PRE-AUTHORIZING A CLIENT APPLICATION TO ACCESS A USER ACCOUNT ON A CONTENT MANAGEMENT SYSTEM

US 20150180846A1
Filed: 12/19/2013
Published: 06/25/2015
Est. Priority Date: 12/19/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

while a client device is authorized to access a user account on a content management system, receiving, by a processor of the content management system, an installation request to install a client-side application on the client device, the installation request originating from a web-browser application running on the client device;

generating an identification tag for the installation request;

transmitting a client installer tagged with the identification tag and a web browser identifier identifying the web browser application from which the installation request originated, wherein the client installer is configured to;

install the client-side application on the client device,generate an authentication key; and

upon the client-side application being successfully installed on the client device, cause the web-browser application to transmit an authorization message to the content management system, the authorization message including;

data cached by the web browser application,the identification tag, andthe authentication key;

receiving the authentication message from the client device;

associating the authentication key with the installation request; and

upon receiving a pre-authorization request including the identification tag and the authentication key, authorizing the client-side application to access the user account on the content management system.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A content management system can tag a client installer with an information tag linking the client installer to a user account. The client installer can be configured to install the client-side application on the client device and pass the identification tag to the installed client-side application. The client-side application can transmit the identification tag to the content management system, which can use the identification tag to identify the linked user account and log the client-side application into the user account. The content management system can implement several verification measures such as limiting the number of times and when an identification tag can be used, as well as IP addresses that can use the identification tag. The content management system can also use data cached by the web-browser application to determine if the web-browser application was used to access the user account in the past.

7 Citations

View as Search Results

20 Claims

1. A method comprising:
- while a client device is authorized to access a user account on a content management system, receiving, by a processor of the content management system, an installation request to install a client-side application on the client device, the installation request originating from a web-browser application running on the client device;
  
  generating an identification tag for the installation request;
  
  transmitting a client installer tagged with the identification tag and a web browser identifier identifying the web browser application from which the installation request originated, wherein the client installer is configured to;
  
  install the client-side application on the client device,generate an authentication key; and
  
  upon the client-side application being successfully installed on the client device, cause the web-browser application to transmit an authorization message to the content management system, the authorization message including;
  
  data cached by the web browser application,the identification tag, andthe authentication key;
  
  receiving the authentication message from the client device;
  
  associating the authentication key with the installation request; and
  
  upon receiving a pre-authorization request including the identification tag and the authentication key, authorizing the client-side application to access the user account on the content management system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - receiving, from the client device, login credentials transmitted by the web-browser application;
      
      determining that the login credentials are associates with the user account; and
      
      authorizing the web-browser application on the client device to access the user account.
  - 3. The method of claim 1, further comprising:
    - creating an entry in a pre-authorization index, the entry including;
      
      the identification tag,an account identifier identifying the user account,a creation time of the identification tag, andan IP address.
  - 4. The method of claim 3, further comprising:
    - determining that the identification tag has not expired when a the pre-authorization request was received within a predetermined amount of time after the creation time of the identification tag.
  - 5. The method of claim 3, further comprising:
    - identifying a requesting IP address that the pre-authorization request was received from;
      
      determining that the identification tag was received from an authorized IP address when the requesting IP address matches the IP address in the entry in the pre-authorization index.
  - 6. The method of claim 5, wherein the IP address included in the entry in the pre-authorization index is the IP address that the installation request was received from.
  - 7. The method of claim 3, further comprising:
    - determining that the identification tag has not been previously used to pre-authorize the client-side application, wherein the identification tag can only be used once to pre-authorize the client-side application.
  - 8. The method of claim 7, further comprising:
    - upon authorizing the client-side application to access the user account on the content management system, flagging the entry in the pre-authorization index to indicate that the identification tag has been used to pre-authorize the client side application.

9. A content management system comprising:
- a processor; and
  
  a memory containing instructions that, when executed, cause the processor to;
  
  receive an installation request to install a client-side application on a client device;
  
  determine that the installation request is associated with a user account;
  
  generate an identification tag for the installation request;
  
  transmit, to the client device, a client installer tagged with the identification tag, wherein the client installer is configured to install the client-side application on the client device;
  
  receive a pre-authorization request including the identification tag;
  
  determine that the pre-authorization request was received within a predetermined amount of time after the identification tag was generated; and
  
  authorize the client-side application to access the user account.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The content management system of claim 9, wherein determining that the installation request is associated with the user account comprises:
    - determining that the client device was authorized to access the user account when the installation request was received.
  - 11. The content management system of claim 9, wherein the instructions further cause the processor to:
    - create an entry in a pre-authorization index, the entry including;
      
      the identification tag,a creation time for the identification tag, andan account identifier identifying the user account.
  - 12. The content management system of claim 11, wherein the instructions further cause the processor to:
    - locate the entry in the pre-authorization index including the identification tag; and
      
      identify the user account based on the account identifier included in the entry.
  - 13. The content management system of claim 12, wherein determine that the pre-authorization request was received within a predetermined amount of time after the identification tag was generated comprises:
    - comparing a request time that the pre-authorization request was received to the creation time for the identification tag.
  - 14. The content management system of claim 11, wherein the entry in the pre-authorization index further includes an IP address associated with the installation request, the instructions further causing the processor to:
    - determine that the pre-authorization request was received from an authorized IP address when an IP address associated with the pre-authorization request matches the IP address associated with the installation request.
  - 15. The content management system of claim 11, wherein the instructions further cause the processor to:
    - upon authorizing the client-side application to access the user account, mark the index in the pre-authorization index to indicate that the identification tag has been used to pre-authorize the client-side application.

16. A non-transitory computer-readable medium containing instructions that, when executed by a computing device, cause the computing device to:
- receive an installation request to install a client-side application on a client device;
  
  determine that the installation request is associated with a first user account and a second user account;
  
  generate an identification tag for the installation request;
  
  transmit, to the client device, a client installer tagged with the identification tag, wherein the client installer is configured to install the client-side application on the client device;
  
  receive a pre-authorization request including the identification tag;
  
  determine that at least one verification measure is satisfied; and
  
  authorize the client-side application to access the first user account and the second user account.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer-readable medium of claim 16, wherein the at least one verification measure is that the identification tag has not been used to pre-authorize the client-side application.
  - 18. The non-transitory computer-readable medium of claim 16, wherein the at least one verification measure is that the identification tag is not expired.
  - 19. The non-transitory computer-readable medium of claim 18, where the identification tag expires after a pre-determined time elapses after the identification tag was created.
  - 20. The non-transitory computer-readable medium of claim 16, wherein the at least one verification measure is that the pre-authorization request and the installation request were received from the same IP address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dropbox, Inc.
Original Assignee
Dropbox, Inc.
Inventors
Bortz, Andrew, Euresti, David, Nguyen, Huy, Kaplan, Josh, Moody, Viraj, Vincent, Ritu

Granted Patent

US 9,258,291 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/41   where a single sign-on prov...

G06F 21/6218   to a system of files or obj...

G06F 2221/2117   User registration

G06F 2221/2137   Time limited access, e.g. t...

G06F 8/61   Installation

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/108   when the policy decisions a...

H04L 67/02   based on web technology, e....

H04L 67/34   involving the movement of s...

PRE-AUTHORIZING A CLIENT APPLICATION TO ACCESS A USER ACCOUNT ON A CONTENT MANAGEMENT SYSTEM

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

7 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

PRE-AUTHORIZING A CLIENT APPLICATION TO ACCESS A USER ACCOUNT ON A CONTENT MANAGEMENT SYSTEM

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others