On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service

US 8,584,212 B1
Filed: 11/14/2008
Issued: 11/12/2013
Est. Priority Date: 11/15/2007
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a request to access an on-demand service from a requestor at one of a plurality of entities of the on-demand service, the request including credentials for logging into the on-demand service;

determining that the credentials received from the requestor are valid;

in response to determining that the received credentials are valid, determining that the requestor from which the request to access the on-demand service is received is an untrusted requestor by;

identifying information received in association with the request to access the on-demand database service, the information including at least a machine identifier of a device of the requestor from which the request to access the on-demand service is received,identifying information of the on-demand service to which the access is requested, the information at least in part relating to machine identifiers predetermined to be associated with the requester,performing a verification of the information received in association with the request to access the on-demand database service using the identified information of the on-demand service, anddetermining that the requestor from which the request to access the on-demand service is received is an untrusted requestor, based on a result of the verification;

in response to the request to access the on-demand service and the determination that the request is from the untrusted requestor, utilizing a computer processor for managing a risk of access to the on-demand service by the requestor by;

identifying a message destination predetermined for the credentials included in the request to access an on-demand service,providing a message including a token to the message destination, wherein the message including the token is provided to the message destination by the on-demand service,after providing the message including the token to the message destination, challenging the requestor to provide the token to the on-demand database service,determining whether the token is provided by the requestor to the on-demand database service, in response to the challenge,identifying the requestor as authenticated in response to a determination that the token is provided by the requestor to the on-demand database service, and permitting the requested access to the on-demand database service by the authenticated requestor, andidentifying the requestor as non-authenticated in response to a determination that the token is not provided by the requestor to the on-demand database service, and prohibiting the requested access to the on-demand database service by the non-authenticated requestor.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided mechanisms and methods for managing a risk of access to an on-demand service as a condition of permitting access to the on-demand service. These mechanisms and methods for providing such management can enable embodiments to help prohibit an unauthorized user from accessing an account of an authorized user when the authorized user inadvertently loses login information. The ability of embodiments to provide such management may lead to an improved security feature for accessing on-demand services.

Citations

9 Claims

1. A method, comprising:
- receiving a request to access an on-demand service from a requestor at one of a plurality of entities of the on-demand service, the request including credentials for logging into the on-demand service;
  
  determining that the credentials received from the requestor are valid;
  
  in response to determining that the received credentials are valid, determining that the requestor from which the request to access the on-demand service is received is an untrusted requestor by;
  
  identifying information received in association with the request to access the on-demand database service, the information including at least a machine identifier of a device of the requestor from which the request to access the on-demand service is received,identifying information of the on-demand service to which the access is requested, the information at least in part relating to machine identifiers predetermined to be associated with the requester,performing a verification of the information received in association with the request to access the on-demand database service using the identified information of the on-demand service, anddetermining that the requestor from which the request to access the on-demand service is received is an untrusted requestor, based on a result of the verification;
  
  in response to the request to access the on-demand service and the determination that the request is from the untrusted requestor, utilizing a computer processor for managing a risk of access to the on-demand service by the requestor by;
  
  identifying a message destination predetermined for the credentials included in the request to access an on-demand service,providing a message including a token to the message destination, wherein the message including the token is provided to the message destination by the on-demand service,after providing the message including the token to the message destination, challenging the requestor to provide the token to the on-demand database service,determining whether the token is provided by the requestor to the on-demand database service, in response to the challenge,identifying the requestor as authenticated in response to a determination that the token is provided by the requestor to the on-demand database service, and permitting the requested access to the on-demand database service by the authenticated requestor, andidentifying the requestor as non-authenticated in response to a determination that the token is not provided by the requestor to the on-demand database service, and prohibiting the requested access to the on-demand database service by the non-authenticated requestor.
- View Dependent Claims (2, 3, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the on-demand service includes an on-demand database service.
  - 3. The method of claim 2, wherein the on-demand service includes a multi-tenant on-demand database service.
  - 6. The method of claim 1, wherein managing the risk of access to the on-demand service by the requestor includes generating a document.
  - 7. The method of claim 6, wherein the document generated for managing the risk of access is generated in response to a valid username and a valid password being entered by the requestor.
  - 8. The method of claim 7, wherein the document generated for managing the risk of access, and in response to the valid username and the valid password entered by the requestor, is generated based on the valid username.
  - 9. The method of claim 7, wherein the document generated for managing the risk of access, and in response to the valid username and the valid password entered by the requestor, is generated based on the valid username and is generated utilizing contact information for the requestor, the contact information stored locally at the on-demand service.

4. A non-transitory machine-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to carry out the steps of:
- receiving a request to access an on-demand service from a requestor at one of a plurality of entities of the on-demand service, the request including credentials for logging into the on-demand service;
  
  determining that the credentials received from the requestor are valid;
  
  in response to determining that the received credentials are valid, determining that the requestor from which the request to access the on-demand service is received is an untrusted requestor by;
  
  identifying information received in association with the request to access the on-demand database service, the information including at least a machine identifier of a device of the requestor from which the request to access the on-demand service is received,identifying information of the on-demand service to which the access is requested, the information at least in part relating to machine identifiers predetermined to be associated with the requester,performing a verification of the information received in association with the request to access the on-demand database service using the identified information of the on-demand service, anddetermining that the requestor from which the request to access the on-demand service is received is an untrusted requestor, based on a result of the verification;
  
  in response to the request to access the on-demand service and the determination that the request is from the untrusted requestor, utilizing a processor for managing a risk of access to the on-demand service by the requestor by;
  
  identifying a message destination predetermined for the credentials included in the request to access an on-demand service,providing a message including a token to the message destination, wherein the message including the token is provided to the message destination by the on-demand service,after providing the message including the token to the message destination, challenging the requestor to provide the token to the on-demand database service,determining whether the token is provided by the requestor to the on-demand database service, in response to the challenge,identifying the requestor as authenticated in response to a determination that the token is provided by the requestor to the on-demand database service, and permitting the requested access to the on-demand database service by the authenticated requestor, andidentifying the requestor as non-authenticated in response to a determination that the token is not provided by the requestor to the on-demand database service, and prohibiting the requested access to the on-demand database service by the non-authenticated requestor.

5. An apparatus, comprising:
- a processor; and
  
  a memory storing one or more sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  receiving a request to access an on-demand service from a requestor at one of a plurality of entities of the on-demand service, the request including credentials for logging into the on-demand service;
  
  determining that the credentials received from the requestor are valid;
  
  in response to determining that the received credentials are valid, determining that the requestor from which the request to access the on-demand service is received is an untrusted requestor by;
  
  identifying information received in association with the request to access the on-demand database service, the information including at least a machine identifier of a device of the requestor from which the request to access the on-demand service is received,identifying information-of the on-demand service to which the access is requested, the information at least in part relating to machine identifiers predetermined to be associated with the requestor,performing a verification of the information received in association with the request to access the on-demand database service using the identified information of the on-demand service, anddetermining that the requestor from which the request to access the on-demand service is received is an untrusted requestor, based on a result of the verification;
  
  in response to the request to access the on-demand service and the determination that the request is from the untrusted requestor, utilizing a processor for managing a risk of access to the on-demand service by the requestor by;
  
  identifying a message destination predetermined for the credentials included in the request to access an on-demand service,providing a message including a token to the message destination, wherein the message including the token is provided to the message destination by the on-demand service,after providing the message including the token to the message destination, challenging the requestor to provide the token to the on-demand database service,determining whether the token is provided by the requestor to the on-demand database service, in response to the challenge,identifying the requestor as authenticated in response to a determination that the token is provided by the requestor to the on-demand database service, and permitting the requested access to the on-demand database service by the authenticated requestor, andidentifying the requestor as non-authenticated in response to a determination that the token is not provided by the requestor to the on-demand database service, and prohibiting the requested access to the on-demand database service by the non-authenticated requestor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Junod, Forrest A., Fly, Robert C., Dapkus, Peter, Yancey, Scott W., Lawrance, Steven S., Fell, Simon Z.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Sholeman, Abu

Application Number

US12/271,661
Time in Patent Office

1,824 Days
Field of Search

726/5, 726/25, 726/3, 726/23, 726/24, 709/206, 709/204
US Class Current

726/5
CPC Class Codes

G06F 21/31 User authentication

On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links