determine whether the password is present (206) .
Alternatively, if after either a first check, or a predetermined number of subsequent checks, it is determined that the password is still not present on the web site, then B may assume that A is not associated with the relevant web site. B may decide to publish this information, or to otherwise ensure that it is passed onto third parties.
It will be appreciated that the above embodiment is provided by way of example only, and that various alternatives will be understood by the skilled person to fall within the scope of the present invention. Whilst the term password has been used, it will be understood that this could take any one of a number of forms. For instance, it could be a single character, a word, a phrase, any sequence of characters, including numerals, or one or more graphics. Indeed, it could simply be the alteration of the web site in a predefined manner (preferably as previously agreed by the entity and the verifying authority), e.g. a change in colour or layout of part or the whole of a web page.
The reader's attention is directed to all papers and documents which are filed concurrently with or previous to this specification in connection with this application and which are open to public inspection with this specification, and the contents of all such papers and documents are incorporated herein by reference.
All of the features disclosed in this specification (including any accompanying claims, abstract and drawings) , and/or all of the steps of any method or process so disclosed, may be combined in any combination, except combinations where at least some of such features and/or steps are mutually exclusive.
Each feature disclosed in this specification (including any accompanying claims, abstract and drawings), may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise. Thus, unless expressly stated otherwise, each feature disclosed is one example only of a generic series of equivalent or similar features.
The invention is not restricted to the details of the foregoing embodiment (s) . The invention extend to any novel one, or any novel combination, of the features disclosed in this specification (including any accompanying claims, abstract and drawings) , or to any novel one, or any novel combination, of the steps of any method or process so disclosed.