Managing access to an on-demand service

US 9,565,182 B2
Filed: 07/19/2014
Issued: 02/07/2017
Est. Priority Date: 11/15/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, from a client device, a first request to access a database system, the first request including authentication information of a user of the database system and information identifying the client device;

validating the authentication information of the user;

responsive to validating the authentication information of the user, determining whether the information identifying the client device is associated with a user account associated with the authentication information based at least in part on stored information associated with a plurality of client devices; and

responsive to determining that the information identifying the client device is not associated with the user account associated with the authentication information;

sending a token to an electronic location associated with the user account,receiving, from the client device, a second request to access the database system, the second request including the token sent to the electronic location associated with the user account, andresponsive to receiving the token from the client device, granting the client device access to the database system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are mechanisms and methods for managing a risk of access to an on-demand service as a condition of permitting access to the on-demand service. These mechanisms and methods for providing such management can enable embodiments to help prohibit an unauthorized user from accessing an account of an authorized user when the authorized user inadvertently loses login information. The ability of embodiments to provide such management may lead to an improved security feature for accessing on-demand services.

310 Citations

17 Claims

1. A method comprising:
- receiving, from a client device, a first request to access a database system, the first request including authentication information of a user of the database system and information identifying the client device;
  
  validating the authentication information of the user;
  
  responsive to validating the authentication information of the user, determining whether the information identifying the client device is associated with a user account associated with the authentication information based at least in part on stored information associated with a plurality of client devices; and
  
  responsive to determining that the information identifying the client device is not associated with the user account associated with the authentication information;
  
  sending a token to an electronic location associated with the user account,receiving, from the client device, a second request to access the database system, the second request including the token sent to the electronic location associated with the user account, andresponsive to receiving the token from the client device, granting the client device access to the database system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17)
- - 2. The method of claim 1, wherein receiving the first request to access the database system includes receiving a login request via a user interface.
  - 3. The method of claim 1, wherein receiving the first request to access the database system includes receiving a login request via an application programming interface (API).
  - 4. The method of claim 1, further comprising requesting the user to authenticate via email.
  - 5. The method of claim 1, further comprising requesting the user to provide the token included in the message.
  - 6. The method of claim 1, further comprising requesting the user to reference at least one list known only to the database system.
  - 7. The method of claim 6, wherein the at least one list includes a white list.
  - 8. The method of claim 6, wherein the at least one list includes a black list.
  - 9. The method of claim 1, wherein determine whether the information identifying the client device is associated with a user account associated with the authentication information is based at least in part on stored information associated with the received authentication information.
  - 10. The method of claim 1, wherein the database system includes an on-demand database service.
  - 11. The method of claim 10, wherein the database system includes a multi-tenant on-demand database service.
  - 16. The method of claim 1, wherein the authentication information is a user credential.
  - 17. The method of claim 1, wherein the electronic location associated with the user account is different from a location form where the first request is received.

12. A non-transitory machine-readable medium storing one or more instructions which, when executed by one or more processors, cause the one or more processors to:
- receive, from a client device, a first request to access a database system, the first request including authentication information of a user of the database system and information identifying the client device;
  
  validate the authentication information of the user;
  
  responsive to validating the authentication information of the user, determine whether the information identifying the client device is associated with a user account associated with the authentication information based at least in part on stored information associated with a plurality of client devices; and
  
  responsive to determining that the information identifying the client device is not associated with the user account associated with the authentication information;
  
  send a token to an electronic location associated with the user account,receive, from the client device, a second request to access the database system, the second request including the token sent to the electronic location associated with the user account, andresponsive to receiving the token from the client device, grant the client device access to the database system.

13. An apparatus comprising:
- a processor; and
  
  a non-transitory computer-readable storage medium storing instructions which, when executed by the processor, cause the processor to;
  
  receive, from a client device, a first request to access a database system, the first request including authentication information of a user of the database system and information identifying the client device;
  
  validate the authentication information of the user;
  
  responsive to validating the authentication information of the user, determine whether the information identifying the client device is associated with a user account associated with the authentication information based at least in part on stored information associated with a plurality of client devices; and
  
  responsive to determining that the information identifying the client device is not associated with the user account associated with the authentication information;
  
  send a token to an electronic location associated with the user account,receive, from the client device, a second request to access the database system, the second request including the token sent to the electronic location associated with the user account, andresponsive to receiving the token from the client device, grant the client device access to the database system.

14. A method comprising:
- receiving, from a client device, a first request to access a database system, the first request including user credential of a user of the database system and information identifying the client device;
  
  validating the user credentials of the user;
  
  responsive to validating the user credentials of the user, determining whether the information identifying the client device is associated with a user account associated with the user credentials based at least in part on stored information associated with a plurality of client devices; and
  
  responsive to determining that the information identifying the client device is not associated with the user account associated with the user credentials;
  
  sending a token to an electronic location associated with the user credentials,receiving, from the client device, a second request to access the database system, the second request including the token sent to the electronic location associated with the user credentials, andresponsive to receiving the token from the client device, granting the client device access to the database system.
- View Dependent Claims (15)
- - 15. The method of claim, 14 wherein the information identifying the client device comprises and internet protocol (IP) address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Junod, Forrest A., Fly, Robert C., Dapkus, Peter, Yancey, Scott W., Lawrance, Steven S., Fell, Simon Z.
Primary Examiner(s)
SHOLEMAN, ABU S

Application Number

US14/335,887
Publication Number

US 20140331299A1
Time in Patent Office

934 Days
Field of Search

726/1, 726/22, 726/26, 726/5, 455/411
US Class Current

1/1
CPC Class Codes

G06F 21/42   using separate channels for...

G06F 21/60   Protecting data

G06F 21/6218   to a system of files or obj...

H04L 51/04   Real-time or near real-time...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 63/14   for detecting or protecting...

H04L 67/01   Protocols

Managing access to an on-demand service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

310 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Managing access to an on-demand service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

310 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others