Cross-application authentication on a content management system

US 10,282,522 B2
Filed: 07/10/2018
Issued: 05/07/2019
Est. Priority Date: 02/27/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

establishing a communication channel through a content management system, between a client application at a client device and a website associated with the content management system, wherein establishing the communication channel comprises;

sending, from the client application to the content management system, a message comprising a nonce that identifies an association between the client application and at least one of a browser application at the client device or a user account used by the client application to authenticate with the content management system, wherein the association enables the content management system to relay one or more communications between the client application and the website;

when the browser application at the client device is not authenticated with the content management system, receiving, by the client application from the content management system via the communication channel, a request for the user account used by the client application to authenticate with the content management system;

receiving, by the client application, an instruction to authenticate the browser application with the content management system under the user account; and

sending, from the client application to the browser application, a command instructing the browser application to open a web page to verify the browser application is associated with the client device at the content management system, wherein the browser application is authenticated with the content management system under the user account via a communication session between the browser application and the website.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer-readable media for cross-application authentication on a content management system. A client application running at a client device that is not authenticated with a content management system can receive, from a website associated with the content management system, a request to authenticate with the content management system under a user account used to authenticate a current session between a browser application at the client device and the website with the content management system. The client application can then obtain a uniform resource locator (URL) with a nonce associated with the client application, and send a command to the browser application including the URL and nonce. The command can trigger the browser application to use the URL and nonce to authenticate the client application with the content management system under the user account with which the current session between the browser application and the website is currently authenticated.

Citations

20 Claims

1. A method comprising:
- establishing a communication channel through a content management system, between a client application at a client device and a website associated with the content management system, wherein establishing the communication channel comprises;
  
  sending, from the client application to the content management system, a message comprising a nonce that identifies an association between the client application and at least one of a browser application at the client device or a user account used by the client application to authenticate with the content management system, wherein the association enables the content management system to relay one or more communications between the client application and the website;
  
  when the browser application at the client device is not authenticated with the content management system, receiving, by the client application from the content management system via the communication channel, a request for the user account used by the client application to authenticate with the content management system;
  
  receiving, by the client application, an instruction to authenticate the browser application with the content management system under the user account; and
  
  sending, from the client application to the browser application, a command instructing the browser application to open a web page to verify the browser application is associated with the client device at the content management system, wherein the browser application is authenticated with the content management system under the user account via a communication session between the browser application and the website.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - after sending the message to the content management system, obtaining, by the client application from the content management system, a uniform resource locator (URL) associated with the web page, wherein the command triggers the browser application to use the URL and the nonce to authenticate with the content management system.
  - 3. The method of claim 2, wherein the command triggers a script associated with the web page, wherein the script is configured to instruct the content management system to authenticate the browser application based on the nonce and validate a session associated with the browser application under the user account based on credentials used to authenticate a current session between the client application and the content management system.
  - 4. The method of claim 1, wherein the command comprises an operating system (OS) command.
  - 5. The method of claim 1, wherein the nonce is associated with a client identifier at the content management system, the client identifier being associated with at least one of the client application or the browser application.
  - 6. The method of claim 1, wherein the request for the user account used by the client application to authenticate with the content management system is received by the client application from the website via the communication channel.
  - 7. The method of claim 1, wherein the web page comprises a local web page file on the client device generated by the client application.

8. A system comprising:
- one or more processors; and
  
  at least one computer-readable medium storing computer-readable instructions that, when executed by the one or more processors, cause the system to;
  
  establish a communication channel through a content management system, between a client application at a client device and a website associated with the content management system, wherein establishing the communication channel comprises;
  
  sending, from the client application to the content management system, a message comprising a nonce that identifies an association between the client application and at least one of a browser application at the client device or a user account used by the client application to authenticate with the content management system, wherein the association enables the content management system to relay one or more communications between the client application and the website;
  
  when the browser application at the client device is not authenticated with the content management system, receive, by the client application from the content management system via the communication channel, a request for the user account used by the client application to authenticate with the content management system;
  
  receive, by the client application, an instruction to authenticate the browser application with the content management system under the user account; and
  
  send, from the client application to the browser application, a command instructing the browser application to open a web page to verify the browser application is associated with the client device at the content management system, wherein the browser application is authenticated with the content management system under the user account via a communication session between the browser application and the website.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, the at least one computer-readable medium storing computer-readable instructions that, when executed by the one or more processors, cause the system to:
    - obtain, by the client application from the content management system, a uniform resource locator (URL) associated with the web page, wherein the command triggers the browser application to use the URL and the nonce to authenticate with the content management system.
  - 10. The system of claim 9, wherein the command triggers a script associated with the web page, wherein the script is configured to instruct the content management system to authenticate the browser application based on the nonce and validate a session associated with the browser application under the user account based on credentials used to authenticate a current session between the client application and the content management system.
  - 11. The system of claim 8, wherein the nonce is associated with a client identifier at the content management system, the client identifier being associated with the client application.
  - 12. The system of claim 8, wherein the command comprises an operating system (OS) command.
  - 13. The system of claim 8, wherein the request for the user account used by the client application to authenticate with the content management system is received by the client application from the website via the communication channel.
  - 14. The system of claim 8, wherein the web page comprises a local web page file on the client device generated by the client application.

15. A non-transitory computer-readable storage medium comprising:
- computer-readable instructions stored thereon, wherein the computer-readable instructions, when executed by one or more processors, cause the one or more processors to;
  
  establish a communication channel through a content management system, between a client application at a client device and a website associated with the content management system, wherein establishing the communication channel comprises;
  
  sending, from the client application to the content management system, a message comprising a nonce that identifies an association between the client application and at least one of a browser application at the client device or a user account used by the client application to authenticate with the content management system, wherein the association enables the content management system to relay one or more communications between the client application and the website;
  
  when the browser application at the client device is not authenticated with the content management system, receive, by the client application from the content management system via the communication channel, a request for the user account used by the client application to authenticate with the content management system;
  
  receive, by the client application, an instruction to authenticate the browser application with the content management system under the user account; and
  
  send, from the client application to the browser application, a command instructing the browser application to open a web page to verify the browser application is associated with the client device at the content management system, wherein the browser application is authenticated with the content management system under the user account via a communication session between the browser application and the website.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable storage medium of claim 15, storing additional computer-readable instructions that when executed by the one or more processors, cause the one or more processors to:
    - obtain, by the client application from the content management system, a uniform resource locator (URL) associated with the web page, wherein the command triggers the browser application to use the URL and the nonce to authenticate with the content management system.
  - 17. The non-transitory computer-readable storage medium of claim 16, wherein the command triggers a script associated with the web page, wherein the script is configured to instruct the content management system to authenticate the browser application based on the nonce and validate a session associated with the browser application under the user account based on credentials used to authenticate a current session between the client application and the content management system.
  - 18. The non-transitory computer-readable storage medium of claim 15, wherein the nonce is associated with a client identifier at the content management system, the client identifier being associated with the client application.
  - 19. The non-transitory computer-readable storage medium of claim 15, wherein the web page comprises a local web page file on the client device generated by the client application.
  - 20. The non-transitory computer-readable storage medium of claim 15, wherein the request for the user account used by the client application to authenticate with the content management system is received by the client application from the website via the communication channel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dropbox, Inc.
Original Assignee
Dropbox, Inc.
Inventors
Tian, Sang, Kaplan, Joshua, Akhawe, Devdatta
Primary Examiner(s)
Getachew, Abiy

Application Number

US16/031,363
Publication Number

US 20180322258A1
Time in Patent Office

301 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 16/00   Information retrieval; Data...

G06F 16/955   using information identifie...

G06F 21/00   Security arrangements for p...

G06F 21/10   Protecting distributed prog...

G06F 2221/2101   Auditing as a secondary aspect

H04L 2101/30   Types of network names

H04L 63/0236   Filtering by address, proto...

H04L 63/08   for authentication of entit...

H04L 63/1483   service impersonation, e.g....

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 67/14   Session management for real...

Cross-application authentication on a content management system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Cross-application authentication on a content management system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links