Pre-authorizing a client application to access a user account on a content management system

US 10,484,383 B2
Filed: 05/14/2018
Issued: 11/19/2019
Est. Priority Date: 12/19/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

while a client device is authorized to access a user account on a content management system, transmitting, by the client device, an installation request to install a client-side application on the client device;

receiving a client installer tagged with an identification tag and an identifier identifying the client device from which the installation request originated, wherein the client installer is configured to;

install the client-side application on the client device;

generate an authentication key; and

upon the client-side application being successfully installed on the client device, the client device transmitting an authorization message to the content management system, the authorization message including;

data associated with a first application cached on the client device;

the identification tag; and

the authentication key; and

receiving from the content management system, a confirmation that the content management system has authorized the client-side application to access the user account on the content management system based on the transmitted authorization message.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A content management system can tag a client installer with an information tag linking the client installer to a user account. The client installer can be configured to install the client-side application on the client device and pass the identification tag to the installed client-side application. The client-side application can transmit the identification tag to the content management system, which can use the identification tag to identify the linked user account and log the client-side application into the user account. The content management system can implement several verification measures such as limiting the number of times and when an identification tag can be used, as well as IP addresses that can use the identification tag. The content management system can also use data cached by the web-browser application to determine if the web-browser application was used to access the user account in the past.

5 Citations

20 Claims

1. A method comprising:
- while a client device is authorized to access a user account on a content management system, transmitting, by the client device, an installation request to install a client-side application on the client device;
  
  receiving a client installer tagged with an identification tag and an identifier identifying the client device from which the installation request originated, wherein the client installer is configured to;
  
  install the client-side application on the client device;
  
  generate an authentication key; and
  
  upon the client-side application being successfully installed on the client device, the client device transmitting an authorization message to the content management system, the authorization message including;
  
  data associated with a first application cached on the client device;
  
  the identification tag; and
  
  the authentication key; and
  
  receiving from the content management system, a confirmation that the content management system has authorized the client-side application to access the user account on the content management system based on the transmitted authorization message.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - prior to transmitting the installation request by the client device, receiving, from the first application running on the client device, login credentials associated with an authenticated user account;
      
      based on the login credentials;
      
      receiving authentication of the user account associated with the login credentials to yield the authenticated user account; and
      
      logging the first application into the content management system via the authenticated user account;
      
      receiving verification that the first application associated with the installation request is logged in via the authenticated user account; and
      
      upon receiving verification that the first application associated with the installation request is logged in via the authenticated user account, transmitting the installation request associated with the authenticated user account to the content management system.
  - 3. The method of claim 1, further comprising:
    - receiving an entry, the entry including;
      
      the identification tag,a creation time of the identification tag,an account identifier identifying an authenticated user account, andan IP address.
  - 4. The method of claim 2, wherein the first application comprises a web-browser application and a second application comprises the client-side application, the method further comprising:
    - installing the client-side application on the client device prior to an expiration of a predetermined period of time associated with the identification tag;
      
      in response to the client-side application being installed on the client device, causing the web-browser application to transmit the authentication key to the content management system;
      
      receiving the authorization message and authentication key; and
      
      in response to the authentication key matching a respective authentication key associated with the identification tag, logging the client-side application on to the content management system via the authenticated user account.
  - 5. The method of claim 4, further comprising:
    - receiving a determination regarding a number of times the identification tag has been previously used to pre-authorize the second application, to yield a previous-usage determination; and
      
      based on the previous-usage determination, using a pre-authorization to authorize the second application.
  - 6. The method of claim 5, further comprising:
    - transmitting a pre-authorization request including an IP address to the content management system; and
      
      receive, from the content management system, an indication that the IP address matches an authorized IP address.
  - 7. The method of claim 2, further comprising:
    - transmitting, to the content management system, login credentials by a web-browser application;
      
      receiving a determination that the login credentials are associated with the user account; and
      
      authorizing the web-browser application to access the user account.

8. A client device associated with a content management system comprising:
- one or more processors; and
  
  at least one memory containing instructions that, when executed by the one or more processors, cause the client device to;
  
  transmit, from a first application on the client device, an installation request to install a second application on the client device;
  
  receive a client installer tagged with an identification tag and an identifier identifying the client device from which the installation request originated, wherein the client installer is configured to;
  
  install the second application on the client device,generate an authentication key, andupon the second application being successfully installed on the client device, the client device transmitting an authorization message to the content management system, the authorization message including;
  
  data associated with the first application cached on the client device,the identification tag, andthe authentication key;
  
  receive from the content management system, a confirmation that the content management system has authorized the second application to access a user account on the content management system based on the transmitted authorization message.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The client device of claim 8, the at least one memory containing instructions which, when executed by the one or more processors, cause the client device to:
    - receive, from the first application running on the client device prior to transmitting the installation request from the first application, login credentials associated with an authenticated user account;
      
      based on the login credentials;
      
      receive authentication of the user account associated with the login credentials to yield the authenticated user account; and
      
      log the first application into the content management system via the authenticated user account;
      
      receive verification that the first application associated with the installation request is logged in via the authenticated user account; and
      
      upon receiving verification that the first application associated with the installation request is logged in via the authenticated user account, transmit the installation request associated with the authenticated user account to the content management system.
  - 10. The client device of claim 9, the at least one memory containing instructions which, when executed by the one or more processors, further cause the client device to:
    - receive an entry in a pre-authorization index, the entry including;
      
      the identification tag,an account identifier identifying the authenticated user account,a creation time for the identification tag, andan IP address.
  - 11. The client device of claim 9, wherein the first application comprises a web-browser application and the second application comprises a client-side application, the at least one memory containing additional instructions which, when executed by the one or more processors, further cause the client device to:
    - install the client-side application on the client device prior to an expiration of a predetermined period of time associated with the identification tag;
      
      in response to the client-side application being installed on the client device, cause the web-browser application to transmit the authentication key to the content management system;
      
      receive the authorization message; and
      
      in response to authorization message matching a respective authentication key associated with the identification tag, log the client-side application on to the content management system via the authenticated user account.
  - 12. The client device of claim 9, the at least one memory containing instructions which, when executed by the one or more processors, further cause the client device to:
    - transmit a pre-authorization request including an IP address to the content management system; and
      
      receive, from the content management system, an indication that the IP address matches an authorized IP address.
  - 13. The client device of claim 9, the at least one memory containing instructions which, when executed by the one or more processors, further cause the client device to:
    - receive a determination regarding a number of times the identification tag has been previously used to pre-authorize the second application, to yield a previous-usage determination; and
      
      based on the previous-usage determination, use a pre-authorization to authorize the second application.

14. A non-transitory computer-readable medium comprising instructions that, when executed by one or more processors, cause the one or more processors to:
- transmit from a first application on a client device, an installation request to install a second application on the client device;
  
  receive a client installer tagged with an identification tag and an identifier identifying the client device from which the installation request originated, wherein the client installer is configured to;
  
  install the second application on the client device,generate an authentication key, andupon the second application being successfully installed on the client device, the client device transmitting an authorization message to a content management system, the authorization message including;
  
  data associated with the first application cached on the client device,the identification tag, andthe authentication key; and
  
  receive from the content management system, a confirmation that the content management system has authorized the second application to access a user account on the content management system based on the transmitted authorization message.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer-readable medium of claim 14, storing instructions which, when executed by the one or more processors, further cause the one or more processors to:
    - receive, from the first application running on the client device prior to transmitting the installation request from the first application, login credentials associated with an authenticated user account;
      
      based on the login credentials;
      
      receive authentication of the user account associated with the login credentials to yield the authenticated user account; and
      
      log the first application into the content management system via the authenticated user account;
      
      receive verification that the first application associated with the installation request is logged in via the authenticated user account; and
      
      upon receiving verification that the first application associated with the installation request is logged in via the authenticated user account, transmit the installation request associated with the authenticated user account to the content management system.
  - 16. The non-transitory computer-readable medium of claim 15, storing instructions which, when executed by the one or more processors, further cause the one or more processors to:
    - receive an entry in a pre-authorization index, the entry including;
      
      the identification tag,an account identifier identifying the authenticated user account,a creation time for the identification tag, andan IP address.
  - 17. The non-transitory computer-readable medium of claim 15, wherein the first application comprises a web-browser application and the second application comprises a client-side application, the non-transitory computer-readable medium including instructions which, when executed by the one or more processors, further cause the one or more processors to:
    - install the client-side application on the client device prior to an expiration of a predetermined period of time associated with the identification tag;
      
      in response to the client-side application being installed on the client device, cause the web-browser application to transmit the authentication key to the content management system;
      
      receive the authorization message; and
      
      in response to authorization message matching a respective authentication key associated with the identification tag, log the client-side application on to the content management system via the authenticated user account.
  - 18. The non-transitory computer-readable medium of claim 15, storing instructions which, when executed by the one or more processors, further cause the one or more processors to:
    - transmit a pre-authorization request including an IP address to the content management system; and
      
      receive, from the content management system, an indication that the IP address matches an authorized IP address.
  - 19. The non-transitory computer-readable medium of claim 16, wherein logging the second application into the authenticated user account comprises:
    - receive a determination regarding a number of times the identification tag has been previously used to pre-authorize the second application, to yield a previous-usage determination; and
      
      based on the previous-usage determination, use a pre-authorization to authorize the second application.
  - 20. The non-transitory computer-readable medium of claim 15, storing instructions which, when executed by the one or more processors, further cause the one or more processors to:
    - transmit, to the content management system, login credentials by a web-browser application;
      
      receive a determination that the login credentials are associated with the user account; and
      
      authorize the web-browser application to access the authenticated user account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dropbox, Inc.
Original Assignee
Dropbox, Inc.
Inventors
Nguyen, Huy, Kaplan, Josh, Mody, Viraj, Vincent, Ritu, Bortz, Andrew, Euresti, David
Primary Examiner(s)
Hoffman, Brandon S

Application Number

US15/979,441
Publication Number

US 20180262508A1
Time in Patent Office

554 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/41   where a single sign-on prov...

G06F 21/6218   to a system of files or obj...

G06F 2221/2117   User registration

G06F 2221/2137   Time limited access, e.g. t...

G06F 8/61   Installation

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/108   when the policy decisions a...

H04L 67/02   based on web technology, e....

H04L 67/34   involving the movement of s...

Pre-authorizing a client application to access a user account on a content management system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

5 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Pre-authorizing a client application to access a user account on a content management system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links