What technology area does this patent fall under?

Primary CPC classification H04L63/08. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Mar 31 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

System and method for embedding first party widgets in third-party applications

US8997180B2 · US · B2

Patent metadata
Field	Value
Publication number	US-8997180-B2
Application number	US-201313841663-A
Country	US
Kind code	B2
Filing date	Mar 15, 2013
Priority date	Jun 26, 2012
Publication date	Mar 31, 2015
Grant date	Mar 31, 2015

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Methods and systems provide embeddable user interface widgets to third-party applications so that the widgets can be securely embedded in, and securely used from within, the third-party applications. An embeddable widget may be authorized to access a first-party cloud storage system from a third-party application based on the cloud storage system authenticating a request received from the widget. The authentication may be based on an application identifier, an origin identifier, and/or one or more document identifiers received from the third-party application through the embedded widget. The disclosed methods and systems may significantly mitigate security concerns caused by embedding software in third-party sites, such as clickjacking.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for embedding a widget provided by a first-party system in a third-party application, the method comprising: providing the third-party application with an embeddable first-party widget for embedding in a third-party web page, wherein the third-party web page is controlled by the third-party application; receiving a message at the embedded first-party widget from the embedding third-party application, wherein the message comprises an application identifier and an origin identifier; receiving at a first-party server from the embedded first-party widget the application identifier and the origin identifier; authenticating the application identifier at the first-party server, wherein said authenticating the application identifier comprises determining whether the application identifier references a valid third-party application; authenticating the origin identifier at the first-party server, wherein said authenticating the origin identifier comprises determining whether the origin identifier is associated with the valid third-party application that is referenced by the authenticated application identifier; and in response to said authenticating the application identifier and the origin identifier, enabling the first-party widget to access the first-party system from the embedding third-party application. 2. The method of claim 1 , wherein: the first-party server communicates with a cloud storage system; the message received at the embedded first-party widget from the embedding third-party application further comprises a document identifier; and the determining whether the application identifier references the valid third-party application comprises: determining that the application identifier references a third-party application that was previously installed by a user; and determining that the application identifier references a third-party application that was previously authorized by the user to access a document referenced by the document identifier, wherein the document is stored on the cloud storage system. 3. The method of claim 1 , wherein the authenticating the application identifier and the origin identifier are performed before rendering visible at least a portion of the first-party widget in the third-party web page, the method further comprising: in response to the authenticating the application identifier and the origin identifier, rendering visible the at least the portion of the first-party widget. 4. The method of claim 1 , wherein the authenticating the application identifier and the origin identifier are performed after rendering visible a wrapper of the first-party widget in the third-party web page, wherein in response to determining at least one of the application identifier not referencing the valid third-party application and the origin identifier not being associated with the valid third-party application, denying the first-party widget access to the first-party server from the embedding third-party application. 5. The method of claim 1 , further comprising: including a widget client in the third-party web page; wrapping the widget client in an application programming interface (API), wherein the API exposes at least one functionality of the widget to the third-party application; and sending the message with the application identifier and the origin identifier from the wrapped widget client to the embedded widget. 6. The method of claim 5 , further comprising checking, at the widget, that the origin identifier associated with the valid third-party application matches an origin of the embedding third-party web page. 7. The method of claim 5 , wherein the message received at the embedded first-party widget from the widget client is generated using a web browser, wherein the browser automatically sets the origin identifier based on an address of the third-party web page. 8. The method of claim 1 , wherein the embeddable widget comprises one of a sharing interface, a document selection user interface, a file manager user interface, a document editing user interface, a third-party application installation interface, and a toolbar. 9. A system for embedding a widget provided by a first-party system in a third-party application, the system comprising: a first-party server device configured for: providing the third-party application with an embeddable first-party widget for embedding in a third-party web page, wherein the third-party web page is controlled by the third-party application, wherein the embedded first-party widget is configured for receiving a message from the embedding third-party application, and wherein the message comprises an application identifier and an origin identifier; receiving at the first-party server from the embedded first-party widget the application identifier and the origin identifier; authenticating the application identifier at the first-party server, wherein said authenticating the application identifier comprises determining whether the application identifier references a valid third-party application; authenticating the origin identifier at the first-party server, wherein said authenticating the origin identifier comprises determining whether the origin identifier is associated with the valid third-party application that is referenced by the authenticated application identifier; and in response to said authenticating the application identifier and the origin identifier, enabling the first-party widget to access the first-party system from the embedding third-party application. 10. The system of claim 9 , wherein: the first-party server communicates with a cloud storage system; the message received at the embedded first-party widget from the embedding third-party application further comprises a document identifier; and the first-party server is configured for: determining that the application identifier references a third-party application that was previously installed by a user; and determining that the application identifier references a third-party application that was previously authorized by the user to access a document referenced by the document identifier, wherein the document is stored on the cloud storage system. 11. The system of claim 9 , wherein the first-party server is configured for authenticating the application identifier and the origin identifier before rendering visible at least a portion of the first-party widget in the third-party web page, wherein: in response to the first-party server authenticating the application identifier and the origin identifier, rendering visible the at least the portion of the first-party widget. 12. The system of claim 9 , wherein the first-party server is configured for authenticating the application identifier and the origin identifier after rendering visible a wrapper of the first-party widget in the third-party web page, wherein in response to the first-party server determining at least one of the application identifier not referencing the valid third-party application and the origin identifier not being associated with the valid third-party application, the first-party server is configured for denying the first-party widget access to the first-party server from the embedding third-party application. 13. The system of claim 9 , wherein: a widget client is included in the third-party web page; the widget client is wrapped in an application programming interface (API), wherein the API exposes at least one functionality of the widget to the third-party application; and the wrapped widget sends the message with the application identifier and the origin identifier to the embedded widget.

Assignees

Google Inc

Inventors

Classifications

H04L67/00
Network arrangements or protocols for supporting network services or applications (user-to-user messaging H04L51/00; network arrangements, protocols or services for supporting real-time applications in data packet communications networks H04L65/00) · CPC title
H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
H04W4/003
Electricity · mapped topic
H04L63/126Primary
the source of the received data · CPC title
H04W4/60
Subscription-based services using application servers or record carriers, e.g. SIM application toolkits · CPC title

Patent family

Related publications grouped by family.

View patent family 49775617

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US8997180B2 cover?: Methods and systems provide embeddable user interface widgets to third-party applications so that the widgets can be securely embedded in, and securely used from within, the third-party applications. An embeddable widget may be authorized to access a first-party cloud storage system from a third-party application based on the cloud storage system authenticating a request received from the widge…
Who is the assignee on this patent?: Google Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Mar 31 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).