On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service
First Claim
Patent Images
1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to cause a computer to implement a method comprising:
- receiving a request to access an on-demand service from a requestor associated with one of a plurality of entities of the on-demand service, wherein the requestor has transmitted a valid username and password from a device for accessing the on-demand service;
determining that the request to access the on-demand service is from a potentially risky source including that the device of the requestor is unrecognized using stored information associated with at least one of a plurality of users or the one of the plurality of entities; and
managing access to the on-demand service by the requestor as a condition of permitting the requestor to access the on-demand service from the device, wherein managing the access to the on-demand service includes;
providing a message containing a valid token to a predetermined location that corresponds to the valid username provided by the requestor, wherein the predetermined location is separate from the unrecognized device of the requestor,after providing the message containing the valid token to the predetermined location, receiving a second request to access the on-demand service from the unrecognized device, the second request including the valid token, andin response to receiving the second request including the valid token, verifying a machine identifier of the unrecognized device and permitting access to the on-demand service by the unrecognized device.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are mechanisms and methods for managing a risk of access to an on-demand service as a condition of permitting access to the on-demand service. These mechanisms and methods for providing such management can help prohibit an unauthorized user from accessing an account of an authorized user when the authorized user inadvertently loses login information. The ability to provide such management may lead to an improved security feature for accessing on-demand services.
191 Citations
11 Claims
-
1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to cause a computer to implement a method comprising:
-
receiving a request to access an on-demand service from a requestor associated with one of a plurality of entities of the on-demand service, wherein the requestor has transmitted a valid username and password from a device for accessing the on-demand service; determining that the request to access the on-demand service is from a potentially risky source including that the device of the requestor is unrecognized using stored information associated with at least one of a plurality of users or the one of the plurality of entities; and managing access to the on-demand service by the requestor as a condition of permitting the requestor to access the on-demand service from the device, wherein managing the access to the on-demand service includes; providing a message containing a valid token to a predetermined location that corresponds to the valid username provided by the requestor, wherein the predetermined location is separate from the unrecognized device of the requestor, after providing the message containing the valid token to the predetermined location, receiving a second request to access the on-demand service from the unrecognized device, the second request including the valid token, and in response to receiving the second request including the valid token, verifying a machine identifier of the unrecognized device and permitting access to the on-demand service by the unrecognized device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 10, 11)
-
-
8. A method, comprising:
-
receiving a request to access an on-demand service from a requestor associated with one of a plurality of entities of the on-demand service, wherein the requestor has transmitted a valid username and password from a device for accessing the on-demand service; determining, utilizing a hardware processor, that the request to access the on-demand service is from a potentially risky source including that the device of the requestor is unrecognized using stored information associated with at least one of a plurality of users or the one of the plurality of entities; and managing access to the on-demand service by the requestor as a condition of permitting the requestor to access the on-demand service from the device, wherein managing the access to the on-demand service includes; providing a message containing a valid token to a predetermined location that corresponds to the valid username provided by the requestor, wherein the predetermined location is separate from the unrecognized device of the requestor, after providing the message containing the valid token to the predetermined location, receiving a second request to access the on-demand service from the unrecognized device, the second request including the valid token, and in response to receiving the second request including the valid token, verifying a machine identifier of the unrecognized device and permitting access to the on-demand service by the unrecognized device.
-
-
9. An apparatus, comprising:
-
a hardware processor; and one or more stored sequences of instructions which, when executed by the hardware processor, cause the hardware processor to carry out the steps of; receiving a request to access an on-demand service from a requestor associated with one of a plurality of entities of the on-demand service, wherein the requestor has transmitted a valid username and password from a device for accessing the on-demand service; determining that the request to access the on-demand service is from a potentially risky source including that the device of the requestor is unrecognized using stored information associated with at least one of a plurality of users or the one of the plurality of entities; and managing access to the on-demand service by the requestor as a condition of permitting the requestor to access the on-demand service from the device, wherein managing the access to the on-demand service includes; providing a message containing a valid token to a predetermined location that corresponds to the valid username provided by the requestor, wherein the predetermined location is separate from the unrecognized device of the requestor, after providing the message containing the valid token to the predetermined location, receiving a second request to access the on-demand service from the unrecognized device, the second request including the valid token, and in response to receiving the second request including the valid token, verifying a machine identifier of the unrecognized device and permitting access to the on-demand service by the unrecognized device.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeSalesforce.com, Inc.
-
Original AssigneeSalesforce.com, Inc.
-
InventorsJunod, Forrest A., Fly, Robert C., Dapkus, Peter, Yancey, Scott W., Lawrance, Steven S., Fell, Simon Z.
-
Primary Examiner(s)SHOLEMAN, ABU S
-
Application NumberUS13/874,349Publication NumberTime in Patent Office546 DaysField of Search726 5- 7, 713/161, 713/171, 380/244, 380/277US Class Current726/5CPC Class CodesG06F 21/42 using separate channels for...G06F 21/60 Protecting dataG06F 21/6218 to a system of files or obj...H04L 51/04 Real-time or near real-time...H04L 63/08 for authentication of entit...H04L 63/083 using passwords cryptograph...H04L 63/10 for controlling access to d...H04L 63/14 for detecting or protecting...H04L 67/01 Protocols
