System and method for routing messages between applications

US 9,588,828 B2
Filed: 01/27/2014
Issued: 03/07/2017
Est. Priority Date: 03/26/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method of concealing authentication credentials of an entity when routing messages in a message routing service, the method including:

receiving, at a message routing service, an authentication request to authenticate an entity with the message routing service;

generating at the message routing service an authentication token for the entity based on entity'"'"'s authentication credentials, the authentication token indicating authentication of the entity to the message routing service;

sending at least one provisioning message to an application service provider using the message routing service, wherein the provisioning message includes the authentication token, rather than the entity'"'"'s authentication credentials that remain concealed, and provisions the entity with the application service provider; and

receiving, at the message routing service, a message from the application service provider indicating authentication of the entity by the application service provider responsive to the authentication token generated by the message routing service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for enabling the interchange of enterprise data through an open platform is disclosed. This open platform can be based on a standardized interface that enables parties to easily connect to and use the network. Services operating as senders, recipients, and in-transit parties can therefore leverage a framework that overlays a public network.

360 Citations

14 Claims

1. A method of concealing authentication credentials of an entity when routing messages in a message routing service, the method including:
- receiving, at a message routing service, an authentication request to authenticate an entity with the message routing service;
  
  generating at the message routing service an authentication token for the entity based on entity'"'"'s authentication credentials, the authentication token indicating authentication of the entity to the message routing service;
  
  sending at least one provisioning message to an application service provider using the message routing service, wherein the provisioning message includes the authentication token, rather than the entity'"'"'s authentication credentials that remain concealed, and provisions the entity with the application service provider; and
  
  receiving, at the message routing service, a message from the application service provider indicating authentication of the entity by the application service provider responsive to the authentication token generated by the message routing service.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the authentication token is an 8 byte hex number.
  - 3. The method of claim 1, further including authenticating the provisioning message responsive to the authentication token further includes maintaining an internal mapping, for the application service provider, between the authentication token and entity'"'"'s account with application service provider.
  - 4. The method of claim 1, further including authenticating the provisioning message responsive to the authentication token further includes receiving a validation, from the entity and application service provider, for the authentication token by:
    - authenticating the entity at the application service provider; and
      
      linking the authentication token to entity'"'"'s account with the application service provider.
  - 5. The method of claim 1, further including establishing a trust relationship between the application service provider and the entity by:
    - receiving a provisioning confirmation message from the application service provider in response to authentication of the provisioning message by the application service provider; and
      
      authenticating subsequent provisioning messages responsive to corresponding authentication tokens of the entity rather than the entity'"'"'s authentication credentials.
  - 6. The method of claim 1, further including revoking the authentication of the provisioning message by the application service provider in response to receiving a revocation request from the application service provider.
  - 7. The method of claim 6, wherein revoking the authentication of the provisioning message further includes unmapping internal mapping, for the application service provider, between the authentication token and entity'"'"'s account with the application service provider.

8. A non-volatile machine readable memory impressed with computer program instructions that, when run on computer hardware, cause the hardware to:
- receive, at a message routing service, an authentication request to authenticate an entity with the message routing service;
  
  generate at the message routing service an authentication token for the entity based on entity'"'"'s authentication credentials, the authentication token indicating authentication of the entity to the message routing service;
  
  send at least one provisioning message to an application service provider using the message routing service, wherein the provisioning message includes the authentication token, rather than the entity'"'"'s authentication credentials that remain concealed and provisions the entity with the application service provider; and
  
  receive, at the message routing service, a message from the application service provider indicating authentication of the entity by the application service provider responsive to the authentication token generated by the message routing service.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-volatile machine readable memory of claim 8, wherein the authentication token is an 8 byte hex number.
  - 10. The non-volatile machine readable memory of claim 8, wherein the computer instructions, when run, further cause the computer hardware to authenticate the provisioning message responsive to the authentication token further includes maintaining an internal mapping, for the application service provider, between the authentication token and entity'"'"'s account with application service provider.
  - 11. The non-volatile machine readable memory of claim 8, wherein the computer instructions, when run, further cause the computer hardware to authenticate the provisioning message responsive to the authentication token further includes receiving a validation, from the entity and application service provider, for the authentication token by:
    - authenticating the entity at the application service provider; and
      
      linking the authentication token to entity'"'"'s account with the application service provider.
  - 12. The non-volatile machine readable memory of claim 8, wherein the computer instructions, when run, further cause the computer hardware to authenticate establish a trust relationship between the application service provider and the entity by:
    - receiving a provisioning confirmation message from the application service provider in response to authentication of the provisioning message by the application service provider; and
      
      authenticating subsequent provisioning messages responsive to corresponding authentication tokens of the entity rather than the entity'"'"'s authentication credentials.
  - 13. The non-volatile machine readable memory of claim 8, wherein the computer instructions, when run, further cause the computer hardware to authenticate revoke the authentication of the provisioning message by the application service provider in response to receiving a revocation request from the application service provider.
  - 14. The non-volatile machine readable memory of claim 13, wherein revoking the authentication of the provisioning message further includes unmapping internal mapping, for the application service provider, between the authentication token and entity'"'"'s account with the application service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Brouk, Lev, Norton, Kenneth, Douglas, Jason, Panec, Peter
Primary Examiner(s)
TRUONG, LAN DAI T

Application Number

US14/165,533
Publication Number

US 20140279671A1
Time in Patent Office

1,135 Days
Field of Search

709/238, 709/224, 709/244, 709/246, 709/247, 709/242
US Class Current

1/1
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 9/465   Distributed object oriented...

G06F 9/54   Interprogram communication

G06F 9/546   Message passing systems or ...

G06Q 10/06   Resources, workflows, human...

H04L 45/00   Routing or path finding of ...

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/1001   for accessing one among a p...

H04L 67/142   Managing session states for...

H04L 67/306   User profiles

H04L 67/51   Discovery or management the...

H04L 9/40   Network security protocols

System and method for routing messages between applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

360 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

System and method for routing messages between applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

360 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others