Patent application number | Description | Published |
20110231912 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR AUTHENTICATING A MOBILE DEVICE USING AN ACCESS TOKEN - In accordance with embodiments, there are provided mechanisms and methods for authenticating a mobile device using an access token. These mechanisms and methods for authenticating a mobile device using an access token can provide authentication in an automated manner. The ability to provide authentication in an automated manner can enable repeated access to data by a user without requiring an associated repetitive manual authentication by the user. | 09-22-2011 |
20110246969 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR DEBUGGING AN ASSERTION - In accordance with embodiments, there are provided mechanisms and methods for debugging an assertion. These mechanisms and methods for debugging an assertion can enable improved interpretation and analysis of data validation results, more efficient development associated with data validation, etc. | 10-06-2011 |
20110247066 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR AUTHENTICATING AND AUTHORIZING AN EXTERNAL ENTITY - In accordance with embodiments, there are provided mechanisms and methods for authenticating and authorizing an external entity. These mechanisms and methods for authenticating and authorizing an external entity can enable improved data security, more efficient data transfer, improved data access channels, etc. | 10-06-2011 |
20120140923 | METHOD AND SYSTEM FOR ENRYPTION KEY VERSIONING AND KEY ROTATION IN A MULTI-TENANT ENVIRONMENT - Various techniques and procedures related to encryption key versioning and rotation in a multi-tenant environment are presented here. One approach employs a computer-implemented method of managing encrypted data and their associated encryption keys. In accordance with this approach, a key splitting process securely stores a master key used to encrypt tenant-level encryption keys, a key versioning process is used to securely track updated encryption keys, and a key rotation process is used to rotate encrypted data to an updated version of a tenant-level encryption key. | 06-07-2012 |
20120144024 | METHOD AND SYSTEM FOR USER SESSION DISCOVERY IN A MULTI-TENANT ENVIRONMENT - Systems and methods are described to validate user connections to one or more application servers within a multi-tenant application system. A domain-level cookie at the client identifies any active connections for that client. As the client requests a connection to a particular application, the cookie is provided to a validation server that determines if any previously-established sessions with the multi-tenant system exist, and/or if such sessions remain active. If an active session already exists, then the client can be redirected to a particular server to continue the previously-established session. If no valid prior sessions are available, then the client can be validated and a new connection to an appropriate server can be established, as appropriate. | 06-07-2012 |
20120331518 | FLEXIBLE SECURITY TOKEN FRAMEWORK - A computer-implemented server system includes or supports applications that use security tokens. The server system includes a security token module to create token types for use with the applications, to generate security tokens corresponding to created token types, and to enforce token use policies for generated security tokens. The server system also includes a database to store security tokens for the token module. The token module accommodates creation of different token types having different token formats and different token use policies, based on obtained values of a plurality of token configuration variables. The token module generates security tokens in accordance with the different token formats, and enforces the different token use policies when processing incoming security tokens. | 12-27-2012 |
20130091171 | JUST-IN-TIME USER PROVISIONING FRAMEWORK IN A MULTITENANT ENVIRONMENT - A method of provisioning organization users in a multi-tenant database system includes receiving a request via a single sign-on protocol from an organization user to create a new multi-tenant database user account for access to the multi-tenant database system. The method retrieves rules that specify how to derive user permissions for access to the multi-tenant database system from stored user attributes of the organization user. The method continues with applying the rules to the stored user attributes to determine permissions for the users to access particular objects in the multi-tenant database system, and creating the new user account with the determined user permissions for access to the multi-tenant database system. | 04-11-2013 |
20130145445 | MECHANISM FOR FACILITATING DYNAMIC AND CONTINUOUS TESTING OF SECURITY ASSERTION MARKUP LANGUAGE CREDENTIALS IN AN ON-DEMAND SERVICES ENVIRONMENT - In accordance with embodiments, there are provided mechanisms and methods for facilitating dynamic and continuous testing of security assertion markup language (SAML) credentials in an on-demand services environment. In one embodiment and by way of example, a method includes identifying, at a computing device, an organization using a SAML process in an on-demand service environment, obtaining SAML credentials relating to the identified organization, and testing the SAML credentials relating to the identified organization. The testing includes asserting a set of test credentials against the SAML credentials relating to the identified organization. The method may further include generating one or more new codes based on testing results obtained from testing. | 06-06-2013 |
20130276070 | CROSS INSTANCE USER AUTHENTICATION ARCHITECTURE - In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing a cross instance user authentication architecture in an on-demand service environment including, for example, means for receiving a login request at a global Virtual Internet Protocol (VIP) address for the host organization from a client device; forwarding the login request received at the global VIP address to one of a plurality of datacenters within the host organization; determining the selected datacenter is a non-home-geo datacenter for a user associated with the login request received from the client device; establishing a back-end link from the non-home-geo datacenter to a home-geo datacenter for the user; forwarding the login request from the non-home-geo datacenter to the home-geo datacenter via the back-end link for authentication of the client device at the home-geo datacenter responsive to the login request received from the computing device; and returning a response to the client device from the non-home-geo datacenter upon successful authentication of the login request at the home-geo datacenter, wherein the response specifies a re-direct to the home-geo datacenter for the user. Other related embodiments are disclosed. | 10-17-2013 |
20140123243 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR AUTHENTICATING AND AUTHORIZING AN EXTERNAL ENTITY - In accordance with embodiments, there are provided mechanisms and methods for authenticating and authorizing an external entity. These mechanisms and methods for authenticating and authorizing an external entity can enable improved data security, more efficient data transfer, improved data access channels, etc. | 05-01-2014 |
20140164843 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR DEBUGGING AN ASSERTION - In accordance with embodiments, there are provided mechanisms and methods for debugging an assertion. These mechanisms and methods for debugging an assertion can enable improved interpretation and analysis of data validation results, more efficient development associated with data validation, etc. | 06-12-2014 |