On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service

US 8,863,251 B1
Filed: 03/19/2012
Issued: 10/14/2014
Est. Priority Date: 11/15/2007
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a request to access an on-demand service from a client at one of a plurality of entities of the on-demand service;

determining that a source of the request to access the on-demand service provides a risk of access, the determination being based at least in part on both;

received information associated with at least one of a plurality of users, andstored information of the one of the plurality of entities of on-demand service to which the access is requested;

in response to the request to access the on-demand service and the determination that the source of the request provides the risk of access, managing the risk of access to the on-demand service by the client utilizing a processor by;

generating a message utilizing a valid username associated with the client as well as contact information for the client stored locally at the on-demand service, where the message is generated in response to the receipt of the entry of the valid username and a valid password by the client;

providing via the message a valid token to the client as a condition of permitting access to the on-demand service by the client, wherein the valid token is provided to the client by the on-demand service;

receiving a second request to access the on-demand service from the client at another one of the plurality of entities; and

in response to receiving the second request to access the on-demand service, and after providing the valid token to the client, verifying a machine identifier of a device associated with the client as a condition of permitting access to the on-demand service by the client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There are provided mechanisms and methods for managing a risk of access to an on-demand service as a condition of permitting access to the on-demand service. These mechanisms and methods for providing such management can help prohibit an unauthorized user from accessing an account of an authorized user when the authorized user inadvertently loses login information. The ability to provide such management may lead to an improved security feature for accessing on-demand services.

177 Citations

11 Claims

1. A method, comprising:
- receiving a request to access an on-demand service from a client at one of a plurality of entities of the on-demand service;
  
  determining that a source of the request to access the on-demand service provides a risk of access, the determination being based at least in part on both;
  
  received information associated with at least one of a plurality of users, andstored information of the one of the plurality of entities of on-demand service to which the access is requested;
  
  in response to the request to access the on-demand service and the determination that the source of the request provides the risk of access, managing the risk of access to the on-demand service by the client utilizing a processor by;
  
  generating a message utilizing a valid username associated with the client as well as contact information for the client stored locally at the on-demand service, where the message is generated in response to the receipt of the entry of the valid username and a valid password by the client;
  
  providing via the message a valid token to the client as a condition of permitting access to the on-demand service by the client, wherein the valid token is provided to the client by the on-demand service;
  
  receiving a second request to access the on-demand service from the client at another one of the plurality of entities; and
  
  in response to receiving the second request to access the on-demand service, and after providing the valid token to the client, verifying a machine identifier of a device associated with the client as a condition of permitting access to the on-demand service by the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the on-demand service includes an on-demand database service.
  - 3. The method of claim 2, wherein the on-demand service includes a multi-tenant on-demand database service.
  - 4. The method of claim 1, wherein the determination that the request is from the source providing the risk of access is further based, at least in part, on the device associated with the client.
  - 5. The method of claim 4, wherein the determination that the request is from the source providing the risk of access includes a determination that the device associated with the client has not previously been associated with the at least one of a plurality of users identified by stored information of the one of the plurality of entities of the on-demand service to which the access is requested.
  - 6. The method of claim 5, wherein it is determined that the request is from the source providing the risk of access because the device associated with the client has previously been associated with the at least one of a plurality of users identified by stored information of the one of the plurality of entities of the on-demand service to which the access is requested.
  - 7. The method of claim 5, wherein managing the risk of access includes generating the message and permitting the client access to the on-demand service in response to:
    - the device associated with the client not being previously associated with the at least one of the plurality of users identified by the stored information of the one of the plurality of entities of the on-demand service to which the access is requested, andproviding the valid token to the client.
  - 8. The method of claim 6, wherein managing the risk of access includes generating the message and providing the client access to the on-demand service in response to:
    - the device associated with the client being previously associated with the at least one of the plurality of users identified by the stored information of the one of the plurality of entities of the on-demand service to which the access is requested, andproviding the valid token to the client.
  - 9. The method of claim 1, wherein managing the risk of access to the on-demand service by the client includes comparing information in the request to access the on-demand service with a list of at least one of users and entities pre-determined to be granted access to the on-demand service.

10. A non-transitory machine-readable medium carrying one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to carry out the steps of:
- receiving a request to access an on-demand service from a client at one of a plurality of entities of the on-demand service;
  
  determining that a source of the request to access the on-demand service provides a risk of access, the determination being based at least in part on both;
  
  received information associated with at least one of a plurality of users, andstored information of the one of the plurality of entities of on-demand service to which the access is requested;
  
  in response to the request to access the on-demand service and the determination that the source of the request provides the risk of access, managing the risk of access to the on-demand service by the client by;
  
  generating a message utilizing a valid username associated with the client as well as contact information for the client stored locally at the on-demand service, where the message is generated in response to the receipt of the entry of the valid username and a valid password by the client;
  
  providing via the message a valid token to the client as a condition of permitting access to the on-demand service by the client, wherein the valid token is provided to the client by the on-demand service;
  
  receiving a second request to access the on-demand service from the client at another one of the plurality of entities; and
  
  in response to receiving the second request to access the on-demand service, and after providing the valid token to the client, verifying a machine identifier of a device associated with the client as a condition of permitting access to the on-demand service by the client.

11. An apparatus, comprising:
- a hardware processor; and
  
  one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  receiving a request to access an on-demand service from a client at one of a plurality of entities of the on-demand service;
  
  determining that a source of the request to access the on-demand service provides a risk of access, the determination being based at least in part on both;
  
  received information associated with at least one of a plurality of users, andstored information of the one of the plurality of entities of on-demand service to which the access is requested;
  
  in response to the request to access the on-demand service and the determination that the source of the request provides the risk of access, managing the risk of access to the on-demand service by the client by;
  
  generating a message utilizing a valid username associated with the client as well as contact information for the client stored locally at the on-demand service, where the message is generated in response to the receipt of the entry of the valid username and a valid password by the client;
  
  providing via the message a valid token to the client as a condition of permitting access to the on-demand service by the client, wherein the valid token is provided to the client by the on-demand service;
  
  receiving a second request to access the on-demand service from the client at another one of the plurality of entities; and
  
  in response to receiving the second request to access the on-demand service, and after providing the valid token to the client, verifying a machine identifier of a device associated with the client as a condition of permitting access to the on-demand service by the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Junod, Forrest A., Fly, Robert C., Dapkus, Peter, Yancey, Scott W., Lawrance, Steven S., Fell, Simon Z.
Primary Examiner(s)
SHOLEMAN, ABU S

Application Number

US13/424,271
Time in Patent Office

939 Days
Field of Search

726 5- 7, 726/23, 726/24, 726/25, 705/67
US Class Current

726/5
CPC Class Codes

G06F 21/31 User authentication

On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

177 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

177 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links