System, method and computer program product for authenticating and authorizing an external entity

US 10,277,583 B2
Filed: 04/05/2016
Issued: 04/30/2019
Est. Priority Date: 03/31/2010
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable medium having program instructions stored thereon that are capable of causing a computer system that implements a plurality of instances of a multi-tenant database system to perform operations comprising:

receiving, from a user, a request to permit an application to access data of a tenant that is stored in a first of the plurality of instances of the multi-tenant database system, wherein the application is executable externally from the multi-tenant database system;

in response to receiving the request, generating authentication information for the application, wherein the authentication information is usable to authenticate the application;

distributing the authentication information to the plurality of instances of the multi-tenant database system;

receiving, from the application at a second of the plurality of instances of the multi-tenant database system, a request for the data stored in the first instance; and

in response to the second instance receiving the authentication information from the application, returning the requested data from the first instance.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided mechanisms and methods for authenticating and authorizing an external entity. These mechanisms and methods for authenticating and authorizing an external entity can enable improved data security, more efficient data transfer, improved data access channels, etc.

167 Citations

18 Claims

1. A non-transitory computer readable medium having program instructions stored thereon that are capable of causing a computer system that implements a plurality of instances of a multi-tenant database system to perform operations comprising:
- receiving, from a user, a request to permit an application to access data of a tenant that is stored in a first of the plurality of instances of the multi-tenant database system, wherein the application is executable externally from the multi-tenant database system;
  
  in response to receiving the request, generating authentication information for the application, wherein the authentication information is usable to authenticate the application;
  
  distributing the authentication information to the plurality of instances of the multi-tenant database system;
  
  receiving, from the application at a second of the plurality of instances of the multi-tenant database system, a request for the data stored in the first instance; and
  
  in response to the second instance receiving the authentication information from the application, returning the requested data from the first instance.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer readable medium of claim 1, wherein the receiving includes:
    - receiving a user name and password for the user; and
      
      verifying the user name and password for the user prior to generating the authentication information for the application, wherein the authentication information is distinct from the user name and password.
  - 3. The computer readable medium of claim 1, wherein the operations further comprise:
    - storing an object identifying that the application is permitted access in the first instance of the multi-tenant database system.
  - 4. The computer readable medium of claim 1, wherein the authentication information includes an identifier of the application and a secret value to be presented by the application.
  - 5. The computer readable medium of claim 1, wherein the operations further comprise:
    - providing a web page for receiving the request from the user.
  - 6. The computer readable medium of claim 1, wherein the data of the tenant includes a plurality of files.
  - 7. The computer readable medium of claim 1, wherein the data of the tenant includes contact information specifying names and addresses of people.

8. A method, comprising:
- receiving, at a first instance of a database system, a request from a user to permit an entity to access data stored in the first instance of the database system, wherein the entity is an entity external to the database system and provides a service using the data, and wherein the first instance is one of a plurality of instances of the database system;
  
  in response to the request;
  
  creating, at the first instance, authentication information that is usable to authenticate the entity; and
  
  distributing, from the first instance, the authentication information to the plurality of instances of the database system such that the entity is able to authenticate with another one of the plurality of instances to access data stored in the first instance of the database system;
  
  receiving, at a second of the plurality of instances, the authentication information with a request from the entity for data stored in the database system; and
  
  in response to receiving the authentication information, the second instance providing data from the first instance to the entity to service the request from the entity.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the entity is an application executed on a computer system external to the database system.
  - 10. The method of claim 8, wherein the entity is a web site external to the database system.
  - 11. The method of claim 8, wherein the database system stores information for a plurality of tenants, and wherein the user is associated with one of the plurality of tenants.
  - 12. The method of claim 11, wherein the tenant associated with the user is an organization, and wherein the user is an administrator for the organization.
  - 13. The method of claim 8, wherein the receiving includes:
    - receiving authentication information of the user; and
      
      verifying the authentication information of the user, wherein the authentication information of the user is different from the created authentication information usable to authenticate the entity.
  - 14. The method of claim 8, further comprising:
    - the first instance storing, with the stored data, an object identifying that the entity is permitted to access the stored data.

15. A non-transitory computer readable medium having program instructions stored thereon that are capable of causing a computer system that implements a first of a plurality of instances of a database system to perform operations comprising:
- receiving, from a second of the plurality of instances, authentication information generated at the second instance, wherein the authentication information is for an entity external to the database system and usable to access data stored at the second instance;
  
  receiving, from the entity, an authentication request that includes the authentication information; and
  
  in response to verifying the authentication information from the entity, providing data from the second instance to the entity.
- View Dependent Claims (16, 17, 18)
- - 16. The computer readable medium of claim 15, wherein the operations further comprise:
    - presenting a web page for the entity to provide the authentication information.
  - 17. The computer readable medium of claim 15, wherein the database system is a multi-tenant database system, and wherein the data stored in the second instance is data of one of a plurality of tenants.
  - 18. The computer readable medium of claim 15, wherein the authentication information includes an identifier of the entity and a secret known to the entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Lee, Jong
Primary Examiner(s)
Pearson, David J

Application Number

US15/091,558
Publication Number

US 20160294807A1
Time in Patent Office

1,120 Days
Field of Search

726 4
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0884   by delegation of authentica...

H04L 63/10   for controlling access to d...

System, method and computer program product for authenticating and authorizing an external entity

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

167 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for authenticating and authorizing an external entity

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

167 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links