System and method for serving online synchronized content from a sandbox domain via a temporary address

US 10,565,402 B2
Filed: 10/14/2014
Issued: 02/18/2020
Est. Priority Date: 10/14/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a first domain via a first address directed to the first domain, a first request to access a content item stored in a content management system;

determining whether to serve the content item from the first domain based on a first access privilege associated with the content item at the first domain;

generating a second address directed to a second domain;

associating the second address and the first access privilege with the content item;

receiving, at the second domain via the second address, a second request to access the content item;

serving, based on a verification of the first access privilege, the content item from the second domain in response to the second request received via the second address; and

disassociating the second address with the content item, wherein access to the content item via the first address is unaffected.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and non-transitory computer-readable storage media for serving content stored in an online synchronized content management system from a sandbox domain via a temporary address. The online synchronized content management system may receive a first request from a user to access a content item stored in the system. The first request may be received at a first domain via a first address that is directed to the first domain. The system may generate a second address that is directed to a second domain such as a sandbox domain. Then, the second address can be associated with the content item for direct access. When the system receives, at the second domain via the second address, a second request to access the content item, the content item can be served from the second domain. After the system receives the second request, it can generate and issue a session identifier for the second address to verify any subsequent requests to access the content item via the second address.

11 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, at a first domain via a first address directed to the first domain, a first request to access a content item stored in a content management system;
  
  determining whether to serve the content item from the first domain based on a first access privilege associated with the content item at the first domain;
  
  generating a second address directed to a second domain;
  
  associating the second address and the first access privilege with the content item;
  
  receiving, at the second domain via the second address, a second request to access the content item;
  
  serving, based on a verification of the first access privilege, the content item from the second domain in response to the second request received via the second address; and
  
  disassociating the second address with the content item, wherein access to the content item via the first address is unaffected.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - upon receiving the first request, authenticating, at the first domain, a user who sent the first request, wherein the second address is generated only when the user is successfully authenticated.
  - 3. The method of claim 1, further comprising:
    - after receiving the second request, generating a session identifier for the second address; and
      
      issuing the session identifier to a requester of the second request.
  - 4. The method of claim 3, wherein the session identifier is a randomly generated value.
  - 5. The method of claim 3, wherein the session identifier is issued by placing a session cookie in a web browser associated with the requester of the second request, the session cookie comprising the session identifier.
  - 6. The method of claim 3, further comprising:
    - after issuing the session identifier, receiving, at the second domain via the second address, a third request to access the content item; and
      
      serving the content item from the second domain in response to the third request when the session identifier is also received from a requester of the third request.
  - 7. The method of claim 3, further comprising:
    - after issuing the session identifier, receiving, at the second domain via the second address, a third request to access the content item; and
      
      denying service of the content item in response to the third request when the session identifier is not received from a requester of the third request.
  - 8. The method of claim 1, further comprising:
    - after generating the second address, presenting a link to the second address on a webpage served at the first domain.
  - 9. The method of claim 1, wherein the second address is configured to expire after the content item is accessed via the second address a predetermined number of times.
  - 10. The method of claim 1, wherein the second address is configured to expire when a predetermined time period elapses after the second address is generated.
  - 11. The method of claim 1, wherein the second domain is a sandbox domain.
  - 12. The method of claim 1, further comprising:
    - disassociating the second address from the content item when the content item is accessed via the second address a predetermined number of times or when a predetermined time period elapses after the second address is generated;
      
      generating a third address directed to the second domain and associating the third address with the content item, wherein the third address is different from the second address; and
      
      receiving, at the second domain via the third address, a third request to access the content item; and
      
      serving the content item from the second domain in response to the third request.

13. A system comprising:
- at least one processor; and
  
  a non-transitory computer-readable storage medium storing instructions which, when executed by the at least one processor, cause the at least one processor to perform operations comprising;
  
  receiving, at a first domain via a first uniform resource locator (URL) directed to the first domain, a first request to access a content item stored in the system;
  
  determining whether to serve the content item from the first domain based on an access privilege associated with the content item at the first domain;
  
  generating a second URL directed to a second domain and associating the second URL with the content item;
  
  receiving a second request to access the content item via the first URL combined with a predefined query parameter;
  
  redirecting the second request to the second URL;
  
  serving the content item from the second domain in response to the second request; and
  
  disassociating the second URL with the content item, wherein access to the content item via the first URL is unaffected.
- View Dependent Claims (14, 15)
- - 14. The system of claim 13, the non-transitory computer-readable storage medium storing additional instructions which, when executed by the at least one processor, cause the at least one processor to perform further operations comprising:
    - after receiving the second request, generating a session identifier for the second URL;
      
      receiving, at the second domain via the second URL, a third request to access the content item; and
      
      serving the content item from the second domain in response to the third request only when the session identifier is also received from a requester of the third request.
  - 15. The system of claim 13, wherein the non-transitory computer-readable storage medium stores additional instructions which, when executed by the at least one processor, cause the at least one processor to perform further operations comprising:
    - disassociating the second URL from the content item after the content item is accessed via the second URL a predetermined number of times or when a predetermined period of time elapses after the second URL is generated.

16. A non-transitory computer-readable storage device storing instructions which, when executed by at least one processor, cause the at least one processor to perform operations comprising:
- receiving, at a first domain via a first link directed to the first domain, a first request associated with a content item stored in a content management system;
  
  determining, in response to the first request, an access privilege to the content item at the first domain and generating a second link directed to a second domain and associating the second link with the content item;
  
  receiving, at the second domain via the second link, a second request from a client device, the second request being associated with the content item;
  
  when it is determined that the second link is being accessed for a first time since the second link was generated;
  
  generating a session identifier for the second link;
  
  issuing the session identifier to the client device; and
  
  serving the content item from the second domain to the client device in response to the second request; and
  
  when it is determined that the second link is not being accessed for the first time since the second link was generated;
  
  serving the content item from the second domain to the client device in response to the second request only when the client device is in possession of the session identifier; and
  
  disassociating the second link with the content item, wherein access to the content item via the first link is unaffected.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer-readable storage device of claim 16, wherein the second link is disassociated from the content item when a predetermined time period elapses (i) since the second link is generated, (ii) since the second link is associated with the content item, (iii) since the second link is accessed for the first time, or (iv) since the second link is accessed for a last time.
  - 18. The non-transitory computer-readable storage device of claim 16, wherein the second link is disassociated from the content item when the content item is served via the second link a predetermined number of times.
  - 19. The non-transitory computer-readable storage device of claim 16, wherein the second link is uniquely generated each time the first request is received via the first link.
  - 20. The non-transitory computer-readable storage device of claim 16, wherein the content item is not directly accessible via the first link.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dropbox, Inc.
Original Assignee
Dropbox, Inc.
Inventors
Bortz, Andrew, Hu, Bo, Goldstein, David, Allain, Alex, Ibrishimov, Emil
Primary Examiner(s)
Debrow, James J

Application Number

US14/513,841
Publication Number

US 20160103801A1
Time in Patent Office

1,953 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/9558   Details of hyperlinks; Mana...

G06F 40/134   Hyperlinking

H04L 63/08   for authentication of entit...

H04L 67/02   based on web technology, e....

H04L 67/146   Markers for unambiguous ide...

H04L 67/563   Data redirection of data ne...

System and method for serving online synchronized content from a sandbox domain via a temporary address

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and method for serving online synchronized content from a sandbox domain via a temporary address

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others