Systems and methods for providing access to data accounts within user profiles via cloud-based storage services

US 8,904,503 B2
Filed: 01/15/2013
Issued: 12/02/2014
Est. Priority Date: 01/15/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for providing access to data accounts within user profiles via cloud-based storage services, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

identifying a user profile associated with a user of a cloud-based storage service;

identifying a plurality of data accounts within the user profile associated with the user of the cloud-based storage service;

authenticating a client-based application associated with the user with a data account within the user profile by;

delegating authentication between the client-based application associated with the user and the data account within the user profile to a client-based application associated with an additional user of the cloud-based storage service;

upon delegating the authentication;

obtaining user credentials associated with the data account from the client-based application associated with the additional user of the cloud-based storage service;

searching an authentication database associated with the cloud-based storage service for the user credentials obtained from the client-based application associated with the additional user;

identifying the user credentials obtained from the client-based application associated with the additional user while searching the authentication database associated with the cloud-based storage service;

upon identifying the user credentials while searching the authentication database, determining that the user credentials correspond to the data account within the user profile;

detecting a request from the client-based application associated with the user of the cloud-based storage service to access at least a portion of data stored in the data account within the user profile;

in response to detecting the request from the client-based application associated with the user, locating a unique account name that identifies the data account in the request;

upon locating the unique account name that identifies the data account in the request, satisfying the request from the client-based application associated with the user to access the portion of data stored in the data account via the cloud-based storage service by;

locating a unique encryption key that corresponds to the data account identified by the unique account name;

decrypting the portion of data stored in the data account with the unique encryption key that corresponds to the data account;

providing a decrypted version of the portion of data stored in the data account to the client-based application associated with the user via the cloud-based storage service.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for providing access to data accounts within user profiles via cloud-based storage services may include (1) identifying a user profile associated with a user of a cloud-based storage service, (2) identifying a plurality of data accounts within the user profile associated with the user of the cloud-based storage service, (3) detecting a request from a client-based application associated with the user of the cloud-based storage service to access at least a portion of data stored in a data account within the user profile, (4) locating a unique account name that identifies the data account in the request, and then (5) satisfying the request from the client-based application associated with the user to access the portion of data stored in the data account via the cloud-based storage service. Various other methods, systems, and computer-readable media are also disclosed.

Citations

19 Claims

1. A computer-implemented method for providing access to data accounts within user profiles via cloud-based storage services, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying a user profile associated with a user of a cloud-based storage service;
  
  identifying a plurality of data accounts within the user profile associated with the user of the cloud-based storage service;
  
  authenticating a client-based application associated with the user with a data account within the user profile by;
  
  delegating authentication between the client-based application associated with the user and the data account within the user profile to a client-based application associated with an additional user of the cloud-based storage service;
  
  upon delegating the authentication;
  
  obtaining user credentials associated with the data account from the client-based application associated with the additional user of the cloud-based storage service;
  
  searching an authentication database associated with the cloud-based storage service for the user credentials obtained from the client-based application associated with the additional user;
  
  identifying the user credentials obtained from the client-based application associated with the additional user while searching the authentication database associated with the cloud-based storage service;
  
  upon identifying the user credentials while searching the authentication database, determining that the user credentials correspond to the data account within the user profile;
  
  detecting a request from the client-based application associated with the user of the cloud-based storage service to access at least a portion of data stored in the data account within the user profile;
  
  in response to detecting the request from the client-based application associated with the user, locating a unique account name that identifies the data account in the request;
  
  upon locating the unique account name that identifies the data account in the request, satisfying the request from the client-based application associated with the user to access the portion of data stored in the data account via the cloud-based storage service by;
  
  locating a unique encryption key that corresponds to the data account identified by the unique account name;
  
  decrypting the portion of data stored in the data account with the unique encryption key that corresponds to the data account;
  
  providing a decrypted version of the portion of data stored in the data account to the client-based application associated with the user via the cloud-based storage service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, further comprising:
    - authenticating the client-based application associated with the user with each of the data accounts within the user profile;
      
      in response to authenticating the client-based application associated with the user with each of the data accounts within the user profile, enabling the client-based application associated with the user to access each of the data accounts within the user profile.
  - 3. The method of claim 2, wherein authenticating the client-based application associated with the user with each of the data accounts within the user profile comprises:
    - obtaining user credentials associated with each of the plurality of data accounts within the user profile from the client-based application associated with the user;
      
      searching the authentication database associated with the cloud-based storage service for the user credentials obtained from the client-based application associated with the user;
      
      identifying the user credentials obtained from the client-based application associated with the user while searching the authentication database associated with the cloud-based storage service;
      
      upon identifying the user credentials while searching the authentication database, determining that the user credentials correspond to each of the plurality of data accounts within the user profile.
  - 4. The method of claim 3, wherein obtaining the user credentials associated with each of the plurality of data accounts within the user profile comprises obtaining a single set of user credentials associated with each of the plurality of data accounts within the user profile from the client-based application associated with the user.
  - 5. The method of claim 3, wherein obtaining the user credentials associated with each of the plurality of data accounts within the user profile comprises obtaining a different set of user credentials for each of the plurality of data accounts within the user profile from the client-based application associated with the user.
  - 6. The method of claim 1, further comprising, prior to satisfying the request to access the portion of data stored in the data account within the user profile:
    - detecting a storage request from the client-based application associated with the user to store the portion of data in the data account;
      
      in response to detecting the storage request from the client-based application associated with the user, locating the unique account name that identifies the data account in the storage request;
      
      upon locating the unique account name that identifies the data account in the storage request, satisfying the storage request from the client-based application associated with the user via the cloud-based storage service by;
      
      locating the unique encryption key that corresponds to the data account identified by the unique account name;
      
      encrypting the portion of data to be stored in the data account with the unique encryption key that corresponds to the data account;
      
      storing an encrypted version of the portion of data in the data account within the user profile via the cloud-based storage service.
  - 7. The method of claim 1, further comprising:
    - upon authenticating the client-based application associated with the user with the data account within the user profile, enabling the client-based application associated with the user to delegate access to the data account within the user profile to a client-based application associated with another user of the cloud-based storage service.
  - 8. The method of claim 7, wherein enabling the client-based application associated with the user to delegate access to the data account within the user profile to the client-based application associated with the other user comprises:
    - detecting a delegation request from the client-based application associated with the user to delegate access to the data account within the user profile to the client-based application associated with the other user;
      
      in response to detecting the delegation request from the client-based application associated with the user, locating a unique account name that identifies the data account in the delegation request;
      
      upon locating the unique account name that identifies the data account in the delegation request, satisfying the delegation request from the client-based application associated with the user by delegating access to the data account within the user profile to the client-based application associated with the other user via the cloud-based storage service.
  - 9. The method of claim 8, wherein delegating access to the data account within the user profile comprises delegating access to the data account within the user profile such that the client-based application associated with the other user is able to access the data account within the user profile but unable to access the plurality of data accounts within the user profile.
  - 10. The method of claim 1, wherein identifying the plurality of data accounts within the user profile associated with the cloud-based storage service comprises identifying a plurality of data zones within the data account identified by the unique account name.
  - 11. The method of claim 10, wherein locating the unique account name that identifies the data account in the request comprises locating a unique zone name that identifies a data zone within the data account.
  - 12. The method of claim 11, wherein satisfying the request from the client-based application associated with the user to access the portion of data stored in the data account via the cloud-based storage service comprises:
    - locating a unique encryption key that corresponds to the data zone identified by the unique zone name;
      
      decrypting at least a portion of data stored in the data zone within the data account with the unique encryption key that corresponds to the data zone;
      
      providing a decrypted version of the portion of data stored in the data zone within the data account to the client-based application associated with the user via the cloud-based storage service.
  - 13. The method of claim 10, further comprising:
    - detecting a delegation request from the client-based application associated with the user to delegate access to a data zone within the data account to a client-based application associated with another user of the cloud-based storage service;
      
      in response to detecting the delegation request from the client-based application associated with the user, locating a unique zone name that identifies the data zone within the data account in the delegation request;
      
      upon locating the unique zone name that identifies the data zone within the data account in the delegation request, satisfying the delegation request from the client-based application associated with the user by delegating access to the data zone within the data account to the client-based application associated with the other user via the cloud-based storage service.
  - 14. The method of claim 13, wherein delegating access to the data zone within the data account comprises delegating access to the data zone within the data account such that the client-based application associated with the other user is able to access the data zone within the data account but unable to access the plurality of data zones within the data account.

15. A system for providing access to data accounts within user profiles via cloud-based storage services, system comprising:
- an identification module programmed to;
  
  identify a user profile associated with a user of a cloud-based storage service;
  
  identify a plurality of data accounts within the user profile associated with the user of the cloud-based storage service;
  
  an authentication module programmed to authenticate a client-based application associated with the user with a data account within the user profile by;
  
  delegating authentication between the client-based application associated with the user and the data account within the user profile to a client-based application associated with an additional user of the cloud-based storage service;
  
  upon delegating the authentication;
  
  obtaining user credentials associated with the data account from the client-based application associated with the additional user of the cloud-based storage service;
  
  searching an authentication database associated with the cloud-based storage service for the user credentials obtained from the client-based application associated with the additional user;
  
  identifying the user credentials obtained from the client-based application associated with the additional user while searching the authentication database associated with the cloud-based storage service;
  
  upon identifying the user credentials while searching the authentication database, determining that the user credentials correspond to the data account within the user profile;
  
  a detection module programmed to detect a request from the client-based application associated with the user of the cloud-based storage service to access at least a portion of data stored in the data account within the user profile;
  
  a locating module programmed to locate a unique account name that identifies the data account in the request;
  
  an access module programmed to satisfy the request from the client-based application associated with the user to access the portion of data stored in the data account via the cloud-based storage service by;
  
  locating a unique encryption key that corresponds to the data account identified by the unique account name;
  
  decrypting the portion of data stored in the data account with the unique encryption key that corresponds to the data account;
  
  providing a decrypted version of the portion of data stored in the data account to the client-based application associated with the user via the cloud-based storage service;
  
  at least one processor configured to execute the identification module, the detection module, the locating module, and the access module.
- View Dependent Claims (16, 17, 18)
- - 16. The system of claim 15, wherein:
    - the authentication module is further programmed to authenticate the client-based application with each of the data accounts within the user profile;
      
      the access module is further programmed to enable the client-based application to access each of the data accounts within the user profile in response to the authentication of the client-based application with each of the data accounts within the user profile.
  - 17. The system of claim 16, wherein the authentication module is programmed to:
    - obtain user credentials associated with each of the plurality of data accounts within the user profile from the client-based application associated with the user;
      
      search the authentication database associated with the cloud-based storage service for the user credentials obtained from the client-based application associated with the user;
      
      identify the user credentials obtained from the client-based application associated with the user while searching the authentication database associated with the cloud-based storage service;
      
      determine that the user credentials obtained from the client-based application associated with the user correspond to each of the plurality of data accounts within the user profile.
  - 18. The system of claim 16, further comprising a delegation module programmed to enable the client-based application associated with the user to delegate access to the data account within the user profile to a client-based application associated with another user of the cloud-based storage service.

19. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- identify a user profile associated with a user of a cloud-based storage service;
  
  identify a plurality of data accounts within the user profile associated with the user of the cloud-based storage service;
  
  authenticate a client-based application associated with the user with a data account within the user profile by;
  
  delegating authentication between the client-based application associated with the user and the data account within the user profile to a client-based application associated with an additional user of the cloud-based storage service;
  
  upon delegating the authentication;
  
  obtaining user credentials associated with the data account from the client-based application associated with the additional user of the cloud-based storage service;
  
  searching an authentication database associated with the cloud-based storage service for the user credentials obtained from the client-based application associated with the additional user;
  
  identifying the user credentials obtained from the client-based application while searching the authentication database associated with the cloud-based storage service;
  
  upon identifying the user credentials while searching the authentication database, determining that the user credentials correspond to the data account within the user profile;
  
  detect a request from a client-based application associated with the user of the cloud-based storage service to access at least a portion of data stored in a data account within the user profile;
  
  locate a unique account name that identifies the data account in the request;
  
  satisfy the request from the client-based application associated with the user to access the portion of data stored in the data account via the cloud-based storage service by;
  
  locating a unique encryption key that corresponds to the data account identified by the unique account name;
  
  decrypting the portion of data stored in the data account with the unique encryption key that corresponds to the data account;
  
  providing a decrypted version of the portion of data stored in the data account to the client-based application associated with the user via the cloud-based storage service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Agbabian, Paul
Primary Examiner(s)
CHEN, SHIN HON

Application Number

US13/742,217
Publication Number

US 20140201824A1
Time in Patent Office

686 Days
Field of Search

None
US Class Current

726/6
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/08   for authentication of entit...

Systems and methods for providing access to data accounts within user profiles via cloud-based storage services

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for providing access to data accounts within user profiles via cloud-based storage services

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links