System, method and computer program product for enabling access to a resource of a multi-tenant on-demand database service utilizing a token

US 9,098,539 B2
Filed: 07/18/2014
Issued: 08/04/2015
Est. Priority Date: 09/12/2008
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, at a first domain of a first system, a first request from a device of a user to make a resource accessible;

in response to the first request, generating, by the first system, a token that includes a time-to-live;

storing, in memory of the first system, the token;

storing, in association with the token in the memory of the first system, an identifier of the user and information to be utilized for accessing the resource;

in response to the first request, sending by the first system to the device of the user the token and an instruction to transmit the token to a second domain of a second system;

in response to the second system receiving the token through the second domain from the device of the user;

performing a look-up of the token,through the performance of the look-up, verifying that the token is stored and the token has not expired,in response to the verifying, providing, to the second system, the information to be utilized for accessing the resource that is stored in association with the token, andpermitting access to the resource via the second domain, wherein the access is permitted through use by the second system of the information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token. These mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token can be utilized to prevent identification of a user attempting to access the resource, and thus unwanted use of the user'"'"'s identity.

Citations

11 Claims

1. A method, comprising:
- receiving, at a first domain of a first system, a first request from a device of a user to make a resource accessible;
  
  in response to the first request, generating, by the first system, a token that includes a time-to-live;
  
  storing, in memory of the first system, the token;
  
  storing, in association with the token in the memory of the first system, an identifier of the user and information to be utilized for accessing the resource;
  
  in response to the first request, sending by the first system to the device of the user the token and an instruction to transmit the token to a second domain of a second system;
  
  in response to the second system receiving the token through the second domain from the device of the user;
  
  performing a look-up of the token,through the performance of the look-up, verifying that the token is stored and the token has not expired,in response to the verifying, providing, to the second system, the information to be utilized for accessing the resource that is stored in association with the token, andpermitting access to the resource via the second domain, wherein the access is permitted through use by the second system of the information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the first domain is of a multi-tenant on-demand database system.
  - 3. The method of claim 1, wherein the resource is an application.
  - 4. The method of claim 1, wherein the first request is received in association with a login by the user.
  - 5. The method of claim 1, wherein the token includes a randomly generated identifier.
  - 6. The method of claim 5, wherein generating the token includes generating the randomly generated identifier.
  - 7. The method of claim 1, wherein the token is associated with a one-time use policy.
  - 8. The method of claim 7, wherein verifying the token includes determining that the token has not previously been utilized for accessing the resource.
  - 9. The method of claim 1, wherein in response to the second domain receiving from the device of the user the second request to access the resource further comprising:
    - preventing access to the resource via the second domain when the token is not verified.

10. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to cause a computer to implement a method, the method comprising:
- receiving, at a first domain of a first system, a first request from a device of a user to make a resource accessible;
  
  in response to the first request, generating, by the first system, a token that includes a time-to-live;
  
  storing, in memory of the first system, the token;
  
  storing, in association with the token in the memory of the first system, an identifier of the user and information to be utilized for accessing the resource;
  
  in response to the first request, sending by the first system to the device of the user the token and an instruction to transmit the token to a second domain of a second system;
  
  in response to the second system receiving the token through the second domain from the device of the user;
  
  performing a look-up of the token,through the performance of the look-up, verifying that the token is stored and the token has not expired,in response to the verifying, providing, to the second system, the information to be utilized for accessing the resource that is stored in association with the token, andpermitting access to the resource via the second domain, wherein the access is permitted through use by the second system of the information.

11. An apparatus, comprising:
- a first processor of a first system for;
  
  receiving, at a first domain of the first system, a first request from a device of a user to make a resource accessible;
  
  in response to the first request, generating, by the first system, a token that includes a time-to-live;
  
  storing, in memory of the first system, the token;
  
  storing, in association with the token in the memory of the first system, an identifier of the user and information to be utilized for accessing the resource;
  
  in response to the first request, sending by the first system to the device of the user the token and an instruction to transmit the token to a second domain of a second system;
  
  in response to the second system receiving the token through the second domain from the device of the user;
  
  performing a look-up of the token,through the performance of the look-up, verifying that the token is stored and the token has not expired,in response to the verifying, providing, to the second system, the information to be utilized for accessing the resource that is stored in association with the token, andpermitting access to the resource via the second domain, wherein the access is permitted through use by the second system of the information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Lissack, Ryan, Snell, Robert Joseph, Fly, Robert Charles
Primary Examiner(s)
LE, THU NGUYET T

Application Number

US14/335,774
Publication Number

US 20140330870A1
Time in Patent Office

382 Days
Field of Search

707/705, 707781-782
US Class Current

1/1
CPC Class Codes

G06F 16/11   File system administration,...

G06F 16/13   File access structures, e.g...

G06F 16/176   Support for shared access t...

G06F 16/22   Indexing; Data structures t...

G06F 16/951   Indexing; Web crawling tech...

G06F 21/335   for accessing specific reso...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2117   User registration

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 45/20   Hop count for routing purpo...

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 63/10   for controlling access to d...

H04L 67/146   Markers for unambiguous ide...

System, method and computer program product for enabling access to a resource of a multi-tenant on-demand database service utilizing a token

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for enabling access to a resource of a multi-tenant on-demand database service utilizing a token

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links