System and method for embedding first party widgets in third-party applications

US 9,860,253 B2
Filed: 03/25/2015
Issued: 01/02/2018
Est. Priority Date: 06/26/2012
Status: Active Grant

First Claim

Patent Images

1. A method for providing a third party application with access to files stored on a server, the method comprising:

receiving, from a browser at a client device, a request for a file stored on the server, wherein the request is received via a web page provided by the third party application and rendered by the browser, the web page comprising an embedded user interface (UI) component associated with the server to access the file stored on the server, wherein the request includes;

a document identifier associated with the file,an application identifier of the third-party application, andan origin identifier, wherein the origin identifier is associated with the web page provided by the third party application and rendered by the browser;

determining that the origin identifier and the document identifier are both associated with the application identifier;

authenticating the application identifier at the server, wherein the authenticating the application identifier comprises determining whether the application identifier references a valid application;

authenticating the origin identifier at the server, wherein the authenticating the origin identifier comprises determining whether the origin identifier is associated with the valid application that is referenced by the authenticated application identifier; and

based on the determining and authenticating, granting access to the file for the third party application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems provide embeddable user interface widgets to third-party applications so that the widgets can be securely embedded in, and securely used from within, the third-party applications. An embeddable widget may be authorized to access a first-party cloud storage system from a third-party application based on the cloud storage system authenticating a request received from the widget. The authentication may be based on an application identifier, an origin identifier, and/or one or more document identifiers received from the third-party application through the embedded widget. The disclosed methods and systems may significantly mitigate security concerns caused by embedding software in third-party sites, such as clickjacking.

Citations

7 Claims

1. A method for providing a third party application with access to files stored on a server, the method comprising:
- receiving, from a browser at a client device, a request for a file stored on the server, wherein the request is received via a web page provided by the third party application and rendered by the browser, the web page comprising an embedded user interface (UI) component associated with the server to access the file stored on the server, wherein the request includes;
  
  a document identifier associated with the file,an application identifier of the third-party application, andan origin identifier, wherein the origin identifier is associated with the web page provided by the third party application and rendered by the browser;
  
  determining that the origin identifier and the document identifier are both associated with the application identifier;
  
  authenticating the application identifier at the server, wherein the authenticating the application identifier comprises determining whether the application identifier references a valid application;
  
  authenticating the origin identifier at the server, wherein the authenticating the origin identifier comprises determining whether the origin identifier is associated with the valid application that is referenced by the authenticated application identifier; and
  
  based on the determining and authenticating, granting access to the file for the third party application.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the request is received from a frame embedded in the web page displayed by the browser.
  - 3. The method of claim 2, further comprising:
    - providing a copy of the file to a second server hosting the web page.

4. A system for providing a third party application with access to files stored on a server, the system comprising:
- a memory; and
  
  one or more processors, coupled to the memory, to;
  
  receive, from a browser at a client device, a request for a file stored on the server, wherein the request is received via a web page provided by the third party application and rendered by the browser, the web page comprising an embedded user interface (UI) component associated with the server to access the file stored on the server, wherein the request includes;
  
  a document identifier associated with the file,an application identifier of the third-party application, andan origin identifier, wherein the origin identifier is associated with the web page provided by the third party application and rendered by the browser;
  
  determine that the origin identifier and the document identifier are both associated with the application identifier;
  
  authenticate the application identifier at the server, wherein the authenticating the application identifier comprises determining whether the application identifier references a valid application;
  
  authenticate the origin identifier at the server, wherein the authenticating the origin identifier comprises determining whether the origin identifier is associated with the valid application that is referenced by the authenticated application identifier; and
  
  based on the determining and authenticating, grant access to the file for the third party application.
- View Dependent Claims (5, 6)
- - 5. The system of claim 4, wherein the request is received from a frame embedded in the web page displayed by the browser.
  - 6. The system of claim 5, the one or more programs further comprising instructions for:
    - providing a copy of the file to a second server hosting the web page.

7. A non-transitory computer-readable medium comprising instructions, which when executed by a processing device, cause the processing device to perform operations comprising:
- receiving, from a browser at a client device, a request for a file stored on a server, wherein the request is received via a web page provided by a third party application and rendered by the browser, the web page comprising an embedded user interface (UI) component associated with the server to access the file stored on the server, wherein the request includes;
  
  a document identifier associated with the file,an application identifier of the third-party application, andan origin identifier, wherein the origin identifier is associated with the web page provided by the third party application and rendered by the browser;
  
  determining that the origin identifier and the document identifier are both associated with the application identifier;
  
  authenticating the application identifier at the server, wherein the authenticating the application identifier comprises determining whether the application identifier references a valid application;
  
  authenticating the origin identifier at the server, wherein the authenticating the origin identifier comprises determining whether the origin identifier is associated with the valid application that is referenced by the authenticated application identifier; and
  
  based on the determining and authenticating, granting access to the file for the third party application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Cairns, Brian Lewis, Chou Fritz, Victoria Hsiao-Tsung, Schoeffler, Eric Benson, Procopio, Michael Jeffrey
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Almamun, Abdullah

Application Number

US14/668,965
Publication Number

US 20150200952A1
Time in Patent Office

1,014 Days
Field of Search

726 3
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/126   the source of the received ...

H04L 67/00   Network arrangements or pro...

H04L 67/06   specially adapted for file ...

H04W 4/60   Subscription-based services...

System and method for embedding first party widgets in third-party applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for embedding first party widgets in third-party applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links