Advanced security protocol for broadcasting and synchronizing shared folders over local area network

US 9,641,488 B2
Filed: 02/28/2014
Issued: 05/02/2017
Est. Priority Date: 02/28/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, at a first application associated with a content management system on a first client device and a second application associated with the content management system on at least one second client device, from the content management system, a shared secret key generated at the content management system for a shared folder and a corresponding namespace identifier;

generating, via at least one processor of the first client device, a secure identifier based on the shared secret key and namespace identifier and further based on a cryptographic nonce that is uniquely generated for an announcement message;

broadcasting, by the first application associated with the content management system on the first client device, the announcement message comprising the secure identifier and the cryptographic nonce to the second application associated with the content management system on the at least one second client device;

receiving the announcement message at the second application associated with the content management system on the at least one second client device;

determining, based on the received announcement message, that the shared folder is associated with the at least one second client device based on the generated secure identifier,establishing a connection over a local area network between the first application associated with the content management system on the first client device and the second application associated with the content management system on the at least one second client device; and

synchronizing at least one content item in the shared folder between the first client device and the at least one second client device over the connection.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and manufacture for securely broadcasting shared folders from one client device to other client devices and synchronizing the shared folders over a local area network. A first client device, associated with a content management system, generates a secure identifier for a shared folder, using a shared secret key that is associated with the shared folder. The first client device announces the secure identifier over a local area network to other client devices on the local area network including a second client device. The first client device receives a synchronization request for the shared folder from the second client device. After authenticating, using the shared secret key, that the second client device has authorization to access the shared folder, the first client device synchronizes the shared folder with the second client device over the local area network.

96 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- receiving, at a first application associated with a content management system on a first client device and a second application associated with the content management system on at least one second client device, from the content management system, a shared secret key generated at the content management system for a shared folder and a corresponding namespace identifier;
  
  generating, via at least one processor of the first client device, a secure identifier based on the shared secret key and namespace identifier and further based on a cryptographic nonce that is uniquely generated for an announcement message;
  
  broadcasting, by the first application associated with the content management system on the first client device, the announcement message comprising the secure identifier and the cryptographic nonce to the second application associated with the content management system on the at least one second client device;
  
  receiving the announcement message at the second application associated with the content management system on the at least one second client device;
  
  determining, based on the received announcement message, that the shared folder is associated with the at least one second client device based on the generated secure identifier,establishing a connection over a local area network between the first application associated with the content management system on the first client device and the second application associated with the content management system on the at least one second client device; and
  
  synchronizing at least one content item in the shared folder between the first client device and the at least one second client device over the connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, further comprising receiving, at the first client device from the content management system, a folder identifier associated with the shared folder.
  - 3. The computer-implemented method of claim 1, wherein the secure identifier is generated using a pseudorandom function family.
  - 4. The computer-implemented method of claim 1, wherein the secure identifier is broadcast over the local area network.
  - 5. The computer-implemented method of claim 1, wherein the shared secret key comprises a secret string.
  - 6. The computer-implemented method of claim 1, wherein the cryptographic nonce is periodically renewed and never repeated.
  - 7. The computer-implemented method of claim 1, wherein generating the secure identifier is further based on an indication of an expiration time, and the method further comprising:
    - broadcasting the indication to at least the at least one second client device.
  - 8. The computer-implemented method of claim 1, further comprising:
    - receiving a synchronization request for the shared folder from the at least one second client device; and
      
      in response to determining that the at least one second client device has authorization to access the shared folder using the shared secret key, synchronizing the shared folder to the second client device over the local area network.

9. A non-transitory computer-readable medium storing computer executable instructions for causing a computer to perform a method comprising:
- receiving, at first application associated with a content management system on a first client device and a second application associated with the content management system on at least one second client device, from the content management system, a shared folder having a folder identifier and a shared secret key generated at the content management system for the shared folder;
  
  receiving, at the first application associated with the content management system on the first client device, a first secure identifier associated with the shared folder from the second application associated with the content management system on the at least one second client device;
  
  generating, at the first application associated with the content management system on first client device, a second secure identifier associated with the shared folder based on the shared secret key; and
  
  when the first secure identifier matches the second secure identifier, associating the folder identifier with the at least one second client device;
  
  establishing a connection over a local area network between the first application associated with the content management system on the first client device and the second application associated with the content management system on the at least one second client device; and
  
  synchronizing at least one content item in the shared folder between the first client device and the at least one second client device over the connection.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The non-transitory computer-readable medium of claim 9, wherein the second secure identifier is generated using a pseudorandom function family.
  - 11. The non-transitory computer-readable medium of claim 9, wherein the first secure identifier is received over the local area network.
  - 12. The non-transitory computer-readable medium of claim 9, wherein associating the folder identifier with the at least one second client device yields an association, the method further comprising storing the association.
  - 13. The non-transitory computer-readable medium of claim 9, wherein generating the second secure identifier is further based on an expiration time received from the at least one second client device, and wherein the folder identifier is associated with the at least one second client device only when the expiration time has not passed.
  - 14. The non-transitory computer-readable medium of claim 9, wherein the second secure identifier is generated further based on a cryptographic nonce received from the second application associated with the content management system on the at least one second client device.
  - 15. The non-transitory computer-readable medium of claim 9, wherein the method further comprises:
    - sending a synchronization request for the shared folder to the at least one second client device;
      
      establishing a secure connection over the local area network with the at least one second client device using the shared secret key; and
      
      synchronizing the shared folder with the at least one second client device via the secure connection.

16. A manufacture comprising:
- a non-transitory computer-readable medium; and
  
  computer-readable instructions, stored on the non-transitory computer-readable medium, that when executed are effective to cause an application associated with a content management system on a computer to;
  
  generate, at a first application associated with the content management system on a first client device, a secure identifier for a shared folder, based on a shared secret key generated at the content management system for the shared folder and further based on a cryptographic nonce that is uniquely generated for an announcement message;
  
  broadcast by the first application associated with the content management system on the first client device the secure identifier to a second application associated with the content management system on at least one second client device using the announcement message;
  
  receive a synchronization request for the shared folder from the second application associated with the content management system on the at least one second client device;
  
  establish a connection over a local area network between the first application associated with the content management system on the first client device and the second application associated with the content management system on the at least one second client device; and
  
  in response to authenticating, using the shared secret key, that the second client device has authorization to access the shared folder, synchronize the shared folder with the second client device over the local area network.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The manufacture of claim 16, wherein the shared folder is also synchronized on the content management system, and wherein the first client device and the at least one second client device are associated with the content management system.
  - 18. The manufacture of claim 16, wherein the computer-readable instructions are effective to further cause the computer to announce the secure identifier to a plurality of client devices over the local area network.
  - 19. The manufacture of claim 16, wherein the computer-readable instructions are effective to further cause the computer to authenticate, using the shared secret key, the second client device for access to the shared folder.
  - 20. The manufacture of claim 16, wherein generating the secure identifier is further based on an indication of an expiration time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dropbox, Inc.
Original Assignee
Dropbox, Inc.
Inventors
Mityagin, Anton, Litzenberger, Dwayne
Primary Examiner(s)
SHOLEMAN, ABU S

Application Number

US14/193,316
Publication Number

US 20150249647A1
Time in Patent Office

1,159 Days
Field of Search

713155, 713168, 713156, 713171
US Class Current
CPC Class Codes

G06F 16/176   Support for shared access t...

G06F 16/178   Techniques for file synchro...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/10   for controlling access to d...

H04L 63/123   received data contents, e.g...

H04L 63/166   at the transport layer

H04L 67/1095   Replication or mirroring of...

H04L 9/0869   involving random numbers or...

Advanced security protocol for broadcasting and synchronizing shared folders over local area network

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

96 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Advanced security protocol for broadcasting and synchronizing shared folders over local area network

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

96 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links