System and method for providing secure URL-based access to private resources
First Claim
1. In a Web site system in which different users are provided access to different private resources, a computer-implemented method of providing a user secure access to a private resource over a publicly-accessible network without requiring the user to enter authentication information, the method comprising:
- obtaining an email address of the user;
generating a token using a token generation method that distributes tokens substantially randomly over a token space, the token space selected to be sufficiently large to inhibit identification of a valid token by trial and error, wherein generating the token comprises generating a token value of at least 64 bits;
combining the token and a predefined character string to form a uniform resource locator (URL) which corresponds to the private resource;
generating an email message which includes the URL, and transmitting the email message to the email address of the user; and
in response to receiving a request for the URL over the publicly-accessible network from a user, accessing the resource without requiring the user to enter authentication information.
3 Assignments
0 Petitions
Accused Products
Abstract
In a Web site system in which different private records or other resources are personal to different users, a method is provided for allowing users to securely access a private resource without the need to enter a username, password, or other authentication information, and without the need to download special authentication software or data to the user'"'"'s computer. Each resource is assigned a private uniform resource locator (URL) which includes a fixed character string and a unique token, and the URLs are conveyed by email (preferably using hyperlinks) to users that are entitled to access such resources. The tokens are generated using a method which distributes the tokens substantially randomly over the range of allowable token values (“token space”). The token space is selected to be sufficiently large relative to the expected number of valid tokens to inhibit the identification of valid tokens through trial and error. When a user attempts to access a private URL (such as to access a private account information page), a token validation program is used to determine whether the token is valid. The method may be used to provide users secure to access private account information on the Web site of merchant. Other practical applications include electronic gift certificate and coupon redemption, gift registries, order confirmation electronic voting, and electronic greeting cards.
796 Citations
36 Claims
-
1. In a Web site system in which different users are provided access to different private resources, a computer-implemented method of providing a user secure access to a private resource over a publicly-accessible network without requiring the user to enter authentication information, the method comprising:
-
obtaining an email address of the user;
generating a token using a token generation method that distributes tokens substantially randomly over a token space, the token space selected to be sufficiently large to inhibit identification of a valid token by trial and error, wherein generating the token comprises generating a token value of at least 64 bits;
combining the token and a predefined character string to form a uniform resource locator (URL) which corresponds to the private resource;
generating an email message which includes the URL, and transmitting the email message to the email address of the user; and
in response to receiving a request for the URL over the publicly-accessible network from a user, accessing the resource without requiring the user to enter authentication information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer system for providing secure Web-based access to private resources over a publicly-accessible network without requiring users to enter authentication information, comprising:
-
a database which includes a plurality of private records, wherein different private records correspond to different users; and
a server system which communicates with Web clients over the publicly-accessible network to provide restricted user access to the private records, the server system including a server application that (a) generates tokens which correspond to specific private records such that outstanding tokens are distributed substantially randomly over a token space, wherein each of said tokens comprises at least 64 bits, (b) generates private uniform resource locators (URLs) which include the tokens, (c) transmits the private URLs to corresponding users to enable the users to access corresponding private records, and (d) validates tokens received from Web clients in URL requests;
wherein the server system responds to a URL request which includes a valid token by returning information contained in a private record which corresponds to the token, without requiring user entry of authentication information. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. In a Web site system of a merchant, a computer-implemented method of providing customized information to a user about products and/or services available from the merchant, comprising:
-
obtaining an email address and a subscription profile from the user, the subscription profile indicating product and/or service categories selected by the user;
transmitting to the user at least one email document which contains descriptions of products and/or services, the descriptions selected based on the subscription profile;
generating and transmitting to the user a private uniform resource locator (URL) which provides access to a private Web page for at least securely revising the subscription profile, the URL containing a token which is generated using a method which distributes tokens substantially randomly over a token space; and
responding to a client request for the private URL by returning the private Web page without requiring entry of authentication information. - View Dependent Claims (31, 32, 33, 34, 35, 36)
-
Specification