Method and system for granting access to secure data

US 9,672,379 B2
Filed: 05/24/2016
Issued: 06/06/2017
Est. Priority Date: 04/17/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying, by a database system, a plurality of potential delegates in response to an electronic request to perform a task using a subset of private data, the private data being cloud data stored on the database system, the plurality of potential delegates having no access to the private data unless authorization is provided to the potential delegate, the plurality of potential delegates being identified based on an ability to resolve the electronic request;

determining, by the database system, attributes corresponding to the plurality of potential delegates, the attributes relating to the identity of a corresponding potential delegate;

determining, by the database system, at least one authorization filter, the at least one filter including authorization criterion pertaining to desired attributes;

applying the at least one authorization filter to the plurality of potential delegates to identify at least one delegate to be assigned to resolve the electronic request, the authorization filter determining a correspondence between at least one of the attributes of the corresponding delegate and at least one of the authorization criterion; and

issuing an authorization to the at least one delegate, wherein issuing an authorization includes providing authorization for reviewing the subset of private data and providing a link facilitating login as the at least one delegate.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques described herein can be implemented as one or a combination of methods, systems or processor executed code to form embodiments capable of improved protection of data or other computing resources based at least in part upon limiting access to a select number of delegates. Limited access to cloud data based on customer selected or other criterion, reducing the possibility of security exposures and/or improving privacy is provided for.

148 Citations

20 Claims

1. A method comprising:
- identifying, by a database system, a plurality of potential delegates in response to an electronic request to perform a task using a subset of private data, the private data being cloud data stored on the database system, the plurality of potential delegates having no access to the private data unless authorization is provided to the potential delegate, the plurality of potential delegates being identified based on an ability to resolve the electronic request;
  
  determining, by the database system, attributes corresponding to the plurality of potential delegates, the attributes relating to the identity of a corresponding potential delegate;
  
  determining, by the database system, at least one authorization filter, the at least one filter including authorization criterion pertaining to desired attributes;
  
  applying the at least one authorization filter to the plurality of potential delegates to identify at least one delegate to be assigned to resolve the electronic request, the authorization filter determining a correspondence between at least one of the attributes of the corresponding delegate and at least one of the authorization criterion; and
  
  issuing an authorization to the at least one delegate, wherein issuing an authorization includes providing authorization for reviewing the subset of private data and providing a link facilitating login as the at least one delegate.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein providing authorization for reviewing at least a subset of private data includes granting to the at least one delegate a permission of an owner of the private data.
  - 3. The method of claim 2, further comprising tracking activities of the delegate.
  - 4. The method of claim 1, further comprising:
    - determining, by the database system, a second delegate; and
      
      tracking, by the database system, activities of each delegate.
  - 5. The method of claim 1, further comprising:
    - receiving, by the database system, a second electronic request;
      
      determining, by the database system, at least one element in the second electronic request common to the first electronic request; and
      
      issuing, by the database system, a second authorization to the at least one delegate to be assigned to the second electronic request, based at least in part on determining that the at least one element in the second electronic request is common to the first electronic request.
  - 6. The method of claim 1, further comprising invoking, by the database system, an exception handling strategy for the request in the event that a suitable delegate cannot be determined.
  - 7. The method of claim 1, further comprising invoking, by the database system, an exception handling strategy for the request in the event that a suitable delegate cannot be determined.

8. A computer program product comprising computer-readable program code to be executed by one or more processors when retrieved from a non-transitory computer-readable medium, the program code including instructions to:
- identify, by a database system, a plurality of potential delegates in response to an electronic request to perform a task using a subset of private data, the private data being cloud data stored on the database system, the plurality of potential delegates having no access to the private data unless authorization is provided to the potential delegate, the plurality of potential delegates being identified based on an ability to resolve the electronic request;
  
  determine, by the database system, attributes corresponding to the plurality of potential delegates, the attributes relating to the identity of a corresponding potential delegate;
  
  determine, by the database system, at least one authorization filter, the at least one filter including authorization criterion pertaining to desired attributes;
  
  apply the at least one authorization filter to the plurality of potential delegates to identify at least one delegate to be assigned to resolve the electronic request, the authorization filter determining a correspondence between at least one of the attributes of the corresponding delegate and at least one of the authorization criterion; and
  
  issue an authorization to the at least one delegate, wherein issuing an authorization includes providing authorization for reviewing the subset of private data and providing a link facilitating login as the at least one delegate.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 16, 17)
- - 9. The computer program product of claim 8, wherein the program code instructions for providing authorization for reviewing at least a subset of private data includes further instructions to grant to the at least one delegate a permission of an owner of the private data.
  - 10. The computer program product of claim 9, further comprising tracking activities of the delegate.
  - 11. The computer program product of claim 8, wherein the program code includes further instructions to:
    - determine, by the database system, a second delegate; and
      
      track, by the database system, activities of each delegate.
  - 12. The computer program product of claim 8, wherein the program code includes further instructions to:
    - receive, by the database system, a second electronic request;
      
      determine, by the database system, at least one element in the second electronic request common to the first electronic request; and
      
      issue, by the database system, a second authorization to the at least one delegate to be assigned to the second electronic request, based at least in part on determining that the at least one element in the second electronic request is common to the first electronic request.
  - 13. The computer program product of claim 8, wherein the program code includes further instructions to invoke, by the database system, an exception handling strategy for the request in the event that a suitable delegate cannot be determined.
  - 14. The computer program product of claim 8, wherein the program code includes further instructions to invoke, by the database system, an exception handling strategy for the request in the event that a suitable delegate cannot be determined.
  - 16. The apparatus of claim 14, wherein the plurality of instructions, when executed, further cause the one or more processors to provide authorization for reviewing at least a subset of private data includes granting to the at least one delegate a permission of an owner of the private data.
  - 17. The apparatus of claim 16, further comprising tracking activities of the delegate.

15. An apparatus comprising:
- one or more processors; and
  
  a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more processors to;
  
  identify, by a database system, a plurality of potential delegates in response to an electronic request to perform a task using a subset of private data, the private data being cloud data stored on the database system, the plurality of potential delegates having no access to the private data unless authorization is provided to the potential delegate, the plurality of potential delegates being identified based on an ability to resolve the electronic request;
  
  determine, by the database system, attributes corresponding to the plurality of potential delegates, the attributes relating to the identity of a corresponding potential delegate;
  
  determine, by the database system, at least one authorization filter, the at least one filter including authorization criterion pertaining to desired attributes;
  
  apply the at least one authorization filter to the plurality of potential delegates to identify at least one delegate to be assigned to resolve the electronic request, the authorization filter determining a correspondence between at least one of the attributes of the corresponding delegate and at least one of the authorization criterion; and
  
  issue an authorization to the at least one delegate, wherein issuing an authorization includes providing authorization for reviewing the subset of private data and providing a link facilitating login as the at least one delegate.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus of claim 15, wherein the plurality of instructions, when executed, further cause the one or more processors to:
    - determine, by the database system, a second delegate; and
      
      track, by the database system, activities of each delegate.
  - 19. The apparatus of claim 15, wherein the plurality of instructions, when executed, further cause the one or more processors to:
    - receive, by the database system, a second electronic request;
      
      determine, by the database system, at least one element in the second electronic request common to the first electronic request; and
      
      issue, by the database system, a second authorization to the at least one delegate to be assigned to the second electronic request, based at least in part on determining that the at least one element in the second electronic request is common to the first electronic request.
  - 20. The apparatus of claim 15, wherein the plurality of instructions, when executed, further cause the one or more processors to invoke, by the database system, an exception handling strategy for the request in the event that a suitable delegate cannot be determined.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Peddada, Prasad
Primary Examiner(s)
JHAVERI, JAYESH M

Application Number

US15/163,338
Publication Number

US 20160267296A1
Time in Patent Office

378 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 9/452   Remote windowing, e.g. X-Wi...

G06Q 30/02   Marketing; Price estimation...

G16H 40/20   for the management or admin...

H04L 63/0876   based on the identity of th...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 67/01   Protocols

H04L 67/535   Tracking the activity of th...

H04M 3/51   Centralised call answering ...

Method and system for granting access to secure data

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

148 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for granting access to secure data

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

148 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links