1. Field of the Invention
The present invention is directed to user authentication in an exchange environment. Specifically the invention is directed to a method and system for allowing access to an exchange by a casual user without compromising exchange security.
2. Description of the Related Art
It is known to have an electronic exchange configured such that various buyers and sellers of goods and/or services can come together and conduct business. In such an exchange, several applications may be running in a protected environment. To participate in the exchange and to have full access to the exchange applications one must be a registered member. Registration requires completion of a complex procedure in which a prospective member must submit a large quantity of information which then must be validated before membership is authorized. This complex procedure deters casual users from participating in the exchange and thus prevents the exchange from obtaining necessary information from such casual users. A casual user is defined as one who may not need full access to the exchange and its applications, but may only need to complete simple business transactions. For example, an organization may be a member of the exchange via the membership of its procurement employee. Under that organization's policies, the procurement employee is authorized to make purchases on behalf of the organization for under a certain amount. If the cost of a purchase is over that certain amount, it is necessary for that procurement employee to get additional authorization from his or her manager. This manager, however, may not be registered to participate in the electronic exchange or to use its applications. In order to complete the transaction, that manager's authorization is necessary. Thus, it is desirable to allow the manager to have access as a casual user for the limited purpose of providing the necessary authorization.
In addition to reducing the complexity of authorization when allowing access to casual users, it is also important to maintain the exchange's security and to avoid possible breaches. Therefore, the inventors have determined that there is a need for a simple yet secure way to provide access to casual users on an electronic exchange.