Performing a security action with regard to an access token based on clustering of access requests
US-2024406160-A1 · Dec 5, 2024 · US
Secure identity federation for non-federated systems
US9450946B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9450946-B2 |
| Application number | US-201514754653-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 29, 2015 |
| Priority date | Oct 1, 2004 |
| Publication date | Sep 20, 2016 |
| Grant date | Sep 20, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the remote computer application. It is determined whether the service has been granted permission to act on behalf of the user with respect to the remote computer application. When the service has permission to act on behalf of the user, the service is used to retrieve the user's credentials for the remote computer application from the central repository and to supply the retrieved user credentials to the remote computer application.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method of providing a unified access to non-federated systems, the method including: storing a plurality of sets of user credentials for a plurality of remote computer applications in a central repository accessible via an interoperability network, wherein the plurality of remote computer applications are non-federated entities that do not share a common federated identity verification protocol; receiving an interoperability network credential that authorizes a user to use the plurality of remote computer applications and access the stored plurality of sets of the user credentials; wherein an intermediary service coupled to the interoperability network receives a request to perform, on behalf of the user, a particular task that requires access to and task performance by a particular remote computer application from the plurality of remote computer applications; verifying that the intermediary service has authorization to act on behalf of the user in obtaining authorized access to and task performance by the particular remote computer application; and upon verification of authorization, automatically supplying the intermediary service particular user credentials for the particular remote computer application from the central repository. 2. The method of claim 1 , further including for a plurality of intermediary services coupled to the interoperability network, receiving a selection from the user specifying at least one intermediary service to act on behalf of the user by accessing user's credentials. 3. The method of claim 1 , further including receiving instructions from the user specifying a degree of authorization of the intermediary service. 4. The method of claim 1 , where in the remote computer application is an on-demand service. 5. The method of claim 1 , where in the intermediary service is an on-demand service. 6. The method of claim 1 , where retrieving user credentials for the remote computer application includes applying a message enrichment prior to automatically providing the retrieved user credentials to the particular remote computer application. 7. The method of claim 6 , wherein the message enrichment includes at least one of a digital signature service and a traffic calculator for a purchase order. 8. The method of claim 1 , further including sending a notification to the user when the intermediary service accessing user's credentials. 9. The method of claim 8 , wherein the notification identifies at least one of: the intermediary service; the remote computer application for which the user credentials were accessed; a user account associated with the user credentials; and an outcome of the intermediary service accessing user's credentials. 10. The method of claim 8 , further including, in response to sending the notification, receiving instructions from the user for at least one of: revoking the intermediary service's authorization to act on behalf of the user; and modifying the intermediary service's authorization to act on behalf of the user. 11. A system of providing a unified access to non-federated systems, the system including: one or more processors coupled to memory, the memory loaded with computer instructions that, when executed on the processors, implement actions including: storing a plurality of sets of user credentials for a plurality of remote computer applications in a central repository accessible via an interoperability network, wherein the plurality of remote computer applications are non-federated entities that do not share a common federated identity verification protocol; receiving an interoperability network credential that authorizes a user to use the plurality of remote computer applications and access the stored plurality of sets of the user credentials; wherein an intermediary service coupled to the interoperability network receives a request to perform, on behalf of the user, a particular task that requires access to and task performance by a particular remote computer application from the plurality of remote computer applications; verifying that the intermediary service has authorization to act on behalf of the user in obtaining authorized access to and task performance by the particular remote computer application; and upon verification of authorization, automatically supplying the intermediary service particular user credentials for the particular remote computer application from the central repository. 12. The system of claim 11 , further configured to receive, for a plurality of intermediary services coupled to the interoperability network, a selection from the user specifying at least one intermediary service to act on behalf of the user by accessing user's credentials. 13. The system of claim 11 , further configured to receive instructions from the user specifying a degree of authorization of the intermediary service. 14. The system of claim 11 , where in the remote computer application is an on-demand service. 15. The system of claim 11 , where in the intermediary service is an on-demand service. 16. The system of claim 11 , wherein retrieving user credentials for the remote computer application includes applying a message enrichment prior to automatically providing the retrieved user credentials to the particular remote computer application. 17. The system of claim 11 , wherein the message enrichment includes at least one of a digital signature service and a traffic calculator for a purchase order. 18. A non-transitory computer readable medium storing a plurality of instructions for programming one or more processors to provide a unified access to non-federated systems, the instructions, when executed on the processors, implementing actions including: storing a plurality of sets of user credentials for a plurality of remote computer applications in a central repository accessible via an interoperability network, wherein the plurality of remote computer applications are non-federated entities that do not share a common federated identity verification protocol; receiving an interoperability network credential that authorizes a user to use the plurality of remote computer applications and access the stored plurality of sets of the user credentials; wherein an intermediary service coupled to the interoperability network receives a request to perform, on behalf of the user, a particular task that requires access to and task performance by a particular remote computer application from the plurality of remote computer applications; verifying that the intermediary service has authorization to act on behalf of the user in obtaining authorized access to and task performance by the particular remote computer application; and upon verification of authorization, automatically supplying the intermediary service particular user credentials for the particular remote computer application from the central repository.
Assignees
Inventors
Classifications
in the application layer [OSI layer 7] · CPC title
User profiles · CPC title
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
for controlling access to devices or network resources · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9450946B2 cover?
- Methods and apparatus, including computer program products, implementing and using techniques for providing user credentials over a network to a remote computer application. User credentials for the remote computer application are stored in a central repository that is accessible through the network. A request is sent to a service to perform, on behalf of a user, a particular task involving the…
- Who is the assignee on this patent?
- Salesforce Com Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0815. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 20 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).