On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service

US 10,313,329 B2
Filed: 10/17/2017
Issued: 06/04/2019
Est. Priority Date: 11/15/2007
Status: Active Grant

First Claim

Patent Images

1. A non-transitory machine-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to:

receiving, with one or more hardware processors, a request to access an on-demand service from a requestor associated with one of a plurality of entities of the on-demand service;

determining, with the one or more hardware processors, that the request to access the on-demand service is from a source providing a risk of access, the determination being based at least in part on stored information associated with at least one of a plurality of users or the one of the plurality of entities, wherein the request has an associated one-time use token that cannot be reused and expires after a predetermined amount of time; and

managing, with the one or more hardware processors, the risk of access to the on-demand service by the requestor as a condition of permitting the requestor to access the on-demand service by providing an additional authentication sequence selected based on whether a requestor device is known, wherein the additional authentication sequence comprises completing additional subsequent authentication communications with the requestor device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided mechanisms and methods for managing a risk of access to an on-demand service as a condition of permitting access to the on-demand service. These mechanisms and methods for providing such management can enable embodiments to help prohibit an unauthorized user from accessing an account of an authorized user when the authorized user inadvertently loses login information. The ability of embodiments to provide such management may lead to an improved security feature for accessing on-demand services.

280 Citations

20 Claims

1. A non-transitory machine-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to:
- receiving, with one or more hardware processors, a request to access an on-demand service from a requestor associated with one of a plurality of entities of the on-demand service;
  
  determining, with the one or more hardware processors, that the request to access the on-demand service is from a source providing a risk of access, the determination being based at least in part on stored information associated with at least one of a plurality of users or the one of the plurality of entities, wherein the request has an associated one-time use token that cannot be reused and expires after a predetermined amount of time; and
  
  managing, with the one or more hardware processors, the risk of access to the on-demand service by the requestor as a condition of permitting the requestor to access the on-demand service by providing an additional authentication sequence selected based on whether a requestor device is known, wherein the additional authentication sequence comprises completing additional subsequent authentication communications with the requestor device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The non-transitory machine-readable medium of claim 1, wherein the on-demand service includes an on-demand database service.
  - 3. The non-transitory machine-readable medium of claim 2, wherein the on-demand service includes a multi-tenant on-demand database service.
  - 4. The non-transitory machine-readable medium of claim 1, wherein managing the risk of access to the on-demand service by the requestor includes generating a document.
  - 5. The non-transitory machine-readable medium of claim 1, wherein the determination that the request is from the source providing the risk of access is further based, at least in part, on the device associated with the requestor.
  - 6. The non-transitory machine-readable medium of claim 5, wherein it is determined that the request is from the source providing the risk of access because the device associated with the requestor has not previously been associated with the at least one of a plurality of users identified by stored information of the one of the plurality of entities of the on-demand service to which the access is requested.
  - 7. The non-transitory machine-readable medium of claim 5, wherein it is determined that the request is from the source providing the risk of access because the device associated with the requestor has previously been associated with the at least one of a plurality of users identified by stored information of the one of the plurality of entities of the on-demand service to which the access is requested.
  - 8. The non-transitory machine-readable medium of claim 6, wherein managing the risk of access includes generating a document and permitting the requestor access to the on-demand service in response to:
    - the device associated with the requestor not being previously associated with the at least one of the plurality of users identified by the stored information of the one of the plurality of entities of the on-demand service to which the access is requested, andproviding the valid token to the requestor.
  - 9. The non-transitory machine-readable medium of claim 6, wherein managing the risk of access includes generating a document and providing the requestor access to the on-demand service in response to:
    - the device associated with the requestor being previously associated with the at least one of the plurality of users identified by the stored information of the one of the plurality of entities of the on-demand service to which the access is requested, andproviding the valid token to the requestor.
  - 10. The non-transitory machine-readable medium of claim 1, wherein managing the risk of access to the on-demand service by the requestor includes comparing information in the request to access the on-demand service with a list of at least one of users and entities pre-determined to be granted access to the on-demand service.

11. A method, comprising:
- receiving, with one or more hardware processors, a request to access an on-demand service from a requestor associated with one of a plurality of entities of the on-demand service;
  
  determining, with the one or more hardware processors, that the request to access the on-demand service is from a source providing a risk of access, the determination being based at least in part on stored information associated with at least one of a plurality of users or the one of the plurality of entities, wherein the request has an associated one-time use token that cannot be reused and expires after a predetermined amount of time; and
  
  managing, with the one or more hardware processors, the risk of access to the on-demand service by the requestor as a condition of permitting the requestor to access the on-demand service by providing an additional authentication sequence selected based on whether a requestor device is known, wherein the additional authentication sequence comprises completing additional subsequent authentication communications with the requestor device.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 11, wherein it is determined that the request is from the source providing the risk of access because the device associated with the requestor has not previously been associated with the at least one of a plurality of users identified by stored information of the one of the plurality of entities of the on-demand service to which the access is requested.
  - 14. The method of claim 11, wherein it is determined that the request is from the source providing the risk of access because the device associated with the requestor has previously been associated with the at least one of a plurality of users identified by stored information of the one of the plurality of entities of the on-demand service to which the access is requested.
  - 15. The method of claim 11, wherein managing the risk of access includes generating a document and permitting the requestor access to the on-demand service in response to:
    - the device associated with the requestor not being previously associated with the at least one of the plurality of users identified by the stored information of the one of the plurality of entities of the on-demand service to which the access is requested, andproviding the valid token to the requestor.
  - 16. The method of claim 11, wherein managing the risk of access includes generating a document and providing the requestor access to the on-demand service in response to:
    - the device associated with the requestor being previously associated with the at least one of the plurality of users identified by the stored information of the one of the plurality of entities of the on-demand service to which the access is requested, andproviding the valid token to the requestor.

12. An apparatus, comprising:
- a processor; and
  
  one or more stored sequences of instructions which, when executed by the processor, cause the processor to;
  
  receiving, with one or more hardware processors, a request to access an on-demand service from a requestor associated with one of a plurality of entities of the on-demand service;
  
  determining, with the one or more hardware processors, that the request to access the on-demand service is from a source providing a risk of access, the determination being based at least in part on stored information associated with at least one of a plurality of users or the one of the plurality of entities, wherein the request has an associated one-time use token that cannot be reused and expires after a predetermined amount of time; and
  
  managing, with the one or more hardware processors, the risk of access to the on-demand service by the requestor as a condition of permitting the requestor to access the on-demand service by providing an additional authentication sequence selected based on whether a requestor device is known, wherein the additional authentication sequence comprises completing additional subsequent authentication communications with the requestor device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The apparatus of claim 12, wherein it is determined that the request is from the source providing the risk of access because the device associated with the requestor has not previously been associated with the at least one of a plurality of users identified by stored information of the one of the plurality of entities of the on-demand service to which the access is requested.
  - 18. The apparatus of claim 12, wherein it is determined that the request is from the source providing the risk of access because the device associated with the requestor has previously been associated with the at least one of a plurality of users identified by stored information of the one of the plurality of entities of the on-demand service to which the access is requested.
  - 19. The apparatus of claim 12, wherein managing the risk of access includes generating a document and permitting the requestor access to the on-demand service in response to:
    - the device associated with the requestor not being previously associated with the at least one of the plurality of users identified by the stored information of the one of the plurality of entities of the on-demand service to which the access is requested, andproviding the valid token to the requestor.
  - 20. The apparatus of claim 12, wherein managing the risk of access includes generating a document and providing the requestor access to the on-demand service in response to:
    - the device associated with the requestor being previously associated with the at least one of the plurality of users identified by the stored information of the one of the plurality of entities of the on-demand service to which the access is requested, andproviding the valid token to the requestor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Junod, Forrest A., Fly, Robert C., Dapkus, Peter, Yancey, Scott W., Lawrance, Steven S., Fell, Simon Z.
Primary Examiner(s)
Sholeman, Abu S

Application Number

US15/786,400
Publication Number

US 20180054433A1
Time in Patent Office

595 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/42   using separate channels for...

G06F 21/60   Protecting data

G06F 21/6218   to a system of files or obj...

H04L 51/04   Real-time or near real-time...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 63/14   for detecting or protecting...

H04L 67/01   Protocols

On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

280 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

280 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links