On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service
First Claim
Patent Images
1. A method, comprising:
- receiving a request to access an on-demand service from a requestor at one of a plurality of entities of the on-demand service, the request including credentials for logging into the on-demand service;
determining that the credentials received from the requestor are valid;
in response to determining that the received credentials are valid, determining that the requestor from which the request to access the on-demand service is received is an untrusted requestor by;
identifying information received in association with the request to access the on-demand database service, the information including at least a machine identifier of a device of the requestor from which the request to access the on-demand service is received,identifying information of the on-demand service to which the access is requested, the information at least in part relating to machine identifiers predetermined to be associated with the requester,performing a verification of the information received in association with the request to access the on-demand database service using the identified information of the on-demand service, anddetermining that the requestor from which the request to access the on-demand service is received is an untrusted requestor, based on a result of the verification;
in response to the request to access the on-demand service and the determination that the request is from the untrusted requestor, utilizing a computer processor for managing a risk of access to the on-demand service by the requestor by;
identifying a message destination predetermined for the credentials included in the request to access an on-demand service,providing a message including a token to the message destination, wherein the message including the token is provided to the message destination by the on-demand service,after providing the message including the token to the message destination, challenging the requestor to provide the token to the on-demand database service,determining whether the token is provided by the requestor to the on-demand database service, in response to the challenge,identifying the requestor as authenticated in response to a determination that the token is provided by the requestor to the on-demand database service, and permitting the requested access to the on-demand database service by the authenticated requestor, andidentifying the requestor as non-authenticated in response to a determination that the token is not provided by the requestor to the on-demand database service, and prohibiting the requested access to the on-demand database service by the non-authenticated requestor.
1 Assignment
0 Petitions
Accused Products
Abstract
In accordance with embodiments, there are provided mechanisms and methods for managing a risk of access to an on-demand service as a condition of permitting access to the on-demand service. These mechanisms and methods for providing such management can enable embodiments to help prohibit an unauthorized user from accessing an account of an authorized user when the authorized user inadvertently loses login information. The ability of embodiments to provide such management may lead to an improved security feature for accessing on-demand services.
-
Citations
9 Claims
-
1. A method, comprising:
-
receiving a request to access an on-demand service from a requestor at one of a plurality of entities of the on-demand service, the request including credentials for logging into the on-demand service; determining that the credentials received from the requestor are valid; in response to determining that the received credentials are valid, determining that the requestor from which the request to access the on-demand service is received is an untrusted requestor by; identifying information received in association with the request to access the on-demand database service, the information including at least a machine identifier of a device of the requestor from which the request to access the on-demand service is received, identifying information of the on-demand service to which the access is requested, the information at least in part relating to machine identifiers predetermined to be associated with the requester, performing a verification of the information received in association with the request to access the on-demand database service using the identified information of the on-demand service, and determining that the requestor from which the request to access the on-demand service is received is an untrusted requestor, based on a result of the verification; in response to the request to access the on-demand service and the determination that the request is from the untrusted requestor, utilizing a computer processor for managing a risk of access to the on-demand service by the requestor by; identifying a message destination predetermined for the credentials included in the request to access an on-demand service, providing a message including a token to the message destination, wherein the message including the token is provided to the message destination by the on-demand service, after providing the message including the token to the message destination, challenging the requestor to provide the token to the on-demand database service, determining whether the token is provided by the requestor to the on-demand database service, in response to the challenge, identifying the requestor as authenticated in response to a determination that the token is provided by the requestor to the on-demand database service, and permitting the requested access to the on-demand database service by the authenticated requestor, and identifying the requestor as non-authenticated in response to a determination that the token is not provided by the requestor to the on-demand database service, and prohibiting the requested access to the on-demand database service by the non-authenticated requestor. - View Dependent Claims (2, 3, 6, 7, 8, 9)
-
-
4. A non-transitory machine-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
receiving a request to access an on-demand service from a requestor at one of a plurality of entities of the on-demand service, the request including credentials for logging into the on-demand service; determining that the credentials received from the requestor are valid; in response to determining that the received credentials are valid, determining that the requestor from which the request to access the on-demand service is received is an untrusted requestor by; identifying information received in association with the request to access the on-demand database service, the information including at least a machine identifier of a device of the requestor from which the request to access the on-demand service is received, identifying information of the on-demand service to which the access is requested, the information at least in part relating to machine identifiers predetermined to be associated with the requester, performing a verification of the information received in association with the request to access the on-demand database service using the identified information of the on-demand service, and determining that the requestor from which the request to access the on-demand service is received is an untrusted requestor, based on a result of the verification; in response to the request to access the on-demand service and the determination that the request is from the untrusted requestor, utilizing a processor for managing a risk of access to the on-demand service by the requestor by; identifying a message destination predetermined for the credentials included in the request to access an on-demand service, providing a message including a token to the message destination, wherein the message including the token is provided to the message destination by the on-demand service, after providing the message including the token to the message destination, challenging the requestor to provide the token to the on-demand database service, determining whether the token is provided by the requestor to the on-demand database service, in response to the challenge, identifying the requestor as authenticated in response to a determination that the token is provided by the requestor to the on-demand database service, and permitting the requested access to the on-demand database service by the authenticated requestor, and identifying the requestor as non-authenticated in response to a determination that the token is not provided by the requestor to the on-demand database service, and prohibiting the requested access to the on-demand database service by the non-authenticated requestor.
-
-
5. An apparatus, comprising:
-
a processor; and a memory storing one or more sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of; receiving a request to access an on-demand service from a requestor at one of a plurality of entities of the on-demand service, the request including credentials for logging into the on-demand service; determining that the credentials received from the requestor are valid; in response to determining that the received credentials are valid, determining that the requestor from which the request to access the on-demand service is received is an untrusted requestor by; identifying information received in association with the request to access the on-demand database service, the information including at least a machine identifier of a device of the requestor from which the request to access the on-demand service is received, identifying information-of the on-demand service to which the access is requested, the information at least in part relating to machine identifiers predetermined to be associated with the requestor, performing a verification of the information received in association with the request to access the on-demand database service using the identified information of the on-demand service, and determining that the requestor from which the request to access the on-demand service is received is an untrusted requestor, based on a result of the verification; in response to the request to access the on-demand service and the determination that the request is from the untrusted requestor, utilizing a processor for managing a risk of access to the on-demand service by the requestor by; identifying a message destination predetermined for the credentials included in the request to access an on-demand service, providing a message including a token to the message destination, wherein the message including the token is provided to the message destination by the on-demand service, after providing the message including the token to the message destination, challenging the requestor to provide the token to the on-demand database service, determining whether the token is provided by the requestor to the on-demand database service, in response to the challenge, identifying the requestor as authenticated in response to a determination that the token is provided by the requestor to the on-demand database service, and permitting the requested access to the on-demand database service by the authenticated requestor, and identifying the requestor as non-authenticated in response to a determination that the token is not provided by the requestor to the on-demand database service, and prohibiting the requested access to the on-demand database service by the non-authenticated requestor.
-
Specification