• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    A method for use in a simplified login system, involving operating a computer to identify user name, password and submit fields on a remote website. The method comprises identifying a password field on a webpage, defining a first area around the password field for a user name field and a second area around the password field for a submit field, locating a field for user text entry in the first area and locating a field for a user click entry in the second field. There is also described a computer programmed to carry out the method, a data carrier containing program data by which a computer may be programmed to carry out the method, and a secure password storage and login system comprising a central server and a number of user computers, and which operates using the method.
    公开号:AU2013227473A1
    申请号:U2013227473
    申请日:2013-02-28
    公开日:2014-09-18
    发明作者:Michael Newman
    申请人:MY1LOGIN Ltd;
    IPC主号:G06F21-31
    专利说明:
    WO 2013/128190 PCT/GB2013/050495 1 COMPUTER SYSTEM AND METHOD Field of the Invention This invention relates to an improved method of operating a computer in 5 such a way as to simplify accessing remote websites, and to a computer system using such a method. Background of the Invention Many websites require users to register a user name and password. It is 10 common for even a casual user to have dozens of such accounts, and keeping track of one's user names and passwords becomes onerous. Many users for this reason use a single password on many accounts, which is detrimental to security. 15 A number of attempts have been made to address this problem, either by providing a secure storage area within the user's computer or by providing secure storage on a website. There have also been attempts to provide a system in which the relevant user name and password can be called from secure storage and automatically entered in the appropriate fields on the 20 webpage. One such system is available as "Passpack". However, in known systems of this kind the user has to train the system by manually locating the user name, password and submit fields when first using a new website. 25 One object of the present invention is to provide a means for automatically locating these fields without user intervention. This is preferably done as part of a system providing secure storage and use of multiple user names and passwords, but may be applicable in other contexts.
    WO 2013/128190 PCT/GB2013/050495 2 Therefore, it is an object of the present invention to obviate, or at least mitigate, at least some of the drawbacks associated with the prior art. Summary of the Invention 5 To this end, the invention provides a method of operating a computer to identify user name, password and submit fields on a remote website, the method comprising: (a) searching the code defining a webpage to identify a password field by locating code defining a field which is labelled as "password" and/or is 10 configured to suppress display of characters typed in that field; (b) defining a first threshold area around the password field in which a user name field is likely to occur, and a second threshold area around the password field in which a submit field is likely to occur; (c) examining the webpage code in the first threshold area to locate a 15 field for user text entry which, if found, is taken to be the user name field; (d) examining the webpage code in the second threshold area to locate a field for a user click entry which, if found, is taken to be the submit field. The first threshold area may be defined as an area of the displayed page 20 extending above and to either side of the password field. The second threshold area may be defined as an area of the displayed page extending from a relatively short distance above to a relatively larger distance below and to either side of the password field. 25 Optionally a possible user name field or submit field is ignored if it is associated with an inappropriate label or ID indicating another specific function.
    WO 2013/128190 PCT/GB2013/050495 3 Optionally step (c) is conducted by searching backwards through the code from the code defining the password input field. Optionally step (d) is conducted by searching forward through the code 5 from the code defining the password input field. Typically, if said forward searching finds no submit field within the second threshold area, further searching is conducted by searching backwards through the code from the code defining the password input field. 10 The invention also provides a computer programmed to carry out the above method, and a data carrier containing program data by which a computer may be programmed to carry out the method. 15 From another aspect, the invention provides a secure password storage and login system comprising a central server and a number of user computers, the central server storing user names and passwords in encrypted form; in which a user may retrieve a desired password in encrypted form, the password being decrypted in the user's machine; the 20 system using the foregoing method to automatically activate a third party webpage by locating said fields and entering the required data therein. Brief Description of the Drawings An embodiment of the present invention will now be described, by way of 25 example only, with reference to the drawings, in which: Figure 1 is schematic representation of a webpage showing threshold areas referred to below; and 30 Figure 2 is a flowchart illustrating one embodiment of the invention.
    WO 2013/128190 PCT/GB2013/050495 4 Detailed Description In the following description, reference is made to a user name input field. This refers to any field in which text can be entered by the user to identify 5 a particular user; it may be labelled "user name", "user ID" or similar. Likewise, reference is made in the following to a submit field. This refers to any feature which the user may click on to gain access to his account, and may be a submit field, a submit button, an image input, or a hyperlink. 10 Referring to Fig. 1, a webpage 10 has a password field 12. A feature of the invention is that first and second threshold areas are defined around the password field 12. The first threshold area 14 in this embodiment extends principally above and to either side of the password field 12, and to a short distance beneath. The second threshold area 16 in this 15 embodiment extends principally below and to either side of the password field 12, and to a short distance above. The threshold areas are those in which a user name input field and a submit field, respectively, are likely to occur. The sizes of these areas can 20 be optimised by examining a range of websites. Referring to Fig. 2, the first step of the method is to identify the password input field. It is already known to do this for other purposes. The password input field can be identified by searching the webpage code for 25 a field which is labelled as "password", or a field which accepts user text input but replaces display of the text with a series of spots, or both of these. The code is then searched to determine whether a second password input 30 field can be identified adjacent to the one already found. If so, this WO 2013/128190 PCT/GB2013/050495 5 indicates that the web page is a registration page and thus unsuitable for the present method. If not, the webpage code is then searched from the password input field backwards for a text input field. If one is found, it is then determined whether this is within the first threshold area, and if so 5 this is identified as a possible user name field. If the text input field is not within the first threshold area, the backward searching continues in the same way. 10 When a possible user name input field is located, the code is examined for any inappropriate labels or ID tags. Possible inappropriate labels are "search" and "password"; others may be determined by experience. If the field has such an inappropriate label, then the backward searching is continued. 15 If no user name input field is found within the first threshold area, then the system assumes that the first text entry field found thereafter is the user name input field. 20 It is then necessary to locate the submit button or equivalent. As discussed above, this can occur in a variety of forms. In the present embodiment, the code is searched for a standard submit input or submit button and thereafter, if necessary, for another form of clickable entry. 25 Referring to the second part of Fig. 2, the code is searched forward from the password input field. If a submit input or submit button is found, it is determined whether this lies within the second threshold area. If not, the forward search is continued.
    WO 2013/128190 PCT/GB2013/050495 6 If a possible field is found within the second threshold area, it is checked for inappropriate labels or tags. In this case, inappropriate labels include not only "search" and "password" but also "register" and" sign up". Again others may be added with experience. If an inappropriate label is found, 5 then the forward search continues. If not, this field is identified as the submit input field. If no submit input field is found within the second threshold area after the password input field, then the foregoing is repeated in a search backward 10 from the password input field; it is for this reason that the second threshold area extends somewhat above the password input field, as submit buttons are occasionally put in this area of screen. If the submit input field is not found thus far, then the above is repeated 15 but searching for an image input or a hyperlink. In the unlikely event of the system failing to locate any of the required field, it becomes necessary for the user to input the required information manually. We have found that a commercially-available prior art system 20 can successfully locate these three fields in about 80% of attempts, whereas a trial version of the present invention is successful in about 98% of attempts. The method described above has been developed for use in a simplified 25 login system which will now be briefly described. The system is based on a web server. A user registers with the provider and supplies a single memorable word. This is the only item which the user has to remember in order to access multiple websites requiring user 30 name and password.
    WO 2013/128190 PCT/GB2013/050495 7 For each website which he wishes to use, the user chooses a user name and password which are passed to the web server in encrypted form, using the memorable word as the encryption key, and this information is 5 held on the server in encrypted form. Thereafter, the user can call up the web server. The user logs in by entering his user name. He is prompted to enter three random characters from his memorable word, the entry suitably being done by clicking on a 10 drop-down box to avoid key strokes which might be captured. If the correct characters are entered, the user's account is opened and the encypted information is sent to his computer where it is decrypted. The user then goes to a desired website. A bookmarklet containing Java 15 script is included in a toolbar. When the user clicks on this, the Java script causes the user name input field and the password input field to be identified as above, the correct data entered, and the submit input identified and operated. 20 This system ensures that passwords are stored securely and recalled and used easily. This in turn enables the use of passwords which are highly random and would be difficult to remember, and are thus highly secure. It also allows the user to avoid the use of the same or closely similar passwords on multiple sites. 25 The present invention thus provides novel technical effects in the interaction between a user, a secure storage facility, and multiple web sites, and provides faster and more secure access.
    WO 2013/128190 PCT/GB2013/050495 8 While this invention has been described with reference to the sample embodiments thereof, it will be appreciated by those of ordinary skill in the art that modifications can be made to the structure and elements of the invention without departing from the spirit and scope of the invention as a 5 whole.
    权利要求:
    Claims (10)
    [1] 1. A method of operating a computer to identify user name, password and submit fields on a remote website, the method comprising: 5 (a) searching the code defining a webpage to identify a password field by locating code defining a field which is labelled as "password" and/or is configured to suppress display of characters typed in that field; (b) defining a first threshold area around the password field in 10 which a user name field is likely to occur, and a second threshold area around the password field in which a submit field is likely to occur; (c) examining the webpage code in the first threshold area to locate a field for user text entry which, if found, is taken to be the 15 user name field; (d) examining the webpage code in the second threshold area to locate a field for a user click entry which, if found, is taken to be the submit field. 20
    [2] 2. The method of claim 1, in which the first threshold area is defined as an area of the displayed page extending above and to either side of the password field.
    [3] 3. The method of claim 1 or claim 2, in which the second threshold 25 area is defined as an area of the displayed page extending from a relatively short distance above to a relatively larger distance below and to either side of the password field. WO 2013/128190 PCT/GB2013/050495 10
    [4] 4. The method of any preceding claim, in which a possible user name field or submit field is ignored if it is associated with an inappropriate label or ID indicating another specific function.
    [5] 5 5. The method of any preceding claim, in which step (c) is conducted by searching backwards through the code from the code defining the password input field.
    [6] 6. The method of any preceding claim, in which step (d) is conducted 10 by searching forward through the code from the code defining the password input field.
    [7] 7. The method of claim 6, in which, if said forward searching finds no submit field within the second threshold area, further searching is 15 conducted by searching backwards through the code from the code defining the password input field.
    [8] 8. A computer programmed to carry out the method of any preceding claim. 20
    [9] 9. A data carrier containing program data by which a computer may be programmed to carry out the method of any of claims 1 to 7.
    [10] 10. A secure password storage and login system comprising a central 25 server and a number of user computers, the central server storing user names and passwords in encrypted form; in which a user may retrieve a desired password in encrypted form, the password being decrypted in the user's machine; the system using the method of any of claims 1 to 7 to automatically activate a third party webpage 30 by locating said fields and entering the required data therein.
    类似技术:
    公开号 | 公开日 | 专利标题
    US8150791B2|2012-04-03|Benefits services privacy architecture
    US8893001B2|2014-11-18|Strong password entry
    US9886159B2|2018-02-06|Selecting portions of computer-accessible documents for post-selection processing
    US20100082998A1|2010-04-01|Active hip
    US20160036829A1|2016-02-04|Cybersecurity training system with automated application of branded content
    US20060005017A1|2006-01-05|Method and apparatus for recognition and real time encryption of sensitive terms in documents
    JP2010530589A|2010-09-09|Integrated sharing of electronic documents
    US20120110459A1|2012-05-03|Automated adjustment of input configuration
    US20070100863A1|2007-05-03|Newsmaker verification and commenting method and system
    US8869246B2|2014-10-21|Mask based challenge response test
    US10686835B2|2020-06-16|Method and device for providing authentication information on web page
    US20170293601A1|2017-10-12|Method and system for completing an edit area of a web page
    US9628574B2|2017-04-18|Systems and methods for streamlined content download
    KR102050203B1|2019-11-28|Hyperlink destination visibility
    US20110320478A1|2011-12-29|User management of electronic documents
    Zhang et al.2018|Robust annotation of mobile application interfaces in methods for accessibility repair and enhancement
    CA2899252C|2020-07-07|Computer system and method
    US9141715B2|2015-09-22|Automated hyperlinking in electronic communication
    US20170316216A1|2017-11-02|Secure message-sending method using personalized template and apparatus using the same
    US9058479B2|2015-06-16|Pass-pattern authentication for computer-based security
    US20210117174A1|2021-04-22|Providing context-based application suggestions
    CN112214786A|2021-01-12|File label processing method and device
    Sharma et al.2015|Framework for Live Forensics of a System by Extraction of Clipboard Data and Other Forensic Artefacts from RAM Image
    Gibbs et al.2019|Connecting Environmental Futures with Environmental Decision-making: a Review
    Fukushi et al.2021|Analyzing Security Risks of Ad-Based URL Shortening Services Caused by Users’ Behaviors
    同族专利:
    公开号 | 公开日
    GB201203576D0|2012-04-11|
    CA2899252C|2020-07-07|
    WO2013128190A1|2013-09-06|
    CA2899252A1|2013-09-06|
    GB2513799A|2014-11-05|
    AU2013227473B2|2018-02-22|
    EP2820586A1|2015-01-07|
    GB201415072D0|2014-10-08|
    US20150135290A1|2015-05-14|
    DK2820586T3|2018-10-29|
    US9253187B2|2016-02-02|
    NZ629581A|2015-08-28|
    EP2820586B1|2018-08-29|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    AU2003228732A1|2002-05-30|2003-12-19|America Online Incorporated|Intelligent client-side form filler|
    US7003727B2|2001-02-06|2006-02-21|International Business Machines Corporation|User identification and password field determination|
    US20040205530A1|2001-06-28|2004-10-14|Borg Michael J.|System and method to automatically complete electronic forms|US10180985B2|2015-02-19|2019-01-15|At&T Intellectual Property I, L.P.|Apparatus and method for automatically redirecting a search|
    US10419423B2|2015-10-30|2019-09-17|Mcafee, Llc|Techniques for identification of location of relevant fields in a credential-seeking web page|
    法律状态:
    2018-06-21| FGA| Letters patent sealed or granted (standard patent)|
    优先权:
    申请号 | 申请日 | 专利标题
    GB1203576.2||2012-02-29||
    GBGB1203576.2A|GB201203576D0|2012-02-29|2012-02-29|Computer system and method|
    PCT/GB2013/050495|WO2013128190A1|2012-02-29|2013-02-28|Computer system and method|
    [返回顶部]