主权项 |
1. A method for granting a third party access to a customer account with a resource provider, comprising:
receiving at a storage server a time-based access code from a computing device of a customer having an account with the resource provider, the time-based access code to be valid during a future time window and including a secret value provided to the customer by the resource provider; storing the time-based access code on the storage server; generating at the storage server a URL linked to the stored time-based access code; sending the URL to the customer to send the URL to the third party to send to the storage server during the time window; receiving at the storage server the URL sent by the third party; and sending the time-based access code to the third party only if the URL is received by the storage server during the time window, whereupon the third party attempts to log into the resource provider with the time-based access code and gains access to the customer account if the resource provider, having decoded the time-based code, verifies the secret value and the time at which the login by the third party is attempted. |