Cross-native application authentication application
US-9374361-B2 · Jun 21, 2016 · US
Cross-application authentication on a content management system
US10025913B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10025913-B2 |
| Application number | US-201514985072-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 30, 2015 |
| Priority date | Feb 27, 2015 |
| Publication date | Jul 17, 2018 |
| Grant date | Jul 17, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems, methods, and computer-readable media for cross-application authentication on a content management system. A client application running at a client device that is not authenticated with a content management system can receive, from a web site associated with the content management system, a request to authenticate with the content management system under a user account used to authenticate a current session between a browser application at the client device and the website with the content management system. The client application can then obtain a uniform resource locator (URL) with a nonce associated with the client application, and send a command to the browser application including the URL and nonce. The command can trigger the browser application to use the URL and nonce to authenticate the client application with the content management system under the user account with which the current session between the browser application and the website is currently authenticated.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: establishing a communication channel through a content management system, between a client application at a client device and a website associated with the content management system, wherein establishing the communication channel comprises: receiving, by the client application, from a browser application at the client device, a first message comprising a first nonce; and sending, from the client application to the content management system, a second message comprising the first nonce, wherein the first nonce associates the client application with the browser application to yield an association, wherein the association enables the content management system to relay one or more communications between the client application and the website; receiving, by the client application from the content management system via the communication channel, a request by the website for the client application to authenticate with the content management system under a user account used by the browser application at the client device to authenticate a current session between the browser application at the client device and the website with the content management system; and sending, from the client application to the browser application, a command comprising a uniform resource locator (URL) and the first nonce, the command instructing the browser application to use the URL and the first nonce to authenticate the client application with the content management system under the user account used by the browser application to authenticate the current session between the browser application and the website and verify the association of client application and browser application to the content management system. 2. The method of claim 1 , further comprising: sending, by the client application, the first nonce to the content management system; and after sending the first nonce to the content management system, obtaining the URL from the content management system. 3. The method of claim 1 , wherein the command instructs the browser application to authenticate the client application with the content management system by: opening a browser page and navigating to the URL with the browser page; providing the first nonce to the content management system via the browser page; and triggering a script configured to instruct the content management system to authenticate the client application based on the first nonce and validate a client session associated with the client application under the user account based on credentials used to authenticate the current session between the browser application and the website. 4. The method of claim 1 , wherein the command comprises an operating system (OS) command. 5. The method of claim 1 , wherein the first nonce is associated with a client identifier at the content management system, the client identifier being associated with the client application. 6. The method of claim 1 , wherein the request by the website for the client application to authenticate with the content management system comprises the first nonce. 7. The method of claim 1 , wherein the client application receives the request to authenticate in response to a determination that the client application is not authenticated and the current session between the browser application and the website is authenticated. 8. The method of claim 1 , further comprising receiving, by the client application from the content management system, a notification that the content management system has authenticated the client application. 9. A system comprising: one or more processors; and at least one computer-readable medium storing computer-readable instructions that when executed cause the one or more processors to: run a client application associated with a content management system in unauthenticated mode; establish a communication channel through the content management system between the client application and a website associated with the content management system, wherein establishing the communication channel comprises: receiving, by the client application, from a browser application on the system, a first message comprising a unique identifier associated with the browser application; and sending, from the client application to the content management system, a second message comprising the unique identifier, wherein the unique identifier associates the client application with the browser application to yield an association, wherein the association enables the content management system to relay one or more communications between the client application and the website; receive, via the communication channel, a request by the website for the client application to authenticate with the content management system under a user account used to authenticate a session between the browser application running at the system and the website with the content management system; obtain, by the client application, a uniform resource locator (URL) including a nonce comprising the unique identifier associated with the browser application; and send, from the client application to the browser application, a command comprising the URL and nonce, the command triggering the browser application to use the URL and nonce to authenticate the client application with the content management system under the user account. 10. The system of claim 9 , wherein the command triggers the browser application to authenticate the client application with the content management system by: opening a browser page and navigating to the URL with the browser page; providing the nonce to the content management system via the browser page; and triggering a script configured to instruct the content management system to authenticate the client application based on the nonce and validate a client session associated with the client application under the user account based on credentials used to authenticate the current session between the browser application and the website. 11. The system of claim 9 , the at least one computer-readable medium storing computer-readable instructions that when executed cause the one or more processors to receive the URL from the content management system in response to sending the unique identifier to the content management system. 12. The system of claim 9 , wherein the nonce is associated with a client identifier at the content management system, the client identifier being associated with the client application. 13. The system of claim 9 , wherein the command comprises an operating system (OS) command. 14. A content management system comprising: one or more processors; and at least one computer-readable medium storing computer-readable instructions that when executed cause the content management system to: determine that a client application running at a client device is not authenticated with the content management system, to yield a first determination; determine that a session between a browser application at the client device and a website associated with the content management system is authenticated with the content management system, to yield a second determination; based on the first determination and the second determination, obtain, from the website, a first message for the client application at the client device, the first message requesting the client application to authenticate with the content management system under a user account used to authenticate the session between the browser application at the client device and the website with the content management system; relay at least part of the first message from
Assignees
Inventors
Classifications
above the transport layer · CPC title
Session management (for real-time applications in data packet communications networks H04L65/1066) · CPC title
using information identifiers, e.g. uniform resource locators [URL] · CPC title
Filtering by address, protocol, port number or service, e.g. IP-address or URL · CPC title
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10025913B2 cover?
- Systems, methods, and computer-readable media for cross-application authentication on a content management system. A client application running at a client device that is not authenticated with a content management system can receive, from a web site associated with the content management system, a request to authenticate with the content management system under a user account used to authentic…
- Who is the assignee on this patent?
- Dropbox Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 17 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).