WO2021074408A1 - Method for controlling the access to a computer platform and associated devices - Google Patents

Method for controlling the access to a computer platform and associated devices Download PDF

Info

Publication number
WO2021074408A1
WO2021074408A1 PCT/EP2020/079258 EP2020079258W WO2021074408A1 WO 2021074408 A1 WO2021074408 A1 WO 2021074408A1 EP 2020079258 W EP2020079258 W EP 2020079258W WO 2021074408 A1 WO2021074408 A1 WO 2021074408A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
user
platform
function
access link
Prior art date
Application number
PCT/EP2020/079258
Other languages
French (fr)
Inventor
Gaye BAMBA
Original Assignee
Institut National De La Sante Et De La Recherche Medicale (Inserm)
Universite De Paris
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institut National De La Sante Et De La Recherche Medicale (Inserm), Universite De Paris filed Critical Institut National De La Sante Et De La Recherche Medicale (Inserm)
Publication of WO2021074408A1 publication Critical patent/WO2021074408A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • the present invention concerns a method for controlling the access to a space of a platform for submitting scientific articles through an access link.
  • the present invention also relates to associated computer program product and computer-readable medium.
  • This disclosure relates generally to web application security and, in particular, to enabling a user to access the application using an access link in a notification message but without requiring the user to re-enter login credentials.
  • Another method is to include URLs in notification emails that contain all of the data (for instance, a secret or signed parameter) that is required to authenticate the user.
  • the invention aims at providing, with reduced resources, a more securized access to the reserved spaces of a platform, notably a platform for submitting articles.
  • the specification describes a method for controlling the access to a specific space stored in a memory of a web platform through an access link, the specific space being reserved to a user of the platform, the access link being activatable by at least one user since an activation time, the activation time corresponding to the time at which the platform provides the user with the access link.
  • the method comprises, when a request to access to the reserved space by activating the access link is received, the step of acquiring at least one parameter relative to the history of events linked to the access to the reserved space since the activation time, to obtain at least one acquired parameter, the step of applying a test function to the at least one acquired parameter, so as to obtain a test result, and based on the test result: either a step of authorizing the request to access to the reserved space, or a step of deactivating the access link.
  • the steps following a manuscript submission involve a notification of manuscript submission and thereafter a decision letter. While these notifications are widely shared among co-authors, they often, if not always, include an access link that automatically logs the coauthor into the account of the corresponding author. Even if this access link may be accompanied by a warning message such as: “Do not share this encrypted access link with others, as it will automatically log you into your account for X-based system.” this is still not enough protection for the corresponding author.
  • the inventors’s experience shows that warning the co-author is not the solution as deleting section of the email while sharing the decision with the co-authors may even be considered as suspicious by our peers. All the more so since there is an underlying trust between co-authors.
  • the encrypted shared URL allows someone to log on to the account of the owner (i.e. corresponding author) ‘forever’ even if the individual resets their password afterwards.
  • Even more alarming is that it is well known that hacking has become the leading cause of breaches reported by Content Management Systems.
  • Uses of web-based applications for email, messaging, and file storage come with a risk of compromise of sensitive data, identity theft, compromise, or theft of intellectual property (such as metadata, research protocols, and preliminary results). In this context, where anyone can access researcher’s accounts using a single link, the effect of hackingmay last for long periods.
  • Some solutions could be (i) to create links that will expire after a defined period or (ii) to create a link that will not log into the account if the person changes their password.
  • Elsevier publisher of important scientific journals
  • This solution would not be an option with eJournalPress as even after resetting the password the submission link is still available to log into the researcher’s account.
  • Privacy for the user should be the number one concern for the product, technology, or service. The goal is to provide a usercentric experience, rather than one which harbours illicit data processing practices such as mass collection of data or invasive profiling.
  • the present method for controlling enables one to reduce the different identified risks identified above while involving a reduced calculation burden on the article submission platform.
  • the method for controlling might incorporate one or several of the following features, taken in any technically admissible combination:
  • the web platform is a platform for submitting scientific articles.
  • one parameter is a binary value representative of the presence of a specific event.
  • the specific event is chosen in the list consisting of the fact that the password of the user of the platform is changed, the publication of an article whose one author is the user, and the fact that no action is to be carried by the user.
  • test function is an OR function applied to at least one binary value representative of the presence of a specific event.
  • one acquired parameter is the time lapsed since the activation time.
  • test function is an OR function applied to at least one binary value representative of the presence of a specific event and to the result of a function applied to the time lapsed since the activation time.
  • the step of applying comprises calculating an Heaviside function applied to the time lapsed since the activation time minus a threshold, the test function depending from the result of the calculated Heaviside function.
  • the threshold is superior or equal to fifteen days.
  • the threshold is inferior or equal to thirty days.
  • the request is sent by activating the access link contained in a notification mail.
  • test function is a binary function
  • the specification also describes a computer program product comprising computer program instructions, the computer program instructions being loadable into a data- processing unit and adapted to cause execution of at least one step of the method for controlling as previously described when run by the data-processing unit.
  • the specification also relates to a computer-readable medium comprising computer program instructions which, when executed by a data-processing unit, cause execution of at least one step of the method for controlling as previously described.
  • FIG. 1 shows schematically a platform and several terminals
  • - figure 2 shows an example of partition of the platform in reserved spaces
  • - figure 3 is a flowchart of an example of carrying out of a method for controlling the access to a space of the platform.
  • a platform 10 is schematically represented on figure 1 by a box.
  • Such platform 10 is accessible via the Internet and is thus a web platform.
  • the platform 10 is a platform for submitting scientific articles.
  • Such platform 10 is adapted to at least one of two tasks: a first task consisting in submitting scientific articles and results for the scientists wanting to publish and a second task consisting in reviewing the articles (peer-to-peer review).
  • the platform 10 ensures an interaction with several terminals 12, 14 and 16. This interaction is schematically represented by the dotted lines 18.
  • the platform 10 is a control system which is represented on figure 1 as a controller 20 in interaction with a computer program product 30.
  • the interaction between the computer program product 30 and the controller 20 enables to generate a platform 10 as schematically illustrated by the dashed line 22 and to control the platform 10 and notably the access to spaces of the platform 10.
  • Such method for controlling the platform is thus a computer-implemented method.
  • the controller 20 is a desktop computer.
  • the controller 20 is a rack-mounted computer, a laptop computer, a tablet computer, a PDA or a smartphone.
  • the computer is adapted to operate in real-time and/or is an embedded system, notably in a vehicle such as a plane.
  • the controller 20 comprises a calculator 32, a user interface 34 and a communication device which is not represented.
  • the calculator 32 is electronic circuitry adapted to manipulate and/or transform data represented by electronic or physical quantities in registers of the calculator 32 and/or memories in other similar data corresponding to physical data in the memories of the registers or other kinds of displaying devices, transmitting devices or memory devices.
  • the calculator 32 comprises a monocore or multicore processor (such as a CPU, a GPU, a microcontroller and a DSP), a programmable logic circuitry (such as an ASIC, a FPGA, a PLD and PLA), a state machine, gated logic and discrete hardware components.
  • a monocore or multicore processor such as a CPU, a GPU, a microcontroller and a DSP
  • a programmable logic circuitry such as an ASIC, a FPGA, a PLD and PLA
  • state machine gated logic and discrete hardware components.
  • the calculator 32 comprises a data-processing unit 38 which is adapted to process data, notably by carrying out calculations, memories 40 adapted to store data and a reader 42 adapted to read a computer readable medium.
  • the user interface 34 comprises an input device 44 and an output device 46.
  • the input device 44 is a device enabling the user of the controller 20 to input information or command to the controller 20.
  • the input device 44 is a keyboard.
  • the input device 44 is a pointing device (such as a mouse, a touch pad and a digitizing tablet), a voice-recognition device, an eye tracker or a haptic device (motion gestures analysis).
  • the output device 46 is a graphical user interface, which is a display unit adapted to provide information to the user of the controller 20.
  • the output device 46 is a display screen for visual presentation of output.
  • the output device is a printer, an augmented and/or virtual display unit, a speaker or another sound generating device for audible presentation of output, a unit producing vibrations and/or odors or a unit adapted to produce electrical signal.
  • the input device 44 and the output device 46 are the same component forming man-machine interfaces, such as an interactive screen.
  • the communication device enables unidirectional or bidirectional communication between the components of the controller 20.
  • the communication device is a bus communication system or an input/output interface.
  • the presence of the communication device enables that, in some embodiments, the components of the controller 20 be remote one from another.
  • the computer program product 30 comprises a computer readable medium 48.
  • the computer readable medium 48 is a tangible device that can be read by the reader 44 of the calculator 32.
  • the computer readable medium 48 is not transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, such as light pulses or electronic signals.
  • Such computer readable storage medium 48 is, for instance, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device or any combination thereof.
  • the computer readable storage medium 48 is a mechanically encoded device such a punchcards or raised structures in a groove, a diskette, a hard disk, a ROM, a RAM, an EROM, an EEPROM, a magnetic-optical disk, a SRAM, a CD-ROM, a DVD, a memory stick, a floppy disk, a flash memory, a SSD or a PC card such as a PCMCIA.
  • a computer program is stored in the computer readable storage medium 48.
  • the computer program comprises one or more stored sequence of program instructions.
  • program instructions when run by the data-processing unit 38, cause the execution of steps of any method that will be described below.
  • the form of the program instructions is a source code form, a computer executable form or any intermediate forms between a source code and a computer executable form, such as the form resulting from the conversion of the source code via an interpreter, an assembler, a compiler, a linker or a locator.
  • program instructions are a microcode, firmware instructions, state-setting data, configuration data for integrated circuitry (for instance VHDL) or an object code.
  • Program instructions are written in any combination of one or more languages, such as an object oriented programming language (FORTRAN, C " ++, JAVA, HTML), procedural programming language (language C for instance).
  • object oriented programming language such as an object oriented programming language (FORTRAN, C " ++, JAVA, HTML), procedural programming language (language C for instance).
  • the program instructions is downloaded from an external source through a network, as it is notably the case for applications.
  • the computer program product comprises a computer-readable data carrier having stored thereon the program instructions or a data carrier signal having encoded thereon the program instructions.
  • the computer program product 30 comprises instructions, which are loadable into the data-processing unit 38 and adapted to cause execution of steps of any method described below when run by the data-processing unit 38.
  • the execution is entirely or partially achieved either on the controller 20, that is a single computer, or in a distributed system among several computers (notably via cloud computing).
  • Terminals 12, 14 and 16 are end user equipments such as a smartphone, a tablet or a computer.
  • controller 20 The same remarks made for the controller 20 are thus applicable to each terminal 12, 14 and 16 and are not repeated here.
  • the terminals 12, 14 and 16 are belonging to respective user. More precisely, the first terminal 12 belongs to a first user U1 , the second terminal 14 belongs to a second user U2 and the third terminal 16 belongs to a third user U3.
  • a space of the platform 10 is reserved. This means that the only person that should access to the reserved space of the platform 10.
  • the memory 40 is split into a first reserved space 50 (delimited by two frontiers 52 and 54 indicated by solid lines), a second reserved space 56 (delimited by two frontiers 58 and 60 indicated by dashed lines) and a third reserved space 62 (delimited by two frontiers 64 and 66 indicated by solid lines).
  • the first reserved space 50 is reserved to the first user U1
  • the second reserved space 56 is reserved to the second user U2
  • the third reserved space 62 is reserved to the third user U3.
  • the reserved space of a user comprises all relevant information shared when an article is submitted. This includes the article manuscript, access to all the data recorded and processed during the study that permits to check the results given in the article. It also includes the author’s history of submission and reviewing tasks in this journal.
  • first reserved space 50 and the second reserved space 56 share a common space on the memory 40 which is delimited on one hand by the frontier 58 and on the other hand by the frontier 54.
  • This common space corresponds to the case of articles, which were written by the first user U1 and the second user U2 as co-authors.
  • the second reserved space 56 and the third reserved space 62 share a common space on the memory 40 which is delimited on one hand by the frontier 64 and on the other hand by the frontier 60.
  • This common space corresponds to the case of articles, which were written by the second user U2 and the third user U2 as co-authors.
  • the terminals 12, 14, 16 access to their respective reserved space 50, 56 and 62 either by logging to the platform 10 with entering passwords or by an access link.
  • the access link is contained in a notification message sent by the platform 10 to the respective user U1 , U2 or U3.
  • This notification message is, for instance, an email which includes an embedded URL.
  • URL is an abbreviation for Uniform Resource Locator which is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it. This means that URL designates a web address which is, in the current case, the web address of the reserved space 50, 56 and 62.
  • the notification message is a short text message, also known as SMS.
  • the user U1 , U2 or U3 is automatically authenticated upon clicking the access link in the notification message.
  • This access link can thus be construed as an auto-login access link.
  • figure 3 illustrates a flowchart of an example of carrying out of a method for controlling the access to a space of the platform 10.
  • the first user U1 has shared an access link L to its first reserved space 50 with the second user U2 and the third user U3 because he is currently working on a new article with these users U2 and U3.
  • the method for controlling aims at controlling the access to the platform 10 via the access link L.
  • the method for controlling comprises a step of receiving S100, a step of acquiring S102, a step of testing S108, the step of testing S108 being followed by either a step of authorizing access S114 or a step of deactivating S118 according to the result of the step of testing S108.
  • a request to access the first reserved space 50 is received by the platform 10.
  • the request is received by the controller 20.
  • the request is a request generated by activating the access link L.
  • a request is in treatment by the platform 10.
  • parameters 01 , 02, 03 and 04 are acquired.
  • the parameters 01 , 02, 03 and 04 correspond to the history of events linked to the access to the first reserved space 50 since the access link L is active.
  • the access link L is active since the emitting of the notification mail.
  • the specific time of emitting of the notification mail is the activation time AT.
  • the first parameter 01 is the time lapsed since the activation time AT.
  • This time lapsed since the emitting of then notification mail is named the activating time interval ATI.
  • the first parameter 01 is the activating time interval ATI.
  • the second parameter 02, the third parameter 03 and the fourth parameter 04 are the presence or the absence of a specific event.
  • These second parameter 02, third parameter 03 and fourth parameter 04 are coded as a binary number.
  • the second parameter 02, the third parameter 03 and the fourth parameter 04 are coded as 0 while in case of presence of the event, the second parameter 02, the third parameter 03 and the fourth parameter 04 are coded as 1.
  • the second parameter 02 is the publication of an article whose one author is the first user U1 .
  • the third parameter 03 is the absence of action to be carried out by the first user U1 to fulfill the process of publication of the article.
  • the fourth parameter 04 is the change of password by the first user U1 .
  • a step of testing S108 is then carried out.
  • the step of testing S108 consists in applying a test function T to at least one of the parameters 01 , 02, 03 and 04 obtained at the end of the step of acquiring S102.
  • the test function T is a binary function.
  • test function T is equal to a logical function which can be written as a first function F1 OR a second function F2 OR a third function F3 OR a fourth function F4. This means that:
  • the first function F1 is the Fleaviside function Fl(x) whose input x is the activating time interval 01 minus a threshold TFIR.
  • the first function F1 is equal to 1 when the activating time interval 01 is superior or equal to the threshold TFIR and the first function F1 is equal to 0 when the activating time interval 01 is inferior to the threshold TFIR.
  • the threshold TFIR is superior to fifteen days and inferior to thirty days.
  • the second function F2 is a function that provides a “0” in absence of a specific event and a “1” in presence of an event since the beginning of the activation of the access link L.
  • Such specific function is labeled presence (event) in what follows.
  • the event which is the input of the second function F2 is the publication of an article whose one author is the first user U1. This event corresponds to the second parameter 02.
  • test function T can be written as:
  • test function T FI(OI-TFIR) OR presence (02) OR presence (03) OR presence (04)
  • the test function T therefore appears as a logic function built on the previously mentioned functions F1 , F2, F3 and F4.
  • test function T is using the “AND” logic function in the following way:
  • test functions T such as:
  • test function T is reduced to one of the four functions F1 to F4.
  • test function T is equal to H(01-THR) or the test function T is equal to presence (02).
  • the step of authorizing access S114 enables the user U1 , U2 or U3 who did the request to access to the first reserved space 50 of the platform 10.
  • the method for controlling is led to the first step of receiving S100 as indicated by the arrow 116.
  • the method for controlling is an iterative method.
  • the step of deactivating S118 consists in deactivating the access link L so that no request will be sent to the platform 10.
  • the deactivating is carried out by changing the page which is displayed when activating the access link L. Instead of leading to the first reserved space 50, activating the access link L leads to an error page.
  • the method for controlling therefore enables to control the validity of an access link L in a clever way.
  • the access link L is deactivated for appropriate reasons due to the relevance of the test function T. For instance, the access link L is deactivated when an article whose one author is the owner of the reserved space 50, 56 and 62 is published or when there is no action to be carried out by the owner of the reserved space 50, 56 and 62 or when the password of the person is changed.
  • such method prevents the case of access to the submission data of a scientist contained in a platform 10 which has a permanent access to a coauthor’s account even if they reset the password.
  • the access link L is only deactivated when relevant. In particular, if there is no request, the access link L is not deactivated but there is no issue in this since no one try to access to the reserved space. This result in reduced resources
  • the reserved space 50, 56 and 62 is more secure than the platforms of the prior art.
  • the platform 10 is an article submission platform offering better data protection and scientific integrity. Such platform 10 notably limits the risk of plagiarism and other forms of robbery of scientist’s work.
  • each step is implemented by a module adapted to achieve the step or computer instructions adapted to cause the execution of the step by interaction with the controller 20.
  • the steps following a manuscript submission involve a notification of manuscript submission and thereafter a decision letter. While these notifications are widely shared among co-authors, they often, if not always, include a link that automatically logs the co author into the account of the corresponding author. Although this link may be accompanied by a warning message such as: ‘Do not share this encrypted link with others, as it will automatically log you into your account for X-based system’. The authors find that this link does not allow for the extra layer of security needed for the corresponding author. Table 1 shows the e-mail including a warning message sent by selected Journals.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention relates to the access to a web platform and more specifically to the access to a specific space stored in a memory of a web platform through an access link. One issue is to guarantee that this access link, which is sent by a notification, notably a mail notification, is not fraudulently used. For this, the inventors propose a clever control method of the access link with a test function only used in case of access, the present method for controlling enables one to reduce this identified risk while involving a reduced calculation burden on the article submission platform.

Description

METHOD FOR CONTROLLING THE ACCESS TO A COMPUTER PLATFORM AND
ASSOCIATED DEVICES
TECHNICAL FIELD OF THE INVENTION
The present invention concerns a method for controlling the access to a space of a platform for submitting scientific articles through an access link. The present invention also relates to associated computer program product and computer-readable medium.
BACKGROUND OF THE INVENTION
This disclosure relates generally to web application security and, in particular, to enabling a user to access the application using an access link in a notification message but without requiring the user to re-enter login credentials.
Many web applications send their users various notification messages (typically emails) from which the users can access the application by selecting a URL in the message. When a user receives the notification email having the embedded URL, he selects the embedded access link, which opens the user's browser to a login page. At the page, the user is challenged to enter credentials to authenticate to the application. This approach, which requires the user to enter information manually, results in a poor user experience; also, it trains users to enter their credentials in response to access links included in emails, an opportunity that is often exploited extensively in phishing attacks.
One known method to circumvent this problem of requiring users to manually login to the web application when they follow an access link is for the user to instruct the browser to remember some user credential; in this way, the credential does not have to be re-entered on each occasion when login is required. Another solution is for the application to offer a “remember me” option so that the user stays logged into the application (or is logged in automatically).
Such known method provides some benefits, but only when the user accesses the application from the same web browser, which limits their usefulness.
Another method is to include URLs in notification emails that contain all of the data (for instance, a secret or signed parameter) that is required to authenticate the user.
This approach, however, suffers from a serious security flaw because anyone who happens to have access to the notification email (e.g., because the user has forwarded it while being unaware of the consequences) may access the application on the user's behalf. SUMMARY OF THE INVENTION
The invention aims at providing, with reduced resources, a more securized access to the reserved spaces of a platform, notably a platform for submitting articles.
To this end, the specification describes a method for controlling the access to a specific space stored in a memory of a web platform through an access link, the specific space being reserved to a user of the platform, the access link being activatable by at least one user since an activation time, the activation time corresponding to the time at which the platform provides the user with the access link. The method comprises, when a request to access to the reserved space by activating the access link is received, the step of acquiring at least one parameter relative to the history of events linked to the access to the reserved space since the activation time, to obtain at least one acquired parameter, the step of applying a test function to the at least one acquired parameter, so as to obtain a test result, and based on the test result: either a step of authorizing the request to access to the reserved space, or a step of deactivating the access link.
Thanks to such method, the following problem that has been identified by the inventors is solved.
The steps following a manuscript submission involve a notification of manuscript submission and thereafter a decision letter. While these notifications are widely shared among co-authors, they often, if not always, include an access link that automatically logs the coauthor into the account of the corresponding author. Even if this access link may be accompanied by a warning message such as: “Do not share this encrypted access link with others, as it will automatically log you into your account for X-based system.” this is still not enough protection for the corresponding author.
For example, referring to the Common Questions of the American Heart Association manuscript submission and Peer review system, it is clearly mentioned in their website security tips that: "All users have to enter a password, or have access to an encrypted URL, to access their reserved space in the platform. Encrypted access links and passwords are only ever sent to the email addresses of registered users.” Furthermore, this shared access link allows someone to log on the account of the owner (i.e., corresponding author) “forever” even if the individual resets their password afterwards. This implies that an old colleague with conflict of interest can secretly follow someone’s submissions, which is a violation of the individual privacy. Even more alarming is that it is well known that hacking has become the leading cause of breaches reported by Content Management Systems (CMS). Uses of web-based applications for email, messaging, file storage come with a risk of compromise of sensitive data, theft of identification, compromise or theft of intellectual property (such as metadata, research protocols and preliminary results). In this context where anyone can access researcher’s accounts using a single access link, the effect of hacking may last for long periods.
The inventors’s experience shows that warning the co-author is not the solution as deleting section of the email while sharing the decision with the co-authors may even be considered as suspicious by our peers. All the more so since there is an underlying trust between co-authors.
While a high level of trust between coauthors during manuscript submission is quite common, a major problem with providing coauthors with a login access link to corresponding author accounts is that “a co-author today may not be a friend tomorrow”.
In other words, the encrypted shared URL allows someone to log on to the account of the owner (i.e. corresponding author) ‘forever’ even if the individual resets their password afterwards. This implies that an individual with a conflict of interest or a potential hacker can easily track someone’s submissions, in clear violation of the individual privacy. Even more alarming is that it is well known that hacking has become the leading cause of breaches reported by Content Management Systems. Uses of web-based applications for email, messaging, and file storage come with a risk of compromise of sensitive data, identity theft, compromise, or theft of intellectual property (such as metadata, research protocols, and preliminary results). In this context, where anyone can access researcher’s accounts using a single link, the effect of hackingmay last for long periods.
Experience demonstrates that warning the co-author may not be sufficient enough as deleting a section of the email, while sharing the decision with the co-authors may even be considered as suspicious by our peers. All the more so, since there is an underlying trust between co-authors.
While a high level of trust between co-authors during manuscript submission is quite common, a major problem with providing coauthors with a login link to corresponding author accounts is that ‘a co-author today may not be a friend tomorrow’. Communication among co-authors breaks down and stops because of personality conflicts, professional rivalries, or jealousies and several examples of conflicts among co-authors are documented. A major challenge after terminating a collaboration may be the protection of the confidential topics and data the collaborators used to share as they mostly keep having common research topics of interest. The aim then of any reform of the policies in question that this viewpoint raises, is to avoid collaborators take primary or even exclusive credit for ongoing works just because they still have a way to follow previous colleague submissions.
It is worth highlighting that this is not an isolated problem as wide used manuscript submission and peer-review tracking systems for scientific, technical, medical, and engineering publications would argue. The inventors identified eJournalPress as being the provider of the software. eJournalPress platforms generate. It is also useful to specify that other respected software platforms do not have these problems (Editorial Manager or Scholarone).
This means that the above-mentioned problem which concerns submission article platform is not identified so far, and notably not in document US 6360 2454 B1 , WO 2016/099809 A1 , US 7 895445 B1 and US 2008/115227 A1 .
From this perspective, methods for controlling the access to article submission is needed for all platforms. Some solutions could be (i) to create links that will expire after a defined period or (ii) to create a link that will not log into the account if the person changes their password. In fact, recently, Elsevier (publisher of important scientific journals) declared that their server was accessible from the internet with Email addresses and passwords being public for some time. They resolved the issue and advised scientists with an account at Elsevier to change their password. This solution would not be an option with eJournalPress as even after resetting the password the submission link is still available to log into the researcher’s account.
The European Union regulation 2016/679 on General Data Protection Regulation (GDPR) now formally requires organizations to take privacy into account by design from the conception of a new product, technology or service (Article 25), rather than on a voluntary basis as it was under the previous regime of Directive 95/46/EC (recital 46). Their Data protection by design concept call for a satisfaction of the following requirements:
• Privacy for the user should be the number one concern for the product, technology, or service. The goal is to provide a usercentric experience, rather than one which harbours illicit data processing practices such as mass collection of data or invasive profiling.
• The basic idea is that consideration of the impact of any processing activities when developing a new product, technology, or service should be considered and from the onset and through the lifecycle of the product. Measures should be integrated into the project.
• A need to act quickly to understand the new regulatory requirement and embrace them in order to ensure their products and services are compliant for the brave, new, GDPR world.
By cleverly managing the access link with a test function that corresponds in specific cases to an access link that will expire after a defined period or an access link that will not log into the account if the person changes their password, the present method for controlling enables one to reduce the different identified risks identified above while involving a reduced calculation burden on the article submission platform. According to further aspects of this method for controlling which are advantageous but not compulsory, the method for controlling might incorporate one or several of the following features, taken in any technically admissible combination:
- the web platform is a platform for submitting scientific articles.
- one parameter is a binary value representative of the presence of a specific event.
- the specific event is chosen in the list consisting of the fact that the password of the user of the platform is changed, the publication of an article whose one author is the user, and the fact that no action is to be carried by the user.
- the test function is an OR function applied to at least one binary value representative of the presence of a specific event.
- one acquired parameter is the time lapsed since the activation time.
- the test function is an OR function applied to at least one binary value representative of the presence of a specific event and to the result of a function applied to the time lapsed since the activation time.
- the step of applying comprises calculating an Heaviside function applied to the time lapsed since the activation time minus a threshold, the test function depending from the result of the calculated Heaviside function.
- the threshold is superior or equal to fifteen days.
- the threshold is inferior or equal to thirty days.
- the request is sent by activating the access link contained in a notification mail.
- the test function is a binary function.
The specification also describes a computer program product comprising computer program instructions, the computer program instructions being loadable into a data- processing unit and adapted to cause execution of at least one step of the method for controlling as previously described when run by the data-processing unit.
The specification also relates to a computer-readable medium comprising computer program instructions which, when executed by a data-processing unit, cause execution of at least one step of the method for controlling as previously described.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention will be better understood on the basis of the following description which is given in correspondence with the annexed figures and as an illustrative example, without restricting the object of the invention. In the annexed figures:
- figure 1 shows schematically a platform and several terminals,
- figure 2 shows an example of partition of the platform in reserved spaces, and - figure 3 is a flowchart of an example of carrying out of a method for controlling the access to a space of the platform.
DETAILED DESCRIPTION OF SOME EMBODIMENTS
A platform 10 is schematically represented on figure 1 by a box.
Such platform 10 is accessible via the Internet and is thus a web platform.
The platform 10 is a platform for submitting scientific articles.
Such platform 10 is adapted to at least one of two tasks: a first task consisting in submitting scientific articles and results for the scientists wanting to publish and a second task consisting in reviewing the articles (peer-to-peer review).
The platform 10 ensures an interaction with several terminals 12, 14 and 16. This interaction is schematically represented by the dotted lines 18.
The platform 10 is a control system which is represented on figure 1 as a controller 20 in interaction with a computer program product 30.
The interaction between the computer program product 30 and the controller 20 enables to generate a platform 10 as schematically illustrated by the dashed line 22 and to control the platform 10 and notably the access to spaces of the platform 10. Such method for controlling the platform is thus a computer-implemented method.
The controller 20 is a desktop computer. In variant, the controller 20 is a rack-mounted computer, a laptop computer, a tablet computer, a PDA or a smartphone.
In specific embodiments, the computer is adapted to operate in real-time and/or is an embedded system, notably in a vehicle such as a plane.
In the case of figure 1 , the controller 20 comprises a calculator 32, a user interface 34 and a communication device which is not represented.
The calculator 32 is electronic circuitry adapted to manipulate and/or transform data represented by electronic or physical quantities in registers of the calculator 32 and/or memories in other similar data corresponding to physical data in the memories of the registers or other kinds of displaying devices, transmitting devices or memory devices.
As specific examples, the calculator 32 comprises a monocore or multicore processor (such as a CPU, a GPU, a microcontroller and a DSP), a programmable logic circuitry (such as an ASIC, a FPGA, a PLD and PLA), a state machine, gated logic and discrete hardware components.
The calculator 32 comprises a data-processing unit 38 which is adapted to process data, notably by carrying out calculations, memories 40 adapted to store data and a reader 42 adapted to read a computer readable medium.
The user interface 34 comprises an input device 44 and an output device 46. The input device 44 is a device enabling the user of the controller 20 to input information or command to the controller 20.
In figure 1 , the input device 44 is a keyboard. Alternatively, the input device 44 is a pointing device (such as a mouse, a touch pad and a digitizing tablet), a voice-recognition device, an eye tracker or a haptic device (motion gestures analysis).
The output device 46 is a graphical user interface, which is a display unit adapted to provide information to the user of the controller 20.
In figure 1 , the output device 46 is a display screen for visual presentation of output. In other embodiments, the output device is a printer, an augmented and/or virtual display unit, a speaker or another sound generating device for audible presentation of output, a unit producing vibrations and/or odors or a unit adapted to produce electrical signal.
In a specific embodiment, the input device 44 and the output device 46 are the same component forming man-machine interfaces, such as an interactive screen.
The communication device enables unidirectional or bidirectional communication between the components of the controller 20. For instance, the communication device is a bus communication system or an input/output interface.
The presence of the communication device enables that, in some embodiments, the components of the controller 20 be remote one from another.
The computer program product 30 comprises a computer readable medium 48.
The computer readable medium 48 is a tangible device that can be read by the reader 44 of the calculator 32.
Notably, the computer readable medium 48 is not transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, such as light pulses or electronic signals.
Such computer readable storage medium 48 is, for instance, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device or any combination thereof..
As a non-exhaustive list of more specific examples, the computer readable storage medium 48 is a mechanically encoded device such a punchcards or raised structures in a groove, a diskette, a hard disk, a ROM, a RAM, an EROM, an EEPROM, a magnetic-optical disk, a SRAM, a CD-ROM, a DVD, a memory stick, a floppy disk, a flash memory, a SSD or a PC card such as a PCMCIA.
A computer program is stored in the computer readable storage medium 48. The computer program comprises one or more stored sequence of program instructions.
Such program instructions when run by the data-processing unit 38, cause the execution of steps of any method that will be described below. For instance, the form of the program instructions is a source code form, a computer executable form or any intermediate forms between a source code and a computer executable form, such as the form resulting from the conversion of the source code via an interpreter, an assembler, a compiler, a linker or a locator. In variant, program instructions are a microcode, firmware instructions, state-setting data, configuration data for integrated circuitry (for instance VHDL) or an object code.
Program instructions are written in any combination of one or more languages, such as an object oriented programming language (FORTRAN, C"++, JAVA, HTML), procedural programming language (language C for instance).
Alternatively, the program instructions is downloaded from an external source through a network, as it is notably the case for applications. In such case, the computer program product comprises a computer-readable data carrier having stored thereon the program instructions or a data carrier signal having encoded thereon the program instructions.
In each case, the computer program product 30 comprises instructions, which are loadable into the data-processing unit 38 and adapted to cause execution of steps of any method described below when run by the data-processing unit 38. According to the embodiments, the execution is entirely or partially achieved either on the controller 20, that is a single computer, or in a distributed system among several computers (notably via cloud computing).
Terminals 12, 14 and 16 are end user equipments such as a smartphone, a tablet or a computer.
The same remarks made for the controller 20 are thus applicable to each terminal 12, 14 and 16 and are not repeated here.
The terminals 12, 14 and 16 are belonging to respective user. More precisely, the first terminal 12 belongs to a first user U1 , the second terminal 14 belongs to a second user U2 and the third terminal 16 belongs to a third user U3.
To each user U1 , U2 and U3, a space of the platform 10 is reserved. This means that the only person that should access to the reserved space of the platform 10.
This reservation of space in the platform 10 is schematically illustrated on figure 2.
In this figure 2, a partition of the memory 40 in reserved spaces is represented.
More precisely, the memory 40 is split into a first reserved space 50 (delimited by two frontiers 52 and 54 indicated by solid lines), a second reserved space 56 (delimited by two frontiers 58 and 60 indicated by dashed lines) and a third reserved space 62 (delimited by two frontiers 64 and 66 indicated by solid lines). In the current example, the first reserved space 50 is reserved to the first user U1 , the second reserved space 56 is reserved to the second user U2 and the third reserved space 62 is reserved to the third user U3.
In this context, the reserved space of a user comprises all relevant information shared when an article is submitted. This includes the article manuscript, access to all the data recorded and processed during the study that permits to check the results given in the article. It also includes the author’s history of submission and reviewing tasks in this journal.
It appears that the first reserved space 50 and the second reserved space 56 share a common space on the memory 40 which is delimited on one hand by the frontier 58 and on the other hand by the frontier 54. This common space corresponds to the case of articles, which were written by the first user U1 and the second user U2 as co-authors.
Similarly, it also that the second reserved space 56 and the third reserved space 62 share a common space on the memory 40 which is delimited on one hand by the frontier 64 and on the other hand by the frontier 60. This common space corresponds to the case of articles, which were written by the second user U2 and the third user U2 as co-authors.
In the case of figure 1 , the terminals 12, 14, 16 access to their respective reserved space 50, 56 and 62 either by logging to the platform 10 with entering passwords or by an access link.
The access link is contained in a notification message sent by the platform 10 to the respective user U1 , U2 or U3.
This notification message is, for instance, an email which includes an embedded URL.
URL is an abbreviation for Uniform Resource Locator which is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it. This means that URL designates a web address which is, in the current case, the web address of the reserved space 50, 56 and 62.
Alternatively, the notification message is a short text message, also known as SMS.
The user U1 , U2 or U3 is automatically authenticated upon clicking the access link in the notification message. This access link can thus be construed as an auto-login access link.
The operating of the platform 10 is now described with reference to figure 3, which illustrates a flowchart of an example of carrying out of a method for controlling the access to a space of the platform 10.
It is assumed that before the carrying out of the method for controlling, the first user U1 has shared an access link L to its first reserved space 50 with the second user U2 and the third user U3 because he is currently working on a new article with these users U2 and U3. The method for controlling aims at controlling the access to the platform 10 via the access link L.
The method for controlling comprises a step of receiving S100, a step of acquiring S102, a step of testing S108, the step of testing S108 being followed by either a step of authorizing access S114 or a step of deactivating S118 according to the result of the step of testing S108.
At the step of receiving S100, a request to access the first reserved space 50 is received by the platform 10.
More precisely, the request is received by the controller 20.
The request is a request generated by activating the access link L.
This activation was carried out from one of the terminals 12, 14 or 16.
This means that one of the user U1 , U2 or U3 sends to the controller 20 a request to access the first reserved space 50.
At the end of the step of receiving S100, a request is in treatment by the platform 10.
During the step of acquiring S102, parameters 01 , 02, 03 and 04 are acquired.
The parameters 01 , 02, 03 and 04 correspond to the history of events linked to the access to the first reserved space 50 since the access link L is active.
In the current case, the access link L is active since the emitting of the notification mail. The specific time of emitting of the notification mail is the activation time AT.
According to the example, the first parameter 01 is the time lapsed since the activation time AT.
This time lapsed since the emitting of then notification mail is named the activating time interval ATI.
In other words, the first parameter 01 is the activating time interval ATI.
In this example, the second parameter 02, the third parameter 03 and the fourth parameter 04 are the presence or the absence of a specific event.
These second parameter 02, third parameter 03 and fourth parameter 04 are coded as a binary number.
For instance, in case of absence of the event, the second parameter 02, the third parameter 03 and the fourth parameter 04 are coded as 0 while in case of presence of the event, the second parameter 02, the third parameter 03 and the fourth parameter 04 are coded as 1.
In the current case, the second parameter 02 is the publication of an article whose one author is the first user U1 .
The third parameter 03 is the absence of action to be carried out by the first user U1 to fulfill the process of publication of the article. The fourth parameter 04 is the change of password by the first user U1 .
At the end of the step of acquiring S102, four parameters 01 , 02, 03 and 04 are obtained.
A step of testing S108 is then carried out.
The step of testing S108 consists in applying a test function T to at least one of the parameters 01 , 02, 03 and 04 obtained at the end of the step of acquiring S102.
This is schematically illustrated by the arrow 106.
The test function T is a binary function.
The test function T is equal to a logical function which can be written as a first function F1 OR a second function F2 OR a third function F3 OR a fourth function F4. This means that:
T = F1 OR F2 OR F3 OR F4
Wherein:
• the OR function is a function for which A OR B =1 provided at least one of the binary values A and B is equal to 1.
In this example, the first function F1 is the Fleaviside function Fl(x) whose input x is the activating time interval 01 minus a threshold TFIR.
The first function F1 is thus such that F1 = H(01 -TFIR).
In other words, the first function F1 is equal to 1 when the activating time interval 01 is superior or equal to the threshold TFIR and the first function F1 is equal to 0 when the activating time interval 01 is inferior to the threshold TFIR.
For instance, the threshold TFIR is superior to fifteen days and inferior to thirty days.
According to the described example, the second function F2 is a function that provides a “0” in absence of a specific event and a “1” in presence of an event since the beginning of the activation of the access link L. Such specific function is labeled presence (event) in what follows.
The event which is the input of the second function F2 is the publication of an article whose one author is the first user U1. This event corresponds to the second parameter 02.
In other words, the second function F2 is such that F2 = presence (02).
Similarly, the third function F3 is linked to the presence of an action to be carried out by the first user U1 to fulfill the process of publication (third parameter 03) which means that it can be written that F3 = presence (03).
The fourth function F4 is linked to the presence of change of password of the first user U1 (fourth parameter 04) which means that it can be written that F4 = presence (04).
As a summary, the test function T can be written as:
T = FI(OI-TFIR) OR presence (02) OR presence (03) OR presence (04) The test function T therefore appears as a logic function built on the previously mentioned functions F1 , F2, F3 and F4.
Other logic functions can be considered.
As an example, a test function T is using the “AND” logic function in the following way:
T = [FI(OI-TFIR) AND presence (03) AND presence (04)] OR presence (02)
In such example, more weight is given to the second parameter 02.
Other examples are less elaborate test functions T, such as:
• T = H(01 -THR) OR presence (02);
• T = presence (03) AND presence (04), and
• T = H(01 -THR) OR presence (03).
So as to diminish the calculation, the test function T is reduced to one of the four functions F1 to F4.
As specific illustrations, the test function T is equal to H(01-THR) or the test function T is equal to presence (02).
At the end of the testing step S108, a result of the testing step S108 is obtained.
As can be seen on figure 2, depending on the result of the testing step S108, either the first way indicated by the arrow 110 or the second way indicated by the arrow 112 is followed.
When the binary value is 0, then the first way is followed, whereas when the binary value is 1 , then the second way is followed.
On the first way, the step of authorizing access S114 is carried out.
The step of authorizing access S114 enables the user U1 , U2 or U3 who did the request to access to the first reserved space 50 of the platform 10.
Further to this step of authorizing access S114, the method for controlling is led to the first step of receiving S100 as indicated by the arrow 116.
Then, as shown by the arrow 116, a new request, if any, is treated.
In that sense, the method for controlling is an iterative method.
In addition, this means that the method for controlling is carried out only when a request is present.
On the other way 112, the step of deactivating S118 is carried out.
The step of deactivating S118 consists in deactivating the access link L so that no request will be sent to the platform 10.
In an alternative way, the deactivating is carried out by changing the page which is displayed when activating the access link L. Instead of leading to the first reserved space 50, activating the access link L leads to an error page. The method for controlling therefore enables to control the validity of an access link L in a clever way.
On the one end, the access link L is deactivated for appropriate reasons due to the relevance of the test function T. For instance, the access link L is deactivated when an article whose one author is the owner of the reserved space 50, 56 and 62 is published or when there is no action to be carried out by the owner of the reserved space 50, 56 and 62 or when the password of the person is changed.
In particular, such method prevents the case of access to the submission data of a scientist contained in a platform 10 which has a permanent access to a coauthor’s account even if they reset the password.
On the other end, the access link L is only deactivated when relevant. In particular, if there is no request, the access link L is not deactivated but there is no issue in this since no one try to access to the reserved space. This result in reduced resources
In other words, with reduced resources, the reserved space 50, 56 and 62 is more secure than the platforms of the prior art.
As a summary, it appears that the platform 10 is an article submission platform offering better data protection and scientific integrity. Such platform 10 notably limits the risk of plagiarism and other forms of robbery of scientist’s work.
According to embodiment, the above-described methods for is implemented in many ways, notably using hardware, software or a combination thereof. In particular, each step is implemented by a module adapted to achieve the step or computer instructions adapted to cause the execution of the step by interaction with the controller 20.
It should also be noted that two steps in succession may, in fact, be executed substantially concurrently or in a reverse order depending on the considered embodiments.
EXPERIMENTAL RESULTS
The relevance of such method has been shown for BioMedical Research publications platforms.
As an introduction, it should be reminded that plagiarism and other forms of intellectual theft are far more common in science than one would like to think.Several ways to have access to a scientist’s relevant information shared when a person submits an article. This includes the manuscript, access to all the data recorded and processed during the study that permits the checking of the results in the article. It also includes the author’s history of submission and reviewing tasks in that journal. One source of potential theft and an effective way to have access to the submission data of a scientist (which is the main concern of this article) is having permanent access to the scientist’s account, even if the password is reset. This is unfortunately allowed directly by the submission platform of several journals.
The steps following a manuscript submission involve a notification of manuscript submission and thereafter a decision letter. While these notifications are widely shared among co-authors, they often, if not always, include a link that automatically logs the co author into the account of the corresponding author. Although this link may be accompanied by a warning message such as: ‘Do not share this encrypted link with others, as it will automatically log you into your account for X-based system’. The authors find that this link does not allow for the extra layer of security needed for the corresponding author. Table 1 shows the e-mail including a warning message sent by selected Journals.
Figure imgf000015_0001
Table 1: Email associated with a warning message by selected medical journals In Table 1 , the abbreviation “JAMA” stands for “Journal of the American Medical
Association”; the abbreviation “JACC” stands for “Journal of American College of Cardiology”; the abbreviation “BMJ” stands for “British Medical Journal”; the abbreviation “NEJM” stands for “New England Journal of Medicine” and the abbreviation “EHJ” stands for “European Heart Journal”. It is to be noted that following our correspondences with the Journal of the American
Medical Association (JAMA) they have taken steps and added the extra layer of security needed for corresponding authors in all their sub-journals. In addition, the yes/no corresponds to the presence/absence of a warning message (‘Do not share this encrypted link with others, as it will automatically log you into your account for X-based system’).
Such table 1 shows that the benefit of the method for controlling as previously described would be high.

Claims

1.- Method for controlling the access to a specific space (50, 56, 62) stored in a memory of a web platform (10) through an access link (L), the specific space (50, 56, 62) being reserved to a user (U1 , U2, U3) of the platform (10), the access link (L) being activatable by at least one user (U1 , U2, U3) since an activation time (AT), the activation time (AT) corresponding to the time at which the platform (10) provides the user (U1 , U2, U3) with the access link (L), the method comprising, in presence of a request to access to the reserved space (50, 56, 62) by activating the access link (L), the steps of:
- acquiring at least one parameter (01 , 02, 03, 04) relative to the history of events linked to the access to the reserved space (50, 56, 62) since the activation time (AT), to obtain at least one acquired parameter (01 , 02, 03, 04),
- applying a test function (T) to the at least one acquired parameter (01 , 02, 03, 04), so as to obtain a test result, and based on the test result:
- either authorizing the request to access to the reserved space (50, 56, 62),
- or deactivating the access link (L).
2.- Method according to claim 1 , wherein the web platform (10) is a platform for submitting scientific articles.
3.- Method according to claim 2, wherein one parameter (02, 03, 04) is a binary value representative of the presence of a specific event.
4.- Method according to claim 3, wherein the specific event is chosen in the list consisting of:
- the fact that the password of the user (U1 , U2, U3) of the platform is changed,
- the publication of an article whose one author is the user (U1 , U2, U3), and
- the fact that no action is to be carried by the user (U1 , U2, U3).
5.- Method according to claim 3 or 4, wherein the test function (T) is an OR function applied to at least one binary value representative of the presence of a specific event.
6.- Method according to any one of the claims 2 to 5, wherein one acquired parameter (01) is the time lapsed since the activation time (AT).
7.- Method according to claim 6 when depending from claim 3 or 4, wherein the test function (T) is an OR function applied to at least one binary value representative of the presence of a specific event (02, 03, 04) and to the result of a function applied to the time lapsed since the activation time (AT).
8.- Method according to claim 6 or 7, wherein the step of applying comprises calculating an Heaviside function (H) applied to the time lapsed since the activation time (AT) minus a threshold (THR), the test function (T) depending from the result of the calculated Heaviside function (H).
9.- Method according to claim 8, wherein the threshold (THR) is superior or equal to fifteen days.
10.- Method according to claim 8 or 9, wherein the threshold (THR) is inferior or equal to thirty days.
11.- Method according to any one of the claims 1 to 10, wherein the request is sent by activating the access link (L) contained in a notification mail.
12.- Method according to any one of the claims 1 to 11 , wherein the test function (T) is a binary function.
13.- Computer program product comprising computer program instructions, the computer program instructions being loadable into a data-processing unit and adapted to cause execution of at least one step of the method for controlling according to any one of claims 1 to 12 when run by the data-processing unit.
14.- Computer-readable medium comprising computer program instructions which, when executed by a data-processing unit, cause execution of at least one step of the method for controlling according to any one of the claims 1 to 12.
PCT/EP2020/079258 2019-10-17 2020-10-16 Method for controlling the access to a computer platform and associated devices WO2021074408A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP19306354.2 2019-10-17
EP19306354 2019-10-17

Publications (1)

Publication Number Publication Date
WO2021074408A1 true WO2021074408A1 (en) 2021-04-22

Family

ID=68581676

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2020/079258 WO2021074408A1 (en) 2019-10-17 2020-10-16 Method for controlling the access to a computer platform and associated devices

Country Status (1)

Country Link
WO (1) WO2021074408A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6360254B1 (en) * 1998-09-15 2002-03-19 Amazon.Com Holdings, Inc. System and method for providing secure URL-based access to private resources
US20080115227A1 (en) 2006-11-11 2008-05-15 Michael J Toutonghi Method and system to control access to content stored on a web server
US7895445B1 (en) 2001-04-26 2011-02-22 Nokia Corporation Token-based remote data access
WO2016099809A1 (en) 2014-12-19 2016-06-23 Dropbox, Inc. No password user account access

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6360254B1 (en) * 1998-09-15 2002-03-19 Amazon.Com Holdings, Inc. System and method for providing secure URL-based access to private resources
US7895445B1 (en) 2001-04-26 2011-02-22 Nokia Corporation Token-based remote data access
US20080115227A1 (en) 2006-11-11 2008-05-15 Michael J Toutonghi Method and system to control access to content stored on a web server
WO2016099809A1 (en) 2014-12-19 2016-06-23 Dropbox, Inc. No password user account access

Similar Documents

Publication Publication Date Title
CN106164919B (en) Browser-based identity with multiple logins
US9614670B1 (en) Systems and methods for encryption and provision of information security using platform services
US8397077B2 (en) Client side authentication redirection
US8689001B1 (en) Method and system for protecting user identification information
US9916437B2 (en) Automated password generation and change
CN104253812B (en) Entrust the certification for WEB service
US11546376B2 (en) Systems and methods for securing user domain credentials from phishing attacks
US9544380B2 (en) Data analytics and security in social networks
US9038146B1 (en) Delegation as a mechanism to manage business activity by taking on a shared identity
Kalaimannan et al. Influences on ransomware’s evolution and predictions for the future challenges
Otta et al. A systematic survey of multi-factor authentication for cloud infrastructure
Liu et al. Screenpass: Secure password entry on touchscreen devices
Otrok et al. Mobile phishing attack for Android platform
US12034714B2 (en) Techniques to pre-authenticate a user identity for an electronic account
WO2021074408A1 (en) Method for controlling the access to a computer platform and associated devices
US20230121470A1 (en) Preventing phishing attempts of one-time passwords
US20150264025A1 (en) Persistent bookmarklet authorization
US11741200B2 (en) Systems and methods for protection against theft of user credentials
Lehrman The weakest link: The risks associated with social networking websites
US20220150254A1 (en) System and method to control application access
US20230164178A1 (en) Secure authorization
Kukkala et al. Personal Computer Security Threats in Bengaluru India
Dawson Web and email security: Keeping your practice IT secure
Stull et al. Stability, Reliability, and Security
Wood Protecting email from prying eyes.

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20789201

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20789201

Country of ref document: EP

Kind code of ref document: A1