Mechanism for facilitating communication authentication between cloud applications and on-premise applications

US 8,826,451 B2
Filed: 12/20/2010
Issued: 09/02/2014
Est. Priority Date: 08/16/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, at an application server, a message relating to a server software application and on behalf of a client software application;

parsing, at the application server, contents of the message for verification purposes prior to routing the message to the client software application;

verifying, at the application server, the parsed contents of the message;

authenticating, at the application server, the message based on the verified contents of the message to determine granting or denying the routing of the message to the client software application, wherein authenticating includesdetermining whether the parsed contents include identifying information,performing an identifying information-based authentication if the parsed contents include the identifying information, andperforming a handshake-based authentication if the parsed contents do not include the identifying information, androuting the first authenticated message to the client software application if the message is successfully authenticated and the routing is granted.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided methods and systems for providing communication authentication between cloud applications and on-premise applications. A method of embodiments includes receiving, from a cloud application at a cloud computing device, a first message at an application server of a server computing system, and parsing, at the application server, the first message to determine first identification information contained within the first message. The method further includes authenticating, at the application server, the first message by verifying the first identification information, and forwarding the first authenticated message to an on-premise application at a remote computing device.

135 Citations

18 Claims

1. A computer-implemented method comprising:
- receiving, at an application server, a message relating to a server software application and on behalf of a client software application;
  
  parsing, at the application server, contents of the message for verification purposes prior to routing the message to the client software application;
  
  verifying, at the application server, the parsed contents of the message;
  
  authenticating, at the application server, the message based on the verified contents of the message to determine granting or denying the routing of the message to the client software application, wherein authenticating includesdetermining whether the parsed contents include identifying information,performing an identifying information-based authentication if the parsed contents include the identifying information, andperforming a handshake-based authentication if the parsed contents do not include the identifying information, androuting the first authenticated message to the client software application if the message is successfully authenticated and the routing is granted.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, further comprising facilitating, at the application server, additional verification or additional authentication of the message if the message cannot be verified or fails authentication, respectively.
  - 3. The computer-implemented method of claim 2, wherein facilitating additional verification comprises performing a handshake verification of the message if the message fails verification and a verification error message is issued and registered in a log file, wherein the handshake verification includes calling back the server software application for a direct verification by allowing the server software application to directly verify itself by issuing a return verification message.
  - 4. The computer-implemented method of claim 2, wherein facilitating additional authentication comprises performing the handshake-based authentication of the message if the message fails authentication and an authentication error message is issued and registered in the log file, wherein the handshake authentication includes calling back the server software application for a direct authentication by allowing the server software application to directly authenticate itself by issuing a return authentication message.
  - 5. The computer-implemented method of claim 1, wherein the parsed contents comprise confidential information, the confidential information having data components including one or more of a username, a password, a mark, a secret identifying term, a flag, and a confidential term, wherein the verification or authentication of the message fails if one or more of the data components is determined to be missing from the parsed contents.
  - 6. The method of claim 1, wherein the client software application includes an on-premise software application residing at a client computing device, and wherein the server software application resides at a server computing device coupled to the application server, wherein the application server communicates with the client computing device over a network including a cloud network, wherein the server software, application comprises a cloud software application, wherein the cloud software application remains in communication with the on-premise software application over the network having security protocols comprising wails including an internal wall or an external wall.

7. A system comprising an application server having a memory to store instructions, and a processing device to execute the instructions, the application further having a mechanism to perform one or more operations comprising:
- receiving a message relating to a server software application and on behalf of a client software application;
  
  parsing contents of the message for verification purposes prior to routing the message to the client software application;
  
  verifying the parsed contents of the message;
  
  authenticating the message based on the verified contents of the message to determine granting or denying the routing of the message to the client software application, wherein authenticating includesdetermining whether the parsed contents include identifying information,performing an identifying information-based authentication if the parsed contents include the identifying information, andperforming a handshake-based authentication if the parsed contents do not include the identifying information; and
  
  routing the first authenticated message to the client software application if the message is successfully authenticated and the routing is granted.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the one or more operations further comprise facilitating, at the application server, additional verification or additional authentication of the message if the message cannot be verified or fails authentication, respectively.
  - 9. The system of claim 8, wherein facilitating additional verification comprises performing a handshake verification of the message if the message fails verification and a verification error message is issued and registered in a log file, wherein the handshake verification includes calling back the server software application for a direct verification by allowing the server software application to directly verify itself by issuing a return verification message.
  - 10. The system of claim 8, wherein facilitating additional authentication comprises performing the handshake-based authentication of the message if the message fails authentication and an authentication error message is issued and registered in the log file, wherein the handshake authentication includes calling back the server software application for a direct authentication by allowing the server software application to directly authenticate itself by issuing a return authentication message.
  - 11. The system of claim 7, wherein the parsed contents comprise confidential information, the confidential information having data components including one or more of a username, a password, a mark, a secret identifying term, a flag, and a confidential term, wherein the verification or authentication of the message fails if one or more of the data components is determined to be missing from the parsed contents.
  - 12. The system of claim 7, wherein the client software application includes an on-premise software application residing at a client computing device, and wherein the server software application resides at a server computing device coupled to the application server, wherein the application server communicates with the client computing device over a network including a cloud network, wherein the server software application comprises a cloud software application, wherein the cloud software application remains in communication with the on-premise software application over the network having security protocols comprising walls including an internal wall or an external wall.

13. A non-transitory machine-readable medium having stored thereon instructions which when executed by a machine, cause the machine to perform one or more operations comprising:
- receiving, at an application server, a message relating to a server software application and on behalf of a client software application;
  
  parsing, at the application server, contents of the message for verification purposes prior to routing the message to the client software application;
  
  verifying, at the application server, the parsed contents of the message;
  
  authenticating, at the application server, the message based on the verified contents of the message to determine granting or denying the routing of the message to the client software application, wherein authenticating includesdetermining whether the parsed contents include identifying information,performing an identifying information-based authentication if the parsed contents include the identifying information, andperforming a handshake-based authentication if the parsed contents do not include the identifying information; and
  
  routing the first authenticated message to the client software application if the message is successfully authenticated and the routing is granted.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory machine-readable medium of claim 13, wherein the one or more operations further comprise facilitating, at the application server, additional verification or additional authentication of the message if the message cannot be verified or fails authentication, respectively.
  - 15. The non-transitory machine-readable medium of claim 14, wherein facilitating additional verification comprises performing a handshake verification of the message if the message fails verification and a verification error message is issued and registered in a log file, wherein the handshake verification includes calling back the server software application for a direct verification by allowing the server software application to directly verify itself by issuing a return verification message.
  - 16. The non-transitory machine-readable medium of claim 14, wherein facilitating additional authentication comprises performing the handshake-based authentication of the message if the message fails authentication and an authentication error message is issued and registered in the log file, wherein the handshake authentication includes calling back the server software application for a direct authentication by allowing the server software application to directly authenticate itself by issuing a return authentication message.
  - 17. The non-transitory machine-readable medium of claim 13, wherein the parsed contents comprise confidential information, the confidential information having data components including one or more of a username, a password, a mark, a secret identifying term, a flag, and a confidential term, wherein the verification or authentication of the message fails if one or more of the data components is determined to be missing from the parsed contents.
  - 18. The non-transitory machine-readable medium of claim 13, wherein the client software application includes an on-premise software application residing at a client computing device, and wherein the server software application resides at a server computing device coupled to the application server, wherein the application server communicates with the client computing device over a network including a cloud network, wherein the server software application comprises a cloud software application, wherein the cloud software application remains in communication with the on-premise software application over the network having security protocols comprising walls including an internal wall or an external wall.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Blubaugh, Michael David
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Anderson, Michael D

Application Number

US12/973,738
Publication Number

US 20120042216A1
Time in Patent Office

1,352 Days
Field of Search

713/153, 713/154, 726/4, 726/5, 726/10, 726/11, 726/12, 726/13
US Class Current

726/27
CPC Class Codes

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/08   for authentication of entit...

H04L 67/1097   for distributed storage of ...

Mechanism for facilitating communication authentication between cloud applications and on-premise applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

135 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Mechanism for facilitating communication authentication between cloud applications and on-premise applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

135 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links