Invitation links with enhanced protection

US 11,122,047 B2
Filed: 03/31/2015
Issued: 09/14/2021
Est. Priority Date: 04/02/2014
Status: Active Grant

First Claim

Patent Images

1. A method for providing invitation links to access a protected resource, comprising:

creating a plurality of invitation links for accessing the protected resource, each of the invitation links of the plurality includes a secret invitation code encoded therein, the secret invitation code of each of the invitation links of the plurality being different from the secret invitation code any of the other invitation links of the plurality;

sending, to at least one invitee, at least one of the invitation links for accessing the protected resource, wherein the secret invitation code is unique to each invitee, the invitation link is sent to the at least one invitee through a primary communication channel;

upon detecting an attempt to access the protected resource via at least one of the plurality of invitation links, determining whether the encoded secret invitation code matches a known secret invitation code;

upon determining that the secret invitation code matches the known secret invitation code, performing a verification process to authenticate the invitee via a secondary channel of communication, the verification process including transmitting via the secondary channel of communication a verification challenge including information upon which the verification process is based; and

upon determining that the verification process has been passed, granting access to the protected resource;

wherein the protected resource is stored in a cloud storage system and is one of at least a file and a folder.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for providing invitation links with enhanced protection are presented. The method includes sending, to at least one invitee, at least one invitation link for accessing the protected resource, wherein the at least one invitation link includes a secret invitation code encoded therein, wherein the secret invitation code is unique to each invitee, the invitation link is sent to the at least one invitee through a primary communication channel; upon detecting an attempt to access the at least one invitation link, determining whether the encoded secret invitation code matches a known secret invitation code; upon determining that the secret invitation code matches the known secret invitation code, performing a verification process to authenticate the invitee via a secondary channel of communication; and upon determining that the verification process has been passed, granting access to the protected resource.

13 Citations

View as Search Results

24 Claims

1. A method for providing invitation links to access a protected resource, comprising:
- creating a plurality of invitation links for accessing the protected resource, each of the invitation links of the plurality includes a secret invitation code encoded therein, the secret invitation code of each of the invitation links of the plurality being different from the secret invitation code any of the other invitation links of the plurality;
  
  sending, to at least one invitee, at least one of the invitation links for accessing the protected resource, wherein the secret invitation code is unique to each invitee, the invitation link is sent to the at least one invitee through a primary communication channel;
  
  upon detecting an attempt to access the protected resource via at least one of the plurality of invitation links, determining whether the encoded secret invitation code matches a known secret invitation code;
  
  upon determining that the secret invitation code matches the known secret invitation code, performing a verification process to authenticate the invitee via a secondary channel of communication, the verification process including transmitting via the secondary channel of communication a verification challenge including information upon which the verification process is based; and
  
  upon determining that the verification process has been passed, granting access to the protected resource;
  
  wherein the protected resource is stored in a cloud storage system and is one of at least a file and a folder.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 21, 22)
- - 2. The method of claim 1, wherein the verification process further comprises:
    - generating the verification challenge; and
      
      upon receiving a valid response to the verification challenge, determining that the verification process has been passed.
  - 3. The method of claim 2, wherein the verification challenge includes any one of:
    - a random number, a temporary link, a voice prompt, and a token.
  - 4. The method of claim 1, wherein granting access to the protected resource further comprises:
    - sending a persistent cookie to the invitee device.
  - 5. The method of claim 4, wherein upon subsequent access attempts to the invitation link further comprises:
    - determining if a valid persistent security cookie has been received; and
      
      upon determining that the valid persistent security cookie has been received,bypassing the verification challenge, identifying the invitee device as trusted, andgranting access to the protected resource.
  - 6. The method of claim 5, further comprising:
    - identifying the invitee device as untrusted after a predefined period of time.
  - 7. The method of claim 1, further comprising:
    - decrementing a maximum usage counter for each access granted to the protected resource, wherein the maximum usage counter was set with an initial value greater than one;
      
      upon detecting an attempt to access the protected resource, determining whether the maximum usage counter is greater than zero; and
      
      upon determining that the maximum usage counter is not greater than zero, revoking the invitation link.
  - 8. The method of claim 2, further comprising:
    - determining if the invitee device meets at least one pre-admission security check requirement; and
      
      upon determining that the invitee device does not meet the at least one pre-admission security check requirement, determining that the verification challenge has not been passed.
  - 9. The method of claim 1, wherein the at least one invitation link is generated and sent based on a collaboration policy.
  - 10. The method of claim 8, wherein the at least one invitation link is generated and sent upon compliance with a collaboration policy.
  - 11. The method of claim 10, wherein the collaboration policy defines a set of invitation permissions for external users outside of a predefined group of users, wherein the set of invitation permissions include at least one of:
    - a permission level, a required verification, and at least one challenge restrictions.
  - 21. The method of claim 1, wherein the at least one invitation link is created and sent upon compliance with a collaboration policy, the collaboration policy being implemented using a list, the list being one of a whitelist and a blacklist, the list defining users external to a predefined group of users that can access the resources and at least one of (i) the permissions and (ii) the verification method required, for each of the external users or a group thereof.
  - 22. The method of claim 21, wherein the collaboration policy defines a set of invitation permissions for each of the external users outside of the predefined group of users, wherein the set of invitation permissions include at least one of:
    - a permission level, a required verification, and at least one challenge restrictions.

12. A non-transitory computer readable medium having stored thereon instructions for causing one or more processing units to execute a method of:
- providing invitation links to access a protected resource, comprising;
  
  creating a plurality of invitation links for accessing the protected resource, each of the invitation links of the plurality includes a secret invitation code encoded therein, the secret invitation code of each of the invitation links of the plurality being different from the secret invitation code any of the other invitation links of the plurality;
  
  sending, to at least one invitee, at least one of the invitation links for accessing the protected resource, wherein the secret invitation code is unique to each invitee, the invitation link is sent to the at least one invitee through a primary communication channel;
  
  upon detecting an attempt to access the protected resource via at least one of the plurality of invitation links, determining whether the encoded secret invitation code matches a known secret invitation code;
  
  upon determining that the secret invitation code matches the known secret invitation code, performing a verification process to authenticate the invitee via a secondary channel of communication, the verification process including transmitting via the secondary channel of communication a verification challenge including information upon which the verification process is based; and
  
  upon determining that the verification process has been passed, granting access to the protected resource;
  
  wherein the protected resource is stored in a cloud storage system and is one of at least a file and a folder.

13. A system for providing invitation links to access a protected resource with enhanced protection, comprising:
- a processing unit; and
  
  a memory, the memory containing instructions that, when executed by the processing unit, configure the system to;
  
  create a plurality of invitation links for accessing the protected resource, each of the invitation links of the plurality includes a secret invitation code encoded therein, the secret invitation code of each of the invitation links of the plurality being diffe rent from the secret invitation code any of the other invitation links of the plurality;
  
  send, to at least one invitee, at least one of the invitation links for accessing the protected resource, wherein the secret invitation code is unique to each invitee, the invitation link is sent to the at least one invitee through a primary communication channel;
  
  upon detecting an attempt to access the protected resource via at least one of the plurality of invitation links, determine whether the encoded secret invitation code matches a known secret invitation code;
  
  upon determining that the secret invitation code matches the known secret invitation code, perform a verification process to authenticate the invitee via a secondary channel of communication, the verification process including transmission via the secondary channel of communication a verification challenge including information upon which the verification process is based; and
  
  upon determining that the verification process has been passed, grant access to the protected resource;
  
  wherein the protected resource is stored in a cloud storage system and is one of at least a file and a folder.
- View Dependent Claims (14, 15)
- - 14. The system of claim 13, wherein when performing the verification process the system is further configured to:
    - generate the verification challenge;
      
      andupon receiving a valid response to the verification challenge, determine that the verification process has been passed.
  - 15. The system of claim 14, wherein upon subsequent access attempts to the invitation link, the system is further configured to:
    - determine if a valid persistent security cookie has been received; and
      
      upon determining that the valid persistent security cookie has been received,bypass the verification challenge, identify the invitee device as trusted, and grant access to the protected resource.

16. A method for a secured registration process, comprising:
- creating a plurality of invitation links for accessing the secured registration process, each of the invitation links of the plurality includes a secret invitation code encoded therein, the secret invitation code of each of the invitation links of the plurality being different from the secret invitation code any of the other invitation links of the plurality;
  
  sending, to at least one invitee, at least one invitation link for registering for a service, wherein the secret invitation code is unique to each invitee, the at least one invitation link is sent to the at least one invitee through a primary communication channel;
  
  upon detecting an attempt to access the secured registration process via at least one of the plurality of invitation links, determining whether the encoded secret invitation code matches a known secret invitation code;
  
  upon determining that the known secret invitation code matches a known secret invitation code, displaying a registration process; and
  
  performing a verification process to authenticate the invitee via a secondary channel of communication, the verification process including transmitting via the secondary channel of communication a message including a verification challenge containing information upon which the verification process is based.
- View Dependent Claims (17, 18, 23, 24)
- - 17. The method of claim 16, wherein the verification process further comprises:
    - generating the verification challenge; and
      
      upon receiving a valid response to the verification challenge, determining that the verification process has been passed.
  - 18. The method of claim 17, wherein the service is at least a cloud storage service.
  - 23. The method of claim 17, wherein the at least one invitation link is created and sent upon compliance with a collaboration policy, the collaboration policy being implemented using a list, the list being one of a whitelist and a blacklist, the list defining users external to a predefined group of users that can access the resources and at least one of (i) the permissions and (ii) the verification method required, for each of the external users or a group thereof.
  - 24. The method of claim 23, wherein the collaboration policy defines a set of invitation permissions for each of the external users outside of the predefined group of users, wherein the set of invitation permissions include at least one of:
    - a permission level, a required verification, and at least one challenge restrictions.

19. A system for a secured registration process, comprising:
- a processing unit; and
  
  a memory, the memory containing instructions that, when executed by the processing unit, configure the system to;
  
  create a plurality of invitation links for accessing the secured registration process, each of the invitation links of the plurality includes a secret invitation code encoded therein, the secret invitation code of each of the invitation links of the plurality being different from the secret invitation code any of the other invitation links of the plurality;
  
  send, to at least one invitee, at least one invitation link for registering fora service, wherein the at least one invitation link includes a secret invitation code encoded therein, wherein the secret invitation code is unique to each invitee, the at least one invitation link is sent to the at least one invitee through a primary communication channel;
  
  upon detecting an attempt to access the secured registration process via at least one of the plurality of invitation links, determine whether the encoded secret invitation code matches a known secret invitation code;
  
  upon determining that the known secret invitation code matches a known secret invitation code, display a registration process; and
  
  perform a verification process to authenticate the invitee via a secondary channel of communication, the verification process including transmission via the secondary channel of communication a message including a verification challenge containing information upon which the verification process is based.
- View Dependent Claims (20)
- - 20. The system of claim 19, wherein when performing the verification process the system is further configured to:
    - generate the verification challenge; and
      
      upon receiving a valid response to the verification challenge, determine that the verification process has been passed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CTERA Networks Limited
Original Assignee
CTERA Networks Limited
Inventors
Brand, Aron
Primary Examiner(s)
Nickerson, Jeffrey
Assistant Examiner(s)
Savenkov, Vadim

Application Number

US14/674,225
Publication Number

US 20150288701A1
Time in Patent Office

2,359 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/33   using certificates

G06F 21/42   using separate channels for...

H04L 63/08   for authentication of entit...

H04L 63/0838   using one-time-passwords

H04L 63/102   Entity profiles

H04L 63/108   when the policy decisions a...

H04L 63/18   using different networks or...

H04L 67/1097   for distributed storage of ...

Invitation links with enhanced protection

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Invitation links with enhanced protection

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links