摘要 |
In a Web site system in which different private records or other resources are personal to different users, a method is provided for allowing users to securely access a private resource without the need to enter a username, password, or other authentication information, and without the need to download special authentication software or data to the user's computer. Each resource is assigned a private uniform resource locator (URL) which includes a fixed character string and a unique token, and the URLs are conveyed by email (preferably using hyperlinks) to users that are entitled to access such resources. The tokens are generated using a method which distributes the tokens substantially randomly over the range of allowable token values ("token space"). The token space is selected to be sufficiently large relative to the expected number of valid tokens to inhibit the identification of valid tokens through trial and error. When a user attempts to access a private URL (such as to access a private account information page), a token validation program is used to determine whether the token is valid. The method may be used to provide users secure to access private account information on the Web site of merchant. Other practical applications include electronic gift certificate and coupon redemption, gift registries, order confirmation electronic voting, and electronic greeting cards.
|