1. Field of the Invention
The present invention relates generally to privacy and security of users' data provided to on-line services.
2. Description of the Related Art
To make online transactions more efficient and convenient, certain online services store users' personal information, such as name, address, credit card information, and other confidential user information, on servers for later retrieval and re-use. During retrieval, an on-line service must ensure that users can retrieve only their own information in order to protect privacy and security of other users' information.
Typically, to access their personal information, users need to provide a user name and password in a form. If the user's name and password are correct, the server authenticates the user and provides access to the user's data. If the provided user name and password are incorrect access is denied to a user.
This approach has the well-known problem that users often forget their user name or password for a particular service. Most services provide a way for a user to retrieve a user name and/or password by verifying their identity in other ways, such as answering specific questions. This approach still requires the user to remember particular information to access each different service, or alternatively (and less securely) use the same user name and password with every service.
Many online services do store a limited amount of information on a user's client computer in the form of a “cookie.” However, this information is typically used to authenticate the user, and not to provide transactional or other complex or large bodies of data. This is because existing browsers typically limit the cookie size to 4 k of data, which is significantly less that would be used for storing complex data files.