WO2001025873A2 - Method and apparatus for completing a form - Google Patents
Method and apparatus for completing a form Download PDFInfo
- Publication number
- WO2001025873A2 WO2001025873A2 PCT/US2000/027191 US0027191W WO0125873A2 WO 2001025873 A2 WO2001025873 A2 WO 2001025873A2 US 0027191 W US0027191 W US 0027191W WO 0125873 A2 WO0125873 A2 WO 0125873A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- user
- program code
- rewritten
- type element
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/10—Text processing
- G06F40/166—Editing, e.g. inserting or deleting
- G06F40/174—Form filling; Merging
Definitions
- the present invention relates to computer networks and more particularly to a method and apparatus for completing a form.
- Computer users can shop for merchandise and /or information using the Internet.
- a number of companies maintain web sites where customers can purchase books, records, videos, and many other products.
- Other web sites provide subscription services that provide the user with access to a service or product, such as channels.
- users make purchases or sign up for services by completing forms.
- a problem with current Internet schemes is that each form must be filled out separately and manually. This is a time consuming and often frustrating process for the user.
- the product that do allow the user to automatically complete forms do not do so in a secure manner (e.g. IES).
- IES mechanisms which do allow a form to be automatically completed if the user visits a form twice (e.g. cookies) are not secure.
- Such mechanisms also do not allow the user to automatically complete forms from more than one location. Additionally, such mechanisms do not provide users with a way to physically control access to data that is utilized to complete a form.
- Another problem presented by the prior art is that users do not have a way to securely store sensitive information and then later use that information to populate a form.
- Current systems do not provide a way to prevent unauthorized users from obtaining access to sensitive information stored on a user's computer. Instead such systems leave data that is entered into a form readily accessible.
- data that is entered into a form may be stored locally using a technology called cookies.
- a cookie is a local representation of information related to a particular web page that was previously visited by the user. Cookies are not encrypted by default and may be read by anyone who can obtain them. This is problematic because it unnecessarily exposes sensitive information to unauthorized users.
- a web browser is a type of computer program that provides users with a mechanism for accessing the World Wide Web (WWW).
- the WWW is a segment of the Internet comprised of numerous web clients and web servers that communicate with one another using a standard set of protocols.
- a web server is a computer configured to provide web pages to the web client upon request.
- a web client typically utilizes the web browser application to request web pages from the web server.
- the Internet is a global computer network comprised of an amalgamation of interconnected networks that are capable of readily communicating with one another using a standardized set of protocols. Protocols provide a uniform set of communication parameters that enable computers to effectively transmit and receive data. Most computer networks, including the Internet, utilize several different layers of protocols. Each layer provides the network with different functionality.
- the WWW is a segment of the Internet that utilizes an application layer protocol called the Hyper Text Transfer Protocol (HTTP) to disseminate and to obtain information from users.
- HTTP is a request/ response protocol used with distributed, collaborative, hypermedia information systems.
- HTTP enables one computer to communicate with another.
- web client 100 can use HTTP to communicate with web server 150 via network 125.
- the web server acts as a repository for files 160 and is capable of processing the web client's requests for such files.
- the files 160 stored on the web server may contain any type of data.
- the files may contain data used to construct a form, image data, text data, or any other type of data.
- HTTP has communication methods that allow web client 100 to request or send data to web server 150.
- the web client 100 may use web browser 110 to initiate request 115 and receive one or more files from file repository 160.
- web browser 110 sends a request 115 for at least one file to web server 150 and the web server forwards the requested file to web client 100 in response 120.
- the connection is then terminated between web client 100 and web server 150.
- Web client 100 then uses web browser 110 to display the requested file.
- a client request 115 therefore, consists of establishing a connection between the web client and the web server using network 125, issuing a response 120 to the request 115, and terminating the connection.
- Web server 150 does not maintain any state information about the request once the connection is terminated.
- HTTP is, therefore, a stateless application protocol. That is, a web client can send several requests to a web server, but each individual request is treated independent of any other request. The web server has no recollection of any previous request. Thus, for example, if a form is completed by the user and submitted to the web server for processing, the web server does not maintain a record of the data entered into the form.
- One of the key reasons for the success of the HTTP approach is the fact that it is a stateless protocol. However, the stateless nature of the protocol is also what creates the current problem.
- Web browser 110 is typically used to format and display files.
- Web browser 110 allows the user to request and view a file without having to learn a complicated command syntax. Examples of several widely used web browsers include Netscape Navigator, Internet Explorer, Opera, and numerous others on PDAs, set top boxes, and screen phones.
- Some web browsers can display several different types of files. For example, files written using the HyperText Markup Language (HTML), the JavaScript programming language, the ActiveX programming language, or the Portable Document Format (PDF) may be displayed using a web browser. It is also possible to display various other types of files using language such as Standard Generalized Markup Language (SGML) or extensible Markup Language (XML).
- HTML HyperText Markup Language
- SGML Standard Generalized Markup Language
- XML extensible Markup Language
- a form which provides one or more places for a user to enter data, can be embedded inside of a web page.
- a web page may be created using a variety of different data formats and/or programming languages. Most web pages, and as a result most forms, are created using the HyperText Markup Language (HTML). The techniques used to create a web page will now be discussed in further detail.
- HTML HyperText Markup Language
- HTML is a language that may be used to specify the contents of a web page (e.g. web page 220).
- An HTML description is typically comprised of a set of markup symbols which are described in more detail below.
- HTML file 250 or any type of data file that contains the markup symbols for web page 220 may be sent to web browser 210.
- Web browser 210 executing at web client 200 parses the markup symbols in HTML file 250 and produces web page 220, which is then displayed, based on the information in HTML file 250.
- Web page 220 may contain text, pictures, or forms comprised of embedded text fields, checkboxes, or other types of data that is to be displayed on the web client using web browser 210. Consequently, HTML document 250 defines the web page 220 that is rendered by web browser 210.
- the following set of markup symbols directs web browser 210 to display a title, a heading, and an image called "image.jpg": ⁇ HTML> ⁇ HEAD>
- markup symbols indicate where each HTML command (e.g. TITLE) begins and ends.
- An HTML command which is typically surround by markup symbols, provides the web browser with instructions to execute. Markup symbols typically surround an HTML command. The " ⁇ " symbol indicates the start of an HTML command an the " ⁇ /" symbol indicates the end of an HTML command. Each start or end command has a corresponding ">" to indicate the close of that particular command.
- Information associated with the HTML command may be contained within the HTML command's start and end symbols.
- An HTML command is used to by the web browser 210 to determine how to process the block of information associated with the two commands.
- HTML command directs web browser 210 to place the text "This is a document title” in the title bar of web browser 210.
- HTML commands have attribute names associated with the command.
- HTML command " ⁇ IMG>” directs web browser 210 to display an image.
- ⁇ IMG SRC http:// www. sun.com/ image.jpg'V tells the web browser to display an image named "image.jpg” that can be obtained from the web server located at "http://www.sun.com.”
- An HTML file may also contain HTML commands that cause the web browser to render a web page that contains fields for entering data.
- the portion of the web page that contains the data entry fields may be referred to as a form.
- HTML includes an HTML form command that may cause the browser to display data entry fields.
- a text box, a drop down menu, a check box, a command button, a toggle button, or any other kind of interface component capable of receiving input are some examples of the type of data entry fields that may be placed in a form. Data is manually entered into the fields by the user and then submitted to a web server for processing.
- a user when a user wishes to use a form to purchase a product, for example, the user manually fills in text boxes located on the form with the type of information needed to carry out the transaction.
- Other types of data entry fields require the user to select from one or more options such as in the case of a menu, a toggle button, or a command button, for example.
- the form When the form is complete the user submits the completed form to the vendor's web server by pressing a command button, for example.
- Figure 3 provides an example of, a form created using the HTML definition language.
- Code block 310 contains HTML command examples.
- a document comprising code block 310 is transmitted to web browser 300 executing on web client 330, it causes form 305 to be displayed.
- Web browser 300 displays form 305 by parsing the HTML commands contained in code block 310 and then using the information obtained to format form 305.
- the user may submit the form by pressing command button 331. Pressing command button 331 sends the information entered by the user in form 305 to web server 320 using either the GET or the POST method.
- the ⁇ FORM> command shown in code block 310 indicates the beginning of a form.
- the initial FORM command is placed into the HTML document
- other HTML commands may be entered between the initial FORM command and the closing FORM command (e.g. ⁇ /FORM>) that represent, for example, one or more data entry fields such as a text-box, drop-down lists, check boxes, radio buttons, and input buttons.
- the INPUT command is used to specify different types of data entry fields. The type of data entry field created is dependant upon the value assigned to the INPUT command's TYPE attribute. For example, the INPUT command can create a text-box, a password field, a hidden field, a button, a radio button, or a checkbox.
- a "text" value assigned to the TYPE attribute of an INPUT command creates a text box, for example.
- a TYPE of "checkbox” creates a checkbox.
- HTML tags and text contained in code block 310 for example, create form 305 when displayed using web browser 300.
- a ⁇ FORM> tag may contain an ACTION and/or METHOD attribute.
- the ACTION attribute specifies what program to execute when form 305 is submitted for processing.
- the METHOD attribute describes how data entered into the form is handled. There are two METHOD choices: GET and POST. Each one of them is capable of processing the data entered into a form. To illustrate, if a user named Duke who resides at 123 Main Street, Ca 90211 completes the Name and Address fields shown on form 305 by filling in spaces 345-347, then the following data string 350 is created and sent to web server 320.
- This data string is handled by either the GET method or the POST method.
- the GET method appends information entered into form 305 by the user onto the end of a Uniform Resource Locator (URL 335) or in a QUERY_STRING environment variable.
- URL 335 is submitted to web server 320 by web client 330 in an HTTP request 315.
- Web server 320 is responsible for processing the submitted information.
- a problem with the GET method is that the information contained in URL 335 is not stored on web client 330 for later use and cannot therefore be later used to populate form 305.
- the POST method the information placed into form 305 by the user is placed into the data stream of the HTTP protocol. This allows web server 320 to process form 305 data using the standard input data stream.
- Standard input is a method for providing a computer with data that is well know to those skilled in the art.
- the POST method also does not provide an effective way to easily maintain and store data on web client 330 for later use without doing extra work using the Common Gateway Interface (CGI).
- CGI Common Gateway Interface
- the ACTION attribute of the FORM tag indicates where the computer program tasked with processing data string 350 resides.
- the following portion of code block 310 specifies that a computer program named form_processor.pl is located in cgi-bin 321 of sever 320.
- the form_processor.pl program is responsible for processing data string 350.
- Programs that utilize CGI standard are typically located in a common directory (e.g. cgi-bin 321).
- CGI is a specified standard for communicating between HTTP servers and server-side gateway programs.
- a CGI program is capable of storing data supplied by the user, but it cannot populate a form for a user located at a client computer (e.g. web client 330).
- CGI programs execute at the server and are therefore incapable of providing data to a form at the client.
- the program "form_processor.pl” used in the above example is an example of a server-side gateway program that processes data input by the user via form 305, for example.
- web server 320 executes the "form_processor.pl” program and passes the data that was entered by the user and then sent from web client 330 to server 321. That is, data string 350 is passed to "form_processor.pl" when a form is submitted.
- gateway program is done processing data string 350 the result is sent to server 320 and a response may be forwarded back to web client 330.
- Gateway programs can be compiled programs written in languages such as C or C++ or they can be executable scripts written using a scripting language such as PERL, TCL, or various other language.
- data string 350 may be stored on server 320 in data store 322.
- existing mechanisms for processing forms reside on the server and are unable to populate a form on the client (e.g. data resides on the server and programs that process data execute on the server).
- HTTP Cookies
- a cookie is an HTTP header that consists of a text-only string.
- the text-string is entered into the memory of a web client and accessible by the web browser.
- This text-string is initially set by the computer serving the web page and consists of the domain name, path, lifetime, and value of a variable that the server sets. If the lifetime of this variable is longer than the time the user spends at that site, then the text-string is saved on the web client for later use.
- cookies provide a way to store and later recall values entered into a web page by the user. For example, cookies allow a web server to individually customize a web page for each user who visits the page.
- a cookie may be used to populate the elements of a form that a user has previously completed. For example, referring now to Figure 9, if a user completes field 945-947 of form 905 and submits it to server 920 via submission path 915, server 920 can place the data submitted by the user in cookie 931 by sending web client 910 data via path 925. If the user returns to form 905 again Web browser 930 executing at web client 910 may use the data saved in cookie 931 populate fields 945-947 with the data previously entered by the user. Thus, a cookie can free the user from having to complete form 905 more than once. Cookies can be used to fill forms the user has previously visited. However, the data that is stored by the cookie cannot be used to populate other forms. That is, a problem with cookies is that forms located on different servers are not provided access to the same cookie. Only web servers that are listed as having permission to access a particular cookie may obtain such access.
- a cookie is only accessible to the server that set, or created it.
- a second form cannot use the first form's cookies to obtain the user's name and address.
- the web server located at www.merchantA.com may be allowed to read a cookie, but the web server located at www.merchantB.com may not be allowed to read the cookie created by www.merchantA.com. This loads the disk full of redundant information.
- users are not sure what type of information is stored in such cookies.
- web browser 401 which resides on web client 400 issues a request 410 for web page 415 from web server 450.
- Web server 450 responds by sending a copy of web page 415 to web client 400 via response 411.
- Web client 400 uses web browser 401 to display web page 415 to the user.
- web server 450 sends a "Set-Cookie" command in the header line contained in response 411. For example, in response to a request
- the NAME and VALUE parameter contain the information included in the cookie.
- DATE is the time at which the cookie expires and is thus no longer saved on web client 210.
- DOMAIN is the host address or domain name for which the cookie is valid. For example, if a cookie is set by a computer having a domain name of www.merchantA.com, only the server responsible for that particular domain name is provided access to the cookie.
- web server 450 could execute the following shell script in response to a request
- the following script allows web server 450 to read the HTTP cookie:
- cookie 460 Once cookie 460 is created, the information stored in the cookie can be used in many different ways. Information in cookie 460 may be accessed by a script that has authorization to insert cookie 460 data into a form, for example.
- a problem with cookies is that no authentication mechanism is required to obtain the information they store.
- a cookie is a text file and is not stored in encrypted form. While a browser may limit access to a cookie, the text that is stored in the cookie may be accessed or read by any program that can read a text file. Therefore, it is not wise to store any sensitive data in a cookie.
- a further problem is that unauthorized users may review another user's cookie files and thereby ascertain information about that user's spending, purchasing, and /or web browsing habits. Once such information is obtained it may then be utilized to target the user for theft and /or marketing.
- Some web browsers provide users with a mechanism for pasting predefined data into a form.
- the user can select a command button labeled personal information.
- a dialog box that contains fields for entering personal information opens. If the user desires, the user can enter a name, an address, a phone number, an e-mail address, and/or any other kind of information into the text fields of the dialog box.
- the information that was entered can be pasted into the fields of a form by performing a right click operation. For example, if the user encounters a form that has a place for entering an address, the user can elect to paste the address previously specified in the dialog box by first selecting the address field and then right-clicking on a pointing device such as a mouse and selecting from a drop down menu the item titled "insert address”.
- a problem with pasting information into the fields of a form in this manner is that the user is required to manually select the place to insert the information and the type of information to insert into that place. Another problem is that unauthorized users are not prevented from accessing the information entered into the dialog box.
- the present invention provides the user with a mechanism for completing a form.
- a user issues a request for a form, that request is processed by a rewriting service.
- the rewriting service provides the user with a mechanism for providing data to a form by obtaining data from a data source location.
- the rewriting service responds to a request for a form by generating a rewritten version of the form that contains embedded programs (e.g. applets).
- the applet elements identify the location of applets configured to obtain data from the data source location.
- a smart card is an example of a data source location. Access to the smart card may be controlled by the use of an authentication mechanism.
- the rewritten form is transmitted to a client computer where it utilizes the embedded programs to obtain data from a data source location such as a smart card.
- the rewriting service obtains a requested form and substitutes tags of one type for tags of another type.
- the rewriting service may substitute tags that satisfy a set of predetermined criteria for tags that identify the location of an executable program. In one embodiment of the invention, this is accomplished by replacing XML elements (e.g. tags) that are inserted into the requested form in a standardized format with APPLET elements that identify the location of an executable applet program.
- XML elements e.g. tags
- APPLET elements identify the location of an applet program configured to obtain data from a data source.
- a smart card or other type of data store is an example of a data source.
- One embodiment of the invention contemplates the user of an authentication mechanism to provide the user with control over the type of information utilized to complete a form.
- the applet initially seeks to obtain data from a data source it may prompt the user to insert a smart card.
- the user may be prompted for authentication information. If the user enters the correct information, the applet is allowed to read data from the smart card. If the user does not enter the correct information then access to the data stored on the smart card is not allowed.
- One embodiment of the invention comprises computer code configured to advertise services offered by the proxy, the rewriting service, the applets, the server computer, the card server, or the client computer.
- a service is an entity that can be used by a user, a program, or another service to perform a certain kind of predetermined functionality.
- the ability to dynamically advertise services provides a mechanism to personalize the tasks performed by a service. The user, for example, could customize the way a particular type of form is to be completed. A user that wants to be prompted before the system disclose his social security number could elect to have this event occur whenever a form is encountered that prompts the user for a social security number. DESCRIPTION OF THE DRAWINGS
- Figure 1 is a block diagram of the various components used by the World Wide Web.
- Figure 2 is a block diagram illustrating the components used to create a web page.
- Figure 3 is a block diagram illustrating how web client interacts with a web server to display a form.
- Figure 4 illustrates the process used to create and retrieve a cookie.
- Figure 5 is an illustration of the components used by one embodiment of the invention to provide the user with a mechanism for completing a form.
- Figure 6 is a flow chart illustrating the steps performed by one embodiment of invention.
- Figure 7 is a block diagram illustrating the input transmitted to the rewriting service and the output generated by the rewriting service in one embodiment of the invention.
- Figure 8 is an example of a form used by one embodiment of the invention to collect data.
- the present invention provides the user with a mechanism for completing a form.
- a rewriting service executing at the server, responds to a request for a form by generating a version of the form that contains embedded programs (e.g. applets).
- the rewritten form is transmitted to a client computer where it obtains data from a data source location such as a smart card.
- the rewriting service provides the user with a mechanism for providing data to a form by obtaining data from a data source location.
- applet elements are inserted by the rewriting service.
- the applet elements identify the location of applets configured to obtain data from the data source location.
- a smart card is an example of a data source location. Access to the smart card may be controlled by the use of an authentication mechanism.
- a form is a type of digital document that contains one or more data receptacles. It is possible to create a form using a variety of different computer programming languages.
- the invention contemplates the use of forms created using HyperText Markup Language (HTML), extensible Markup Language (XML), Standardized General Markup Language (SGML), JavaScript, the Java programming language, or any other programming language capable of generating a document that provides a location for the user to enter data (e.g. a data receptacle).
- HTML HyperText Markup Language
- XML extensible Markup Language
- SGML Standardized General Markup Language
- JavaScript the Java programming language
- any other programming language capable of generating a document that provides a location for the user to enter data
- a spreadsheet, a word processing document, , a database table, or any other type of document having one or more data receptacles may be referred to as a form.
- GUI Graphical User Interface
- a web browser, an operating system, or any other type of computer program may be utilized to display a form to the user.
- any type of computer program capable of executing a layout engine can generate a form.
- the NGLayout engine which is based on open Internet standards such as HTML 4.0, CSS 1/2, XML 1.0, and the Document Object Model can be embedded into various execution environments and used to generate a form.
- a form may be pre-created and stored on a server computer until a request for the form is issued.
- a form may reside on a client computer instead of the server computer. In either case, the form is delivered to the user when a request is issued. In accordance with one embodiment of the invention, a form is not generated until it is requested by the user. This is referred to as generating a form dynamically or "on the fly"
- the server contains computer program code configured to generate a form. When the user initiates a request for a form, the server executes the computer program code and thereby generates a form. The form is then transmitted to the client for display.
- each form contains one or more data receptacles.
- Data receptacles are designed to obtain and /or receive information. Information may be placed inside of a data receptacle by the user or by a computer program configured to perform an insert operation. For example, it is possible to populate a data receptacle with text or numerical information.
- Data receptacles may also be referred to as fields, form elements, or text boxes.
- Form 800 may be displayed to the user in a web browser 801.
- Form 800 utilizes data receptacles 804-812 to collect information about a user.
- form 800 is embedded inside of a web browser 801.
- Data receptacles 804-807 may be used to collect billing information such as the name, company, address, phone number, and e-mail address of the party responsible for payment.
- Data receptacles 808-811 may be used to collect shipping information when the shipping information is different than the billing information.
- Data receptacle 812 is intended to collect credit card or other payment information.
- One embodiment of the invention provides a way to populate data receptacles with data without requiring the user to manually enter the data.
- Figure 5 is an illustration of the components used by one embodiment of the invention to provide the user with a mechanism for completing a form.
- a request 503 for form 505 is typically initiated at client computer 500 by a computer program capable of displaying form 505 to the user.
- a web browser 507 may transmit request 503 to server 509 via interconnection fabric 511.
- proxy 515 executes rewriting service 517.
- request 503 may also be handed directly to rewriting service 517 and the rewriting service may execute without proxy 515.
- Rewriting service 517 executes a resynchronization process that obtains form 505 from data store 590 and modifies it.
- form 505 becomes rewritten as form 506.
- the modified version of form 505 contains embedded code configured to interact with card server 519.
- the rewriting service may replace existing HTML FORM elements with APPLET elements and thereby provide a way for client computer 500 to obtain applets 525-528 from server computer 509.
- server 509 may transmit form 506 to client 500 via response 556.
- Response 556 may be sent across interconnection fabric 511 to client 500.
- the applets identified in the APPLET elements may be executed.
- applets 525-528 are obtained from data store 590 located on server 509. However, applets 525-528 may be obtained from any source connected to interconnection fabric 511.
- Applets 525-528 execute in web browser 507 and communicate with card server 519 to obtain data 521 from a data source location.
- card server 519 may be configured to read data 521 from smart card 523.
- Data 521 may also reside on other locations, such as server 509.
- data 521 is obtained from smart card 523 and sent to web browser 507 for display in data receptacles 529-532.
- Data receptacles 529- 532 and the information placed in them become visible to the user when form 506 is shown on display 550.
- Figure 6 is a flow chart illustrating one embodiment of invention. At step 600, a request for a form is issued.
- a request is typically initiated by the user of a client computer, but may also be initiated by computer code, executing at the client, configured to automatically request a form when an event occurs. For instance, a form prompting the user for registration info (e.g. name, address, etc%) may be automatically presented to the user when the user installs a new computer program.
- the invention also contemplates the use of a web browser to request a form.
- the entity that initially issues the request is referred to as a requestor.
- the requested form contains XML tags embedded into it.
- the form may also contain data written in other programming languages such as HTML, SGML, or any other language compatible with the protocols utilized to transmit data across a computer network.
- the requested form resides on a source computer.
- the source computer may be a server computer, a client computer, or any other computer accessible via a computer network.
- the requested form is processed by a rewriting service before it is forwarded to the requestor (e.g. the web browser).
- the rewriting service typically resides on the server computer, but may be placed on any computer capable of functioning as a source computer.
- the requested form is forwarded to a rewriting service.
- the requested form is transmitted across a computer network to the computer containing the source computer.
- the rewriting service resides on the source computer, the requested form can be forwarded directly to the rewriting service without having to be transmitted across a computer network.
- the rewriting service receives the requested form it executes step 607 where it processes the form and thereby prepares the form for transmission to the requestor.
- the supplied form can be signed using the rewriting service.
- the rewritten form is transmitted to the requestor for display.
- the rewritten form may be sent to a web browser which parses the information comprising the form to generate an image for display to the user.
- the rewritten form is transmitted across a computer network to the client computer for display. If, for example, the rewriting service resides on the server computer, the rewritten form is transmitted across a computer network to the client computer for display. If, the rewriting service does not reside on the server computer, but instead resides on the client, then the rewritten form is sent directly to the program responsible for displaying the form to the user (e.g. the web browser).
- Displaying the rewritten form causes step 611 to execute.
- the APPLET elements encompassed into the rewritten form are parsed. In one embodiment of the invention, this causes the client computer to obtain and execute the applets referred to in the APPLET element.
- the client computer obtains and executes the applets referred to in the APPLET element.
- the APPLET elements contained in the rewritten form refer to an applet named ValidateField
- the ValidateField applet will execute.
- the invention contemplates the use of applets configured to obtain data from a data source (e.g. at step 613).
- the applets acquire data from a smart card server configured to communicate with a smart card that is inserted into the client computer by the user.
- the applets may be configured to obtain data from other types of data sources made available to the client computer by a computer network.
- access to the data source is not permitted until the user is authenticated.
- the user may be required to enter a user name and password before data is retrieved from the smart card.
- Other authentication mechanisms, such as encryption may also be integrated into the authentication process.
- the invention places the data accumulated from the data source location into one or more of the data receptacles present on the form initially requested by the requestor and it posts the form back to the server.
- the Rewriting Service :
- the rewriting service obtains a requested form and substitutes tags of one type for tags of another type.
- the rewriting service may substitute tags that satisfy a set of predetermined criteria for tags that identify the location of an executable program. In one embodiment of the invention, this is accomplished by replacing XML elements (e.g. tags) that are inserted into the requested form in a standardized format with APPLET elements that identify the location of an executable applet program.
- the rewriting service can replace elements of one type with elements of a second type. For example, any of the elements contained in a form (e.g. an HTML document) may be replaced with APPLET elements.
- FORM tags or INPUT tags for example, may also be replaced with APPLET elements.
- code block 700 is processed by rewriting service 705, code block 707 is generated.
- Line 701 for example, becomes line 708.
- the INPUT tags, shown at lines 702 and 703 become parameters for an applet.
- the NAME parameter associated with the INPUT tag for example, is inserted as a parameter for an applet named ValidateField.
- the NAME parameter in line 702 may also be inserted into code block 707 as a hidden field.
- Line 714 is an example of a hidden field.
- the hidden value is accessible by a computer program configured to process the form. Not all lines processed by the rewriting service are rewritten. Line 703, for example, remains unaltered by the rewriting service. Thus, line 703 is identical to line 716.
- the rewriting service may also partially alter lines in the originally requested form. In one embodiment of the invention, the rewriting service is configured to insert additional lines. Therefore, the rewritten form may contain more or less lines than originally in the requested form.
- Extensible Markup Language is a technology that provides a way to separate the value of the data from the presentation of the data.
- the present invention also works with XML. Using XML the HTML portion of the form can be populated with XML tags.
- An applet is a small computer program configured to perform one or more predefined tasks.
- applets obtain data from a data source location and insert that data into one or more data receptacles on behalf of a user. For example, once the rewriting service has properly embedded information into the web page, the applet can populate a data receptacle with the information needed to complete a commercial transaction.
- An applet may obtain data from a variety of different sources. Any type of static, dynamic, random access, or read only memory device may be programmed to retain the type of data utilized by the rewriting service.
- a smart card or flash memory device can store such data.
- Other memory devices such as a hard drive, a CD-ROM, a CD-R, a DAT, or a DVD device can also retain data for use by the applet.
- the applet may access the memory device locally or over a communication medium such as a computer network.
- the memory devices contain personal information about a user.
- the applet may process any kind of data.
- the applet may also process business data and /or credit card data.
- the applets may be configured to obtain data from a smart card (e.g. the data source location).
- a smart card e.g. the data source location
- the smart card communicates with a card server.
- the card server resides on the user's system.
- the card server may be placed on any system accessible via a computer network. Access card is not permitted unless the user inserting the smart card is authenticated.
- the present invention contemplates the use of various authentication mechanisms. For example, the user may be required to enter a user name and password before the card server is permitted to read data from the smart card.
- Various other techniques for ensuring the data on the smart card is only provided authorized sources may also be employed.
- a PIN number or similar method of authenticating the user for example, may also be utilized to ensure that only authorized access to the smart card occurs.
- Biometric instruments may also be utilized to determine if a person is authorized to access the smart card.
- the authentication mechanism provides the user with control over the type of information utilized to complete a form.
- the applet initially seeks to obtain data from a data source it may prompt the user to insert a smart card.
- the user may be prompted for authentication information. If the user enters the correct information, the applet is allowed to read data from the smart card. If the user does not enter the correct information then access to the data stored on the smart card is not allowed.
- One embodiment of the invention comprises computer code configured to advertise the services offered by the proxy, the rewriting service, the applets, the server computer, the card server, or the client computer.
- a service is an entity that can be used by a user, a program, or another service to perform a certain kind of predetermined functionality.
- the Jini TM architecture provides a mechanism for integrating services into a single, dynamic distributed system. Services, for example, are capable of providing computational functionality, storage, a communication channel to another user, a software filter, access to a hardware device, or another user.
- Jini TM system federate in order to share access to services. For example, if the card server joins the federation it could provide the functionality it offers to another service. Members of a Jini TM system are capable of utilizing the services each member offers to collectively perform a particular task. For example, services may make use of another service, and a client of one service may itself be a service for clients of its own. The rewriting service, for example, may be configured to interact with the card server to perform a task for the user.
- the ability to dynamically advertise services provides a mechanism to personalize the tasks performed by a service. The user, for example, could customize the way a particular type of form is to be completed. A user that wants to be prompted before the system discloses his social security number could elect to have this event occur whenever a form is encountered that prompts the user for a social security number.
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU78485/00A AU7848500A (en) | 1999-10-07 | 2000-10-03 | Method and apparatus for completing a form |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US41440299A | 1999-10-07 | 1999-10-07 | |
US09/414,402 | 1999-10-07 |
Publications (3)
Publication Number | Publication Date |
---|---|
WO2001025873A2 true WO2001025873A2 (en) | 2001-04-12 |
WO2001025873A3 WO2001025873A3 (en) | 2002-07-11 |
WO2001025873A9 WO2001025873A9 (en) | 2002-11-14 |
Family
ID=23641301
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2000/027191 WO2001025873A2 (en) | 1999-10-07 | 2000-10-03 | Method and apparatus for completing a form |
Country Status (2)
Country | Link |
---|---|
AU (1) | AU7848500A (en) |
WO (1) | WO2001025873A2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004095270A2 (en) * | 2003-03-31 | 2004-11-04 | Maximus, Inc. | Method and system for providing a smart card scripting tool |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5794259A (en) * | 1996-07-25 | 1998-08-11 | Lextron Systems, Inc | Apparatus and methods to enhance web browsing on the internet |
-
2000
- 2000-10-03 WO PCT/US2000/027191 patent/WO2001025873A2/en active Application Filing
- 2000-10-03 AU AU78485/00A patent/AU7848500A/en not_active Abandoned
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5794259A (en) * | 1996-07-25 | 1998-08-11 | Lextron Systems, Inc | Apparatus and methods to enhance web browsing on the internet |
Non-Patent Citations (4)
Title |
---|
GABBER E ET AL: "HOW TO MAKE PERSONALIZED WEB BROWSING SIMPLE, SECURE, AND ANONYMOUS" FINANCIAL CRYPTOGRAPHY. INTERNATIONAL CONFERENCE, XX, XX, 1997, pages 17-31, XP001011338 * |
GUTHERY: "JAVA CARD: Internet Computing on a Smart Card" IEEE INTERNET COMPUTING, IEEE SERVICE CENTER, PISCATAWAY, NJ, US, 1 February 1997 (1997-02-01), pages 57-59, XP002077647 ISSN: 1089-7801 * |
JACOBS S ET AL: "Filling HTML forms simultaneously: CoWeb - architecture and functionality" COMPUTER NETWORKS AND ISDN SYSTEMS, NORTH HOLLAND PUBLISHING. AMSTERDAM, NL, vol. 28, no. 11, 1 May 1996 (1996-05-01), pages 1385-1395, XP004018236 ISSN: 0169-7552 * |
ZHAO Y: "WEBENTREE: A WEB SERVICE AGGREGATOR" IBM SYSTEMS JOURNAL, IBM CORP. ARMONK, NEW YORK, US, vol. 37, no. 4, 1998, pages 584-595, XP001002913 ISSN: 0018-8670 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2004095270A2 (en) * | 2003-03-31 | 2004-11-04 | Maximus, Inc. | Method and system for providing a smart card scripting tool |
WO2004095270A3 (en) * | 2003-03-31 | 2005-03-03 | Maximus Inc | Method and system for providing a smart card scripting tool |
Also Published As
Publication number | Publication date |
---|---|
WO2001025873A9 (en) | 2002-11-14 |
WO2001025873A3 (en) | 2002-07-11 |
AU7848500A (en) | 2001-05-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6589290B1 (en) | Method and apparatus for populating a form with data | |
US7159180B2 (en) | Proxy platform integration system | |
US5987480A (en) | Method and system for delivering documents customized for a particular user over the internet using imbedded dynamic content | |
US6816865B2 (en) | Process for data driven application integration for B2B | |
US7281029B2 (en) | Method and system of capturing data for automating internet interactions | |
US8095497B2 (en) | Process for data driven application integration for B2B | |
US7971147B2 (en) | Methods and systems for automatically creating a site menu | |
US20030154289A1 (en) | Methods of interacting with distributed information networks | |
US20070136255A1 (en) | System and method for generating, maintaining, and rendering landing and web pages | |
US20020059369A1 (en) | Method and apparatus for creating and distributing non-sensitized information summaries to users | |
US20030028427A1 (en) | User control of electronic personal information while browsing the Web | |
US20020038256A1 (en) | Transactional control system | |
JP2004227604A (en) | Method and system for customizing sales service on network communicating by hypertext tagging convention | |
EP1325425B1 (en) | Method and system of automating internet interactions | |
CA2437273C (en) | Network conduit for providing access to data services | |
WO2001025873A2 (en) | Method and apparatus for completing a form | |
TW482974B (en) | System and method for profiling a web site | |
US20100186008A1 (en) | Method and system for managing online applications | |
KR20000053959A (en) | The general shopping cart system and a reservation method for the on-line purchasing | |
JP3842696B2 (en) | Screen transition control system, client, web server, screen transition control method, and computer program | |
Ilapogu | XML-based e-commerce shopping cart application | |
WO2000045252A1 (en) | Method and apparatus for providing on the fly customized web pages |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
AK | Designated states |
Kind code of ref document: C2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: C2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase in: |
Ref country code: JP |