Systems and methods for administrating access in an on-demand computing environment

US 9,237,156 B2
Filed: 05/07/2013
Issued: 01/12/2016
Est. Priority Date: 05/21/2012
Status: Active Grant

First Claim

Patent Images

1. A system for managing protected data resources, comprising:

a resource server configured to store the protected data resources; and

an authorization module coupled to the resource server and configured to store access protocols,the authorization module further configured to receive a service request from a user via a client module, the service request including user credentials,the authorization module further configured to evaluate the user credentials to determine when the service request is from a legitimate user, andwherein, when the authorization module determines that the user credentials are acceptable, the authorization module is configured to evaluate the service request based on the access protocols and send an authorization code to the user based on the access protocols,the authorization module further configured to receive a token request with the authorization code from the user via the client module and to send an access token to the client module based on the authorization code for accessing the protected data resources of the resource server,wherein the authorization module is configured to receive an administration request from an administrator device, the administration request including administrator credentials,the authorization module configured to evaluate the administrator credentials to determine when the administration request is from a legitimate administrator and,wherein, when the authorization module determines that the administrator credentials are acceptable, the authorization module is configured to provide a location reference for an administration program stored on the authorization module to the administrator device based on the administrator credentials such that, upon execution of the administration program, administration capabilities from the administration program are installed on the administrator device, andwherein the authorization module is configured to receive and store the access protocols from the administrator device generated with the administration capabilities, the access protocols comprising a data table that defines rights associated with the protected data resources for a list of users or groups.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is provided for managing protected data resources. The system includes a resource server configured to store the protected data resources and an authorization module coupled to the resource server and configured to store access protocols. The authorization module further is configured to receive a service request from a user via a client module, evaluate the service request based on the access protocols, and send an access token to the client module if the user satisfies the access protocols.

165 Citations

15 Claims

1. A system for managing protected data resources, comprising:
- a resource server configured to store the protected data resources; and
  
  an authorization module coupled to the resource server and configured to store access protocols,the authorization module further configured to receive a service request from a user via a client module, the service request including user credentials,the authorization module further configured to evaluate the user credentials to determine when the service request is from a legitimate user, andwherein, when the authorization module determines that the user credentials are acceptable, the authorization module is configured to evaluate the service request based on the access protocols and send an authorization code to the user based on the access protocols,the authorization module further configured to receive a token request with the authorization code from the user via the client module and to send an access token to the client module based on the authorization code for accessing the protected data resources of the resource server,wherein the authorization module is configured to receive an administration request from an administrator device, the administration request including administrator credentials,the authorization module configured to evaluate the administrator credentials to determine when the administration request is from a legitimate administrator and,wherein, when the authorization module determines that the administrator credentials are acceptable, the authorization module is configured to provide a location reference for an administration program stored on the authorization module to the administrator device based on the administrator credentials such that, upon execution of the administration program, administration capabilities from the administration program are installed on the administrator device, andwherein the authorization module is configured to receive and store the access protocols from the administrator device generated with the administration capabilities, the access protocols comprising a data table that defines rights associated with the protected data resources for a list of users or groups.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the authorization module is configured to receive and store the access protocols from the administrator device generated with the administration capabilities.
  - 3. The system of claim 1, wherein the resource server is configured to receive the service request and the access token from a user device.
  - 4. The system of claim 3, wherein the resource server is configured to provide the protected data resources to the client module according to the service request and the access token.
  - 5. The system of claim 1, wherein the resource server is a database of a multi-tenant database system.
  - 6. The system of claim 1, wherein the access token is an access token according to an OAuth 2.0 authorization protocol.

7. A computer-implemented method of regulating access to protected data resources, the method comprising:
- receiving a service request at an authorization module from a user via a client module to access the protected data resources stored in a resource server, the service request including user credentials;
  
  evaluating the user credentials to determine when the service request is from a legitimate user;
  
  evaluating, when determining that the user credentials are acceptable, the service request with the authorization module based on access protocols;
  
  sending an authorization code to the user based on the access protocols;
  
  receiving a token request with the authorization code from the user via the client module;
  
  sending an access token to the client module to access the protected data resources; and
  
  receiving an administration request at the authorization module from an administrator device and providing administration capabilities to the administrator device, the administration request including administrator credentials,evaluating the administrator credentials to determine when the administration request is from a legitimate administrator;
  
  providing, when the authorization module determines that the administrator credentials are acceptable, a location reference for an administration program stored on the authorization module to the administrator device based on the administrator credentials such that, upon execution of the administration program, administration capabilities from the administration program are installed on the administrator device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further comprising the step of receiving and storing the access protocols from the administrator device generated with the administration capabilities.
  - 9. The method of claim 7, further comprising the step of receiving the service request and the access token at the resource server from a user device.
  - 10. The method of claim 9, further comprising the step of providing the protected data resources to the client module according to the service request and the access token.
  - 11. The method of claim 7, wherein the resource server is a database of a multi-tenant database system.
  - 12. The method of claim 7, wherein the access token is an access token according to an OAuth 2.0 authorization protocol.

13. A system comprising a processor and a memory, wherein the memory comprises computer-executable instructions that, when executed by the processor, cause the system to:
- receive a service request from a user via a client module, the service request including user credentials,evaluate the user credentials to determine when the service request is from a legitimate user;
  
  evaluate, when determining that the user credentials are acceptable, the service request based on the access protocols, andsend an authorization code to the user based on the access protocols,receive a token request with the authorization code from the user via the client module;
  
  send an access token to the client module to access the protected data resources,wherein the instructions additionally cause the system toreceive an administration request at the authorization module from an administrator device, the administration request including administrator credentials,evaluate the administrator credentials to determine when the administration request is from a legitimate administrator;
  
  provide, when the authorization module determines that the administrator credentials are acceptable, a location reference for an administration program stored on the authorization module such that upon execution of the administration program, administration capabilities are installed on the administrator device, andstore the access protocols from the administrator device generated with the administration capabilities.
- View Dependent Claims (14, 15)
- - 14. The system of claim 13, wherein the instructions additionally cause the system to provide the protected data resources to the client module according to the service request and the access token.
  - 15. The system of claim 13, wherein the access token is an access token according to an OAuth 2.0 authorization protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Mortimore, Chuck
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Tran, Baotram

Application Number

US13/889,060
Publication Number

US 20130312068A1
Time in Patent Office

980 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/10 for controlling access to d...

Systems and methods for administrating access in an on-demand computing environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

165 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for administrating access in an on-demand computing environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

165 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links