User authentication using client-side browse history

US 10,212,170 B1
Filed: 05/10/2017
Issued: 02/19/2019
Est. Priority Date: 06/23/2015
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving, by a computer system from a computing device, a request for a first web page of a web site, wherein;

the first web page comprises a universal resource locator (URL) of a second web page first code, and second code,the first code is configured to, upon execution at the computing device;

determine whether the URL is present in a browser history stored at the computing device, the browser history comprising a list of URLs,determine, based at least in part on presence of the URL in the list of URLs of the browser history, a color attribute of the URL in the list and whether a state of the URL is a visited state, the visited state representing a change to the state of the URL, the color attribute and the change indicating that the second web page was presented by the computing device prior to receiving the request for the login web page, anddetermine, based at least in part on the state, whether the second web page was accessed by the computing device prior to receiving the request for the first web page, andthe second code is configured to;

execute at the computing device after a predefined time delay relative to providing the first web page, whereas the predetermined time delay have a value greater than zero, anddetermine access to a third web page of the web site based at least in part on execution of the second code after elapse of the predefined time delay,providing, by the computer system to the computing device, the first web page based at least in part on the request;

receiving, by the computer system from the computing device, a first indication that the second web page was accessed prior to the request for the first web page and a second indication that the third web page was accessed, the first indication received based at least in part on a determination by the code of the presence of the URL, the color attribute, and the state of the URL being the visited state upon an execution of the code at the computing device, and the second indication received based at least in part on the execution of the second code after the elapse of the predefined time delay; and

authenticating, by the computer system, the user account based at least in part on the first indication and the second indication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for authenticating a user may be described. In particular, a network-based document may be provided to a computing system of a user. The network-based document may include code and an identifier of another network-based document. The code may be configured to, upon execution, determine whether the other network-based document was accessed prior to providing the network-based document to the computing system. The other network-based document may be accessible to the user based on an identifier of the user. An indication that the other network-based document was accessed may be determined. For example, the indication may be received from the computing system based on an execution of the code at the computing system. The user may be authenticated based on the indication.

78 Citations

View as Search Results

20 Claims

1. A computer-implemented method, comprising:
- receiving, by a computer system from a computing device, a request for a first web page of a web site, wherein;
  
  the first web page comprises a universal resource locator (URL) of a second web page first code, and second code,the first code is configured to, upon execution at the computing device;
  
  determine whether the URL is present in a browser history stored at the computing device, the browser history comprising a list of URLs,determine, based at least in part on presence of the URL in the list of URLs of the browser history, a color attribute of the URL in the list and whether a state of the URL is a visited state, the visited state representing a change to the state of the URL, the color attribute and the change indicating that the second web page was presented by the computing device prior to receiving the request for the login web page, anddetermine, based at least in part on the state, whether the second web page was accessed by the computing device prior to receiving the request for the first web page, andthe second code is configured to;
  
  execute at the computing device after a predefined time delay relative to providing the first web page, whereas the predetermined time delay have a value greater than zero, anddetermine access to a third web page of the web site based at least in part on execution of the second code after elapse of the predefined time delay,providing, by the computer system to the computing device, the first web page based at least in part on the request;
  
  receiving, by the computer system from the computing device, a first indication that the second web page was accessed prior to the request for the first web page and a second indication that the third web page was accessed, the first indication received based at least in part on a determination by the code of the presence of the URL, the color attribute, and the state of the URL being the visited state upon an execution of the code at the computing device, and the second indication received based at least in part on the execution of the second code after the elapse of the predefined time delay; and
  
  authenticating, by the computer system, the user account based at least in part on the first indication and the second indication.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, wherein the user account is further authenticated based at least in part on a user name and a password that are received from the computing device based at least in part on input in fields of the login web page.
  - 3. The computer-implemented method of claim 1, further comprising:
    - inserting the URL of the second web page in the first web page based at least in part on a likelihood of access of the second web page by the computing device prior to a transmission of the request for the first web page.
  - 4. The computer-implemented method of claim 1, wherein the code is further configured to, upon execution at the computing device:
    - determine a style attribute of the URL in the browser history, and wherein the indication that the second web page was accessed is further based at least in part on the style attribute.
  - 5. The computer-implemented method of claim 4, wherein the indication that the second web page was accessed is further based at least in part on the style attribute indicating a particular font of the URL in the browser history.
  - 6. The computer-implemented method of claim 1, wherein the code comprises statements of a programmatic scripting language in accordance with an European Computer Manufacturers Association (ECMA) scripting standard.

7. One or more non-transitory computer-readable media comprising instructions that, when executed with one or more processors, cause a system to at least:
- provide, to a computing system associated with a user account, a first network-based document of a network-based resource, wherein;
  
  the first network-based document comprises first code, second code, and a document network address of a second network-based document, andthe first code is configured at least to, upon execution;
  
  determine whether the document network address is present in a history stored at the computing system, the history comprising a list of document network addresses,determine, based at least in part on presence of the document network address in the list of the history, whether a state of the document network address is a visited state, the visited state representing a change to the state of the document network address, the change indicating that the second network-based document was presented by the computing system prior to a request of the computing system for the first network-based document, anddetermine, based at least in part on the state, whether the second network-based document was accessed by the computing system prior to the request of the computing system for the first network-based document, andthe second code is configured to;
  
  execute at the computing system after a predefined time delay relative to providing the first network-based document, whereas the predetermined time delay have a value greater than zero, anddetermine access to a third network-based document of the network-based resource based at least in part on execution of the second code after elapse of the predefined time delay,determine a first indication that the second network-based document was accessed prior to the request based at least in part on a determination of the presence of the document network address and the state being the visited state upon an execution of the code at the computing system;
  
  determine a second indication that the third network-based document was accessed based at least in part on the execution of the second code after the elapse of the predefined time delay; and
  
  authenticate the user account based at least in part on the first indication and the second indication.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The one or more non-transitory computer-readable media of claim 7, wherein the instructions that, when executed with the one or more processors, further cause the system to at least:
    - insert the document network address of the second network-based document in the first network-based document based at least in part on an identifier of the user account.
  - 9. The one or more non-transitory computer-readable media of claim 7, wherein the first network-based document comprises a login web page configured to facilitate an authentication of the user account based at least in part on a username and a password, wherein the second network-based document comprises a second web page accessible only upon a previous authentication of the user account based at least in part on the username and the password.
  - 10. The one or more non-transitory computer-readable media of claim 7, wherein the history is cached at the computing system for an application running on the computing system, wherein the history comprises the document network address of the second network-based document based at least in part on an access of the application to the second network-based document prior to the providing of the first network-based document to the computing system.
  - 11. The one or more non-transitory computer-readable media of claim 7, wherein the second network-based document comprises a web page, wherein the document network address comprises a link to the web page, and the instructions that, when executed with the one or more processors, further cause the system to at least:
    - determine a style attribute of the link in the history, andgenerate the indication based at least in part on the style attribute.
  - 12. The one or more non-transitory computer-readable media of claim 11, wherein the style attribute comprises a cascading style sheets (CSS) attribute, andwherein the code comprises statements of a programmatic scripting language in accordance with an European Computer Manufacturers Association (ECMA) scripting standard.
  - 13. The one or more non-transitory computer-readable media of claim 7, wherein the instructions that, when executed with the one or more processors, further cause the system to at least:
    - select the second network-based document from a plurality of network-based documents of the network-based resource based at least in part on the user account; and
      
      insert the document network address of the second network-based document in the first network-based document based at least in part on the selecting.
  - 14. The one or more non-transitory computer-readable media of claim 13, wherein the second network-based document is selected based at least in part on a likelihood of access of the second network-based document by the computing system, wherein the likelihood of access is based at least in part on the user account.

15. A computing system comprising:
- one or more hardware processors;
  
  one or more non-transitory computer-readable media comprising instructions that, when executed with the one or more processors, cause the computing system to at least;
  
  receive, from a system, a first network-based document of a network-based resource based at least in part on a request from the computing system for the first network-based document, wherein the first network-based document is associated with a user account and comprises first code, second code, and a document network address of a second network-based document based at least in part on an execution of the first code;
  
  determine that the document network address is present in a history stored at the computing system, the history comprising a list of document network addresses,determine, based at least in part on presence of the document network address in the history, whether a state of the document network address is a visited state, the visited state representing a change to the state of the document network address, the change indicating that the second network-based document was presented by the computing system prior to the request for the first network-based document, anddetermine, based at least in part on the state being the visited state, that the document network address was accessed by the computing system prior to the request for the first network-based document;
  
  determine access to a third network-based document of the network-based resource based at least in part on an execution of the second code after an elapse of a time delay for executing the second code relative to receiving the first network-based document, whereas the time delay have a value greater than zero; and
  
  send, to the system, a first indication that the second network-based document was accessed prior to request for the first network-based document and a second indication that the third network-based document was accessed, wherein the user account is authenticated by the system based at least in part on the first indication and the second indication.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computing system of claim 15, wherein the document network address of the second network-based document is included in the first network-based document based at least in part on a prior authentication of the user account, and wherein the second network-based document is associated with the prior authentication.
  - 17. The computing system of claim 15, wherein the document network address of the second network-based document is included in the first network-based document based at least in part on the user account, and wherein the first network-based document further comprises a hash of the user account appended to the document network address of the second network-based document.
  - 18. The computing system of claim 15, wherein the document network address of the second network-based document is included in the first network-based document based at least in part on the user account, wherein the second network-based document comprises content unique to the user account, and wherein the first network-based document further comprises a hash of the content appended to the document network address of the second network-based document.
  - 19. The computing system of claim 15, wherein the instructions that, when executed with the one or more processors, cause the computing system to at least:
    - render the first network-based document without rendering the document network address and the second network-based document.
  - 20. The computing system of claim 15, wherein the code is further configured to, upon execution, determine an amount of the history stored at the computing system, and wherein user account is further authenticated based at least in part on the amount of the history.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Canavor, Darren Ernest, Strand, William Alexander
Primary Examiner(s)
Holder, Bradley
Assistant Examiner(s)
Baum, Ronald

Application Number

US15/592,118
Time in Patent Office

650 Days
Field of Search

726 7
US Class Current
CPC Class Codes

G06F 16/93   Document management systems

G06F 16/951   Indexing; Web crawling tech...

G06F 21/552   involving long-term monitor...

G06F 2221/2101   Auditing as a secondary aspect

H04L 2463/144   Detection or countermeasure...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1491   using deception as counterm...

H04L 67/02   based on web technology, e....

User authentication using client-side browse history

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

78 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

User authentication using client-side browse history

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others