CLIENT APPLICATION ASSISTED AUTOMATIC USER LOG IN

US 20140223527A1
Filed: 02/06/2013
Published: 08/07/2014
Est. Priority Date: 02/06/2013
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a processor;

a first module configured to control the processor to obtain an authentication token, the authentication token comprising data to authenticate a user to a server;

a second module configured to control the processor to generate a uniform resource locator (URL) and a file, the URL comprising a first part of the token, the file comprising a second part of the token and a set of instructions; and

a third module configured to control the processor to execute the URL, the URL redirecting execution to the set of instructions in the file, wherein the set of instructions combine the first part and the second part to re-create the token and transmit the re-created token to the server to authenticate the user.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some systems allow a user to access content using both a native client application and a web interface. In these systems, the client application authorized to access a user account can assist with automatically logging a user into the web interface through the use of authentication tokens. In response to an authentication request, the client application can select a token and split it into multiple parts. One piece can be embedded in a URL and a second piece can be stored in a file. The file can also contain browser executable instructions that when executed combine the two pieces to re-create the token and send the re-created token to a server to authenticate the user. The client application can forward the URL to the browser, which can direct the browser to the file. The browser can execute the instructions thereby authenticating the user.

267 Citations

24 Claims

1. A system comprising:
- a processor;
  
  a first module configured to control the processor to obtain an authentication token, the authentication token comprising data to authenticate a user to a server;
  
  a second module configured to control the processor to generate a uniform resource locator (URL) and a file, the URL comprising a first part of the token, the file comprising a second part of the token and a set of instructions; and
  
  a third module configured to control the processor to execute the URL, the URL redirecting execution to the set of instructions in the file, wherein the set of instructions combine the first part and the second part to re-create the token and transmit the re-created token to the server to authenticate the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1 further comprising:
    - a fourth module configured to control the processor to apply a secret sharing algorithm to the token to generate the first part and the second part.
  - 3. The system of claim 1, wherein obtaining the authentication token occurs in response to a web interface triggering action detected by a client application.
  - 4. The system of claim 3 further comprising:
    - a fourth module configured to control the processor to present a web interface, the web interface displaying a user interface corresponding to the web triggering action comprising data from an account for the user.
  - 5. The system of claim 1 further comprising:
    - a fourth module configured to control the processor to receive an authentication failed message when the re-created token fails to match the authentication token.
  - 6. The system of claim 1 further comprising:
    - a fourth module configured to control the processor to invalidate the authentication token after transmitting the re-created token.
  - 7. The system of claim 1, wherein the authentication token expires after a pre-defined period of time.
  - 8. The system of claim 1, wherein transmitting the re-created token to authenticate the user comprises executing a hypertext transfer protocol (HTTP) post method.
  - 9. The system of claim 1, wherein the authentication token is a one-use token.

10. A computer-implemented method comprising:
- receiving from a server a secret, the secret generated on the server as an authentication token linked to a user account;
  
  splitting the secret to generate a first part and a second part;
  
  generating a file comprising the first part and instructions, which when executed combine the first part and the second part to re-create the secret and send the re-created secret to the server;
  
  generating a uniform resource locator (URL) including the second part; and
  
  executing, via a processor, the URL, wherein the URL redirects execution to the instructions in the file.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, wherein the splitting, generating, and executing occur in response to a web interface triggering action.
  - 12. The method of claim 11 further comprising:
    - when the re-created secret matches the secret, presenting a web browser window displaying a user interface corresponding to the web triggering action comprising data from the user account; and
      
      when the re-created secret differs from the secret, presenting a web browser window indicating authentication failed.
  - 13. The method of claim 12, wherein the web browser window indicating authentication failed includes user interface elements for accepting a username and a password.
  - 14. The method of claim 10, wherein the instructions are JavaScript instructions.
  - 15. The method of claim 10, wherein the re-created secret authenticates a user of the user account when the re-created secret matches the secret generated on the server.
  - 16. The method of claim 10 further comprising:
    - deleting the file after a first predefined period of time; and
      
      invalidating the secret after sending the re-created secret to the server.

17. A client device comprising:
- a processor;
  
  a memory configured to store a client application and a web browser application, the client application linked to a user authenticated with a server;
  
  a first module configured to control the processor to receive a request to authenticate the user for access to data on the server through the web browser application, the request received from the client application;
  
  a second module configured to control the processor to generate a uniform resource locator (URL) and a file, the URL comprising a first secret, the file comprising a second secret and a set of instructions, wherein the first secret and the second secret are generated from a one-time use authentication token;
  
  a third module configured to control the processor to execute the URL in the web browser application, wherein executing the URL causes the web browser application to execute the set of instructions in the file, wherein the set of instructions combine the first secret and the second secret to generate an authentication token and transmit the authentication token to the server, whereby automatically authenticating the user to access data on the server through the web browser application.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The client device of claim 17, wherein the request to authenticate the user is received in response to the client application detecting a web interface triggering action.
  - 19. The client device of claim 18, wherein the web interface triggering action is at least one of a request to generate a file sharing link or a request to share a folder.
  - 20. The client device of claim 17, wherein the authentication token is generated by the server.
  - 21. The client device of claim 17, wherein the server is a synchronized online content management system.

22. A synchronized online content management system comprising:
- a processor;
  
  a first module configured to control the processor to send a plurality of authentication tokens for a user account to a client application executing on a client device, the client application authenticated and authorized to access data in the user account;
  
  a second module configured to control the processor to receive a generated authentication token from a web browser executing on the client device;
  
  a third module configured to control the processor to verify the generated authentication token matches an authentication token in the plurality of authentication tokens; and
  
  a fourth module configured to control the processor to send an authentication message.
- View Dependent Claims (23, 24)
- - 23. The synchronized online content management system of claim 22, wherein each authentication token is assigned an expiration date, and wherein verifying the generated authentication token further comprises:
    - checking the expiration date assigned to the matching authentication token is valid.
  - 24. The synchronized online content management system of claim 22 further comprising:
    - a fifth module configured to control the processor to mark the matching authentication token as used.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dropbox, Inc.
Original Assignee
Dropbox, Inc.
Inventors
Bortz, Andrew, Euresti, David, Csaszar, Ambrus, Litzenberger, Dwayne

Granted Patent

US 9,027,097 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/0884   by delegation of authentica...

H04L 67/02   based on web technology, e....

H04L 9/3213   using tickets or tokens, e....

H04L 9/3228   One-time or temporary data,...

CLIENT APPLICATION ASSISTED AUTOMATIC USER LOG IN

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

267 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

CLIENT APPLICATION ASSISTED AUTOMATIC USER LOG IN

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

267 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links