On-demand service security system and method for managing a risk of access as a condition of permitting access to the on-demand service
First Claim
Patent Images
1. A method, comprising:
- receiving a request to access an on-demand service from a requestor at the on-demand service, the request including credentials for logging into the on-demand service;
determining, utilizing a hardware processor, that the requestor from which the request to access the on-demand service is received is a potentially risky source, the determination being based at least on;
information about the requestor, andinformation about one of a plurality of entities of the on-demand service to which the access is requested, wherein the information about the one of the plurality of entities is stored by the on-demand service;
in response to the request to access the on-demand service and the determination that the requestor is the potentially risky source, managing access to the on-demand service by;
identifying information previously stored in association with the credentials that were received in the request to access the on-demand service, the information previously stored in association with the credentials indicating a message destination,sending, by the on-demand service, a token to the message destination,after sending the token to the message destination, challenging the requestor to provide the token to the on-demand service,determining whether the token is provided by the requestor to the on-demand service in response to the challenge,identifying the requestor as authenticated in response to a determination that the token is provided by the requestor to the on-demand service, and permitting the requested access to the on-demand service by the authenticated requestor, andidentifying the requestor as non-authenticated in response to a determination that the token is not provided by the requestor to the on-demand service, and prohibiting the requested access to the on-demand service by the non-authenticated requestor.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are mechanisms and methods for managing a risk of access to an on-demand service as a condition of permitting access to the on-demand service. These mechanisms and methods for providing such management can help prohibit an unauthorized user from accessing an account of an authorized user when the authorized user inadvertently loses login information. The ability to provide such management may lead to an improved security feature for accessing on-demand services.
228 Citations
12 Claims
-
1. A method, comprising:
-
receiving a request to access an on-demand service from a requestor at the on-demand service, the request including credentials for logging into the on-demand service; determining, utilizing a hardware processor, that the requestor from which the request to access the on-demand service is received is a potentially risky source, the determination being based at least on; information about the requestor, and information about one of a plurality of entities of the on-demand service to which the access is requested, wherein the information about the one of the plurality of entities is stored by the on-demand service; in response to the request to access the on-demand service and the determination that the requestor is the potentially risky source, managing access to the on-demand service by; identifying information previously stored in association with the credentials that were received in the request to access the on-demand service, the information previously stored in association with the credentials indicating a message destination, sending, by the on-demand service, a token to the message destination, after sending the token to the message destination, challenging the requestor to provide the token to the on-demand service, determining whether the token is provided by the requestor to the on-demand service in response to the challenge, identifying the requestor as authenticated in response to a determination that the token is provided by the requestor to the on-demand service, and permitting the requested access to the on-demand service by the authenticated requestor, and identifying the requestor as non-authenticated in response to a determination that the token is not provided by the requestor to the on-demand service, and prohibiting the requested access to the on-demand service by the non-authenticated requestor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to cause a computer to implement a method comprising:
-
receiving a request to access an on-demand service from a requestor at the on-demand service, the request including credentials for logging into the on-demand service; determining that the requestor from which the request to access the on-demand service is received is a potentially risky source, the determination being based at least on; information about the requestor, and information about one of a plurality of entities of the on-demand service to which the access is requested, wherein the information about the one of the plurality of entities is stored by the on-demand service; in response to the request to access the on-demand service and the determination that the requestor is the potentially risky source, managing access to the on-demand service by; identifying information previously stored in association with the credentials that were received in the request to access the on-demand service, the information previously stored in association with the credentials indicating a message destination, sending, by the on-demand service, a token to the message destination, after sending the token to the message destination, challenging the requestor to provide the token to the on-demand service, determining whether the token is provided by the requester to the on-demand service in response to the challenge, identifying the requestor as authenticated in response to a determination that the token is provided by the requestor to the on-demand service, and permitting the requested access to the on-demand service by the authenticated requestor, and identifying the requestor as non-authenticated in response to a determination that the token is not provided by the requestor to the on-demand service, and prohibiting the requested access to the on-demand service by the non-authenticated requestor.
-
-
12. An apparatus, comprising:
-
a hardware processor; and one or more stored sequences of instructions which, when executed by the hardware processor, cause the hardware processor to carry out the steps of; receiving a request to access an on-demand service from a requestor at the on-demand service, the request including credentials for logging into the on-demand service; determining that the requestor from which the request to access the on-demand service is received is a potentially risky source, the determination being based at least on; information about the requestor, and information about one of a plurality of entities of the on-demand service to which the access is requested, wherein the information about the one of the plurality of entities is stored by the on-demand service; in response to the request to access the on-demand service and the determination that the requestor is the potentially risky source, managing access to the on-demand service by; identifying information previously stored in association with the credentials that were received in the request to access the on-demand service, the information previously stored in association with the credentials indicating a message destination, sending, by the on-demand service, a token to the message destination, after sending the token to the message destination, challenging the requestor to provide the token to the on-demand service, determining whether the token is provided by the requestor to the on-demand service in response to the challenge, identifying the requestor as authenticated in response to a determination that the token is provided by the requestor to the on-demand service, and permitting the requested access to the on-demand service by the authenticated requestor, and identifying the requestor as non-authenticated in response to a determination that the token is not provided by the requestor to the on-demand service, and prohibiting the requested access to the on-demand service by the non-authenticated requestor.
-
Specification