Safe auto-login links in notification emails
First Claim
1. A method to authenticate a user of an application from a notification message that includes a resource locator, comprising:
- providing a first data string from which first data about the user can be obtained and verified by the application;
providing the notification message that includes the resource locator, the resource locator including a second data string from which second data about the user can be obtained and verified by the application;
receiving, as an authentication request and as a result of the user having selected the resource locator in the notification message, the first data string and the second data string; and
determining, without additional user input, whether the first data and the second data can be verified;
if the first data and the second data can be verified, authenticating the user.
2 Assignments
0 Petitions
Accused Products
Abstract
A web application user is authenticated directly upon selecting a link in a notification email. In this approach, the user'"'"'s web browser stores a first data string provided by the web application (e.g., in a cookie) during a prior session. The first data string encodes first data about the user that can be verified by the application. Later, the user receives the notification email that includes the link. The link encodes a second data string from which second data about the user can be verified by the application. When the end user selects the link, an authentication request is transmitted to the application. The authentication request includes both the first and second data strings. If both the first data and the second data (as obtained from their respective data strings) can be verified, the user is authenticated without having to perform any additional steps (e.g., manual entry of credentials).
36 Citations
20 Claims
-
1. A method to authenticate a user of an application from a notification message that includes a resource locator, comprising:
-
providing a first data string from which first data about the user can be obtained and verified by the application; providing the notification message that includes the resource locator, the resource locator including a second data string from which second data about the user can be obtained and verified by the application; receiving, as an authentication request and as a result of the user having selected the resource locator in the notification message, the first data string and the second data string; and determining, without additional user input, whether the first data and the second data can be verified; if the first data and the second data can be verified, authenticating the user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Apparatus, comprising:
-
a processor; a data store; computer memory holding computer program instructions that when executed by the processor perform a method to authenticate a user of an application from a notification message that includes a resource locator, the method comprising; providing a first data string from which first data about the user can be obtained and verified by the application; providing the notification message that includes the resource locator, the resource locator including a second data string from which second data about the user can be obtained and verified by the application; receiving, as an authentication request and as a result of the user having selected the resource locator in the notification message, the first data string and the second data string; and determining, without additional user input, whether the first data and the second data can be verified; if the first data and the second data can be verified, authenticating the user. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a non-transitory computer readable storage medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method to authenticate a user of an application from a notification message that includes a resource locator, the method comprising:
-
providing a first data string from which first data about the user can be obtained and verified by the application; providing the notification message that includes the resource locator, the resource locator including a second data string from which second data about the user can be obtained and verified by the application; receiving, as an authentication request and as a result of the user having selected the resource locator in the notification message, the first data string and the second data string; and determining, without additional user input, whether the first data and the second data can be verified; if the first data and the second data can be verified, authenticating the user. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification