Managing access to an on-demand service

US 9,667,622 B2
Filed: 06/30/2015
Issued: 05/30/2017
Est. Priority Date: 11/15/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, from a client device, a first request including authentication information for a user and information identifying the client device, the information identifying the client device including an IP address;

validating the authentication information of the user, the authentication information associated with a user account;

responsive to validating the authentication information of the user, determining whether the IP address is associated with a location associated with the user account; and

responsive to determining that the IP address is not associated with the location associated with the user account;

sending a token to a channel associated with the user account,receiving, from the client device, a second request including the token sent to the channel associated with the user account, andresponsive to receiving the second request including the token from the client device, authenticating the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided mechanisms and methods for managing a risk of access to an on-demand service as a condition of permitting access to the on-demand service. These mechanisms and methods for providing such management can enable embodiments to help prohibit an unauthorized user from accessing an account of an authorized user when the authorized user inadvertently loses login information. The ability of embodiments to provide such management may lead to an improved security feature for accessing on-demand services.

81 Citations

16 Claims

1. A method comprising:
- receiving, from a client device, a first request including authentication information for a user and information identifying the client device, the information identifying the client device including an IP address;
  
  validating the authentication information of the user, the authentication information associated with a user account;
  
  responsive to validating the authentication information of the user, determining whether the IP address is associated with a location associated with the user account; and
  
  responsive to determining that the IP address is not associated with the location associated with the user account;
  
  sending a token to a channel associated with the user account,receiving, from the client device, a second request including the token sent to the channel associated with the user account, andresponsive to receiving the second request including the token from the client device, authenticating the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the token is a password.
  - 3. The method of claim 1, wherein the token is a PIN.
  - 4. The method of claim 1, wherein the token is a one time password.
  - 5. The method of claim 1, wherein the channel is one selected from a group consisting of:
    - an email and a short message service (SMS).
  - 6. The method of claim 1, wherein the token is time-constrained.
  - 7. The method of claim 1, wherein the first request is a login request submitted via a user interface to access a database system.
  - 8. The method of claim 1, wherein determining whether the IP address is associated with a user account associated with the authentication information includes determining whether the first request is from an unknown source.

9. A non-transitory computer readable medium configured to store instruction, the instructions when executed by a processor, cause the processor to:
- receive, from a client device, a first request including authentication information for a user and information identifying the client device, the information identifying the client device including an IP address;
  
  validate the authentication information of the user, the authentication information associated with a user account;
  
  responsive to validating the authentication information of the user, determine whether the IP address is associated with a location associated with user account; and
  
  responsive to determining that the IP address is not associated with the location associated with the user account;
  
  send a token to a channel associated with the user account,receive, from the client device, a second request including the token sent to the channel associated with the user account, andresponsive to receiving the second request including the token from the client device, authenticate the user.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The non-transitory computer readable medium of claim 9, wherein the token is a password.
  - 11. The non-transitory computer readable medium of claim 9, wherein the token is a PIN.
  - 12. The non-transitory computer readable medium of claim 9, wherein the token is a one time password.
  - 13. The non-transitory computer readable medium of claim 9, wherein the channel is one selected from a group consisting of:
    - a voice message, and an instant message.
  - 14. The non-transitory computer readable medium of claim 9, wherein the token is time-constrained.
  - 15. The non-transitory computer readable medium of claim 9, wherein the first request is a login request via a user interface.
  - 16. The non-transitory computer readable medium of claim 9, wherein determining whether the IP address is associated with a user account associated with the authentication information includes determining whether the first request is from an unknown source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Junod, Forrest A., Fly, Robert C., Dapkus, Peter, Yancey, Scott W., Lawrance, Steven S., Fell, Simon Z.
Primary Examiner(s)
SHOLEMAN, ABU S

Application Number

US14/788,309
Publication Number

US 20150304305A1
Time in Patent Office

700 Days
Field of Search

726 5, 726 9, 726 1, 455411
US Class Current
CPC Class Codes

G06F 21/42   using separate channels for...

G06F 21/60   Protecting data

G06F 21/6218   to a system of files or obj...

H04L 51/04   Real-time or near real-time...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 63/14   for detecting or protecting...

H04L 67/01   Protocols

Managing access to an on-demand service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

81 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Managing access to an on-demand service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links