Single sign-on between multiple data centers
US-2015089614-A1 · Mar 26, 2015 · US
Controlling user access to content
US2016337369A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016337369-A1 |
| Application number | US-201514709257-A |
| Country | US |
| Kind code | A1 |
| Filing date | May 11, 2015 |
| Priority date | May 11, 2015 |
| Publication date | Nov 17, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods and systems for controlling access to content include an authentication process that provides for increased speed by reducing, or eliminating in some cases, steps in the authentication process. In particular, the systems and methods can encode content paths previously authenticated for a particular user into an authentication token. When the user attempts to access one of the top content paths, the systems and methods can verify the user based on the encoded authentication token rather than following a complete authentication process.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method of controlling access to content in a distributed storage environment, comprising: receiving, at a server, a first request by a user to access content at a first Internet-accessible storage location, access to the content at the first Internet-accessible storage location requiring authentication of the user; successfully authenticating, by the server, the user to access the content at the first Internet-accessible storage location; based on the successful authentication, augmenting, by the server, an authentication token for the user to indicate that the user is authorized to access the content at the first Internet-accessible storage location; receiving a second request by the user to access content at the first Internet-accessible storage location; receiving the augmented authentication token in connection with the second request; authenticating, by the server, the user to access the content at the first Internet-accessible storage location using the augmented authentication token; and providing, to the user, access to the content at the first Internet-accessible storage location based on authenticating the user to access the content using the augmented authentication token. 2 . The method as recited in claim 1 , wherein augmenting the authentication token for the user to indicate that the user is authorized to access the content at the first Internet-accessible storage location comprises encoding a first location path for the first Internet-accessible storage location into the authentication token. 3 . The method as recited in claim 2 , further comprising: encrypting at least a portion of the augmented authentication token; sending the encrypted, augmented authentication token to a client device from which the first request by the user to access content at the first Internet-accessible storage location was received; and decrypting the encrypted, augmented authentication token in response to receiving the encrypted, augmented authentication token in connection with the second request. 4 . The method as recited in claim 1 , wherein augmenting the authentication token for the user to indicate that the user is authorized to access the content at first Internet-accessible storage location comprises: identifying a root path associated with the first Internet-accessible storage location of the content; determining that the user has permissions to access the root path; and encoding the root path into the authentication token. 5 . The method as recited in claim 1 , further comprising: identifying a plurality of Internet-accessible storage locations frequently accessed by the user, the plurality of Internet-accessible storage locations comprising the first Internet-accessible storage location; and augmenting the authentication token for the user to include location paths to the plurality of Internet-accessible storage locations frequently accessed by the user. 6 . The method as recited in claim 5 , wherein identifying the plurality of location paths frequently accessed by the user comprises: tracking access by the user to Internet-accessible storage locations of the distributed storage environment; complying a list ranking the Internet-accessible storage locations of the distributed storage environment accessed by the user based on a number of times the Internet-accessible storage locations are accessed by the user; and identifying a predetermined number of top Internet-accessible storage locations on the list ranking the Internet-accessible storage locations accessed by the user. 7 . The method as recited in claim 6 , further comprising: determining that a second Internet-accessible storage location is no longer in the predetermined number of the top Internet-accessible storage locations on the list ranking the Internet-accessible storage locations accessed by the user; and removing a second location path for the second Internet-accessible storage location from the authentication token in response to the second Internet-accessible storage location no longer being in the predetermined number of the top Internet-accessible storage locations on the list ranking the Internet-accessible storage locations accessed by the user. 8 . The method as recited in claim 1 , wherein successfully authenticating, by the server, the user to access the content at the first Internet-accessible storage location in response to the first request comprises: extracting a user identifier from authentication credentials provided for the user; accessing an access list from a repository; and confirming that the access list indicates that the user identifier is authorized to access the content at the first Internet-accessible storage location. 9 . The method as recited in claim 8 , wherein authenticating, by the server, the user to access the content at the first Internet-accessible storage location using the augmented authentication token comprises: determining that the augmented authentication token includes an indication that the user is authorized to access the content at the first Internet-accessible storage location without accessing the repository to confirm that the access list indicates that the user identifier is authorized to access the content at the first Internet-accessible storage location. 10 . The method as recited in claim 9 , wherein determining that the augmented authentication token includes an indication that the user is authorized to access the content at the first Internet-accessible storage location comprises: identifying a location path for the first Internet-accessible storage location; and verifying that the augmented authentication token includes the location path. 11 . A method of controlling access to content in a distributed storage environment, comprising: receiving, at a server, a token in connection with a first request to access content at a first location path, access to the content at the first location path requiring authentication; comparing, by the server, the first location path to a plurality of location paths in the token; determining, by the server, whether the first location path matches one of the plurality of location paths in the token; and providing, in response to a determination that the first location path matches one of the plurality of location paths in the token, access to the content at the first location path. 12 . The method as recited in claim 11 , further comprising: receiving, at the server, the token in connection with a second request to access content at a second location path, access to the content at the second location path requiring authentication; comparing, by the server, the second location path to the plurality of location paths in the token; determining, by the server, that the second location path does not match one of the plurality of location paths in the token; in response to determining that the second location path does not match one of the plurality of location paths in the token: accessing an access list from a repository; and confirming that the access list indicates that a user identifier extracted from the token is authorized to access the content at the second location path. 13 . The method as recited in claim 11 , further comprising: encrypting at least a portion of the token such the plurality of location paths in the token are encrypted; decrypting the token in response to receiving the token in connection with the first request to access content at the first location path; and parsing the token to identify the plurality of location paths. 14 . The method as recited in c
Assignees
Inventors
Classifications
for controlling access to devices or network resources · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
providing single-sign-on or federations · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
for providing a confidential data exchange among entities communicating through data packet networks · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016337369A1 cover?
- Methods and systems for controlling access to content include an authentication process that provides for increased speed by reducing, or eliminating in some cases, steps in the authentication process. In particular, the systems and methods can encode content paths previously authenticated for a particular user into an authentication token. When the user attempts to access one of the top conten…
- Who is the assignee on this patent?
- Adobe Systems Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/102. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Nov 17 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).