...
(4) Upon approval of the applicant(s), the token email(s) are sent to a predefined email address. The email includes a digital signature, authenticating an X-Originating-IP header, showing it as being originating from the NIMH.
(5) Upon receipt of the email, the digital signature in validatedX-Originating-IP header is checked, the tokens are extracted, and their HMACs validated. Since the tokens are time stamped, a time limit can be imposed, ensuring out-of-date requests are rejected. The tokens' contents are used to generate Access Approvals in Synapse, unlocking the data for those approved in NRGR. The applicants are added to the data access group. Email notification alerts the applicants to the completion of the process. The Synapse table record created in step (2) is updated, providing the Synapse Access and Compliance Team (ACT) a dashboard of approval progress. If a token is rejected (e.g. if the data is corrupt, the token is too old, or the signature is invalid), this is noted in the table. If the applicant's Synapse user ID can be discerned from the record, an email rejection notice is sent to them.
...