EP3311351A1 - Method for certifying electronic documents and contents on the internet and certification system of electronic documents and contents that implements said method - Google Patents
Method for certifying electronic documents and contents on the internet and certification system of electronic documents and contents that implements said methodInfo
- Publication number
- EP3311351A1 EP3311351A1 EP16734751.7A EP16734751A EP3311351A1 EP 3311351 A1 EP3311351 A1 EP 3311351A1 EP 16734751 A EP16734751 A EP 16734751A EP 3311351 A1 EP3311351 A1 EP 3311351A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- surfing
- contents
- electronic documents
- user
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 230000005540 biological transmission Effects 0.000 claims abstract description 8
- 238000012545 processing Methods 0.000 claims description 4
- 230000000875 corresponding effect Effects 0.000 description 8
- 230000004048 modification Effects 0.000 description 8
- 238000012986 modification Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 239000000243 solution Substances 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000006735 deficit Effects 0.000 description 2
- 230000007613 environmental effect Effects 0.000 description 2
- 238000009472 formulation Methods 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000002123 temporal effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000005352 clarification Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000009931 harmful effect Effects 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/018—Certifying business or products
- G06Q30/0185—Product, service or business identity fraud
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
- G06F21/645—Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
Definitions
- the present invention concerns a method for certifying electronic documents and contents.
- the present invention concerns a method for certifying electronic documents and contents in a protected environment on the Internet and a system for carrying out said certification which implements said method.
- the present invention is able not only to certify documents, generated or downloaded on the Internet, but also to save, date and certify Internet surfing, hence procedures, passes, search logics and connections, in such a way as to be exempt from counterfeiting, guaranteeing the authenticity and the possibility of certifying a posteriori the authenticity and date thereof, also if the original element is later no longer accessible.
- the date and time of acquisition of the screenshot can be left unchanged, but the content of the electronic document itself can be modified, for example with a retouching software program, for example cancelling a Company reference or an important connection, or cancelling a field of text, or modifying the URL address of the Internet site, rewriting it and/or camouflaging it.
- a retouching software program for example cancelling a Company reference or an important connection, or cancelling a field of text, or modifying the URL address of the Internet site, rewriting it and/or camouflaging it.
- US 6,839,879 Bl describes a method and the corresponding system for certifying electronic documents, which provides to temporally mark and manage electronic documents.
- GB 2357350 A describes a system for certifying electronic documents, more specifically electronic copies of real documents.
- this document provides to acquire real documents, for example by scanning them, or with other acquisition methods, to create an electronic copy of the documents to be certified.
- the document refers to the use of the Internet only to be able to associate the electronic device, with which an electronic document has been certified, with an archive system that is used to store all the electronic documents certified, and to be able to access the same.
- WO 02/077793 Al describes a method to organize contents generated by a computer, in particular to catalog them. The method described there provides to associate electronic contents with predefined parameters to supply a certification of the parameters associated with each electronic content acquired from web pages.
- US 2002/0124172 Al describes a method to validate web pages.
- the method provides to digitally sign electronic contents of a web page accessible by using a portal on the Internet, but changing the information content of the electronic contents signed because components need to be installed in the servers that host the web page to be signed.
- the solutions described above do not ensure a certification method that can be, for example, exempt from malware present on the surfing Client, from problems inserted between the Client and Internet, or from malevolent and fraudulent interventions by the user himself.
- the purpose of the present invention is therefore to perfect a method for certifying electronic documents and contents in a protected environment on the Internet, and a system to certify electronic documents and contents that implements said method, which are able to guarantee the authenticity and non- changeability of the electronic documents acquired, and which are able to frustrate any possible attempt to alter information and/or parameters of the electronic documents and contents acquired on the Internet.
- the Applicant has devised, tested and embodied the present invention to overcome the shortcomings of the state of the art and to obtain these and other purposes and advantages.
- Embodiments described here concern a method for certifying electronic documents and contents, which allows a user to surf the Internet in a protected environment to acquire and save said electronic documents and contents to be certified.
- the method comprises at least an acquisition step, a memorization step and a transmission step.
- the acquisition step comprises the following steps in succession:
- the surfing step provides to acquire and save an entire web surf of the user, therefore in terms of content intended as research strategies, connections, logics, passages and other, and also in terms of documents downloaded or generated.
- the memorization step comprises the following steps in succession:
- the content and document generation step provides at least a procedure in which the electronic documents and contents acquired are signed temporally without changing the information content of the electronic documents and contents themselves, therefore comprising the web pages visited and/or the web surfing performed by the user.
- - fig. 1 is a flow chart of certification steps of an electronic document, in accordance with the present invention.
- - fig. 2 is a schematic view of a certification system of a document, in accordance with the present invention.
- fig. 1 shows with a flow chart a method 10 for certifying documents, in particular documents in electronic format acquired from the Internet, and also electronic contents according to one embodiment of the present invention.
- the method 10 can be implemented using a system 100 for certifying electronic documents acquired on the Internet, or more generally electronic contents, for example a whole surfing on web pages, shown in its entirety by the general diagram in fig. 2.
- certification we mean, in general, the process by which documents or contents can be deemed unchanged from the moment when they were acquired.
- the certification of a document guarantees the persistence, consistency, validity, integrity and authenticity of spatial-temporal data, information, parameters and the source of acquisition of the electronic document itself.
- the invention can also refer to the information content of a particular electronic document or electronic content.
- the method 10 can comprise a step 12 of acquiring the electronic document or content.
- a user can acquire an electronic document or content to be certified.
- the user can for example surf the Internet in a protected environment to download one or more electronic documents or contents to be subsequently certified.
- the user can surf the Internet using a secure and controlled Internet connection.
- the user can surf the Internet in a computer portal for certifying documents or contents.
- the method 10 can comprise a step 14 of memorizing the electronic document or content acquired on the Internet, after the acquisition step 12.
- the memorization step 14 it is provided to memorize the one or more electronic documents or contents to be certified acquired on the Internet by the user, and the corresponding environmental parameters detected and measured by the system.
- the method 10 can comprise a transmission step 16, after the memorization step 14.
- a further memorization is provided of the one or more electronic documents or contents certified, in an archive support, such as for example a CD, DVD, USB support etc., which on request can be transmitted to the user who acquired the electronic documents or contents.
- an archive support such as for example a CD, DVD, USB support etc.
- the acquisition step 12 can comprise, in succession, a credit management step 18, a step 20 to start the protected environment, a step 22 to start a timer and counter, a web surfing step 24 and a step to choose the acquisition mode 26.
- the user can manage his credit to carry out one or more operations made available by the software program of the protected environment, such as for example concluding one or more certifications of electronic documents or contents and/or receiving the archive support with, inside it, the certified electronic documents.
- an initialization of the protected environment is provided, inside which the user can safely surf the net to acquire electronic documents or contents to be certified.
- the user can log in to the system 100, inserting a user name and a password.
- it can be provided to insert personal data such as one's tax code and or other personal data that guarantee the user's authenticity, for example using strong authentication systems.
- the step 22 to start a timer and counter provides to start a timer device and a counter device, configured respectively to generate and memorize the user's web surfing time and to detect the quantity of information downloaded during the user's web surfing, for example the quantity of Bytes used during the active surfing session.
- a timer device advantageously allows to monitor the user's surfing session both constantly and accurately, increasing the reliability of the acquisitions and consequently the certifications made, both in terms of the documents generated, viewed or uploaded/downloaded, and also more generally in terms of contents, such as the surfing mode, the search logics or other.
- the user can surf the Internet inside the protected environment, for example searching for the contents from which to acquire the one or more electronic documents or contents to be certified.
- the user can select one or more acquisition modes of the electronic documents or contents to be certified.
- the user can acquire a single web page, for example making a screenshot of the screen displayed.
- he/she can acquire a whole website, or a specific image or video, or data from specific environments, for example from social networks.
- the web surfing step 24 provides to acquire and save the user's whole web surfing.
- the user can activate specific plug- ins supported by the computer portal, able to acquire specific web contents.
- the memorization step 14 can comprise an archiving step 28 and a subsequent document generation step 30.
- the electronic documents or contents acquired are archived in at least a network archive system 190 associated with the certification system 100.
- the electronic documents or contents are validated and encoded to guarantee their security against any possible attempt to modify them, either external (by third parties) or internal (by the user who acquired electronic documents during the protected surfing or by the system administrators), after acquisition.
- the one or more network archive systems 190 can execute, substantially constantly, one or more backup copies, geographically distributed, of the chronology of the surfing session, the acquisition, the data input by the user, etc., so as to guarantee a further security to the system 100, to the state of the acquisition environment and surroundings, against any attempt at modification.
- the document generation step 30 provides to temporally sign the electronic documents or contents acquired on the Internet, in particular to certify the exact date and time they were acquired and to guarantee they cannot be changed.
- the temporal signature of the electronic documents or contents acquired does not modify the information content of the electronic documents or contents themselves and/or the web pages and/or the user's entire surfing session.
- the document generation step 30 provides to generate an information report, containing information as complete as possible on the user's whole surfing session.
- the information report can contain the data acquired and the corresponding references to guarantee the substance and non-changeability thereof.
- the method 10 can comprise a further credit management step 18 which allows the user to verify if there is sufficient credit for the possible subsequent step 16 of transmitting the information report and the one or more electronic documents acquired, certified, archived in one or more of the archive backups cited above.
- the user can connect to the protected environment to carry out a trial surfing session, for example free.
- the trial session can be limited in the functions available, compared with the complete session which is generally available in return for payment, and can be active for a limited time and/or for a limited number of trials.
- fig. 2 shows a system 100 for certifying electronic documents or contents that can implement the method 10 described above.
- the system 100 can be connected to a fruition unit 110 of the electronic documents to be certified.
- the fruition unit 1 10 is a device owned and/or used by the user that allows to connect to the system 100 for certifying electronic documents or contents.
- the fruition unit 110 can be for example an electronic processor, such as for example a computer, notebook, netbook or a mobile electronic device, such as for example a smartphone, tablet or any other device that allows the user to surf the Net simply and securely and to access the computer portal for certifying electronic documents or contents.
- an electronic processor such as for example a computer, notebook, netbook or a mobile electronic device, such as for example a smartphone, tablet or any other device that allows the user to surf the Net simply and securely and to access the computer portal for certifying electronic documents or contents.
- the system 100 can comprise a surfing and acquisition interface 180 of the electronic documents or contents to be certified.
- the surfing and acquisition interface 180 is accessible through the fruition unit 1 10 when the latter is correctly connected to the system 100.
- the fruition unit 1 10 can comprise a graphical interface 120, configured to display the surfing and acquisition interface 180 and hence the screenshots of the various Internet sites to the connected user, through an encoded web connection.
- the graphical interface 120 can be a touch screen that allows the user to select functions and insert input without needing to use a keyboard and/or a mouse.
- Fig. 2 shows by way of example the screen of an internet site displayed on a fruition unit 110.
- the graphical interface 120 in this situation, can comprise an URL address 130, a date reference 135, a time reference 140, a title reference 145, an image 150, an image description 155 and a hypertext link 160.
- the URL address 130 can show, preferably alphanumerically, the address of the internet site in which the user is surfing at a specific moment.
- the date reference 135 and the time reference 140 are indicators that show respectively the actual surfing date and the actual surfing time.
- the surfing date and time in the protected environment can be constantly compared with external systems, having an hourly reference which, in a preferred solution, can be monitored by other external systems.
- the external system can surf sites with pages that have a date stamp, to constantly compare the date.
- This aspect is particularly advantageous because it makes it substantially impossible to modify the date and time with the intention of falsifying the acquisition moment and hence the certification of electronic documents or contents acquired on the Internet.
- the title reference 145 is a field of text that synthetically describes the content of the Internet site.
- the one or more images 150 can be, for example, photos of objects, reference drawings, graphics etc., present inside the Internet site.
- the image description 155 is generally a text that is inserted in correspondence with the image 150 to give a substantive description thereof.
- the one or more hypertext links 160 can be links to other Internet pages, in particular they can be links that, if selected, direct the user to one or more new Internet pages.
- the graphical interface 120 can also comprise other fields of text 165, which can for example contain an article, a description, a space inside which it is possible to insert notes, comments, reviews or other.
- the graphical interface 120 can also comprise one or more plugins for access to functions relating to social networks for example.
- the surfing and acquisition interface 180 can be associated with a surfing system 191, for example a router, with network archive systems 190, for example servers, and with processing systems 192, also servers for example.
- a surfing system 191 for example a router
- network archive systems 190 for example servers
- processing systems 192 also servers for example.
- the user's fruition unit 1 10 can be connected by Internet and a web browser to the system 100.
- the fruition unit 110 can be connected, for example in wireless mode, and in any case by an Internet network, to the surfing and acquisition interface 180.
- the system 100 can be configured, by means of the surfing and acquisition interface 180, to supply to the fruition unit 110 a protected surfing environment, which allows the user only to surf the net to search for contents to be acquired and certified.
- the network archive systems 190 and the processing systems 192 can be interfaced, in protected and indirect mode, and only by means of the surfing and acquisition interface 180, to the fruition unit 1 10 and can be configured to process and archive securely the various electronic data from the user's surfing.
- the method 10 provides to read in advance any possible attempt to modify one or more of the elements cited above and the corresponding communication methods, in order to block said possible attempt, preventing any modification and the falsification of the certification of the one or more electronic documents acquired by the user.
- a user may possibly try to modify the URL address 130 of the Internet site inside which he is surfing, and try to modify the actual address with a different one.
- DNS injection a procedure called "DNS injection” which consists of intervening in resolving the names, that is, when a domain name is converted into an IP address in order to take the web surfing to another destination transparently.
- the invention provides that DNS lookups for resolving domain names are carried out on an internal search engine and compared with lookups carried out at the same time on other external DNS engines.
- a user may also possibly try to re-direct the surfing onto websites that have been falsified by modifications of the routing systems, and in particular by modifying the connection between the router and the fruition unit 110, and/or between the surfing and acquisition interface 180 and fruition unit 110, for example by modifying the transmission protocols of the router/routers.
- the data packages transmitted by the router/routers are traced and acquired in a non-modifiable format at the same time as the user is surfing.
- a user may try to modify contents inside the Internet site by using malware programs present for example in the fruition unit 110 or in the external network archive system 190.
- surfing systems 191 are not directly accessible by users, and therefore the possibilities of action and consequent impairment are limited.
- the data are acquired through two or more different access channels to the Internet, used simultaneously or randomly, so as to be able to compare the contents downloaded in parallel and to identify possible attempts to alter them and/or make the surfing channel used not predictable.
- the paths and times of travel of the data packages used are continuously monitored, so as to identify possible anomalies in them.
- network archive systems 190 are protected by evolved firewall systems and by systems 193 to monitor intrusions. Every attempted access is logged on remote devices. In particular, if an attempted access is not authorized, the monitoring systems 193 sound an alarm.
- the data are also encoded, by means of an encoding system 194, so as to make it substantially impossible to modify them without breaking the code.
- the main files of the operating system are analyzed cyclically by part of an integrity control system 195. This can be configured to sound alarms if compromises are identified.
- Both the data archives and the attached reports are signed digitally and marked temporally. It is therefore not possible to modify the contents and/or the properties without this harmful activity being detected, thus causing the archive itself to lose its validity.
- the information report generated during the document generation step 30 includes the list of materials of the archive, with the corresponding hash signatures. Moreover, the hash of the whole archive is included, so as to make any impairment difficult.
- the information report is digitally signed so as to prevent any modification thereof by a third party.
- the whole fruition activity of the fruition unit 110 is registered, certified and attached to the data archive, available to the user.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Entrepreneurship & Innovation (AREA)
- Accounting & Taxation (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Finance (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Method for certifying electronic documents, which allows a user to surf the Internet in a protected environment to acquire said electronic documents to be certified, comprising an acquisition step (12), a memorization step (14) and a transmission step (16). The acquisition step (12) comprises at least a step to start a protected environment, a surfing step and a step to choose the acquisition mode. The memorization step (14) comprises at least an archiving step and a document generation step.
Description
"METHOD FOR CERTIFYING ELECTRONIC DOCUMENTS AND CONTENTS ON THE INTERNET AND CERTIFICATION SYSTEM OF ELECTRONIC DOCUMENTS AND CONTENTS THAT IMPLEMENTS SAID METHOD"
* * * * *
FIELD OF THE INVENTION
The present invention concerns a method for certifying electronic documents and contents.
In particular, the present invention concerns a method for certifying electronic documents and contents in a protected environment on the Internet and a system for carrying out said certification which implements said method.
By electronic documents and contents, here and hereafter in the present description, we mean that the present invention is able not only to certify documents, generated or downloaded on the Internet, but also to save, date and certify Internet surfing, hence procedures, passes, search logics and connections, in such a way as to be exempt from counterfeiting, guaranteeing the authenticity and the possibility of certifying a posteriori the authenticity and date thereof, also if the original element is later no longer accessible.
BACKGROUND OF THE INVENTION
In the most varied and heterogeneous fields, the need to certify documents is known, in particular documents in electronic format, so that they can be used for example as documentary proof with a "sure date", in lawsuits for accusations of slander, stalking, counterfeit products, copying graphics, copyright infringement and infringement of intellectual property rights in general, etc.
In such cases it is fundamental to certify the authenticity and non- changeability of the information contained in the electronic document, so as to allow a correct and univocal judgment thereof.
To ensure that the information content of a document has not been modified or altered, even only partly, at a subsequent moment after it was first issued, it is important to have available techniques with great safety and strength, and which do not allow, substantially in any way, the intentional and in some cases fraudulent modification of the information content.
In order to obtain this, individuals and Companies generally rely on external
subjects that research and certify the electronic documents on behalf of the Client, in exchange for remuneration that is usually quite high.
Two things that can easily be modified in an electronic document are the date and time it was acquired.
For example, it is generally possible, and not extremely complex, to make a screenshot of an Internet site displaying a counterfeit product and then modify directly on the electronic document acquired the date of acquisition (for example a date prior to the date it was actually acquired) so as to be able to at least partly refute possible accusations of infringement.
Alternatively, the date and time of acquisition of the screenshot can be left unchanged, but the content of the electronic document itself can be modified, for example with a retouching software program, for example cancelling a Company reference or an important connection, or cancelling a field of text, or modifying the URL address of the Internet site, rewriting it and/or camouflaging it.
Apart from these more conventional modification techniques, the evolution of technology and skills currently allows to alter the information content of an electronic document also and especially by directly modifying the methods of communication and interaction of acquisition machines and/or devices with servers and/or memory apparatuses associated with them.
For example, it is generally possible to modify functioning and/or connection parameters of the device with which the electronic document to be certified is acquired, with the network server and/or the router, etc. In this way it is possible to modify the information and parameters of the electronic document by acting directly on the acquisition and/or memorization platform and/or the surrounding environment, before the electronic document is actually acquired, falsifying the information and/or the content of the document.
Faced by all these possibilities of altering and modifying electronic documents and/or, more generally, the contents connected to or deriving from said documents, in particular on the Internet, known certification methods generally do not offer high parameters of safety and guarantee, and are vulnerable to the multiple and increasingly sophisticated attempts to modify and alter electronic documents by third parties and/or the user who acquires an electronic document for certification.
In the state of the art there are several methods and/or systems used to certify documents, but these have various problems and therefore cannot be considered completely reliable.
For example, US 6,839,879 Bl describes a method and the corresponding system for certifying electronic documents, which provides to temporally mark and manage electronic documents.
GB 2357350 A describes a system for certifying electronic documents, more specifically electronic copies of real documents. In particular, this document provides to acquire real documents, for example by scanning them, or with other acquisition methods, to create an electronic copy of the documents to be certified.
The document refers to the use of the Internet only to be able to associate the electronic device, with which an electronic document has been certified, with an archive system that is used to store all the electronic documents certified, and to be able to access the same.
WO 02/077793 Al describes a method to organize contents generated by a computer, in particular to catalog them. The method described there provides to associate electronic contents with predefined parameters to supply a certification of the parameters associated with each electronic content acquired from web pages.
US 2002/0124172 Al describes a method to validate web pages. In particular, the method provides to digitally sign electronic contents of a web page accessible by using a portal on the Internet, but changing the information content of the electronic contents signed because components need to be installed in the servers that host the web page to be signed.
These solutions are not very reliable because it is relatively easy to modify the information content of the acquisitions, for example by modifying the content of any web page.
Therefore, the solutions described above do not ensure a certification method that can be, for example, exempt from malware present on the surfing Client, from problems inserted between the Client and Internet, or from malevolent and fraudulent interventions by the user himself.
There is therefore a need to perfect a method and to obtain the corresponding system to certify electronic documents and contents that are able to offer a high
level of security and non-changeability of an electronic document or content acquired on the Internet.
The purpose of the present invention is therefore to perfect a method for certifying electronic documents and contents in a protected environment on the Internet, and a system to certify electronic documents and contents that implements said method, which are able to guarantee the authenticity and non- changeability of the electronic documents acquired, and which are able to frustrate any possible attempt to alter information and/or parameters of the electronic documents and contents acquired on the Internet.
The Applicant has devised, tested and embodied the present invention to overcome the shortcomings of the state of the art and to obtain these and other purposes and advantages.
SUMMARY OF THE INVENTION
The present invention is set forth and characterized in the independent claims, while the dependent claims describe other characteristics of the invention or variants to the main inventive idea.
Embodiments described here concern a method for certifying electronic documents and contents, which allows a user to surf the Internet in a protected environment to acquire and save said electronic documents and contents to be certified.
According to one aspect of the present invention, the method comprises at least an acquisition step, a memorization step and a transmission step.
According to another aspect of the present invention, the acquisition step comprises the following steps in succession:
- a credit management step,
- a step to start a protected environment,
- a step to start a timer and counter,
- a web surfing step,
- a step to choose the acquisition mode.
In particular, according to one formulation of the present invention, the surfing step provides to acquire and save an entire web surf of the user, therefore in terms of content intended as research strategies, connections, logics, passages and other, and also in terms of documents downloaded or generated.
According to another aspect of the present invention, the memorization step comprises the following steps in succession:
- an archiving step,
- a content and document generation step,
wherein the content and document generation step provides at least a procedure in which the electronic documents and contents acquired are signed temporally without changing the information content of the electronic documents and contents themselves, therefore comprising the web pages visited and/or the web surfing performed by the user.
BRIEF DESCRIPTION OF THE DRAWINGS
These and other characteristics of the present invention will become apparent from the following description of some embodiments, given as a non-restrictive example with reference to the attached drawings wherein:
- fig. 1 is a flow chart of certification steps of an electronic document, in accordance with the present invention;
- fig. 2 is a schematic view of a certification system of a document, in accordance with the present invention.
To facilitate comprehension, the same reference numbers have been used, where possible, to identify identical common elements in the drawings. It is understood that elements and characteristics of one embodiment can conveniently be incorporated into other embodiments without further clarifications.
DETAILED DESCRIPTION OF SOME EMBODIMENTS
According to the present invention, fig. 1 shows with a flow chart a method 10 for certifying documents, in particular documents in electronic format acquired from the Internet, and also electronic contents according to one embodiment of the present invention.
According to one embodiment of the present invention, the method 10 can be implemented using a system 100 for certifying electronic documents acquired on the Internet, or more generally electronic contents, for example a whole surfing on web pages, shown in its entirety by the general diagram in fig. 2.
By certification we mean, in general, the process by which documents or contents can be deemed unchanged from the moment when they were acquired. In particular, the certification of a document guarantees the persistence,
consistency, validity, integrity and authenticity of spatial-temporal data, information, parameters and the source of acquisition of the electronic document itself.
In general, the invention can also refer to the information content of a particular electronic document or electronic content.
It is fundamental to obtain a secure and reliable certification, especially for electronic documents and contents and/or data that will be used in legal or administrative disputes, and that will therefore be subjected to a judgment possibly entailing considerable damages.
According to some embodiments of the present invention, the method 10 can comprise a step 12 of acquiring the electronic document or content.
During the acquisition step 12 a user can acquire an electronic document or content to be certified. In particular, the user can for example surf the Internet in a protected environment to download one or more electronic documents or contents to be subsequently certified.
According to one aspect of the present invention, the user can surf the Internet using a secure and controlled Internet connection.
In particular, the user can surf the Internet in a computer portal for certifying documents or contents.
According to some embodiments, the method 10 can comprise a step 14 of memorizing the electronic document or content acquired on the Internet, after the acquisition step 12.
During the memorization step 14, it is provided to memorize the one or more electronic documents or contents to be certified acquired on the Internet by the user, and the corresponding environmental parameters detected and measured by the system.
According to some embodiments of the present invention, the method 10 can comprise a transmission step 16, after the memorization step 14.
During the transmission step 16, a further memorization is provided of the one or more electronic documents or contents certified, in an archive support, such as for example a CD, DVD, USB support etc., which on request can be transmitted to the user who acquired the electronic documents or contents.
According to one embodiment of the present invention, the acquisition step 12
can comprise, in succession, a credit management step 18, a step 20 to start the protected environment, a step 22 to start a timer and counter, a web surfing step 24 and a step to choose the acquisition mode 26.
During the credit management step 18, the user can manage his credit to carry out one or more operations made available by the software program of the protected environment, such as for example concluding one or more certifications of electronic documents or contents and/or receiving the archive support with, inside it, the certified electronic documents.
During the step 20 to start the protected environment, an initialization of the protected environment is provided, inside which the user can safely surf the net to acquire electronic documents or contents to be certified.
In order to start the protected environment for protected surfing, the user can log in to the system 100, inserting a user name and a password. Moreover, to make each access safer, it can be provided to insert personal data such as one's tax code and or other personal data that guarantee the user's authenticity, for example using strong authentication systems.
The step 22 to start a timer and counter provides to start a timer device and a counter device, configured respectively to generate and memorize the user's web surfing time and to detect the quantity of information downloaded during the user's web surfing, for example the quantity of Bytes used during the active surfing session.
The presence of a timer device advantageously allows to monitor the user's surfing session both constantly and accurately, increasing the reliability of the acquisitions and consequently the certifications made, both in terms of the documents generated, viewed or uploaded/downloaded, and also more generally in terms of contents, such as the surfing mode, the search logics or other.
During the web surfing step 24, the user can surf the Internet inside the protected environment, for example searching for the contents from which to acquire the one or more electronic documents or contents to be certified.
During the step to choose the acquisition mode 26, the user can select one or more acquisition modes of the electronic documents or contents to be certified.
In particular, the user can acquire a single web page, for example making a screenshot of the screen displayed. Or he/she can acquire a whole website, or a
specific image or video, or data from specific environments, for example from social networks.
According to the present invention, the web surfing step 24 provides to acquire and save the user's whole web surfing.
This is particularly advantageous because, unlike the certification methods and/or systems known in the state of the art, it allows to guarantee the authenticity of the whole web session, for example, but not only, in terms of pages visited, documents seen and/or downloaded, search logics and procedures, and consequently guarantees the certification thereof.
According to another aspect of the present invention, during the acquisition step 26 metadata and environmental information are acquired, which advantageously allow to further guarantee the security of the acquisition environment.
According to one aspect of the present invention, during the web surfing step 24, the user can activate specific plug- ins supported by the computer portal, able to acquire specific web contents.
According to the present invention, the memorization step 14 can comprise an archiving step 28 and a subsequent document generation step 30.
During the archiving step 28, the electronic documents or contents acquired are archived in at least a network archive system 190 associated with the certification system 100.
During the archiving step 28, the electronic documents or contents are validated and encoded to guarantee their security against any possible attempt to modify them, either external (by third parties) or internal (by the user who acquired electronic documents during the protected surfing or by the system administrators), after acquisition.
According to one aspect of the present invention, for the whole of the user's protected surfing session, the one or more network archive systems 190 can execute, substantially constantly, one or more backup copies, geographically distributed, of the chronology of the surfing session, the acquisition, the data input by the user, etc., so as to guarantee a further security to the system 100, to the state of the acquisition environment and surroundings, against any attempt at modification.
The document generation step 30 provides to temporally sign the electronic documents or contents acquired on the Internet, in particular to certify the exact date and time they were acquired and to guarantee they cannot be changed.
According to one aspect of the present invention, the temporal signature of the electronic documents or contents acquired does not modify the information content of the electronic documents or contents themselves and/or the web pages and/or the user's entire surfing session.
According to a possible embodiment of the present invention, the document generation step 30 provides to generate an information report, containing information as complete as possible on the user's whole surfing session. The information report can contain the data acquired and the corresponding references to guarantee the substance and non-changeability thereof.
According to a possible embodiment of the present invention, after the document generation step 30, the method 10 can comprise a further credit management step 18 which allows the user to verify if there is sufficient credit for the possible subsequent step 16 of transmitting the information report and the one or more electronic documents acquired, certified, archived in one or more of the archive backups cited above.
According to one aspect of the present invention, the user can connect to the protected environment to carry out a trial surfing session, for example free. The trial session can be limited in the functions available, compared with the complete session which is generally available in return for payment, and can be active for a limited time and/or for a limited number of trials.
According to the present invention, fig. 2 shows a system 100 for certifying electronic documents or contents that can implement the method 10 described above.
According to the present invention, the system 100 can be connected to a fruition unit 110 of the electronic documents to be certified.
The fruition unit 1 10 is a device owned and/or used by the user that allows to connect to the system 100 for certifying electronic documents or contents.
In particular, the fruition unit 110 can be for example an electronic processor, such as for example a computer, notebook, netbook or a mobile electronic device, such as for example a smartphone, tablet or any other device that allows the user
to surf the Net simply and securely and to access the computer portal for certifying electronic documents or contents.
According to the present invention, the system 100 can comprise a surfing and acquisition interface 180 of the electronic documents or contents to be certified. The surfing and acquisition interface 180 is accessible through the fruition unit 1 10 when the latter is correctly connected to the system 100. In particular, the fruition unit 1 10 can comprise a graphical interface 120, configured to display the surfing and acquisition interface 180 and hence the screenshots of the various Internet sites to the connected user, through an encoded web connection.
According to one embodiment of the present invention, as in fig. 2, the graphical interface 120 can be a touch screen that allows the user to select functions and insert input without needing to use a keyboard and/or a mouse.
It is understood that this aspect is not restrictive of the field of the present invention, since any graphical interface 120 can be used which, using one or more input devices, allows the user to surf the net completely and safely.
Fig. 2 shows by way of example the screen of an internet site displayed on a fruition unit 110.
The graphical interface 120, in this situation, can comprise an URL address 130, a date reference 135, a time reference 140, a title reference 145, an image 150, an image description 155 and a hypertext link 160.
The URL address 130 can show, preferably alphanumerically, the address of the internet site in which the user is surfing at a specific moment.
The date reference 135 and the time reference 140 are indicators that show respectively the actual surfing date and the actual surfing time.
According to one aspect of the present invention, the surfing date and time in the protected environment can be constantly compared with external systems, having an hourly reference which, in a preferred solution, can be monitored by other external systems.
This is particularly advantageous because it helps to guarantee the authenticity of the user's surfing, and in particular of the computer portal and the web sites using the latter.
In parallel, moreover, the external system can surf sites with pages that have a date stamp, to constantly compare the date.
This aspect is particularly advantageous because it makes it substantially impossible to modify the date and time with the intention of falsifying the acquisition moment and hence the certification of electronic documents or contents acquired on the Internet.
The title reference 145 is a field of text that synthetically describes the content of the Internet site.
The one or more images 150 can be, for example, photos of objects, reference drawings, graphics etc., present inside the Internet site.
The image description 155 is generally a text that is inserted in correspondence with the image 150 to give a substantive description thereof.
The one or more hypertext links 160 can be links to other Internet pages, in particular they can be links that, if selected, direct the user to one or more new Internet pages.
The graphical interface 120 can also comprise other fields of text 165, which can for example contain an article, a description, a space inside which it is possible to insert notes, comments, reviews or other.
According to the present invention, the graphical interface 120 can also comprise one or more plugins for access to functions relating to social networks for example.
According to one embodiment of the present invention, the surfing and acquisition interface 180 can be associated with a surfing system 191, for example a router, with network archive systems 190, for example servers, and with processing systems 192, also servers for example.
The user's fruition unit 1 10 can be connected by Internet and a web browser to the system 100.
In particular, the fruition unit 110 can be connected, for example in wireless mode, and in any case by an Internet network, to the surfing and acquisition interface 180.
The system 100 can be configured, by means of the surfing and acquisition interface 180, to supply to the fruition unit 110 a protected surfing environment, which allows the user only to surf the net to search for contents to be acquired and certified.
The network archive systems 190 and the processing systems 192 can be
interfaced, in protected and indirect mode, and only by means of the surfing and acquisition interface 180, to the fruition unit 1 10 and can be configured to process and archive securely the various electronic data from the user's surfing. According to some embodiments of the present invention, the method 10 provides to read in advance any possible attempt to modify one or more of the elements cited above and the corresponding communication methods, in order to block said possible attempt, preventing any modification and the falsification of the certification of the one or more electronic documents acquired by the user. Hereafter we will refer to some cases, given by way of non-restrictive examples, of attempts to modify and change acquisitions and the corresponding remedies to guarantee the validity and security of the certification process of the method 10 to certify electronic documents on the Internet.
A user may possibly try to modify the URL address 130 of the Internet site inside which he is surfing, and try to modify the actual address with a different one.
To contrast this attempt, it is provided to trace and memorize all the surfing addresses recalled by the web software program, which does not allow to certify any electronic document associated with an erroneous surfing address.
It is however possible that a user may try to modify the resolution of the address using a procedure called "DNS injection", which consists of intervening in resolving the names, that is, when a domain name is converted into an IP address in order to take the web surfing to another destination transparently.
On this point, the invention provides that DNS lookups for resolving domain names are carried out on an internal search engine and compared with lookups carried out at the same time on other external DNS engines.
A user may also possibly try to re-direct the surfing onto websites that have been falsified by modifications of the routing systems, and in particular by modifying the connection between the router and the fruition unit 110, and/or between the surfing and acquisition interface 180 and fruition unit 110, for example by modifying the transmission protocols of the router/routers.
In this context, according to the present invention, the data packages transmitted by the router/routers are traced and acquired in a non-modifiable format at the same time as the user is surfing.
A user may try to modify contents inside the Internet site by using malware programs present for example in the fruition unit 110 or in the external network archive system 190.
To contrast this possibility, it is provided that surfing systems 191 are not directly accessible by users, and therefore the possibilities of action and consequent impairment are limited.
Furthermore, the data are acquired through two or more different access channels to the Internet, used simultaneously or randomly, so as to be able to compare the contents downloaded in parallel and to identify possible attempts to alter them and/or make the surfing channel used not predictable. According to another aspect of the present invention, the paths and times of travel of the data packages used are continuously monitored, so as to identify possible anomalies in them.
It is possible to try to directly modify the data acquired by the user by an administrative access to the network archive systems 190, that is, forcing the system 100 and/or compromising it.
This possibility is contrasted by providing that the network archive systems 190 are protected by evolved firewall systems and by systems 193 to monitor intrusions. Every attempted access is logged on remote devices. In particular, if an attempted access is not authorized, the monitoring systems 193 sound an alarm.
Furthermore, the data are also encoded, by means of an encoding system 194, so as to make it substantially impossible to modify them without breaking the code.
According to one aspect of the present invention, if the code were successfully broken and the archive consequently modified, this would also modify the hashes generated during the coding and would invalidate the digital signature and the temporal mark previously affixed to the electronic documents.
It is possible to try to cancel the data acquired through an administrative access to the network archive systems 190, forcing the system 100 and partly or completely cancelling the data acquired.
According to a preferred formulation of the present invention, in this option all the data are replicated on a memorization system located geographically in
another place from the network archive systems 190 and are not accessible by the surfing systems 191 and the processing systems 192.
It is possible to try to attack and compromise the computer system relating to the system 100, generating anomalies and hence altering the data acquired and/or during the acquisition step 12.
The main files of the operating system are analyzed cyclically by part of an integrity control system 195. This can be configured to sound alarms if compromises are identified.
It is possible to try to alter the date and time at a time after the acquisition step 12, after the archives have been downloaded from the network archive systems 190.
Both the data archives and the attached reports are signed digitally and marked temporally. It is therefore not possible to modify the contents and/or the properties without this harmful activity being detected, thus causing the archive itself to lose its validity.
It is possible to try to modify the screenshots acquired after the archives of the network archive systems 190 have been downloaded.
Any possible modification of the screenshots acquired entails the loss of validity of the archive and the digital signature affixed on the electronic document in question.
Furthermore, it is possible to try to eliminate or modify some contents after the archives have been downloaded, in particular by the user connected.
The information report generated during the document generation step 30 includes the list of materials of the archive, with the corresponding hash signatures. Moreover, the hash of the whole archive is included, so as to make any impairment difficult.
According to another aspect of the present invention, the information report is digitally signed so as to prevent any modification thereof by a third party.
According to another aspect of the present invention, with the prior consent of the user, the whole fruition activity of the fruition unit 110 is registered, certified and attached to the data archive, available to the user.
These cases, given by way of non-restrictive examples, do not exclude other cases of attempts to compromise the documents and the corresponding actions to
safeguard the correct certification of electronic documents.
It is clear that modifications and/or additions of parts may be made to the method 10 and system 100 as described heretofore, without departing from the field and scope of the present invention.
It is also clear that, although the present invention has been described with reference to some specific examples, a person of skill in the art shall certainly be able to achieve many other equivalent forms of method 10 and systems 100, having the characteristics as set forth in the claims and hence all coming within the field of protection defined thereby.
Claims
1. Method for certifying electronic documents or contents, which allows a user to surf the Internet in a protected environment to acquire said electronic documents or contents to be certified, characterized in that it comprises an acquisition step (12), a memorization step (14) and a transmission step (16), wherein said acquisition step (12) comprises the following steps in succession:
- a credit management step (18),
- a step to start a protected environment (20),
- a step to start a timer and counter (22),
- a web surfing step (24),
- a step to choose the acquisition mode (26), wherein said web surfing step (24) provides to acquire and save the user's entire web surfing,
wherein said memorization step (14) comprises the following steps in succession:
- an archiving step (28),
- a document generation step (30), and wherein said document generation step (30) provides to temporally sign the electronic documents or contents acquired without changing the information content of said electronic documents or contents acquired and/or the web pages and/or the user's web surfing.
2. Certification method as in claim 1, characterized in that during said step to choose the acquisition mode (26) the user chooses at least one acquisition mode of said electronic documents or contents on the Internet, in particular inside a group consisting of acquiring a single internet page, acquiring a whole internet site, acquiring a specific image or video, acquiring a document with the data relating to the surfing and data coming from specific environments.
3. Certification method as in any claim hereinbefore, characterized in that said document generation step (30) comprises another credit management step (18).
4. Method as in any claim hereinbefore, characterized in that said transmission step (16) provides another memorization of one or more certified electronic documents or contents in an archive support.
5. Method as in claim 4, characterized in that said archive support is transmitted to the user and chosen inside a group consisting of CDs, DVDs, USB supports or other.
6. Method as in any claim hereinbefore, characterized in that the document
generation step (30) provides to generate an informative report.
7. Method as in claim 6, characterized in that said informative report is memorized in said archive support.
8. Method as in any claim hereinbefore, characterized in that it provides to trace and memorize all the Internet addresses recalled by a surfing software program, in order not to allow to certify any electronic document associated to an erroneous Internet address.
9. Method as in any claim hereinbefore, characterized in that it provides that DNS lookups for resolving domain names are carried out on an internal search engine and compared with lookups carried out at the same time on other external DNS engines.
10. Method as in any claim hereinbefore, characterized in that it provides that the data packages transmitted by a surfing system (191) are traced and acquired in a non-modifiable format at the same time as the user is surfing.
1 1. Method as in any claim hereinbefore, characterized in that it provides that all the data to be certified are replicated on a memorization system geographically located in a place other than a network archive system (190) and not accessible by a surfing system (191) and by a processing system (192).
12. Method as in claim 1 1, characterized in that said at least one surfing system (191) is a router.
13. System for certifying electronic documents or contents to implement the method as in any claim hereinbefore, characterized in that it comprises at least an acquisition unit, a memorization unit and a transmission unit, wherein said system can also be connected to a fruition unit (1 10) associated to a surfing and acquisition interface (180) and to network archive systems (190).
14. System as in claim 13, characterized in that said fruition unit (110) is chosen from a group consisting of a computer, a notebook, a netbook, a smartphone, a tablet or other.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| ITUB20151433 | 2015-06-17 | ||
| PCT/IB2016/053585 WO2016203426A1 (en) | 2015-06-17 | 2016-06-16 | Method for certifying electronic documents and contents on the internet and certification system of electronic documents and contents that implements said method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| EP3311351A1 true EP3311351A1 (en) | 2018-04-25 |
Family
ID=55409921
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| EP16734751.7A Ceased EP3311351A1 (en) | 2015-06-17 | 2016-06-16 | Method for certifying electronic documents and contents on the internet and certification system of electronic documents and contents that implements said method |
Country Status (2)
| Country | Link |
|---|---|
| EP (1) | EP3311351A1 (en) |
| WO (1) | WO2016203426A1 (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1108308A1 (en) * | 1998-08-28 | 2001-06-20 | Sap Ag | System and method for controlling the operational sequence in network applications |
| US20030132957A1 (en) * | 2002-01-15 | 2003-07-17 | International Business Machines Corporation | System for recording world wide web browsing sessions navigation on a real-time basis and for subsequently displaying the recorded sessions as surrogate browsing sessions with user enabled real-time modification |
| US20110231931A1 (en) * | 2008-12-01 | 2011-09-22 | Chengdu Huawei Symantec Technologies Co., Ltd. | Method and device for preventing domain name system spoofing |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6839879B1 (en) * | 1999-05-07 | 2005-01-04 | Xilinx, Inc. | Method and system for time-stamping and managing electronic documents |
| GB2357350A (en) * | 1999-12-18 | 2001-06-20 | Ncr Int Inc | Storage and retrieval of images |
| US20020124172A1 (en) * | 2001-03-05 | 2002-09-05 | Brian Manahan | Method and apparatus for signing and validating web pages |
| WO2002077793A1 (en) * | 2001-03-26 | 2002-10-03 | Geo Trust, Inc. | Defining content zones |
| ITRM20080034A1 (en) * | 2008-01-23 | 2009-07-24 | Luca Stefano De | SPACE-TEMPORAL MARKING DEVICE, IN PARTICULAR OF DIGITAL DOCUMENTS. |
-
2016
- 2016-06-16 EP EP16734751.7A patent/EP3311351A1/en not_active Ceased
- 2016-06-16 WO PCT/IB2016/053585 patent/WO2016203426A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1108308A1 (en) * | 1998-08-28 | 2001-06-20 | Sap Ag | System and method for controlling the operational sequence in network applications |
| US20030132957A1 (en) * | 2002-01-15 | 2003-07-17 | International Business Machines Corporation | System for recording world wide web browsing sessions navigation on a real-time basis and for subsequently displaying the recorded sessions as surrogate browsing sessions with user enabled real-time modification |
| US20110231931A1 (en) * | 2008-12-01 | 2011-09-22 | Chengdu Huawei Symantec Technologies Co., Ltd. | Method and device for preventing domain name system spoofing |
Non-Patent Citations (1)
| Title |
|---|
| See also references of WO2016203426A1 * |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2016203426A1 (en) | 2016-12-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107209830B (en) | Method for identifying and resisting network attack | |
| Stuttard et al. | The web application hacker's handbook: Finding and exploiting security flaws | |
| US8286225B2 (en) | Method and apparatus for detecting cyber threats | |
| CN102546576B (en) | A kind of web page horse hanging detects and means of defence, system and respective code extracting method | |
| Ristic | Apache security | |
| Likaj et al. | Where we stand (or fall): An analysis of CSRF defenses in web frameworks | |
| Castiglione et al. | Security and privacy issues in the Portable Document Format | |
| CN111786795B (en) | Domain name registration method, domain name supervision method, client and domain name supervision terminal | |
| US20180302437A1 (en) | Methods of identifying and counteracting internet attacks | |
| Calzavara et al. | Testing for integrity flaws in web sessions | |
| Heiderich et al. | The bug that made me president a browser-and web-security case study on helios voting | |
| Thompson et al. | The software vulnerability guide | |
| Kimak et al. | An investigation into possible attacks on HTML5 indexedDB and their prevention | |
| Batarfi et al. | Csrfdtool: Automated detection and prevention of a reflected cross-site request forgery | |
| EP3311351A1 (en) | Method for certifying electronic documents and contents on the internet and certification system of electronic documents and contents that implements said method | |
| Riesch et al. | Audit based privacy preservation for the OpenID authentication protocol | |
| Sharma et al. | A Security Analysis of Password Managers on Android | |
| Appelbaum | Technical analysis of the Ultrasurf proxying software | |
| Haddon | Attack Vectors and the Challenge of Preventing Data Theft | |
| Salvador et al. | wraudit: a tool to transparently monitor web resources’ integrity | |
| Georgiev | Information Security of PHP Applications | |
| Bernardo | Targeted attack detection by means of free and open source solutions | |
| Klooster | Applying a Security Testing Methodology: a Case Study | |
| Kumar | Penetration Testing Building Blocks | |
| Balasundram et al. | Prevention of SQL Injection attacks by using service oriented authentication technique |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
| PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
| 17P | Request for examination filed |
Effective date: 20180116 |
|
| AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
| AX | Request for extension of the european patent |
Extension state: BA ME |
|
| DAV | Request for validation of the european patent (deleted) | ||
| DAX | Request for extension of the european patent (deleted) | ||
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
| 17Q | First examination report despatched |
Effective date: 20200224 |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
| REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
| 18R | Application refused |
Effective date: 20221017 |