Patent application number | Description | Published |
20150178516 | RESTRICTING ACCESS TO CONTENT - Various embodiments restrict or enable access to content items of an account based on login information or content request properties. For example, a synchronized online content management system can receive a request including one or more content request properties from a client device to access a user account. Access rules for the user account can be obtained and applied based on the content request properties to generate an access status. In one instance, the client device is provided with full account access if the access status indicates that the client device is an authorized device. In another instance, if the client device is an unauthorized device, at least one aspect of access to the user account is restricted. | 06-25-2015 |
20150188886 | IDENTIFYING AND BLOCKING PROHIBITED CONTENT ITEMS IN A CONTENT MANAGEMENT SYSTEM - To identify whether a content item is prohibited, a content management system can generate a content item fingerprint for the content item and then compare the generated content item fingerprint to a blacklist of content item fingerprints for prohibited content items. If the generated content item fingerprint matches any of the content item fingerprints included in the blacklist, the content management system can determine that the content item is prohibited. The content management system can deny requests to share prohibited content items and/or requests to assign prohibited content items to a user account on the content management system. The content management system can generate the content item fingerprint using the content item as input in a fingerprinting algorithm that was used to generate the content item fingerprints on the blacklist. | 07-02-2015 |
20150249647 | ADVANCED SECURITY PROTOCOL FOR BROADCASTING AND SYNCHRONIZING SHARED FOLDERS OVER LOCAL AREA NETWORK - A method, system, and manufacture for securely broadcasting shared folders from one client device to other client devices and synchronizing the shared folders over a local area network. A first client device, associated with a content management system, generates a secure identifier for a shared folder, using a shared secret key that is associated with the shared folder. The first client device announces the secure identifier over a local area network to other client devices on the local area network including a second client device. The first client device receives a synchronization request for the shared folder from the second client device. After authenticating, using the shared secret key, that the second client device has authorization to access the shared folder, the first client device synchronizes the shared folder with the second client device over the local area network. | 09-03-2015 |
20150358297 | SECURE PEER-TO-PEER DATA SYCHRONIZATION - The disclosed embodiments relate to a feature of a content-item-uploading system that facilitates secure, peer-to-peer distributed sharing of a version of a content item by a user that created the version of the content item (e.g., by modifying a previous version of the content item or by creating a new content item). During operation, the system receives a cryptographic key from the user. In response, the system provides the cryptographic key to recipients in the system. Subsequently, the recipients can use the cryptographic key for secure, peer-to-peer distributed sharing of the version of the content item among the user and the recipients in a shared network without synchronization conflicts with previous versions of the content item in the system. | 12-10-2015 |
20160036802 | PLACING A USER ACCOUNT IN ESCROW - Disclosed are systems, methods, and non-transitory computer-readable storage media for placing a user account in escrow to remove it from an administered account. An employee and/or an employer can select to remove a user account from an administered account associated with the employer. To ensure that the each party, the employer and employee, has an opportunity to retain their content stored in the removed user account, the user account can be placed into escrow, requiring login credentials of both the user and the administrator (employer) to access the user account. The user account can therefore not be accessed unless both the employer and employee each login to the account at the same time. By placing the user account in escrow, both parties can be assured that they can access the content items in the user account, and that the other party cannot access the content without their knowledge. | 02-04-2016 |
20160094529 | Identifying Related User Accounts Based on Authentication Data - In some embodiments, upon detecting malicious activity associated with a user account, a content management system can identify other user accounts related to the malicious user account. The content management system can identify related user accounts by comparing authentication information collected for the malicious user account with authentication information collected for other user accounts. Authentication information can include IP address information, geographic information, device type, browser type, email addresses, and/or referral information, for example. The content management system can compare the content items associated with the malicious user account to content items associated with other user accounts to determine relatedness or maliciousness. After identifying related malicious user accounts, the content management system can block all related malicious user accounts. | 03-31-2016 |
20160105283 | SYSTEM AND METHOD FOR ROTATING CLIENT SECURITY KEYS - Systems, methods, and non-transitory computer-readable storage media for rotating security keys for an online synchronized content management system client. A client having a first security key as an active security key may send a request to a server for a new security key as a replacement for the first security key. The server may receive the request and generate a candidate security key. The server can issue the candidate security key to the client device. After receiving the candidate security key, the client may send a key receipt confirmation message to the server. In response to the confirmation message, the server may mark the candidate key as the new security key for the client and discard the client's old security key. The server may send an acknowledgment message to the client device. In response, the client may also mark the candidate key as its new active key. | 04-14-2016 |
20160110559 | IDENTIFYING AND BLOCKING PROHIBITED CONTENT ITEMS IN A CONTENT MANAGEMENT SYSTEM - To identify whether a content item is prohibited, a content management system can generate a content item fingerprint for the content item and then compare the generated content item fingerprint to a blacklist of content item fingerprints for prohibited content items. If the generated content item fingerprint matches any of the content item fingerprints included in the blacklist, the content management system can determine that the content item is prohibited. The content management system can deny requests to share prohibited content items and/or requests to assign prohibited content items to a user account on the content management system. The content management system can generate the content item fingerprint using the content item as input in a fingerprinting algorithm that was used to generate the content item fingerprints on the blacklist. | 04-21-2016 |