System, method and computer program product for enabling access to a resource of a multi-tenant on-demand database service utilizing a token

US 8,825,704 B2
Filed: 03/11/2013
Issued: 09/02/2014
Est. Priority Date: 09/12/2008
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, at a first domain, a request from a user to make a resource accessible;

generating a token that includes a randomly generated identifier and a time-to-live;

storing the token in a record including a user identification, tenant identification, and information for accessing the resource;

sending to the user the token and an instruction to transmit the token to a second domain;

receiving, at the second domain, a request access the resource, the request including the token;

determining that the request to access the resource includes the token;

verifying the token by determining that the token is stored and the token has not expired; and

permitting access to at least one record containing the token by executing computer code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token. These mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token can be utilized to prevent identification of a user attempting to access the resource, and thus unwanted use of the user'"'"'s identity.

Citations

17 Claims

1. A method, comprising:
- receiving, at a first domain, a request from a user to make a resource accessible;
  
  generating a token that includes a randomly generated identifier and a time-to-live;
  
  storing the token in a record including a user identification, tenant identification, and information for accessing the resource;
  
  sending to the user the token and an instruction to transmit the token to a second domain;
  
  receiving, at the second domain, a request access the resource, the request including the token;
  
  determining that the request to access the resource includes the token;
  
  verifying the token by determining that the token is stored and the token has not expired; and
  
  permitting access to at least one record containing the token by executing computer code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the request to access the resource includes a request to download the resource.
  - 3. The method of claim 1, wherein the token is automatically generated on-demand in response to the receipt of the request to make the resource accessible.
  - 4. The method of claim 1, wherein the token includes a randomly generated identifier.
  - 5. The method of claim 1, wherein the first domain includes a first server and the second domain includes a second server.
  - 6. The method of claim 1, wherein the request to access the resource is received from a device of the user.
  - 7. The method of claim 1, wherein the token is verified utilizing the second domain.
  - 8. The method of claim 7, wherein access to the resource by the user is prevented in response to a failure of the verification of the token.
  - 9. The method of claim 1, wherein the token to live and is verified by determining that the token is stored and that the token has not expired.
  - 12. The method of claim 1, wherein the user is a member of a tenant of a multi-tenant on-demand database service.
  - 13. The method of claim 1, wherein the executable computer code includes computer code executable to perform an action providing the requested access to the resource.
  - 14. The method of claim 1, further comprising sending the token to a device of the user.
  - 15. The method of claim 1, further comprising sending a uniform resource locator (URL) of the second domain to a device of the user.
  - 16. The method of claim 1, further comprising sending to the user an instruction to transmit the token to the second domain.
  - 17. The method of claim 1, further comprising using the token to identify the executable computer code to provide access to the at least one record.

10. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be execute to cause a computer to implement a method. the method comprising:
- receiving, at a first domain, a request from a user to make a resource accessible;
  
  generating a token that includes a randomly generated identifier and a time-to-live;
  
  storing the token in a record including a user identification, tenant identification, and information for accessing the resource;
  
  sending to the user the token and an instruction to transmit the token to a second domain;
  
  receiving, at the second domain, a request to access the resource, the request including the token;
  
  determining that the request to access the resource includes the token;
  
  verifying the token by determining that the token is stored and the token has not expired; and
  
  permitting access to at least one record containing the token by executing computer code.

11. An apparatus, comprising:
- a first processor for;
  
  receiving, at a first domain, a request from a user to make a resource accessible;
  
  generating a token that includes a randomly generated identifier and a time-to-live;
  
  storing the token in a record including a user identification, tenant identification, information for accessing the resource;
  
  sending to the user the token and an instruction to transmit the token to a second domain;
  
  a second processor for;
  
  receiving, at the second domain, a request to access the resource, the request including the token;
  
  determining that the request to access the resource includes the token;
  
  verifying the token by determining that the token is stored and the token has not expired; and
  
  permitting access to at least one record containing the token by executing computer code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Lissack, Ryan, Snell, Robert Joseph, Fly, Robert Charles
Primary Examiner(s)
LE, THU NGUYET T

Application Number

US13/794,531
Publication Number

US 20130198236A1
Time in Patent Office

540 Days
Field of Search

707/705, 707781-788
US Class Current

707/781
CPC Class Codes

G06F 16/11   File system administration,...

G06F 16/13   File access structures, e.g...

G06F 16/176   Support for shared access t...

G06F 16/22   Indexing; Data structures t...

G06F 16/951   Indexing; Web crawling tech...

G06F 21/335   for accessing specific reso...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2117   User registration

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 45/20   Hop count for routing purpo...

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 63/10   for controlling access to d...

H04L 67/146   Markers for unambiguous ide...

System, method and computer program product for enabling access to a resource of a multi-tenant on-demand database service utilizing a token

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for enabling access to a resource of a multi-tenant on-demand database service utilizing a token

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links