Today, a typical user of an electronic device enjoys access to a variety of applications, each aiming to help such user to solve a particular task. For instance, an email application allows users to send and receive emails, both of a business and personal nature. A web browser allows users to search the Internet for resources meeting their needs, the searches being of a business and a personal nature.
A typical service provider offers users a variety of electronic services (e-services) to transmit digital objects. These electronic services include: emails, digital filed for cloud-based storage thereof, and instant messaging services.
A variety of electronic devices (including, inter alia, desktops, laptops, wireless communication devices, smart TVs, etc.) are available to users. Most such devices are capable of being connected to the Internet, which helps users solve one or more tasks through the Internet access and search for resources aimed at assisting users to solve such tasks. Unfortunately, various malicious users exploit the popularity of Internet-connected electronic devices to attain their own objectives.
For instance, such individuals and even entities hack various user accounts and use them, in particular, to gain access to user confidential data, in order to send malicious email messages (known as ‘Spam’), etc.
A number of techniques are used to prevent unauthorized access to a user account. One such techniques is the creation of a user profile that includes an indication of the “user environment” (the user behavior parameters) employed by the user to access a service. Examples of a user's behavior that make up such the user environment include, inter alia, the user's geolocation, IP address, browser version, operating system, etc. If a user is trying to gain access to the electronic service with a behavior parameter that do not match the typical user environment associated with the user profile (for example, a log in attempt being originated from a location different from that stored in the user profile), then the electronic service will execute an additional user verification routine. Such additional user verification routine can include a request to enter the phone number associated with the user profile, request to provide the answer to another security question or, for example, sending an SMS to the mobile phone number with the request to enter the code from such SMS in order to gain access to the electronic service.
Various verification routines are known for use implemented with the existing web interfaces of electronic services for transmission of digital objects. However, many electronic services for transmission of digital objects are available to the user through a client application, i.e. a dedicated application (“app”) for accessing one or more electronic services for transmission of digital objects. For instance, a user can gain access to the Gmail™ email service via a browser application (Microsoft™ IE, Mozilla Firefox™, Safari™, Google™ Chrome™, Yandex.Browser™, etc.) through the https://mail.google.com web interface. A user can also gain access to the Gmail™ email service via a client application (Microsoft Outlook™, Mozilla Thunderbird™, The Bat!) using at least one native network protocol to send and receive emails (for example, POP3, or SMTP, or IMAP). Where a user accesses his/her email via a client application, the existing technical solutions take no account of any parameter of such user behavior, whereas the client application does not require sending or performing any verification routine, which makes it possible for an unauthorized user to gain access to the user profile.
Similarly, the above considerations may apply to other electronic services for transmission of digital objects, including, but not limited to, instant messaging and personal cloud storage services.
Chinese Patent No. CN 104348626 (published on 11 Feb. 2015) discloses an application method for a digital certificate and relates to the field of network communication. The method comprises the following steps of transmitting a digital certificate application request to a server according to received trigger operation after receiving email account information inputted by a user from an email client, and further informing the server of transmitting a digital certificate verification email; after receiving the digital certificate verification email by the email client, recognizing the digital certificate verification email and extracting verifying information from the digital certificate verification email; acquiring the digital certificate corresponding to the verification information from the server according to the verification information; after acquiring the digital certificate from the server, automatically installing the digital certificate. According to the application method disclosed by the invention, the problem that the certificate can be installed by a huge volume of operations in a browser and a system by the user is solved, and the beneficial effects that the digital certificate can be installed by reducing the operations of the user and improving the user experience are achieved.
US patent application No. US20070244973 (published on 18 Oct. 2007) discloses a system for sending an email through a web based email provider while using a web application includes a web application server and a web based email application server. The web application server displays a web page at a client having at least one selectable link, receives an instruction from the client requesting an email through selection of the selectable link, creates a redirect message for accessing the web based email provider, and sends the redirect message to the client. The web based email application server receives the redirect message, displays an email composition web page at the client, receives a completed email from the client, and sends the completed email to an email server for delivery.