System, method and computer program product for enabling access to a resource utilizing a token

US 9,449,102 B2
Filed: 06/29/2015
Issued: 09/20/2016
Est. Priority Date: 09/12/2008
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, at a first server system, a first request from a device of a user to make a resource accessible;

in response to the first request, generating, by the first server system, a token;

the first server system storing, in a memory, the token;

the first server system storing, in association with the token, pointer information that indicates a location of computer code that is executable to access the resource; and

in response to the first request, sending by the first system to the device of the user the token and an instruction to transmit the token to a second server system, wherein the token is usable by the device of the user for inclusion in a second request to the second server system and wherein the token is usable by the second server system to perform a look-up of the token, verify that the token is stored, and permit access to the resource using the pointer information.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token. These mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token can be utilized to prevent identification of a user attempting to access the resource, and thus unwanted use of the user'"'"'s identity.

Citations

20 Claims

1. A method, comprising:
- receiving, at a first server system, a first request from a device of a user to make a resource accessible;
  
  in response to the first request, generating, by the first server system, a token;
  
  the first server system storing, in a memory, the token;
  
  the first server system storing, in association with the token, pointer information that indicates a location of computer code that is executable to access the resource; and
  
  in response to the first request, sending by the first system to the device of the user the token and an instruction to transmit the token to a second server system, wherein the token is usable by the device of the user for inclusion in a second request to the second server system and wherein the token is usable by the second server system to perform a look-up of the token, verify that the token is stored, and permit access to the resource using the pointer information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the token is usable by the second server system to permit access to the resource without receiving a session identifier corresponding to the user.
  - 3. The method of claim 1, further comprising the first server system receiving login information for the user.
  - 4. The method of claim 1, further comprising the first server system storing a time-to-live value associated with the token, wherein the time-to-live valuable is usable by the second server system to determine whether the token has expired.
  - 5. The method of claim 1, wherein the first server system does not send the pointer information to the device of the user.
  - 6. The method of claim 1, further comprising:
    - receiving, at the second server system, the token generated by a first server system from the device of the user;
      
      determining, by the second server system, that the token is stored in memory and locating the pointer information using the token; and
      
      permitting access, by the second server system, to the resource using the pointer information.
  - 7. The method of claim 1, wherein the resource is stored in a multi-tenant database system.
  - 8. The method of claim 7, wherein the first request includes an identifier of a tenant corresponding to the user.
  - 9. The method of claim 1, wherein the instruction is associated with a redirect.

10. A method, comprising:
- receiving, at a second server system, a request from a user device that includes a token generated by a first server system, wherein, in response to a previous request by the user device to permit access to a resource, the token is generated, stored in memory by the first server system, and associated with pointer information that indicates a location of computer code that is executable to access the resource;
  
  determining, by the second server system, that the token is stored in memory and locating the pointer information using the token; and
  
  permitting access, by the second server system, to the resource using the pointer information.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, wherein second server system permits the access to the resource without receiving a session identifier corresponding to the user.
  - 12. The method of claim 10, further comprising the second server system accessing a time-to-live value for the token to verify whether the token is still valid prior to permitting access to the resource.
  - 13. The method of claim 10, wherein the second server system does not receive the pointer information that indicates a location of the resource from the device of the user.
  - 14. The method of claim 10, wherein the resource is stored in a multi-tenant database system.

15. A non-transitory computer-readable medium having computer instructions stored thereon that are capable, when executed by at least a first server system, of causing operations comprising:
- receiving a first request from a device of a user to make a resource accessible;
  
  in response to the first request, generating a token;
  
  storing the token in a memory;
  
  storing, in association with the token, pointer information that indicates a location of computer code that is executable to access the resource; and
  
  in response to the first request, sending the token and an instruction to the device of the user, wherein the instruction is an instruction to transmit the token to a second server system, wherein the token is usable by the device of the user for inclusion in a second request to the second server system and wherein the token is usable by the second server system to perform a look-up of the token, verify that the token is stored, and permit access to the resource using the pointer information stored in the memory.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the token is usable by the second server system to permit access to the resource without receiving a session identifier corresponding to the user.
  - 17. The non-transitory computer-readable medium of claim 15, wherein the operations further comprise receiving login information for the user.
  - 18. The non-transitory computer-readable medium of claim 15, wherein the first server system does not send the pointer information that indicates the location of the resource to the device of the user.
  - 19. The non-transitory computer-readable medium of claim 15, wherein the operations further comprise:
    - receiving, at the second server system, the token generated by a first server system from the device of the user;
      
      determining, by the second server system, that the token is stored in memory and locating the pointer information using the token; and
      
      permitting access, by the second server system, to the resource using the pointer information.
  - 20. The non-transitory computer-readable medium of claim 15, wherein the resource is stored in a multi-tenant database system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Lissack, Ryan, Snell, Robert Joseph, Fly, Robert Charles
Primary Examiner(s)
LE, THU NGUYET T

Application Number

US14/754,358
Publication Number

US 20150304304A1
Time in Patent Office

449 Days
Field of Search

707/705, 707781-782
US Class Current

1/1
CPC Class Codes

G06F 16/11   File system administration,...

G06F 16/13   File access structures, e.g...

G06F 16/176   Support for shared access t...

G06F 16/22   Indexing; Data structures t...

G06F 16/951   Indexing; Web crawling tech...

G06F 21/335   for accessing specific reso...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2117   User registration

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 45/20   Hop count for routing purpo...

H04L 63/083   using passwords cryptograph...

H04L 63/0838   using one-time-passwords

H04L 63/10   for controlling access to d...

H04L 67/146   Markers for unambiguous ide...

System, method and computer program product for enabling access to a resource utilizing a token

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for enabling access to a resource utilizing a token

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links