System, method and computer program product for enabling access to a resource of a multi-tenant on-demand database service utilizing a token

US 8,417,723 B1
Filed: 09/10/2009
Issued: 04/09/2013
Est. Priority Date: 09/12/2008
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, at a first domain of a multi-tenant on-demand database service, a request from a user to access a resource, wherein the user is a member of a tenant of the multi-tenant on-demand database service;

in response to receipt of the request, creating, at the on-demand database service, a unique token;

storing in a record of multiple records of the multi-tenant on-demand database service the unique token, an identifier of the tenant of which the user is a member, and information to be utilized for accessing the resource, wherein the information indicates computer code executable to perform an action providing the requested access to the resource; and

enabling access to the resource utilizing the unique token stored in the multi-tenant on-demand database service, wherein the access to the resource is provided by redirecting the user to a second domain of the multi-tenant on-demand database service by;

sending the unique token from the first domain of the multi-tenant on-demand database service to a device of the user,sending a uniform resource locator (URL) of a second domain of the multi-tenant on-demand database service from the first domain of the multi-tenant on-demand database service to the device of the user,sending from the first domain of the multi-tenant on-demand database service to the device of the user an instruction to transmit the unique token to the second domain of the multi-tenant on-demand database service,receiving the unique token at the second domain of the multi-tenant on-demand database service from the device of the user, in response to the sending of the unique token, the URL, and the instruction to the device of the user,in response to receipt of the unique token at the second domain of the multi-tenant on-demand database service from the device of the user, performing a look-up of the unique token in the multiple records of the multi-tenant on-demand database service,verifying the unique token based on the look-up,in response to the verification, using the unique token to identify the information to be utilized for accessing the resource in the multi-tenant on-demand database service which indicates the computer code executable to perform the action providing the requested access to the resource,in response to identification of the information, executing the computer code indicated by the information for providing the user with the requested access to the resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token. These mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token can be utilized to prevent identification of a user attempting to access the resource, and thus unwanted use of the user'"'"'s identity.

66 Citations

View as Search Results

17 Claims

1. A method, comprising:
- receiving, at a first domain of a multi-tenant on-demand database service, a request from a user to access a resource, wherein the user is a member of a tenant of the multi-tenant on-demand database service;
  
  in response to receipt of the request, creating, at the on-demand database service, a unique token;
  
  storing in a record of multiple records of the multi-tenant on-demand database service the unique token, an identifier of the tenant of which the user is a member, and information to be utilized for accessing the resource, wherein the information indicates computer code executable to perform an action providing the requested access to the resource; and
  
  enabling access to the resource utilizing the unique token stored in the multi-tenant on-demand database service, wherein the access to the resource is provided by redirecting the user to a second domain of the multi-tenant on-demand database service by;
  
  sending the unique token from the first domain of the multi-tenant on-demand database service to a device of the user,sending a uniform resource locator (URL) of a second domain of the multi-tenant on-demand database service from the first domain of the multi-tenant on-demand database service to the device of the user,sending from the first domain of the multi-tenant on-demand database service to the device of the user an instruction to transmit the unique token to the second domain of the multi-tenant on-demand database service,receiving the unique token at the second domain of the multi-tenant on-demand database service from the device of the user, in response to the sending of the unique token, the URL, and the instruction to the device of the user,in response to receipt of the unique token at the second domain of the multi-tenant on-demand database service from the device of the user, performing a look-up of the unique token in the multiple records of the multi-tenant on-demand database service,verifying the unique token based on the look-up,in response to the verification, using the unique token to identify the information to be utilized for accessing the resource in the multi-tenant on-demand database service which indicates the computer code executable to perform the action providing the requested access to the resource,in response to identification of the information, executing the computer code indicated by the information for providing the user with the requested access to the resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the request to access the resource includes a request to download the resource.
  - 3. The method of claim 2, wherein the computer code, when executed, downloads the resource to the device of the user.
  - 4. The method of claim 1, wherein the unique token is automatically created on-demand in response to the receipt of the request to access the resource.
  - 5. The method of claim 1, wherein the unique token includes a randomly generated identifier.
  - 6. The method of claim 1, wherein the record further stores an identifier of the user.
  - 7. The method of claim 1, wherein the information to be utilized for accessing the resource includes the computer code executable to perform an action providing the user with the requested access to the resource.
  - 8. The method of claim 1, wherein the first domain of the multi-tenant on-demand database service includes a first server of the multi-tenant on-demand database service and the second domain of the multi-tenant on-demand database service includes a second server of the multi-tenant on-demand database service.
  - 9. The method of claim 1, wherein the request from the user is received from a device of the user.
  - 10. The method of claim 1, wherein the verifying the unique token is performed utilizing the second domain of the multi-tenant on-demand database service.
  - 11. The method of claim 10, wherein access to the resource by the user is prevented in response to a failure of the verification of the unique token.
  - 12. The method of claim 1, wherein the unique token includes a time-to-live and is verified by determining that the unique token is stored and that the unique token has not expired.
  - 13. The method of claim 1, wherein the information to be utilized for accessing the resource is generated based on an indication in the request of the resource to which access is requested and a type of access to the resource that is requested, such that the information is capable of being executed for providing the user with the requested access to the resource.
  - 14. The method of claim 1, whereinthe verifying includes determining, based on the look-up, that the unique token is found in the multi-tenant on-demand database service.
  - 15. The method of claim 1, wherein the information indicates the computer code executable to perform the action providing the requested access to the resource by including a pointer to the computer code executable to perform the action providing the requested access to the resource.

16. A computer program product embodied on a non-transitory computer readable medium, comprising:
- computer code for receiving, at a first domain of a multi-tenant on-demand database service, a request from a user to access a resource, wherein the user is a member of a tenant of the multi-tenant on-demand database service;
  
  computer code for, in response to receipt of the request, creating, at the on-demand database service, a unique token;
  
  computer code for storing in a record of multiple records of the multi-tenant on-demand database service the unique token, an identifier of the tenant of which the user is a member, and information to be utilized for accessing the resource, wherein the information indicates computer code executable to perform an action providing the requested access to the resource; and
  
  computer code for enabling access to the resource utilizing the unique token stored in the multi-tenant on-demand database service, wherein the computer program product is operable such that the access to the resource is provided by redirecting the user to a second domain of the multi-tenant on-demand database service by;
  
  sending the unique token from the first domain of the multi-tenant on-demand database service to a device of the user,sending a uniform resource locator (URL) of a second domain of the multi-tenant on-demand database service from the first domain of the multi-tenant on-demand database service to the device of the user,sending from the first domain of the multi-tenant on-demand database service to the device of the user an instruction to transmit the unique token to the second domain of the multi-tenant on-demand database service,receiving the unique token at the second domain of the multi-tenant on-demand database service from the device of the user, in response to the sending of the unique token, the URL, and the instruction to the device of the user,in response to receipt of the unique token at the second domain of the multi-tenant on-demand database service from the device of the user, performing a look-up of the unique token in the multiple records of the multi-tenant on-demand database service,verifying the unique token based on the look-up,in response to the verification, using the unique token to identify the information to be utilized for accessing the resource in the multi-tenant on-demand database service which indicates the computer code executable to perform the action providing the requested access to the resource,in response to identification of the information, executing the computer code indicated by the information for providing the user with the requested access to the resource.

17. An apparatus, comprising:
- a first domain including a first server of a multi-tenant on-demand database service for;
  
  receiving a request from a user to access a resource, wherein the user is a member of a tenant of the multi-tenant on-demand database service;
  
  in response to receipt of the request, creating, at the on-demand database service, a unique token; and
  
  storing in a record of multiple records of the multi-tenant on-demand database service the unique token, an identifier of the tenant of which the user is a member, and information to be utilized for accessing the resource, wherein the information indicates computer code executable to perform an action providing the nested access to the resource; and
  
  a second domain including a second server of the multi-tenant on-demand database service for enabling access to the resource utilizing the unique token stored in the multi-tenant on-demand database service;
  
  wherein the access to the resource is provided by redirecting the user to the second domain of the multi-tenant on-demand database service by;
  
  sending the unique token from the first domain of the multi-tenant on-demand database service to a device of the user,sending a uniform resource locator (URL) of a second domain of the multi-tenant on-demand database service from the first domain of the multi-tenant on-demand database service to the device of the user,sending from the first domain of the multi-tenant on-demand database service to the device of the user an instruction to transmit the unique token to the second domain of the multi-tenant on-demand database service,receiving the unique token at the second domain of the multi-tenant on-demand database service from the device of the user, in response to the sending of the unique token, the URL, and the instruction to the device of the user,in response to receipt of the unique token at the second domain of the multi-tenant on-demand database service from the device of the user, performing a look-up of the unique token in the multiple records of the multi-tenant on-demand database service,verifying the unique token based on the look-up,in response to the verification, using the unique token to identify the information to be utilized for accessing the resource in the multi-tenant on-demand database service which indicates the computer code executable to perform the action providing the requested access to the resource,in response to identification of the information, executing the computer code indicated by the information for providing the user with the requested access to the resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Lissack, Ryan, Snell, Robert Joseph, Fly, Robert Charles
Primary Examiner(s)
LE, THU NGUYET T

Application Number

US12/557,413
Time in Patent Office

1,307 Days
Field of Search

707/781, 707/782
US Class Current

707/781
CPC Class Codes

G06F 16/11   File system administration,...

G06F 16/13   File access structures, e.g...

G06F 16/176   Support for shared access t...

G06F 16/22   Indexing; Data structures t...

G06F 16/951   Indexing; Web crawling tech...

G06F 21/335   for accessing specific reso...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2117   User registration

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 45/20   Hop count for routing purpo...

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 63/10   for controlling access to d...

H04L 67/146   Markers for unambiguous ide...

System, method and computer program product for enabling access to a resource of a multi-tenant on-demand database service utilizing a token

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

66 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for enabling access to a resource of a multi-tenant on-demand database service utilizing a token

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links