Authentication on a computing device
US-9571282-B1 · Feb 14, 2017 · US
No password user account access
US10142309B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10142309-B2 |
| Application number | US-201414577930-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 19, 2014 |
| Priority date | Dec 19, 2014 |
| Publication date | Nov 27, 2018 |
| Grant date | Nov 27, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Various embodiments of the present technology enable users to sign in to an account without a password. For example, when receiving a request to register a device with an account, a user can be prompted to enter their email address. In response, two tokens are generated. A first token is sent to a client application on the device and the second token is sent to the user's email. The user can then only login to their account with the device if the device has both tokens. Thus, if someone intercepts the email, they will be unable to login from another device since they don't have the first token. If the client token and email token cannot be automatically joined on the same device, a web page showing a code can be displayed on a first device, which can be entered on the second device to finish login process.
First claim
Opening claim text (preview).
The invention claimed is: 1. A computer-implemented method, comprising: receiving, by a synchronized content management system, a request to access a user account at the synchronized content management system; determining that the user account is a passwordless user account created at the synchronized content management system without a corresponding user account password, the passwordless user account providing user access to the synchronized content management system without user input of a password; generating, by the synchronized content management system, tokens for passwordless authentication of the passwordless user account, the tokens comprising a device identifier and an email identifier, wherein the email identifier is associated with an email address registered with the passwordless user account; sending, by the synchronized content management system, the device identifier to a client device; sending, by the synchronized content management system, to the email address registered with the passwordless user account at the synchronized content management system, an email containing a link that: when activated from the client device, triggers a browser application on the client device to obtain the email identifier and provide the email identifier to a client application that is also on the client device, the client application being configured to communicate with the synchronized content management system to synchronize changes to content items between local copies of the content items stored on the client device and remote copies of the content items stored on the synchronized content management system; and when activated from a different client device triggers a notification to the synchronized content management system indicating that the email was accessed from the different client device; receiving, by the synchronized content management system, both the device identifier and the email identifier from the client application on the client device; determining, by the synchronized content management system, that the client application on the client device has possession of both the device identifier sent to the client device and the email identifier associated with the email address registered with the passwordless user account; determining that the link was activated via the client device, based on the determining that the client device has possession of both the device identifier and the email identifier; authorizing, by the synchronized content management system, the client device to access the passwordless user account without user input of the password, in response to determining that the client application on the client device has both the device identifier and the email identifier and determining that the link was activated via the client device; and synchronizing one or more content items on the synchronized content management system to the client device for local storage at the client device, the one or more content items being associated with the passwordless user account. 2. The computer-implemented method of claim 1 , wherein the synchronized content management system sends the device identifier to the client application via an application programming interface. 3. The computer-implemented method of claim 1 , wherein authorizing the client device to access the passwordless user account is based on one or more rules allowing passwordless access to the passwordless user account only when both the device identifier and the email identifier are received from a same device. 4. The computer-implemented method of claim 1 , wherein the client application is downloaded from the synchronized content management system, the client application comprising an interface for accessing content on the synchronized content management system, the method further comprising: in response to determining that the client application on the client device has the device identifier sent by the synchronized content management system and the email identifier, registering the client device with the passwordless user account at the synchronized content management system. 5. The computer-implemented method of claim 1 , wherein generating tokens for passwordless authentication is performed in response to a determination that the client device is not registered at the synchronized content management system with the passwordless user account. 6. The computer-implemented method of claim 1 , further comprising: receiving, by the synchronized content management system, a second request to access the passwordless user account from a second client device; determining that the second client device is not registered with the synchronized content management system for the passwordless user account; generating a second set of tokens for passwordless authentication to the passwordless user account by the second client device, the second set of tokens comprising a second device identifier associated with the second client device and the email identifier; sending the second device identifier to the second client device and the email identifier to the email address registered with the passwordless user account via a second email; receiving the notification indicating that the second email was accessed from the different client device; in response to the notification, sending an authorization code for presentation at the different client device; receiving, from the second client device, the second device identifier and the authorization code sent to the different client device; and in response to receiving both the second device identifier and authorization code from the second client device, granting the second client device passwordless access to the passwordless user account. 7. The computer-implemented method of claim 1 , further comprising: in response to determining that the client application on the client device has the device identifier sent by the synchronized content management system and the email identifier, registering the client device with the passwordless user account at the synchronized content management system; receiving, by the synchronized content management system, from the client device, a second request to access the passwordless user account; determining, by the synchronized content management system, that the client device is registered with the passwordless user account; and providing the client device passwordless access to the passwordless user account without the client device resending the device identifier or the email identifier to the synchronized content management system. 8. The computer-implemented method of claim 1 , wherein the link, when activated via the browser application on the client device, triggers the browser application on the client device to send the email identifier to the client application on the client device and the client device to display in an interface of the client application on the client device one or more content items associated with the passwordless user account. 9. A content management system, comprising: at least one processor; and memory including instructions that, when executed by the at least one processor, cause the content management system to: receive, from a first computing device, a request to access a user account at the content management system; determine that the user account is a passwordless user account created at the content management system without a user account password, the passwordless user account providing user access to a synchronized content management system without user input of a password; generate tokens for passwordless authentication of the passwordless user account, the tokens comprising a device identifier associated with the first comp
Assignees
Inventors
Classifications
using different networks or channels, e.g. using out of band channels (cryptographic mechanisms or cryptographic arrangements for key distribution involving distinctive intermediate devices or communication paths H04L9/0827; cryptographic mechanisms or cryptographic arrangements for authentication using a plurality of channels H04L9/3215) · CPC title
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Interoperability with other network applications or services · CPC title
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10142309B2 cover?
- Various embodiments of the present technology enable users to sign in to an account without a password. For example, when receiving a request to register a device with an account, a user can be prompted to enter their email address. In response, two tokens are generated. A first token is sent to a client application on the device and the second token is sent to the user's email. The user can th…
- Who is the assignee on this patent?
- Dropbox Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 27 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).