Remote identity interaction
US-2024380597-A1 · Nov 14, 2024 · US
System, method and computer program product for enabling access to a resource of a multi-tenant on-demand database service utilizing a token
US9098539B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9098539-B2 |
| Application number | US-201414335774-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 18, 2014 |
| Priority date | Sep 12, 2008 |
| Publication date | Aug 4, 2015 |
| Grant date | Aug 4, 2015 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In accordance with embodiments, there are provided mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token. These mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token can be utilized to prevent identification of a user attempting to access the resource, and thus unwanted use of the user's identity.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method, comprising: receiving, at a first domain of a first system, a first request from a device of a user to make a resource accessible; in response to the first request, generating, by the first system, a token that includes a time-to-live; storing, in memory of the first system, the token; storing, in association with the token in the memory of the first system, an identifier of the user and information to be utilized for accessing the resource; in response to the first request, sending by the first system to the device of the user the token and an instruction to transmit the token to a second domain of a second system; in response to the second system receiving the token through the second domain from the device of the user: performing a look-up of the token, through the performance of the look-up, verifying that the token is stored and the token has not expired, in response to the verifying, providing, to the second system, the information to be utilized for accessing the resource that is stored in association with the token, and permitting access to the resource via the second domain, wherein the access is permitted through use by the second system of the information. 2. The method of claim 1 , wherein the first domain is of a multi-tenant on-demand database system. 3. The method of claim 1 , wherein the resource is an application. 4. The method of claim 1 , wherein the first request is received in association with a login by the user. 5. The method of claim 1 , wherein the token includes a randomly generated identifier. 6. The method of claim 5 , wherein generating the token includes generating the randomly generated identifier. 7. The method of claim 1 , wherein the token is associated with a one-time use policy. 8. The method of claim 7 , wherein verifying the token includes determining that the token has not previously been utilized for accessing the resource. 9. The method of claim 1 , wherein in response to the second domain receiving from the device of the user the second request to access the resource further comprising: preventing access to the resource via the second domain when the token is not verified. 10. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code embodied therein, the computer readable program code adapted to be executed to cause a computer to implement a method, the method comprising: receiving, at a first domain of a first system, a first request from a device of a user to make a resource accessible; in response to the first request, generating, by the first system, a token that includes a time-to-live; storing, in memory of the first system, the token; storing, in association with the token in the memory of the first system, an identifier of the user and information to be utilized for accessing the resource; in response to the first request, sending by the first system to the device of the user the token and an instruction to transmit the token to a second domain of a second system; in response to the second system receiving the token through the second domain from the device of the user: performing a look-up of the token, through the performance of the look-up, verifying that the token is stored and the token has not expired, in response to the verifying, providing, to the second system, the information to be utilized for accessing the resource that is stored in association with the token, and permitting access to the resource via the second domain, wherein the access is permitted through use by the second system of the information. 11. An apparatus, comprising: a first processor of a first system for: receiving, at a first domain of the first system, a first request from a device of a user to make a resource accessible; in response to the first request, generating, by the first system, a token that includes a time-to-live; storing, in memory of the first system, the token; storing, in association with the token in the memory of the first system, an identifier of the user and information to be utilized for accessing the resource; in response to the first request, sending by the first system to the device of the user the token and an instruction to transmit the token to a second domain of a second system; in response to the second system receiving the token through the second domain from the device of the user: performing a look-up of the token, through the performance of the look-up, verifying that the token is stored and the token has not expired, in response to the verifying, providing, to the second system, the information to be utilized for accessing the resource that is stored in association with the token, and permitting access to the resource via the second domain, wherein the access is permitted through use by the second system of the information.
Assignees
Inventors
Classifications
- G06F21/335Primary
for accessing specific resources, e.g. using Kerberos tickets · CPC title
Authenticating web pages, e.g. with suspicious links · CPC title
User registration · CPC title
- G06F17/30312Primary
Physics · mapped topic
Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9098539B2 cover?
- In accordance with embodiments, there are provided mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token. These mechanisms and methods for enabling access to a resource of a multi-tenant on-demand database service utilizing a token can be utilized to prevent identification of a user attempting to access the resource, and thus unw…
- Who is the assignee on this patent?
- Salesforce Com Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/335. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Aug 04 2015 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).