This invention relates to ensuring a secure identification of web survey participants, and particularly to the process of ensuring that a secure communication session over a computer network identifies the correct participants by sending encrypted invitation tokens to those prospective participants.
Computer networks have been a boon to information sharing in modern society and business. Computer users are able to access network resources to obtain and process useful data and to communicate with other computer users. These networks include local area networks, company wide networks, and wide area networks including the vast world-wide web.
In the workplace, computer networks allow companies to receive various types of information from employees, customers, and others quickly and easily. In the past, communication sessions over networks have often required that sensitive information pass over the network. In some situations, this is not problematic, but some network sessions require secure identification of participants because such sessions involve sensitive or proprietary information that a company wishes to protect. Protecting the information passing over the network is costly to the point of being prohibitive, taking the form of expensive security software or hardware devices that verify the identities of a network session's participants.
One of the primary problems is the identifier or “token” that a session participant uses to gain access to the network session. Tokens of this kind have contained information about the participant and the network session, often encrypted to prevent someone from falsifying credentials to gain access to a network session. As long as the token contains information, however, a risk exists that an uninvited third party may be able to create a false token to gain access to a network session and its protected information or may be able to gain or to abstract confidential information from a token. For example, the interception of tokens containing sensitive information could enable an unauthorized user to impersonate an authorized user and gain access to confidential information or input false or misleading information into the system. Thus, companies conducting sensitive network sessions seek methods that allow them to transmit as little information about the session as possible to protect the session's integrity in a cost-effective manner.