US Pat. No. 9,350,705

METHODS AND SYSTEMS FOR PROVIDING A TOKEN-BASED APPLICATION FIREWALL CORRELATION

salesforce.com, inc., Sa...

1. A method comprising:
receiving a request for access to a resource within a secure computing environment from a remote user device, the request
received by an application-level firewall;

associating a token with the request, by the application-level firewall, wherein the token is added to a session context and
the token is injected into multiple events that originate from the request to service the request within the secure computing
environment during the session to allow the application-level firewall to correlate the request with a corresponding session;

storing, by the application-level firewall, the token and associated information in an event correlator within the secure
computing environment that is communicatively coupled with the application-level firewall;

associating, by the application-level firewall, the token with one or more subsequent actions within the secure computing
environment during the session by the resource to service the request, wherein the one or more subsequent actions comprises
at least generating a database query based on the request, the database query including the token and the token is included
in a logic of the database query;

creating, by the application-level firewall, at least one statistical model to identify abnormalities and react based on security
policies;

generating a response to the request, the response including the token; and
transmitting the response with the token to the remote user device via the application-level firewall, wherein the application-level
firewall analyzes the response and determines an action to be taken on the response based on the token and the associated
information.

US Pat. No. 9,349,101

SYSTEMS AND METHODS FOR PARTITIONING SETS OF FEATURES FOR A BAYESIAN CLASSIFIER

salesforce.com, inc., Sa...

1. A method of building a partition of features in an input set, in which feature subsets listed in a partition list have
probabilistic interdependence among features in the feature subset, the method including:
accessing an input set including at least one input tuple comprising feature-values assigned to features;
identifying input subtuples comprising unique feature subsets in the input tuple;
accessing a tuple instance count data structure stored in memory that provides counts of tuples in a data set;
computing class entropy scores for the input subtuples that have at least a threshold support count of instances in the tuple
instance count data structure;

adding feature subsets corresponding to the input subtuples to a partition list, including:
ordering at least some of the input subtuples by non-decreasing class entropy score;
traversing the ordered input subtuples, including:
adding the feature subset of a current ordered input subtuple to the partition list, and
pruning from subsequent consideration other input subtuples that include any features in the current ordered input subtuple;
and

reaching completion when all of the features of the input tuple have been added to the partition list; and
storing the partition list in a memory, whereby it becomes available to use with a classifier.

US Pat. No. 9,411,907

METHOD AND SYSTEM FOR PERFORMING SEARCHES IN A MULTI-TENANT DATABASE ENVIRONMENT

salesforce.com, inc., Sa...

1. A method for performing a search operation in a multitenant database environment, the method comprising:
providing a graphical user interface on a display of an electronic computing device, wherein the graphical user interface
includes a search functionality for searching a database within a multitenant database environment, wherein

the multitenant environment includes data for multiple client entities, each identified by a tenant identifier (ID) having
one of one or more users associated with the tenant ID,

users of each of multiple client identities can only access data identified by a tenant ID associated with the respective
client entity, and

the multitenant environment is at least a hosted database provided by an entity separate from the client entities, and provides
on-demand database service to the client entities;

maintaining, for a plurality of users corresponding to one or more tenants of the multitenant environment, a list of most
recently used records for a plurality of database object types;

providing suggested search results via the graphical user interface in response to a user-generated partial search query input
by performing one or more anticipated searches based on the user-generated partial search query, wherein the suggested search
results are derived from database objects that match the user-generated partial search query input and include database records
of multiple object types that have been recently edited by a user generating the user-generated partial search query input
by utilizing the list of most recently used records corresponding to the user, the suggested search results being grouped
by database object type, and further wherein the suggested search results also include content from one or more real-time
feeds comprising at least one social media feed within the multitenant environment of at least one other user from the same
client entity as the user;

refining the suggested search results in response to subsequent user-generated search query input by performing one or more
subsequent anticipated searches based on the subsequent user-generated search query input, the refined suggested search results
also based on multiple object types that have been recently edited by a user generating the subsequent user-generated search
query input by utilizing the list of most recently used records corresponding to the user, the suggested search results being
grouped by database object type, and further wherein the suggested search results also include content from one or more real-time
feeds comprising at least one social media feed within the multitenant environment of at least one other user from the same
client entity as the user; and

providing search results in the graphical user interface based on the user-generated search query input and/or a user selection
from the suggested search results.

US Pat. No. 9,454,767

SYSTEMS, METHODS, AND APPARATUSES FOR IMPLEMENTING A RELATED COMMAND WITH A PREDICTIVE QUERY INTERFACE

salesforce.com, inc., Sa...

1. A method in a system of a host organization, the system having at least a processor and a memory therein, wherein the method
comprises:
generating, via an analysis engine, indices from a dataset of columns and rows, the indices representing probabilistic relationships
between the rows and the columns of the dataset;

storing the indices within a database of the host organization;
exposing the database of the host organization via a request interface communicably interfaced to the database;
receiving, at the request interface, a query for the database specifying a RELATED command term and a specified column as
a parameter for the RELATED command term;

querying the database using the RELATED command term and passing the specified column to generate a predictive record set;
and

returning, via the request interface, the predictive record set responsive to the query, the predictive record set having
a plurality of elements therein, each of the returned elements including a column identifier and a confidence indicator for
the specified column passed with the RELATED command term, wherein the confidence indicator indicates whether a latent relationship
exists between the specified column passed with the RELATED command and the column identifier returned for the respective
element.

US Pat. No. 9,418,003

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR CONDITIONALLY PERFORMING GARBAGE COLLECTION

salesforce.com, inc., Sa...

1. A non-transitory computer readable medium having stored therein computer code adapted to be executed by a computer to perform
operations comprising:
instantiating a plurality of database objects in a portion of memory of a multi-tenant database, wherein the plurality of
database objects are owned by a plurality of tenants of the multi-tenant database and correspond to a plurality of applications
having access to the multi-tenant database, and wherein the plurality of database objects includes a first database object
corresponding to a database table that has first data accessible by a first tenant but not a second tenant and that has second
data accessible by the second tenant but not the first tenant;

dynamically creating a threshold value based on a permissible occupancy level of the portion of memory of the multi-tenant
database;

comparing to the threshold value an amount of free memory within the portion of memory of the multi-tenant database that is
not currently assigned to any of the plurality of tenants of the multi-tenant database; and

upon determining that the amount of free memory within the portion of memory of the multi-tenant database meets the threshold
value, performing garbage collection on the portion of memory of the multi-tenant database.

US Pat. No. 9,449,102

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR ENABLING ACCESS TO A RESOURCE UTILIZING A TOKEN

salesforce.com, inc., Sa...

1. A method, comprising:
receiving, at a first server system, a first request from a device of a user to make a resource accessible;
in response to the first request, generating, by the first server system, a token;
the first server system storing, in a memory, the token;
the first server system storing, in association with the token, pointer information that indicates a location of computer
code that is executable to access the resource; and

in response to the first request, sending by the first system to the device of the user the token and an instruction to transmit
the token to a second server system, wherein the token is usable by the device of the user for inclusion in a second request
to the second server system and wherein the token is usable by the second server system to perform a look-up of the token,
verify that the token is stored, and permit access to the resource using the pointer information.

US Pat. No. 9,306,906

SYSTEMS AND METHODS FOR UTILIZING UNI-DIRECTIONAL INTER-HOST COMMUNICATION IN AN AIR GAP ENVIRONMENT

salesforce.com, inc., Sa...

1. A method comprising:
generating a request message, with a trusted network entity executing trusted code on a first network layer, the request message
to target a non-trusted network entity executing non-trusted code, on a second network layer;

transmitting the request message from the trusted network entity to the non-trusted network entity through at least a policy
enforcement entity, wherein the policy enforcement entity applies one or more network traffic rules to enforce a unidirectional
flow of traffic from the first network layer to the second network layer;

generating a response check message with the trusted network entity, the response check message to determine whether response
information is available on the non-trusted network entity in response to the request message; and

transmitting the response check message from the trusted network entity to the non-trusted network entity through at least
the policy enforcement entity, the response check message to determine whether the response information is stored in a conceptual
mailbox on the non-trusted network entity.

US Pat. No. 9,456,038

SESSION TABLE FRAMEWORK

salesforce.com, inc., Sa...

1. A method in a host organization, the method comprising:
receiving a request at the host organization from a client device, the request specifying an application available via the
host organization, wherein the application comprises a stateless application which maintains no state specific information
regarding the client device between interactions with the client device;

generating, via an application extender, a user session unique to the client device in a memory of the host organization;
creating, via the application extender, a user session data table within the user session of the memory to maintain the state
specific information regarding the client device between a plurality of interactions with the client device on behalf of the
stateless application, the user session data table defining one or more cells within the user session data table which are
updateable or non-updatable;

wherein creating the user session data table comprises creating the user session data table based on metadata associated with
the application specified by the request; and

wherein the metadata defines a structure for the user session data table based upon which the user session data table is created;
processing update data from the client device via the application specified by the request on behalf of the client device;
updating the user session data table based on the processing by validating the update data against the one or more cells within
the user session data table according to which are updateable or non-updatable; and

transmitting a response to the client device.

US Pat. No. 9,298,750

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR VALIDATING ONE OR MORE METADATA OBJECTS

salesforce.com, inc., Sa...

1. A method, comprising:
providing a platform, wherein the platform is a framework shared by a plurality of developers and end users;
creating, through the platform by one of the developers, a package definition that references a set of one or more metadata
objects describing an application;

validating, through the platform, the one or more metadata objects;
after the one or more metadata objects have been validated, making the one or more metadata objects accessible to a first
end user system, wherein the one or more metadata objects are saved into a storage location accessible to the first end user
system;

wherein the one or more metadata objects are conditionally modifiable by a user of the first end user system, based on a specification
in the package definition by:

identifying in the specification of the package definition any of the saved metadata objects that are flagged by the developer,
wherein the developer flags in the specification of the package definition which of the metadata objects are modifiable by
the user of the first end user system,

providing a wizard for allowing modifications only to the saved metadata objects that are identified as being flagged by the
developer,

wherein the developer flags metadata objects for which modifications are optional by the user of the first end user system.

US Pat. No. 9,246,699

METHOD AND SYSTEM FOR TESTING MULTIPLE COMPONENTS OF A MULTI-TENANT, MULTI-DOMAIN, MULTI-TIERED WEBSITE

salesforce.com, inc., Sa...

1. A method of testing a plurality of web resources in a distributed client-server computer network, the method comprising:
receiving, by a proxy server computer, an HTTP (hypertext transport protocol) request for a web resource, the HTTP request
transmitted from an Internet Protocol (IP) address associated with a port of a testing computer, the port associated with
the proxy server, the HTTP request including a plaintext domain name associated with the web resource, the testing computer
coupled to the proxy server in an IP network; and

transmitting the HTTP request, to the testing computer from which the HTTP request was received, by the proxy server based
on the IP address associated with the port of the testing computer, the HTTP request received from the proxy server including
the plaintext domain name associated with the web resource.

US Pat. No. 9,123,028

COMPUTER IMPLEMENTED METHODS AND APPARATUS FOR CONTROLLING THE INCLUSION OF EDITED INFORMATION IN AN INFORMATION FEED

salesforce.com, inc., Sa...

1. A method implemented in a database system for controlling the inclusion of edited information in a feed of a social networking
system to be displayed on a display device, the method comprising:
receiving a post from a device associated with a first user of the social networking system, the post including post data;
processing the post as one or more data objects capable of being stored in a database of the database system, the post capable
of being published in a feed of the social networking system when displayed on a display device;

receiving a request from the first user device to edit the post; and
determining whether the post is in an editable state, the editable state controlled by one or more conditions comprising:
a second user having responded to the post, a second user having re-published the post, or a second user having shared the
post; and

when the post is in the editable state:
generating an edited post including one or more edits to the post data in relation to the request from the first user device,
and

processing the edited post as one or more data objects capable of being stored in a database of the database system, the edited
post capable of being published in the feed of the social networking system when displayed on a display device.

US Pat. No. 9,407,606

METHODS AND SYSTEMS FOR CONTEXT-BASED APPLICATION FIREWALLS

salesforce.com, inc., Sa...

1. A method comprising:
performing a context setup with an application level firewall running on a hardware computing device in response to initiation
of a user session to access a remote resource, wherein the application level firewall provides application level or higher
analysis of network traffic and utilizes context information shared between the application firewall and one or more web-based
applications to be used during the user session to perform network and application security operations with the application
firewall and at least one of the one or more web-based applications to make security evaluations;

receiving, with the application level firewall, a response to provide information from at least one web-based application
to at least one client hardware computing device, wherein the response comprises at least metadata to be used to update the
firewall context information;

updating the context information using the application level firewall based on the metadata; and
transmitting, with the application level firewall, the response to the client hardware computing device.

US Pat. No. 9,355,270

SECURITY CONFIGURATION SYSTEMS AND METHODS FOR PORTAL USERS IN A MULTI-TENANT DATABASE ENVIRONMENT

salesforce.com, inc., Sa...

1. A method, comprising the steps of:
receiving a data request at a server with an application platform from a user via a user device, the data request being associated
with a respective data object of a plurality of data objects stored in a database;

determining when the user is an internal user from a plurality of internal users of the application platform or when a portal
user from a plurality of portal users of the application platform, the user additionally having a group membership in at least
one of a plurality of groups;

consulting an organizational wide default table that stores a list of the data objects and, for each of the data objects,
a first default security setting for all of the plurality of internal users regardless of the group membership and a second
default security setting for all of the plurality of portal users regardless of the group membership, wherein the consulting
step includes

consulting, when the user is the internal user, the first default security setting for the respective data object in the organizational
wide default table to determine when the requested data is public or private, and

consulting, when the user is the portal user, the second default security setting for the respective data object in the organizational
wide default table to determine when the requested data is public or private;

providing, when the user is the internal user and the requested data is public, access information to the user via the user
device;

providing, when the user is the portal user and the requested data is public, access information to the user via the user
device;

consulting, when the user is the internal user and only when the requested data is private, a membership table that includes
a first listing of the groups associated with the user and a share table that includes a second listing of the groups that
have access to the requested data, wherein the membership table and the share table are formed from tenant metadata, and providing
the requested data to the user when the membership table and the share table indicates that the group membership of the user
has access; and

consulting, when the user is the portal user and only when the requested data is private, the membership table and the share
table, and providing the requested data to the user when the membership table and the share table indicates that the group
membership of the user has access.

US Pat. No. 9,275,105

SYSTEM AND METHODS OF IMPROVING A MULTI-TENANT DATABASE QUERY USING CONTEXTUAL KNOWLEDGE ABOUT NON-HOMOGENEOUSLY DISTRIBUTED TENANT DATA

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code configured to be executed to cause a computer to implement a method of
improving a query in a database, the method comprising:
for each tenant of a plurality of tenants of a database system, analyzing tenant specific data included in a data table for
the tenant;

based on the analyzing, deriving by the database system metadata describing the tenant specific data;
storing by the database system a metadata table specific to the tenant, the metadata table storing the derived metadata describing
the tenant specific data;

receiving by the database system a query for retrieving at least a portion of the tenant specific data included in the data
table for a first one of the tenants;

in response to the received query, retrieving by the database system the stored metadata table specific to the first one of
the tenants, wherein the metadata table is stored by the database system prior to the receipt of the query;

processing the retrieved metadata table specific to the first one of the tenants to determine a particular retrieval path
to be used for retrieving the at least a portion of the tenant specific data;

generating a second query to include the retrieval path, such that the second query is customized for the tenant specific
data of the first one of the tenants; and

executing, in place of the query, the second query to retrieve the at least a portion of the tenant specific data.

US Pat. No. 9,307,006

SYSTEM AND METHOD FOR SYNCHRONIZING DATA OBJECTS IN A CLOUD BASED SOCIAL NETWORKING ENVIRONMENT

salesforce.com, inc., Sa...

1. A method of synchronizing and sharing data objects in a cloud based social networking environment of the type including
a collaboration cloud, the method comprising:
configuring social networking affiliations to define a sharing configuration, within the collaboration cloud, the sharing
configuration including a second computing device;

running a dedicated client synchronization application on a first computing device;
creating a sync folder on the first computing device using the client synchronization application;
updating a data object using the first computing device;
adding the updated data object to the sync folder;
in response to updating the data object, automatically synchronizing the updated data object with the collaboration cloud
without requiring additional user action at the first computing device; and

propagating, using the collaboration cloud, the updated data object to the second computing device.

US Pat. No. 9,276,929

METHOD AND APPARATUS FOR MULTI-DOMAIN AUTHENTICATION

salesforce.com, inc., Sa...

1. A method comprising:
receiving credentials for a user at a first domain;
receiving a request from the user at the first domain to redirect to a second domain;
redirecting the user to the second domain;
generating a token based on the user credentials on the first domain;
sending the token to the user and storing the token in a single shared database;
receiving a request from the user at the second domain to access data in the single shared database wherein the first and
second domains provide user access to the single shared database, the request including the token;

comparing the received token to the stored token and conditionally authenticating the user at the second domain based on the
token comparison; and

providing the requested data from the single shared database to the user upon authenticating the user at the second domain.

US Pat. No. 9,176,730

ON-DEMAND DATABASE SERVICE SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR VALIDATING A DEVELOPED APPLICATION

salesforce.com, inc., Sa...

1. A method, comprising:
receiving a new version of a developed application, including a definition of the new version of the developed application,
by a system, wherein the new version of the developed application includes at least one update to a previous version of the
developed application received by the system;

validating the new version of the developed application, by:
determining, by the system, that the new version of the developed application does not cause a loss of functionality of the
previous version of the developed application,

determining, by the system, that a result of testing the new version of the developed application does not include errors,
determining, by the system, that the new version of the developed application is associated with a version identifier for
the new version of the developed application,

determining, by the system, that the new version of the developed application complies with a limit related to storage resources
used by the developed application,

wherein the validating is based on one or more dependencies of the new version of the developed application being specified
in the definition of the new version of the developed application; and

conditionally making, by the system, the developed application available to one or more end users in response to the validation.

US Pat. No. 9,137,172

MANAGING MULTIPLE PROXY SERVERS IN A MULTI-TENANT APPLICATION SYSTEM ENVIRONMENT

salesforce.com, inc., Sa...

1. A method for managing a plurality of proxy servers in a multi-tenant application system, comprising:
receiving, by a processor, a first command;
generating, by the processor, a customized second command for each of the plurality of proxy servers based upon the first
command; and

transmitting each of the generated second commands to the respective proxy server.

US Pat. No. 9,419,863

METHODS AND APPARATUS FOR INTERFACING WITH A PHONE SYSTEM IN AN ON-DEMAND SERVICE ENVIRONMENT

salesforce.com, inc., Sa...

1. A method performed at a client machine in communication with a data provider and in communication with a communications
system, the method comprising:
receiving, at the client machine from the communications system, information regarding a communications event associated with
the communications system;

providing, at the client machine, the communications event information in a first part of a user interface of a web browser;
receiving, at the client machine, record information from the data provider;
providing the record information in a second part of the user interface, the first part of the user interface and the second
part of the user interface being in communication with each other via a cross-domain application programming interface (API),
a library associated with the web browser capable of calling the cross-domain API; and

communicating a message from the first part of the user interface to the second part of the user interface to update the second
part or a third part of the user interface.

US Pat. No. 9,323,804

METHOD AND SYSTEM FOR ALLOWING ACCESS TO DEVELOPED APPLICATIONS VIA A MULTI-TENANT ON-DEMAND DATABASE SERVICE

salesforce.com, inc., Sa...

1. A method, comprising:
receiving developed applications at an on-demand database service from a plurality of developers;
for each of the received applications:
running in an automated manner, by the on-demand database service through a call made to an application program interface
associated with the on-demand database service, an assessment of whether operability of the application and quality of the
application comply with a plurality of predefined rules,

only making, by the on-demand database service, a publication functionality of the on-demand database service accessible to
the developer for the received application when the automated assessment performed by the on-demand database service indicates
that the operability of the application and the quality of the application comply with the plurality of predefined rules,
and

when the automated assessment performed by the on-demand database service indicates that either the operability of the application
or quality of the application does not comply with the plurality of predefined rules, then a report is provided to a developer
of the application to indicate a manner in which the operability of the application or quality of the application does not
comply with the plurality of predefined rules;

providing, by the on-demand database service, access to the applications, once published using the publication functionality
of the on-demand database service, to users of the on-demand database service including allowing the users to share each of
the applications; and

limiting, by the on-demand database service, a plurality of aspects of the applications shared by the users, the plurality
of aspects including:

a number of electronic mail messages sent utilizing the developed applications,
an amount of resources made available to each of the developed applications,
service calls out by the developed applications to other systems external to the on-demand database service,
a number of queries made utilizing the developed applications,
a number of rows processed,
a number of transaction statements,
a duration of processing by the developed applications, and
a number of modification statements to a database made utilizing the developed applications.

US Pat. No. 9,275,160

PERFORMING AN UPGRADE IN A MULTI-TENANT DATABASE SYSTEM ENVIRONMENT

salesforce.com, inc., Sa...

1. A method for providing features in a multi-tenant database system, the method comprising:
providing, by the multi-tenant database system, a user interface to enable making a request for enabling a new feature that
a user wishes to use, wherein the new feature is a business entity used to perform business actions in a release of the multi-tenant
database system and the new feature requires a database of the multi-tenant database system to be upgraded to support the
business entity for the user;

receiving, from the user, the request for the new feature, wherein the user belongs to an organization that is a tenant of
the multi-tenant database system; and

upgrading the multi-tenant database system to support the new feature immediately upon receiving the request, wherein the
upgrading includes one or more provisioning steps to upgrade a schema layout for how the business entity is viewed on a page
that are based on the request from the user and depend on the user making the request, the one or more provisioning steps
comprising:

providing information about a layout of the page that displays the business entity; and
populating one or more tables of the database with a standard profile including permissions associated with the user so that
a default layout of the business entity can be presented once the business entity is enabled by the multi-tenant database
system.

US Pat. No. 9,195,437

OBJECT-ORIENTED SYSTEM FOR CREATING AND MANAGING WEBSITES AND THEIR CONTENT

salesforce.com, inc., Sa...

1. A method for creating and managing a website as an object-oriented system, comprising:
providing, on a system server computer, a plurality of hierarchical classes of objects, wherein each object of the plurality
of hierarchical classes of objects represents one aspect of storage, presentation, and logic of a website, wherein each object
of the plurality of hierarchical classes of objects has an object configuration that includes a defined set of behaviors,
properties, and events, and wherein after each object of the plurality of hierarchical classes of objects has been created,
a website manager can create, update, and delete styles, pages, content lists, database tables, workflows, and digital assets
independently from each other;

storing, in a database management system on a database server computer in communication with the system server computer, object
configurations for the plurality of hierarchical classes of objects to enforce data integrity, versioning, search, and retrieval;

storing, on the database server computer in communication with the system server computer, objects as a traversable object
tree in accordance with the plurality of hierarchical classes of objects;

retrieving, by the system server computer, a user-requested portion of the website by traversing a corresponding portion of
the traversable object tree that defines the user-requested portion of the website; and

generating, by the system server computer, the user-requested portion of the website using the defined set of behaviors, properties,
and events stored in the object configuration associated with each of the traversed objects from the corresponding portion
of the traversable object tree.

US Pat. No. 9,100,183

COMPUTER PROGRAM PRODUCT AND METHOD FOR ORDER PRESERVING SYMBOL BASED ENCRYPTION

salesforce.com, inc., Sa...

1. A method for processing symbols by a first computerized entity, the method comprising:
receiving, by a first computerized entity and over a communication network, encrypted text that comprises multiple random
tokens and a plurality of plaintext symbols;

wherein the multiple random tokens are generated by a second computerized entity;
wherein a value of each random token that represents a plaintext symbol is responsive to values of random tokens that represents
plaintext symbols that have a lower lexicographic value than the plaintext symbol; and

processing the encrypted text by the first computerized entity, wherein the processing is selected from a group consisting
of sorting and searching.

US Pat. No. 9,100,240

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR PERFORMING A SYNCHRONIZATION OF DATA

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code adapted to be executed to implement a method for performing a synchronization
of data, the method comprising:
storing, by a system, account information for a user, wherein the user is a subscriber to a service of the system;
after the user has successfully logged into a messaging application installed on a mobile device of the user and while the
messaging application is running on the mobile device, performing, by the system, a synchronization of data used by the messaging
application installed on the mobile device;

wherein the synchronization includes, at least in part, sending to the mobile device from the system metadata describing one
or more objects that are used by the messaging application installed on the mobile device;

wherein the synchronization is performed, at least in part, in response to a key event other than the user logging into the
messaging application.

US Pat. No. 9,306,878

INTELLIGENT AUTOMATED MESSAGING FOR COMPUTER-IMPLEMENTED DEVICES

salesforce.com, inc., Sa...

1. A computer-implemented method of intelligent predictive messaging, the method comprising:
obtaining, at a messaging server from a user device, message context data indicative of context of a conversation taking place
between particular participants during a messaging session, wherein the particular participants are people and wherein the
conversation takes place between the people;

processing the message context data, at a message prediction engine, to determine a predicted messaging scenario of the conversation
between the particular participants of the conversation based on prior conversation patterns between those particular participants
of the conversation, wherein the predicted messaging scenario includes a predicted conversation pattern of the conversation
that is taking place between the particular participants of the conversation;

determining, at the message prediction engine based on the predicted conversation pattern, recommended text that indicates
suggested language to be included in a message as part of the conversation to complete at least part of the message, wherein
the suggested language corresponds to the message context data indicative of the context of the conversation, and wherein
the recommended text comprises options for suggested language that are predicted to compete at least part of the message;

displaying the recommended text within a message field at the user device, and automatically populating the message field
with at least some of the suggested language; and

thereafter, sending the message from the user device, the message including content of the message field.

US Pat. No. 9,304,614

FRAMEWORK FOR CUSTOM ACTIONS ON AN INFORMATION FEED

salesforce.com, inc., Sa...

1. A method of providing a custom action for post in an online social network, the method comprising:
transmitting, from a server to a client machine, data implementing a user interface component for display at the client machine
in accordance with first computing programming language instructions provided by a first entity:

the user interface component displays at least one feed item record authored by a user and a plurality of responsive posts
in a thread about the feed item record,

each post of the plurality of responsive posts having a feed item ID and being posted by a user with information about the
feed item record, and

each post of the plurality of responsive posts contains a custom action activation mechanism indexed by the feed item ID,
wherein the custom action activation mechanism is customized based on a state of the post indexed by the feed item ID and
is customizable with second computer programming language instructions provided by a second entity;

receiving a message transmitted from the client machine to the server, the message indicating detection of a custom action
activation event generated responsive to activation of the custom action activation mechanism associated with a first one
of the responsive posts; and

performing the custom action at the server in response to receiving the message:
the custom action modifying data related to the first responsive post at the server, and
the custom action being performed in accordance with the second computer programming language instructions provided by the
second entity.

US Pat. No. 9,280,596

METHOD AND SYSTEM FOR SCORING ARTICLES IN AN ON-DEMAND SERVICES ENVIRONMENT

salesforce.com, inc., Sa...

1. A method comprising:
determining, by a host system of a database system, the host system having a processor system including one or more processors
and a storage system, an increment to a score of an article based on:

at least one vote for the article, the at least one vote being weighted higher for votes from external users than votes from
internal users, the internal users being internal with respect to an organization controlling the article, the external users
being external with respect to the organization,

a reference to the article in at least one other article, the reference including a link in the at least one other article,
the link providing access to the article,

a score of the at least one other article,
at least one visitation to the article by at least one user, and
a ratio of a number of occurrences of a phrase in the article to a number of words in the article;
weighting, by the host system, the increment to the score, so that more recent increments to the score have a higher weight
than less recent increments; and

storing the score in association with the article in the storage system as an indication of a likelihood that users will be
interested in the article.

US Pat. No. 9,117,003

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR NAVIGATING CONTENT ON A SINGLE PAGE

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code for navigating content on a single page, and when executed by a computer,
causing the computer to perform operations comprising:
receiving a first request from a user for content to be displayed;
retrieving the content from a database, where the content is stored in a first format;
translating the retrieved content from the first format to a second format;
cloning a template section of a hypertext markup language (HTML) page and renaming the cloned template section to identify
the requested content;

adding the retrieved and translated content to the cloned and renamed template section;
pushing the cloned and renamed template section onto a navigation stack of the HTML page; and
displaying the content from the navigation stack of the HTML page.

US Pat. No. 9,465,720

METHODS AND SYSTEMS FOR INTERNALLY DEBUGGING CODE IN AN ON-DEMAND SERVICE ENVIRONMENT

salesforce.com, inc., Sa...

1. A system comprising:
a server group provided by one or more hardware computing devices each comprising one or more processors and at least one
memory device, the one or more hardware computing devices appearing to a client device as a single server entity associated
with a database, the server group including multiple servers that share tasks among the multiple servers, the server group
to

receive, with at least one of the one or more processors, a debugging session request from a client device over a network
connection, the debugging session request to debug code executed by the server group and not locally at the client device;

establish, with at least one of the one or more processors, a connection to the client device via a first server of the server
group to initiate a debugging session between the server group and an integrated development environment (IDE) of the client
device in response to the debugging session request, the first server to maintain open the connection with the client device
for a duration of the debugging session to provide a single communication connection to enable the use of break points, step
through, and evaluation via a remote debugging environment;

for subsequent service requests of the debugging session at the server group, maintain state for the debugging session, with
at least one of the one or more processors, with a resource shared among the server group, receive the service requests with
the first server and distribute the service requests among the server group for processing, wherein each server that processes
a request is to communicate via the connection from the first server to the client device about processing on the service
requests and wherein breakpoint operations are modified to be registered in a same state as the connection, and be connected
back to the first server.

US Pat. No. 9,369,468

GENERATION OF A VISUALLY OBFUSCATED REPRESENTATION OF AN ALPHANUMERIC MESSAGE THAT INDICATES AVAILABILITY OF A PROPOSED IDENTIFIER

salesforce.com, inc., Sa...

1. A method, comprising:
initiating an account registration procedure;
receiving a proposed username at a computer-implemented server device from a device during the account registration procedure;
determining, at the computer-implemented server device, whether the proposed username is available for use with a new account;
communicating, from the computer-implemented server device, a response to the device indicating whether the proposed username
is available for use with the new account, wherein the response comprises an image that contains a visually obfuscated representation
of an alphanumeric message that indicates either a success when the proposed username is available for use with the new account
or a failure when the proposed username is not available for use with the new account; and

presenting the response at the device.

US Pat. No. 9,191,291

DETECTION AND HANDLING OF AGGREGATED ONLINE CONTENT USING DECISION CRITERIA TO COMPARE SIMILAR OR IDENTICAL CONTENT ITEMS

salesforce.com, inc., Sa...

1. A computer-implemented method comprising:
obtaining, at a computer system, a first content item from an online source, wherein the first content item is obtained via
network connection;

generating a characterizing signature of the first content item, by:
selecting a quantity of text for analysis, the first content item comprising the quantity of text;
eliminating filler words from the quantity of text to identify a plurality of significant words;
arranging a predetermined number of the plurality of significant words from the quantity of text to create a document key;
applying a hash function to the document key to obtain a hashed document key; and
appending a language identifier to the hashed document key to create the characterizing signature;
finding a previously-saved instance of the characterizing signature in a cache memory architecture of the computer system;
retrieving, from the cache memory architecture, data associated with a second content item, in response to finding the previously-saved
instance of the characterizing signature, wherein the second content item is characterized by the characterizing signature;

analyzing the data associated with the second content item, corresponding data associated with the first content item, and
decision criteria; and

identifying either the first content item or the second content item as an original content item, based on the analyzing.

US Pat. No. 9,122,722

TRANSFORMING QUERIES IN A MULTI-TENANT DATABASE SYSTEM

salesforce.com, inc., Sa...

1. A method for optimizing a query by a database system in a multi-tenant database system, the method comprising:
receiving a query request with a query predicate to filter data returned in response to the query request, wherein the query
predicate comprises a formula;

accessing an index generated to correspond to one tenant of the multi-tenant database system;
preprocessing the formula in the query predicate based upon the generated index for the tenant to create a transformed query
request, wherein the preprocessing includes:

applying the generated index to a database field referenced in the formula, and
replacing at least one reference to a database field within the formula with a reference to a second database field based
upon the generated index;

optimizing the query request using the transformed query request;
receiving a query request with a reference to a first database field in the query predicate, wherein the first database field
comprises the formula in the query predicate, wherein the formula comprises a reference to a second database field; and

transforming the query request to a transformed query request by replacing the reference to the first database field within
the query request with at least one reference to the second database field.

US Pat. No. 9,367,876

SYSTEMS AND METHODS FOR MULTIMEDIA MULTIPOINT REAL-TIME CONFERENCING ALLOWING REAL-TIME BANDWIDTH MANAGEMENT AND PRIORITIZED MEDIA DISTRIBUTION

salesforce.com, inc., Sa...

1. A method for multimedia multipoint real-time conferencing, the method comprising:
receiving, from a client embedded in a host website, a request to share content from a third-party resource in a real-time
group conference associated with users of a virtual room provided by a multipoint real-time conferencing engine within the
host website, the request being encapsulated in a data packet with tags associated with the content and routing requirements
describing one or more recipients of the content, wherein the content includes at least Markup Language code referencing the
third-party resource;

based on the tags and the routing requirements, sharing the content from the third-party resource in the real-time group conference
with the users of the virtual room; and

creating a response code, wherein the content is shared via a transport protocol in the real-time group conference to enable
viewing of media from the third-party resource by the users.

US Pat. No. 9,197,513

COMPUTER IMPLEMENTED METHODS AND APPARATUS FOR REPRESENTING A PORTION OF A USER INTERFACE AS A NETWORK ADDRESS

salesforce.com, inc., Sa...

1. A method for representing a portion of a user interface associated with a web browser as a web address, the method comprising:
receiving a request to encode as a web address a portion of a user interface provided in association with a web browser at
a display of a first computing device, the portion of the user interface having content including a primary user interface
component and one or more secondary user interface components associated with the primary user interface component, the primary
user interface component configured to include record information of a primary record stored in a database of a database system,
the one or more secondary user interface components configured to include record information of one or more secondary records
associated with the primary record, the one or more secondary records stored in a database of the database system;

generating a web address to identify the content of the portion of the user interface, the generated web address including
a primary identifier identifying the primary record and including one or more secondary identifiers identifying the one or
more secondary records; and

causing the generated web address to be transmitted to a second computing device for processing to:
identify the primary identifier and the one or more secondary identifiers of the generated web address,
identify the primary record and the one or more secondary records using the primary identifier and the one or more secondary
identifiers, and

generate, using the identified primary record and the identified one or more secondary records, a presentation of the primary
user interface component and the one or more secondary user interface components.

US Pat. No. 9,152,725

COMPUTER IMPLEMENTED METHODS AND APPARATUS FOR CONFIGURING AND PERFORMING A CUSTOM RULE TO PROCESS A PREFERENCE INDICATION

salesforce.com, inc., Sa...

1. A method of processing a personal preference indication submitted by a user for a feed item of a social network feed established
through an associated database system having at least one server, the method comprising:
receiving, at a server of the database system from a computing device associated with the user, a personal preference indication
submitted by the user to apply to a first feed item of the social network feed, the personal preference indication indicating
that the user feels positive or negative about information indicated by the first feed item, the social network feed being
displayable on computing devices of one or more users of the social network;

identifying, using a server of the database system, a characteristic of the first feed item;
identifying, using a server of the database system, one or more further feed items of the social network feed as being related
to the first feed item based on the feed item characteristic, the one or more further feed items not being a count of personal
preference indications;

determining, using a server of the database system, one or more computing actions operative to modify data contained in or
attached to the one or more further feed items of the social network feed based on the first feed item characteristic and
on the received personal preference indication; and

causing performance of, using a server of the database system, the one or more computing actions to modify the data contained
in or attached to the one or more further feed items of the social network feed.

US Pat. No. 9,135,304

METHODS AND SYSTEMS FOR OPTIMIZING TEXT SEARCHES OVER STRUCTURED DATA IN A MULTI-TENANT ENVIRONMENT

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code configured to cause a computer to implement a method, the method comprising:
providing, in a system, a set of logically separated storage areas, where each logically separated storage area is associated
with a corresponding organization from a plurality of organizations and is inaccessible to organizations other than the corresponding
organization;

receiving a first search parameter from one of a plurality of subscribers of one of the plurality of organizations of the
system, where the system provides hosted applications and content for the plurality of logically separate organizations;

formulating, by the system, a search query including the first search parameter received from the subscriber;
sending the search query to a query server;
searching, by the system, indexed data records accessible to the subscriber via the organization of the system using the first
search parameter, each of the plurality of indexed data records including:

a last update field indicating a time when the record was last modified by any subscriber of the organization of the system;
at least one last activity field separate from the last update field indicating a time when an action was last performed utilizing
the record;

a record owner field indicating an owner of the record within the organization, and
a record owner role field indicating a location of the owner of the record within a hierarchy of the organization;
returning, by the system, a plurality of matching records within the indexed data records, based on the searching of the indexed
data records, wherein the matching records are ordered by:

determining a normalized search relevancy score that is returned by a search engine for each of the plurality of matching
records,

assigning a last update score to each of the plurality of matching records based on a value of the last update field of each
of the plurality of matching records,

assigning a last activity score to each of the plurality of matching records based on a value of the last activity field of
each of the plurality of matching records,

multiplying the normalized search relevancy score by a first predetermined weight factor for each of the plurality of matching
records,

multiplying the last update score by a second predetermined weight factor for each of the plurality of matching records,
multiplying the at least one last activity score by a third predetermined weight factor for each of the plurality of matching
records,

summing all of the weighted scores to determine a final relevancy score for each of the plurality of matching records, and
ordering the plurality of first data records such that data records of the plurality of matching records having a higher final
relevancy score are ranked higher than data records of the plurality of matching records having a lower final relevancy score.

US Pat. No. 9,081,869

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR COMMUNICATING DATA BETWEEN A DATABASE AND A CACHE

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code adapted to be executed to implement a method for communicating data between
a database and a cache, the method comprising:
storing, in a database of a service relying on a database system:
data objects, and
metadata describing the data objects,
wherein the database system is accessible over a network and includes hardware and software that is shared by users;
associating a cache separate from the database with an application capable of residing within a browser, the application having
a plurality of user interface components and providing a feature of the service;

storing, in the cache, a plurality of cache objects, each of the cache objects storing a different view of a plurality of
the data objects stored in the database;

during execution of the application in the browser, providing by the cache, from each of the cache objects to the user interface
components of the application, the view of the plurality of the data objects stored in the database;

asynchronously refreshing by the database system, in each of the cache objects, the view of the plurality of the data objects
stored in the database, using the metadata describing the data objects.

US Pat. No. 9,407,603

METHODS AND SYSTEMS FOR PROVIDING CONTEXT-BASED OUTBOUND PROCESSING APPLICATION FIREWALLS

salesforce.com, inc., Sa...

1. A method comprising:
generating an outbound message with an application provided by a computing environment having one or more computing devices,
wherein the outbound message includes at least a trustworthiness indicator and marking information based on inbound processing
at an application-level firewall for the one or more portions of the outbound message, wherein the outbound message is to
be transmitted to a remote electronic device by at least one of the one or more computing devices;

encoding the outbound message with an outbound traffic engine having the application-level firewall executing on one or more
computing devices within the computing environment, the encoding based on the trustworthiness indicator and the encoding to
be performed before passing the outbound message, wherein the application-level firewall is configurable to inspect network
traffic specific to an application based on logic of the application;

analyzing the outbound message based on encoded user data and context information with the application-level firewall to determine
when the outbound message is to be considered safe or unsafe; and

performing an action on traffic to the application based on the encoded user data and the context information with one of
the application-level firewall and the application by forwarding without modification when the outbound message is to be considered
safe and to redirect the traffic to a designated safe URL when the outbound message is to be considered unsafe.

US Pat. No. 9,311,664

SYSTEMS AND METHODS FOR AUTOMATICALLY COLLECTION OF PERFORMANCE DATA IN A MULTI-TENANT DATABASE SYSTEM ENVIRONMENT

salesforce.com, inc., Sa...

1. A method of collecting data from at least one origin application server and at least one content delivery network forming
a multi-tenant system, comprising:
obtaining, by a processor, usage data corresponding to a first tenant and a second tenant in the multi-tenant system from
the at least one origin application server, the at least one origin application server dynamically creating virtual applications
based upon data from a common database that is shared between the first tenant and the second tenant and hosting the virtual
applications for the first tenant and the second tenant;

obtaining, by the processor, usage data from the at least one content delivery network corresponding to usage of the at least
one content delivery network by the first tenant and the second tenant in the multi-tenant system; and

aggregating, by the processor, the usage data obtained from the origin application server and the content delivery network
into a single database and associating each entry of the aggregated usage data with one of the first tenant and the second
tenant of the multi-tenant system.

US Pat. No. 9,298,842

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR PUBLICLY PROVIDING WEB CONTENT OF A SUBSCRIBER OF AN ON-DEMAND DATABASE SERVICE

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code adapted to be executed to cause a computer to implement a method comprising:
providing, by a database system, a database service accessible to a plurality of subscribers;
receiving, by the database system, information from one of the subscribers, the information including web content and security
settings for the web content, wherein the security settings include at least one rule indicating portions of the web content
that are allowed to be publicly accessed by non-subscribers of the database service;

receiving, by the database system from the subscriber, a definition of a universal resource locator (URL) to be used for accessing
the web content and a request to register the URL in association with the web content;

in response to receipt of the definition and the request from the subscriber, registering, through the database system, the
URL in association with the web content;

after registering the URL in association with the web content, receiving, by the database system, a request from one of the
non-subscribers for the web content, the request including the URL;

extracting, by the database system, the URL from the request;
identifying, by the database system, the web content utilizing the extracted URL;
identifying, by the database system, the security settings for the identified web content;
determining, by the database system, the portions of the web content that the security settings allow to be publicly provided
to the non-subscriber;

providing, by the database system, the portions of the web content to the non-subscriber in response to determining, based
on the security settings, which portions of the web content are allowed to be publicly provided to the non-subscriber; and

preventing, by the database system, remaining portions of the web content that are not indicated by the security settings
as allowed to be publicly accessed by non-subscribers of the database service from being provided to the non-subscriber.

US Pat. No. 9,189,521

STATISTICS MANAGEMENT FOR DATABASE QUERYING

salesforce.com, inc., Sa...

1. A method of obtaining data from a database, the database including a query optimizer to generate a query plan based on
on-demand database statistics, the method comprising:
obtaining model database statistics representative of an expected state of the database in the future, the model database
statistics being generated based on a subset of expected utilization information for a tenant supported by the database, the
expected utilization information representing the tenant's likely usage of a table in the database at a time in the future,
wherein generating the model database statistics comprises:

obtaining a subset of database statistics that are most likely to influence the query optimizer; and
generating the model database statistics that are likely to influence the query optimizer based on the subset of database
statistics and the subset of the expected utilization information; and

modifying on-demand database statistics maintained by the database to reflect the model database statistics, wherein the query
plan generated by the database to obtain the data based on the on-demand database statistics is influenced by the model database
statistics.

US Pat. No. 9,395,881

METHODS AND SYSTEMS FOR NAVIGATING DISPLAY SEQUENCE MAPS

salesforce.com, inc., Sa...

1. An apparatus for navigating display sequence maps, the apparatus comprising:
a hardware processor; and
one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps
of:

outputting, to a display device, a plurality of content views in response to receiving a plurality of requests for content
views via a user interface, each of the plurality of content views includes revisions viewable as selectable text in an electronic
document or webpage, wherein at least one of the plurality of content views comprises a link that enables navigation to another
one of the plurality of content views;

outputting, to the display device in response to a request via the user interface, a hierarchical representation of a sequence
of the plurality of content views, the hierarchical representation comprising a plurality of visual representations corresponding
to the plurality of content views, the sequence including at least a first revised content view at a first level of the hierarchical
representation and a second revised content view at a second level of the hierarchical representation, the second revised
content view including revisions from the first revised content view and new revisions;

outputting, to the display device, the first revised content view in response to a selection from the hierarchical representation
via the user interface of one of the plurality of visual representations corresponding to the first revised content view,
and

deleting the first revised content view such the revisions from the first revised content are deleted while the new revisions
in the second revised content view are retained to create a final revised content view in the hierarchical representation,
which is then outputted to the display device.

US Pat. No. 9,251,204

STATIC QUERY OPTIMIZATION

salesforce.com, inc., Sa...

1. A computer-implemented method for tuning queries for a multi-tenant database system, the method comprising:
retrieving actual statistics associated with data stored on one or more servers in the multi-tenant database system, wherein
the data is associated with one or more tenants of the multi-tenant database system;

selecting a subset of the actual statistics, wherein the subset of the actual statistics is related to tenants having a data
trait targeted for optimization, wherein a tenant having a data trait targeted for optimization has at least one of the following
data traits: (1) a high volume of transactions, (2) a high number of transactions involving large file sizes, (3) a high number
of resource-intensive transactions, (4) high utilization of a rarely-used column or table, or (5) high utilization of a rarely-used
resource;

determining, using one or more processors associated with the one or more servers, synthetic statistics based on the subset
of the actual statistics, wherein the synthetic statistics are derived from the subset of actual statistics by modifying one
or more aspects of the data based on a subset of the tenants of the multi-tenant database system, the subset of tenants having
the data trait targeted for optimization, and then re-calculating statistical data to generate the synthetic statistics;

receiving an original query transmitted to the multi-tenant database system by a user associated with a tenant that has the
data trait targeted for optimization, wherein the original query operates upon data associated with the tenant; and

determining, using the processor, an optimal query plan based on the original query and the synthetic statistics.

US Pat. No. 9,450,896

METHODS AND SYSTEMS FOR PROVIDING CUSTOMIZED DOMAIN MESSAGES

salesforce.com, inc., Sa...

1. A method comprising the steps of:
receiving a customized message for one of a plurality of domains at one of a plurality of servers of an on-demand services
environment;

storing the customized message on the on-demand services environment;
receiving a request from a user device for content for the one of the plurality of domains at the one of the plurality of
servers;

providing an inquiry in response to the request via the one of the plurality of servers to a database service that includes
an application server;

receiving a notification from the database service when the application server is unavailable; and
providing, via the one of the plurality of servers of the on-demand services environment, the customized message to the user
device in response to the request when the application server is unavailable.

US Pat. No. 9,244,954

CUSTOMIZING STANDARD FORMULA FIELDS IN A MULTI-TENANT DATABASE SYSTEM ENVIRONMENT

salesforce.com, inc., Sa...

1. A method for customizing standard formula fields in a database system, the method comprising:
receiving at least a portion of a formula for a standard database field of a standard database entity in a database system;
storing a date range for maintaining at least the portion of the formula;
calculating a value for the standard database field with at least the portion of the formula and information on one or more
variables of the formula, wherein one or more database entities depend on the value for the standard database field; and

storing the value for the standard database field.

US Pat. No. 9,235,614

COMPUTER IMPLEMENTED METHODS AND APPARATUS FOR FEED-BASED CASE MANAGEMENT

salesforce.com, inc., Sa...

1. A computer implemented method for using a database system comprising:
receiving, by a server associated with the database system, first information associated with a record stored or configured
to be stored in the database system;

updating, by the server, one or more data objects stored in the database system based on the first information;
creating, by the server, a feed item associated with the update, the feed item including one or more actionable selections
providing a reference to a publisher, the feed item configured to be stored using one or more databases of the database system;

providing, by the server, the feed item in an information feed; and
causing, by the server, responsive to selection of the one or more actionable selections, the publisher to be operable to
receive second information in one or more fields of the publisher, the publisher being further operable to publish the second
information via one or more channels, the publisher configured to be displayed in association with the information feed in
a user interface of a display device.

US Pat. No. 9,344,367

SLIPSTREAM BANDWIDTH MANAGEMENT ALGORITHM

salesforce.com, inc., Sa...

1. A method at a computing device having at least a processor and a memory therein, the method comprising:
executing an application via the processor at the computing device;
executing an Input/Output pump streaming platform (“TO Pump”) via the processor at the computing device, the IO Pump executing
separately and distinctly from the application;

approximating bandwidth for the application;
allocating, via the IO Pump, multiple simultaneous Transmission Control Protocol (TCP) connections in support of the application
based at least in part on the bandwidth approximation for the application; and

transmitting data from the computing device to a remote computing device on behalf of the application using multiple of the
allocated TCP connections simultaneously by sending data on at least a first of the multiple of the allocated TCP connections
while receiving data on at least a second of the multiple of the allocated TCP connections.

US Pat. No. 9,237,156

SYSTEMS AND METHODS FOR ADMINISTRATING ACCESS IN AN ON-DEMAND COMPUTING ENVIRONMENT

salesforce.com, inc., Sa...

1. A system for managing protected data resources, comprising:
a resource server configured to store the protected data resources; and
an authorization module coupled to the resource server and configured to store access protocols,
the authorization module further configured to receive a service request from a user via a client module, the service request
including user credentials,

the authorization module further configured to evaluate the user credentials to determine when the service request is from
a legitimate user, and

wherein, when the authorization module determines that the user credentials are acceptable, the authorization module is configured
to evaluate the service request based on the access protocols and send an authorization code to the user based on the access
protocols,

the authorization module further configured to receive a token request with the authorization code from the user via the client
module and to send an access token to the client module based on the authorization code for accessing the protected data resources
of the resource server,

wherein the authorization module is configured to receive an administration request from an administrator device, the administration
request including administrator credentials,

the authorization module configured to evaluate the administrator credentials to determine when the administration request
is from a legitimate administrator and,

wherein, when the authorization module determines that the administrator credentials are acceptable, the authorization module
is configured to provide a location reference for an administration program stored on the authorization module to the administrator
device based on the administrator credentials such that, upon execution of the administration program, administration capabilities
from the administration program are installed on the administrator device, and

wherein the authorization module is configured to receive and store the access protocols from the administrator device generated
with the administration capabilities, the access protocols comprising a data table that defines rights associated with the
protected data resources for a list of users or groups.

US Pat. No. 9,197,427

METHODS AND SYSTEMS FOR SCREENSHARING

salesforce.com, inc., Sa...

1. A method comprising:
managing, by a computer server system, a browser-based chat session between first and second users, the first user being at
a first display, and the second user being at a second display;

providing, in response to the first user selecting a screen sharing button presented within a first chat window for the chat
session displayed on the first display during the chat session between the first user and the second user, a first message
generated by the computer server system inviting the second user to view information being displayed on the first display;

displaying the first message inviting the second user to view the information in a second chat window for the chat session
on the second display;

displaying a second message inputted by the first user in the second chat window, wherein the second message is visually distinguishable
from the first message;

receiving an acceptance from the second user to view the information; and
upon receiving the acceptance, sharing the information being displayed on the first display with the second user on a first
shared information window separate from the second chat window on the second display.

US Pat. No. 9,286,343

STATISTICS MECHANISMS IN MULTITENANT DATABASE ENVIRONMENTS

salesforce.com, inc., Sa...

1. A method comprising:
maintaining a master statistics file in a multitenant environment, the master statistics file having statistics corresponding
to multiple tenants within the multitenant environment;

parsing the master statistics file into an object having an ordered grouping of statistical information corresponding to one
or more selected tables stored in a single database within the multitenant environment;

generating statistics for a table, the table corresponding to a selected tenant of the multitenant environment, the table
from the one or more selected tables; and

updating the master statistics file based on the generated statistics for the table.

US Pat. No. 9,195,835

SYSTEM AND METHOD FOR INITIALIZING TOKENS IN A DICTIONARY ENCRYPTION SCHEME

salesforce.com, inc., Sa...

1. A computer implemented method, comprising:
receiving data in unencrypted form, the data including a plurality of plaintext symbols;
encrypting the data in accordance with an encryption dictionary generated by
arranging the plurality of plaintext symbols in lexicographical order;
defining a first subset comprising a first plurality of the lexicographically arranged symbols;
defining a second subset comprising a second plurality of the lexicographically arranged symbols;
defining a first set comprising a first plurality of unique random tokens within a first token space for use with the first
plurality of symbols, respectively;

defining a second set comprising a second plurality of unique random tokens within a second token space for use with the second
plurality of symbols, respectively;

adding a first random constant value to each token in the first set of random tokens; and
adding a second random constant value to each token in the second set of random tokens;
wherein the second random constant value is greater than the first random constant value; and
storing the encrypted data in a database.

US Pat. No. 9,195,726

MECHANISM FOR FACILITATING DYNAMIC INTEGRATION OF DISPARATE DATABASE ARCHITECTURES FOR EFFICIENT MANAGEMENT OF RESOURCES IN AN ON-DEMAND SERVICES ENVIRONMENT

SALESFORCE.COM, INC., Sa...

1. A database system-implemented method comprising:
receiving, at a first database platform of the database system, a job request from a user having access to a computing device,
wherein the job request is associated with a first programming package based on at least one of a first programming language
and a first set of programming protocols;

seeking, by the database system, a third-party entity, at a second database platform, to process the job request;
translating, by the database system, the first programming package into a second programming package, wherein the second programming
package is compatible with the third-party entity, and wherein the second programming package is based on at least one of
a second programming language and a second set of programming protocols;

transmitting, by the database system, the job request associated with the second programming package to the third-party entity;
and

receiving, by the database system and from the third-party entity, an output relating to the processing of the job request.

US Pat. No. 9,468,855

SYSTEMS AND METHODS FOR CREATING AND JOINING TOURNAMENTS IN A MULTI-TENANT DATABASE SYSTEM ENVIRONMENT

salesforce.com, inc., Sa...

1. A system for creating a tournament in a multi-tenant database environment, comprising:
a database configured to securely store tenant based data; and
a processor communicatively connected to the database, the processor configured to:
receive number of participants data, assignment of participant data and type of tournament data;
receive tournament access information;
create tournament data based upon the number of participants data, the assignment of participants data and the type of tournament
data; and

push the tournament data to a tournament application on a domain of one or more tenants of the multi-tenant database system
based upon the tournament access information.

US Pat. No. 9,275,098

TECHNIQUES FOR IMPLEMENTING BATCH PROCESSING IN A DATABASE SYSTEM

salesforce.com, inc., Sa...

1. A method comprising:
receiving a request for processing against a database system;
enqueuing a batch request in a request queue responsive to receiving the request;
calling a query locator object that points to a maximum number of objects to be scheduled for uninterrupted processing in
a single batch process against the database system to ensure that the single batch process does not consume in excess of a
threshold amount of resources of the database system;

retrieving the maximum number of objects based on the called query locator object;
scheduling execution of the batch request to be executed via uninterrupted processing during the single batch process by queuing
the batch request in an execute queue amongst a plurality of other objects in the execute queue;

executing the batch request against the database system; and
sending notification to users indicating completion of the execution of the batch request against the database system.

US Pat. No. 9,277,432

SYSTEMS AND METHODS FOR AUTOMATED ON-DEVICE PERFORMANCE TESTING OF MOBILE APPLICATIONS

salesforce.com, inc., Sa...

1. An automated test system for measuring the performance of a mobile application including a user page, comprising:
a communication link configured to connect a plurality of mobile client devices to an application server running the mobile
application;

a first module configured to implement a plurality of mobile network protocols;
a second module configured to implement a plurality of mobile carrier protocols;
a third module configured to implement a plurality of mobile operating systems; and
a processing module configured to download the user page from the application server to each of the plurality of mobile client
devices using different combinations of the plurality of mobile network protocols, the plurality of mobile carrier protocols,
and the plurality of mobile operating systems.

US Pat. No. 9,253,224

METHOD AND SYSTEM FOR ON-DEMAND COMMUNITIES

salesforce.com, inc., Sa...

1. A non-transitory machine-readable medium carrying one or more sequences of instructions causing a computer to implement
a method comprising:
providing, to a user by a database service, tools for creating a community website including one or more community webpages
to be made accessible to potential subscribers to the community website;

receiving, at the database service from the user via the tools, information to configure the community website, the information
including one or more potential subscribers to be invited to the community website;

in response to receiving the information, sending, by the database service, an invitation to join the community website to
each of the potential subscribers;

in response to an acceptance of a corresponding invitation by a potential subscriber, creating, by the database service, an
active subscriber account on the community website to enable access to the community website, wherein the access to the community
website includes allowing the active subscriber account to:

post content to the community website,
comment on content posted to the community website,
participate in discussions on the community website,
search for keywords, members, and comments on the community website,
send information related to the community website from the community website in an e-mail, and
vote on each particular content posted to the community website via selection of a link associated with the particular content,
wherein the visually represents a count of a total number of votes cast for the particular content;

storing, by the database service for each active subscriber, at least one setting indicating a type of activity occurring
on the community website that is of interest to the active subscriber;

providing, by the database service to each of the active subscribers, alerts that are responsive to an activity occurring
on the community website that is of a type indicated by the at least one setting;

generating, by the database service, statistics on the community website that include a count of a number of the active subscribers
to the community website;

providing, to the user by the database service, tools for the user to create a friend webpage specific to friends of the user;
receiving, at the database service from the user via the tools, information to configure a friend webpage specific to another
user including information about the other user;

configuring, by the database service on behalf of the user, the friend webpage specific to the other user, wherein the friend
webpage is configured to include the information about the other user received from the user; and

making, by the database service, the friend webpage having the information about the other user accessible only to the user
and to additional users given permission by the user.

US Pat. No. 9,203,934

SYNCHRONIZATION OF CLOCKS BETWEEN TWO COMMUNICATION TERMINALS USING TCP/IP

salesforce.com. inc., Sa...

1. A method to determine a clock time difference between a first terminal and a second terminal, the method comprising:
sending a first Internet Protocol packet from the first terminal to the second terminal, the packet having a time stamp indicating
the time at which it was sent from the first terminal;

receiving a second Internet Protocol packet at the first terminal from the second terminal, the packet having a time stamp
indicating the time at which it was sent from the second terminal;

comparing the time stamp of the second packet and an arrival time at the first terminal to determine an inbound latency;
comparing the determined inbound latency to the stored bias;
setting the stored bias to the determined inbound latency if the stored bias is less than the determined inbound latency;
and

determining a clock time difference at the second terminal using the stored bias.

US Pat. No. 9,201,760

METHOD AND SYSTEM FOR IDENTIFYING ERRORS IN CODE

salesforce.com, inc., Sa...

1. A method for identifying errors in software code in a multi-tenant environment comprising:
calculating, by a host system, memory usage statistics of each of a group of objects that contributed to a current heap dump,
the host system including a set of one or more processors and a memory system including one or more computer readable media
by the set of one or more processors;

identifying, by the host system, top consumers of memory by object of the current heap dump;
determining, by the host system, how much memory a given one of the top consumers consumes with respect to how much memory
top consumers other than the given one of the top consumers consume;

computing, by the host system, a suspect score based on the determining; and
determining, by the host system, whether the given one of the top consumers is likely to have caused memory issues based on
the suspect score.

US Pat. No. 9,197,694

PROVIDING ON-DEMAND ACCESS TO SERVICES IN A WIDE AREA NETWORK

salesforce.com, inc., Sa...

1. A method of facilitating access to composite services, the method comprising:
receiving, from at least one computing device on an interoperability network, a selection of a pre-defined business application,
wherein the pre-defined business application comprises a composite service integrating operation of a plurality of constituent
services in communication with the interoperability network, the plurality of constituent services being associated with and
controlled by a plurality of independent service providers;

receiving, from the computing device on the interoperability network, a request to initiate an instance of the selected composite
service;

referencing a directory storing access policy information for the plurality of constituent services and using the access policy
information to establish access to the constituent services; and

connecting with the constituent services and selectively facilitating interaction between the computing device and the constituent
services, thereby enabling a user of the computing device to access the composite service as an integrated solution in which
the composite service facilitates messaging between or among the constituent services.

US Pat. No. 9,195,438

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR CREATING AN APPLICATION WITHIN A SYSTEM

salesforce.com, inc., Sa...

1. A computer program product embodied on a non-transitory computer readable medium, the computer program product including
computer code adapted to be executed by a computer to perform a method comprising:
receiving, at a system, a request to create an application having one or more components;
creating the application within the system, based on the request, the created application including a module having the one
or more components of the application;

defining, within the system, a unique namespace for the created application and dictating the unique namespace within the
module;

defining, within the system, a permission level for the unique namespace;
limiting, through the system, access to components of the created application by applications outside of the unique namespace,
in accordance with the permission level defined for the unique namespace;

preventing, through the system, access by the components of the created application to metadata outside of the unique namespace
when the permission level defined for the unique namespace dictates that the access by the components of the created application
to the metadata outside of the unique namespace is disallowed;

wherein the system implements a module directory to distinguish between an application component type within the system and
an application module within the system having a same name.

US Pat. No. 9,189,532

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR LOCALLY DEFINING RELATED REPORTS USING A GLOBAL DEFINITION

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code adapted to be executed to cause a computer to implement a method, the
method comprising:
receiving by a database system a request for a composite report that is created by aggregating results of a plurality of related
reports;

identifying the plurality of related reports within the database system, wherein each of the related reports includes a query
for data stored in the database system;

determining, by the database system, a global report definition specific to the requested composite report, the global report
definition including a plurality of attributes to be applied during an execution of the composite report, the attributes including
filter criteria that are applied to each of the queries for data and a summary that is calculated utilizing at least a portion
of the queried data;

replicating, by the databases the attributes of the global report definition from the global report definition to a local
report definition of each of the plurality of related reports, such that each local report definition of the plurality of
related reports includes the plurality of attributes to be applied during an execution of the related report;

executing, by the database system, each of the related reports, including for each of the related reports, performing the
query for data included within the report, applying the filter criteria from the local report definition to the query, and
calculating the summary utilizing at least the portion of the queried data according to the local report definition; and

aggregating, by the database system, the results of the execution of the plurality of related reports to form the requested
composite report.

US Pat. No. 9,185,342

SYSTEMS AND METHODS FOR IMPLEMENTING INSTANT SOCIAL IMAGE COBROWSING THROUGH THE CLOUD

salesforce.com, inc., Sa...

1. A method at a client device having at least a processor and a memory therein, wherein the method comprises:
loading an application at the client device, the application displaying a graphical interface at the client device;
receiving input at the graphical interface of the client device to initiate an instant share session;
generating an action at the client device to request an instant share session;
communicating the action from the client device to a remote host organization via a public Internet;
receiving, at the client device, a pointer to a dynamically created co-browse site at the host organization responsive to
communicating the action from the client device to the remote host organization;

following the pointer to the dynamically created co-browse site at the host organization communicably linking the client device
with the host organization;

exchanging a video telephony stream between the client device and a remote party through the dynamically created co-browse
site; and

wherein the action generated at the client device and communicated to the remote host organization is: (i) passed to a routing
system to determine a priority for escalating the instant share session, (ii) passed to an escalation system to apply the
priority determined by expediting the request for an instant share session out of turn based on the priority determined, and
(iii) passed to an expert locator to identify one or more experts to participate as the remote party in exchanging the video
telephony stream with the client device through the dynamically created co-browse site.

US Pat. No. 9,264,388

RE-ROUTING INCOMING EMAIL FOR A MULTI-TENANT DATABASE SYSTEM

salesforce.com, inc., Sa...

1. A method for processing email for a multi-tenant database system comprising a plurality of data centers and a plurality
of instances of a multi-tenant database system core, each of the plurality of data centers implementing at least one of the
plurality of instances of the multi-tenant database core, the method comprising:
maintaining, at each of the plurality of data centers, an instantiation of a private domain name service (DNS) database, the
private DNS database comprising a respective DNS entry for every possible combination of one of the plurality of data centers
and one of the instances of the multi-tenant database system core;

receiving an incoming email at a first local mail transfer agent (MTA) of a first data center of the plurality of data centers,
the incoming email directed to an incoming email address comprising a first domain string that includes a pod token;

redirecting the incoming email to a redirected email address comprising a second domain string that includes the pod token
and a data center token that identifies the first data center;

obtaining, from the instantiation of the private DNS database maintained at the first data center, a destination location
for the redirected email address, wherein the destination location is obtained from the respective DNS entry that includes
a combination of the pod token and the data center token; and

routing the incoming email to the destination location.

US Pat. No. 9,264,391

COMPUTER IMPLEMENTED METHODS AND APPARATUS FOR PROVIDING NEAR REAL-TIME PREDICTED ENGAGEMENT LEVEL FEEDBACK TO A USER COMPOSING A SOCIAL MEDIA MESSAGE

salesforce.com, inc., Sa...

1. A computer implemented method for providing near real-time feedback to a first user of a social networking system when
the first user is composing a social media message, the feedback indicating a predicted level of engagement with the social
media message by a second one or more users of the social networking system, the method comprising:
receiving, at a server, message information regarding the social media message being composed by the first user at a computing
device;

determining, using a prediction model, a predicted engagement score based on the message information, the predicted engagement
score being an approximation of the predicted level of engagement with the social media message by the second one or more
users of the social networking system; and

sending data representing the predicted engagement score to the computing device to display a presentation in a user interface
at which the social media message is being composed, the presentation including a graphical representation of the predicted
engagement score and a graph presenting one or more previous predicted engagement scores for the social media message, the
graphical representation including a graphical indicator proximate a region of the user interface at which the social media
message is being composed, the graphical indicator configured to indicate at least a positive or a negative change to the
predicted engagement score in response to a change to content of the social media message being composed.

US Pat. No. 9,201,696

SYSTEMS AND TECHNIQUES FOR UTILIZING RESOURCE AWARE QUEUES AND/OR SERVICE SHARING IN A MULTI-SERVER ENVIRONMENT

salesforce.com, inc., Sa...

1. A method for managing incoming requests for an application server coupled to provide responses to the requests within a
multi-organization computing environment, the method comprising:
receiving the requests directed to the application server, from a network socket and placing the requests into one or more
of at least three queues maintained in front of the application server so that the requests are maintained in the network
layer and not in application server memory or disk, and wherein the at least three queues each have an associated priority,
wherein the queues each have an associated sensitivity mechanism that respond to shared resources globally and application
server specific resources locally;

utilizing metadata associated with the requests to manage the one or more queues by analyzing the metadata with a peeker thread
and creating an object with the peeker thread to encapsulate the metadata comprising organization information related to the
requests, request information, priority information, and resource information, wherein the organization information corresponds
to an organization that is one of multiple organizations in the multi-organization computing environment;

maintaining, with a plurality of application servers a list of healthy application servers to which requests are sent when
a target application server has reached a workload threshold;

monitoring the at least three queues with a pinger thread to maintain a map of application server specific resources;
pushing a request from an unhealthy application server to a healthy server from the list in response to an application server
being designated unhealthy by exceeding the workload threshold;

processing the requests from the one or more queues based on the metadata, wherein the requests are processed by worker threads
that are sensitive to availability of one or more server resources.

US Pat. No. 9,262,037

SELECTIVE CAPTURE OF INCOMING EMAIL MESSAGES FOR DIAGNOSTIC ANALYSIS

salesforce.com, inc., Sa...

1. A method for processing email, the method comprising:
receiving email capture criteria for incoming email messages directed to a destination tenant of a multi-tenant database system,
each of the incoming email messages having a recipient address ending with a common domain string that corresponds to the
multi-tenant database system, and the email capture criteria received in an email capture request that is valid for only one
captured email message;

comparing the email capture criteria to searchable information conveyed in the incoming email messages;
when the searchable information in a candidate email message of the incoming email messages matches the email capture criteria
by at least a threshold amount, identifying the candidate email message as a matched email message;

saving a copy of the matched email message;
performing incoming email processing on the matched email message; and
after the matched email message has been detected, indicating that the email capture request is completed.

US Pat. No. 9,509,715

PHISHING AND THREAT DETECTION AND PREVENTION

SALESFORCE.COM, INC., Sa...

1. A database system for detecting and preventing phishing attacks, the database system comprising:
a hardware processor; and
one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps
of:

detecting a request to open an electronic mail message (email) after the email has arrived in a user mailbox;
prior to opening the email in the user mailbox, sending a link contained in the email to a threat detection server in response
to detecting the request to open the email;

receiving a threat level identifier from the threat detection server associated with the link after being compared with blacklisted
links; and

opening the email and displaying a message with the email and the threat level identifier associated with the link.

US Pat. No. 9,240,016

SYSTEMS, METHODS, AND APPARATUSES FOR IMPLEMENTING PREDICTIVE QUERY INTERFACE AS A CLOUD SERVICE

salesforce.com, inc., Sa...

1. A method in a host organization, the method comprising:
exposing an interface to client devices operating remotely from the host organization, wherein the interface is accessible
by the client devices via a public Internet;

executing a predictive database at the host organization as an on-demand cloud based service for one or more subscribers;
authenticating one of the client devices by verifying the client device is associated with one of the subscribers and based
further on authentication credentials for the respective subscriber;

processing a dataset of columns and rows to generate indices on behalf of the authenticated subscriber, the indices representing
probabilistic relationships between the rows and the columns of the dataset, wherein the processing comprises: (i) processing
the dataset by iteratively learning joint probability distributions over the dataset to generate the indices, (ii) periodically
determining a predictive quality measure of the indices generated by the processing of the dataset, and (iii) terminating
processing of the dataset when the predictive quality measure attains a specified threshold;

receiving a prediction request from the authenticated subscriber via the interface;
executing a query against the indices of the predictive database generated from the dataset;
returning a prediction result of the query to the authenticated subscriber responsive to the prediction request; and
returning a notification with the prediction result indicating processing of the stored dataset has not yet completed or returning
a notification with the prediction result indicating the predictive quality measure is below the specified threshold, or returning
both with the prediction result.

US Pat. No. 9,189,090

TECHNIQUES FOR INTERPRETING SIGNALS FROM COMPUTER INPUT DEVICES

salesforce.com, inc., Sa...

1. A method comprising:
displaying on a computer system a web page containing one or more script elements, wherein said one or more script elements
are responsive to input data from an input device;

receiving at the computer system from the input device multiple segments of input data, the multiple segments of data defining
an input sequence, wherein a time interval between receiving adjacent segments of data within the input sequence comprises
a phase differential;

selecting, from a plurality of actions that change a user experience with the web page, an action associated with said input
sequence, wherein the multiple segments of input data are sensed by event handlers of a script element and are processed into
an event trigger that is implemented in multiple layers of a software stack, wherein the event handlers correspond to nodes
in a Document Object Model (DOM) tree and the one or more script elements have multiple event handlers; and

executing said action on the computer system, wherein the phase differential of any two adjacent segments of input data, from
the input sequence received by the computer system, as well as a corresponding region of the web page at which point the data
input is sensed, are utilized to determine a desired action to the web page from among a set of actions that changes the user
experience with the web page.

US Pat. No. 9,262,137

ADDING DIRECTIVES FOR VERSIONS OF JAVASCRIPT FILES DIRECTLY INTO SOURCE CODE IN A MULTI-TENANT DATABASE ENVIRONMENT

salesforce.com, inc., Sa...

1. A method, comprising:
receiving, at a processor, a source file for preprocessing, wherein the source file comprises source code and is written in
a client-side scripting language;

parsing, at the processor, the source file;
identifying, at the processor, directive information for a preprocessed directive within the source code of the source file,
wherein the directive information comprises data on at least a portion of a client-side scripting language file and a mode;

creating, at the processor, a version of the source file for the mode, wherein the version of the source file comprises the
source code from the source file and the at least a portion of the client-side scripting language file;

associating, at the processor, metadata with the preprocessed directive and the version of the source file, wherein the metadata
comprises: information regarding which portions of the source file have been altered since a last preprocessing of the source
file has occurred, and at least a portion of the client-side scripting language file for generating at least a portion of
markup language for a web page to be served to a client device using a webserver;

storing the metadata in a database;
retrieving, via the webserver from the database, only the metadata associated with the preprocessed directive in the version
of the source file such that the entire source file is not retrieved; and

in response to receiving a request for the metadata associated the version of the source file, generating, in accordance with
the metadata associated with the preprocessed directive and the version of the source file, at least the portion of the markup
language for the web page to be served to the client device.

US Pat. No. 9,244,995

METHOD AND SYSTEM FOR SYNCHRONIZING A SERVER AND AN ON-DEMAND DATABASE SERVICE

salesforce.com, inc., Sa...

1. A method, comprising:
receiving a request to update data of a user of a system, the data of the user being stored by the system;
in response to the request, identifying, by the system, data relevant to the user that is stored by a server separate from
the system;

utilizing a data structure stored on a non-transitory computer readable storage medium of the system to determine, by the
system, a portion of the data stored by the server and identified as relevant to the user that is different from the data
of the user that is stored by the system, the data structure including a plurality of user identifiers each identifying one
of a plurality of users of the system and a plurality of data identifiers each correlated with at least one of the user identifiers
and identifying data accessible to the user associated with the correlated user identifier; and

updating, by the system, the data of the user stored by the system with the portion of the data stored by the server and identified
as relevant to the user that is determined to be different from the data of the user that is stored by the system.

US Pat. No. 9,948,743

MANAGING MEMORY USAGE IN SERVER SYSTEMS

SALESFORCE.COM, INC., Sa...

1. A method for a server system to manage memory in a server, the method comprising the steps of:monitoring, by the server system, resource usage of a processor and a storage device;
monitoring, by the server system, memory usage for a local memory by the server;
initializing a first clean-up operation that rate limits synchronizing cached pages in the local memory with pages in the storage device to increase the amount of available space in the local memory based on the resource usage and a first level of the memory usage; and
initializing a second clean-up operation that does not rate limit synchronizing the cached pages in the local memory with the pages in the storage device, and independently of the resource usage based on a second level of the memory usage higher than the first level of the memory usage.

US Pat. No. 9,467,434

DOCUMENT RENDERING SERVICE

salesforce.com, inc., Sa...

1. A system for generating a platform-independent document comprising:
a database system implemented using a server system, the server system including one or more processors and one or more storage
devices, the database system configurable to implement a document-rendering service configurable to:

receive a request to generate a platform-independent document based on a renderable web document, the request including markup
language content for the renderable web document;

provide the markup language content to a rendering engine of the document-rendering service, the rendering engine being configured
to: parse the markup language content, generate one or more resource requests for resources identified in the parsed markup
language content, and communicate the one or more resource requests;

intercept the one or more resource requests communicated from the rendering engine;
communicate the one or more intercepted requests, or one or more requests based on the intercepted requests, to retrieve resources
identified in the one or more intercepted requests;

receive resources retrieved based on the communicated one or more intercepted requests, or the communicated one or more requests
based on the intercepted requests;

provide the received resources to the rendering engine, the rendering engine being further configured to generate the platform-independent
document based on the markup language content and the provided resources; and

provide the generated platform-independent document for communication to a remote computing device.

US Pat. No. 9,348,910

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR CREATING MOBILE CUSTOM VIEWS FOR TENANTS OF AN ON-DEMAND DATABASE SERVICE

salesforce.com, inc., Sa...

1. A method, comprising:
receiving, by a system from a mobile device of a user via a network, a command to define a view for the mobile device of the
user, the view having at least one mobilized object that includes one or more fields and that is configurable for the mobile
device such that the view is customized for the mobile device including retrieving at least one value corresponding to the
one or more fields of the at least one mobilized object;

in response to receiving the command, generating, by the system, at least one instruction adapted to being utilized by the
mobile device for retrieving from the system a configuration for the mobilized object which customizes the view for the mobile
device; and

in response to the system generating the at least one instruction, automatically pushing, by the system, the at least one
instruction to the mobile device via the network;

wherein the at least one instruction, when utilized by a processor of the mobile device, retrieves from the system the configuration
for the mobilized object which customizes the view for the mobile device.

US Pat. No. 9,170,908

SYSTEM AND METHOD FOR DYNAMIC ANALYSIS BYTECODE INJECTION FOR APPLICATION DATAFLOW

salesforce.com, inc., Sa...

1. An apparatus for dynamic analysis bytecode injection for application dataflow, the apparatus comprising:
a processor; and
one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps
of:

injecting bytecode to create a source tracking object for a data object received from a data source;
injecting bytecode to record information associated with the data source into the source tracking object;
injecting bytecode to create a copy of the data object for a tracking event in an application program;
injecting bytecode to create a flow tracking object for the tracking event;
injecting bytecode to record information associated with the tracking event into the flow tracking object as the tracking
event processes the copy of the data object;

injecting bytecode to create a sink tracking object for outputting the copy of the data object to a data sink;
injecting bytecode to record information associated with the data sink into the sink tracking object; and
injecting bytecode to output the source tracking object, the flow tracking object, and the sink tracking object as dynamic
analysis of dataflow in the application program.

US Pat. No. 9,098,539

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR ENABLING ACCESS TO A RESOURCE OF A MULTI-TENANT ON-DEMAND DATABASE SERVICE UTILIZING A TOKEN

salesforce.com, inc., Sa...

1. A method, comprising:
receiving, at a first domain of a first system, a first request from a device of a user to make a resource accessible;
in response to the first request, generating, by the first system, a token that includes a time-to-live;
storing, in memory of the first system, the token;
storing, in association with the token in the memory of the first system, an identifier of the user and information to be
utilized for accessing the resource;

in response to the first request, sending by the first system to the device of the user the token and an instruction to transmit
the token to a second domain of a second system;

in response to the second system receiving the token through the second domain from the device of the user:
performing a look-up of the token,
through the performance of the look-up, verifying that the token is stored and the token has not expired,
in response to the verifying, providing, to the second system, the information to be utilized for accessing the resource that
is stored in association with the token, and

permitting access to the resource via the second domain, wherein the access is permitted through use by the second system
of the information.

US Pat. No. 9,330,145

SYSTEMS AND METHODS FOR CONTEXT-AWARE MESSAGE TAGGING

salesforce.com, inc., Sa...

1. A method for providing a contextual view for a communication tool, the method comprising:
providing a context attribute interface between the communication tool and one or more context sources, the communication
tool presenting a graphical user interface; extracting˜through software associated with the context attribute interface, context
attributes from generated text from a real-time conversation between two or more users using the communication tool via the
graphic user interface, the conversation generating text included in a conversation thread, the context attributes describing
interactions and data objects associated with one or more entities;

assigning through software associated with the context attribute interface, one or more scores to the extracted context attributes
based on contents of the conversation thread, the scores providing a rank for each of the extracted context attributes; and

modifying through software associated with the context attribute interface, a presentation of the graphical user interface
of the communication tool based on the one or more scored context attributes.

US Pat. No. 9,323,634

GENERATING A CONFIGURATION FILE BASED UPON AN APPLICATION REGISTRY

salesforce.com, inc., Sa...

1. A computer executed method for generating a configuration file on a server, comprising:
determining, by a processor, which users associated with a predetermined group are logged into the server;
determining, by the processor, for each user logged into the server associated with the predetermined group, which applications
each user is running by:

searching, by the processor, for a registry directory associated with each user, and
determining, by the processor, which applications each user is running based upon registry files associated with the registry
directory,

generating, by the processor, the configuration file based upon which applications each user is running, the configuration
file indicating at least one monitoring target selected from at least one of a data entry in a database system, a network
infrastructure element and a network security process according to a lookup table associating the applications each user is
running with one of the monitoring targets;

storing the configuration file at a predefined location in a memory; and
configuring a monitoring application to monitor one or more monitoring targets based upon which applications each user is
running by accessing the configuration file at the predefined location in the memory upon initiating the monitoring application.

US Pat. No. 9,244,660

RESPONSIVE SELF-SERVICE WEBSITE TEMPLATE

salesforce.com, inc., Sa...

1. A method of development of a customer relationship management (CRM)-integrated website visitor facing component, the method
including:
exposing a customization protocol to a website developer that implements a visitor facing component add-in to a customer relationship
management (CRM) website, the visitor facing component add-in including at least one page element preprogrammed to:

search support articles that are added to the CRM website;
display visual representations of featured categories of the support articles; and
contact support for the CRM website;
receiving customization instructions from the website developer applicable to the page element of the visitor facing component
add-in;

responsive to receiving the customization instructions, generating data for display of a live preview of a customized visitor
facing component add-in to the CRM website; and

generating a customized visitor facing component add-in code base that is suitable to be embedded on or linked to the CRM
website, whereby a website visitor can interact with the visitor facing component add-in.

US Pat. No. 9,245,252

METHOD AND SYSTEM FOR DETERMINING ON-LINE INFLUENCE IN SOCIAL MEDIA

salesforce.com, inc., Sa...

1. A computer-implemented method performed by a computer for determining a topical influence value of a commentor, an influence
value of an individual and a topical influence value of a web-site, wherein the computer is in communication with a server
via network to access a web-site hosted by the server, the computer-implemented method comprising steps of:
matching and tagging content within the web-site with a selected topic, using a processor of the computer, to generate tagged
content;

extracting, with the processor, viral properties for the tagged content;
identifying, with the processor, a commentor from said tagged content and an individual cited in the tagged content contained
within the web-site;

aggregating, with the processor, the viral properties for the tagged content from said web-site to form aggregated viral properties
of the tagged content from said web-site, the viral properties of the tagged content from said commentor to form aggregated
viral properties of the tagged content from said commentor, and the viral properties of the tagged content citing said individual
to form aggregated viral properties of the tagged content citing said individual;

computing with the processor:
the topical influence value of said commentor based on a linear combination of the aggregated viral properties of the tagged
content from said commentor weighted with respective weights applied to each of the aggregated viral properties of the tagged
content from said commentor;

the influence value of said individual based on a linear combination of the aggregated viral properties of the tagged content
citing said individual; and

the topical influence value of the web-site based on a linear combination of the aggregated viral properties of the tagged
content from said web-site, the topical influence value of the commentor, and the influence value of said individual cited
in the tagged content.

US Pat. No. 9,177,070

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR PERFORMING ACTIONS ASSOCIATED WITH A PORTAL

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code adapted to be executed to cause a computer to implement a method for
performing actions associated with a portal, the method comprising:
receiving a request from a user to view a portal;
identifying a profile of the user from which the request was received;
determining a portion of portal content available based on the identified profile of the user;
providing to the user the portion of the portal content;
after providing the portion of the portal content to the user, receiving a request to manipulate the portion of the portal
content from the user via the portal, wherein the requested manipulation of the portion of the portal content includes at
least one of an addition to, a removal of, and a rearrangement of the portion of the portal content;

in response to receiving the request to manipulate the portion of the portal content, determining whether the user is authorized
to perform the requested manipulation of the portion of the portal content by comparing an authorization level of the user
with an authorization level associated with the requested manipulation of the portion of the portal content; and

performing the requested manipulation of the portion of the portal content when it is determined, based on the comparison,
that the user is authorized to perform the requested manipulation of the portion of the portal content.

US Pat. No. 9,467,424

METHODS AND SYSTEMS FOR PROXYING DATA

salesforce.com, inc., Sa...

1. A method of storing data with an application server that preserves privacy of one or more data fields, the method including:
receiving, at a privacy proxy server, data representing a user input with first fields to be stored with an application server
and at least one second field determined by the privacy proxy server to be encrypted based upon a rule specifying a privacy
interest appropriate to a jurisdiction and then stored by the application server;

forwarding the first fields, the second field encrypted, and a second field mark that indicates encryption of the second field
to the application server to store;

the privacy proxy server querying the application server for a report that includes the second field encrypted and at least
one of the first fields that has not been encrypted;

receiving from the application server the report comprising the at least one of the first fields in a report format and the
second field encrypted with a report format placeholder;

decrypting the second field and replacing the report format placeholder with the decrypted second field; and
causing display of the report with the decrypted second field.

US Pat. No. 9,246,959

SYSTEM AND METHOD FOR LOCATION-BASED SOCIAL NETWORK FEEDS

salesforce.com, inc., Sa...

1. An apparatus for location-based social network feeds, the apparatus comprising:
a processor; and
a non-transitory machine readable medium storing one or more sequences of instructions which, when executed by the processor,
cause the processor to:

identify a geolocation of a display device;
identify a first network feed and a second network feed associated with a user profile associated with the display device;
identify a first geolocation associated with the first network feed;
identify a second geolocation associated with the second network feed;
calculate a first proximity between the first geolocation and the geolocation of the display device;
calculate a second proximity between the second geolocation and the geolocation of the display device; and
output, to the display device, the first network feed based on the first proximity and the second network feed based on the
second proximity.

US Pat. No. 9,246,707

COST-BASED SMTP EMAIL ROUTING

salesforce.com, inc., Sa...

1. A method of cost-based email message routing, the method comprising:
receiving a plurality of email messages for a plurality of recipient domains from one or more clients;
receiving cost information associated with sending the plurality of email messages to the plurality of recipient domains from
a plurality of Mail Transfer Agents (MTAs), the cost information indicating both latency associated with processing one or
more email messages by one or more of the plurality of MTAs, and latency associated with receipt of the one or more email
messages by one or more remote hosts;

maintaining, using a database system, a database storing data objects identifying one or more process flags for each of the
MTAs, the one or more process flags for an MTA configured to indicate a status of one or more email messages processed by
the MTA;

grouping, based on one or more of the process flags, ones of the plurality of email messages having the same recipient domain
or having recipient domains in geographical proximity to each other to produce one or more batches of email messages;

determining, based on the cost information, using one or more processors in communication with one or more computer systems,
a lowest cost MTA for sending each of the one or more batches of email messages;

sending each of the one or more batches of email messages using the lowest cost MTA; and
updating, responsive to sending each of the one or more batches of email messages, one or more of the process flags for the
lowest cost MTA to reflect that each of the one or more batches of email messages have been sent.

US Pat. No. 9,229,793

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR ROUTING MESSAGES TO A SERVER

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code adapted to be executed by a computer to implement a method for routing
messages to a server, the method comprising:
detecting by a system a request to migrate data of a client of the system from a first server of the system to a second server
of the system;

in response to the request, migrating the data of the client from the first server of the system to the second server of the
system;

during the migrating:
accessing one or more messages within a messaging element of the system separate from the first server and the second server,
the one or more messages including requests to perform one or more tasks on one or more servers of the system;

identifying one or more of the messages queued within the messaging element of the system that include one or more tasks to
be performed in association with the client of the system whose data is being migrated;

re-enqueueing the one or more identified messages within the messaging element of the system with a predetermined time delay;
detecting a conclusion to the migrating of the data of the client from the first server to the second server;
routing the one or more messages determined to be associated with the data being migrated from the messaging element to the
second server and performing the one or more tasks requested by the one or more messages on the second server, when it is
determined that the migrating of the data was successful; and

routing the one or more messages determined to be associated with the data being migrated from the messaging element to the
first server and performing the one or more tasks requested by the one or more messages on the first server, when it is determined
that the migrating of the data was not successful.

US Pat. No. 9,189,367

METHODS AND SYSTEMS FOR DEBUGGING BYTECODE IN AN ON-DEMAND SERVICE ENVIRONMENT

salesforce.com, inc., Sa...

1. A method in a host organization having at least a processor and a memory therein, wherein the method comprises:
receiving a request at a web-server of the host organization, the request specifying one or more services to access a multi-tenant
database of the host organization, the multi-tenant database operating within a production environment;

determining, via a trace flag analyzer, one or more trace preferences for the request, wherein the trace flag analyzer determines
the one or more trace preferences are active for the request based on a client organization identifier (OrgID) associated
with the request;

sending the request to a logging framework communicatively interfaced to the multi-tenant database, wherein the logging framework
comprises an encapsulated library of services to access the multi-tenant database, the encapsulated library of services including
the one or more services;

servicing the request via the logging framework while the multi-tenant database concurrently services requests each from a
different respective one of a plurality of distinct customer organizations, wherein servicing of the request results in each
individual service of the one or more services emitting respective execution data describing execution of each event by the
individual service to service the request, wherein the servicing of the request generates the execution data without causing
execution of the encapsulated library of services to be stopped or halted for any of the plurality of distinct customer organizations;
and

tracing an execution of code by the one or more services to service the request, including tracing according to the OrgID
associated with the request, the OrgID corresponding to one of the plurality of distinct customer organizations, wherein tracing
the execution of code includes a listener receiving the execution data emitted by the one or more services and selectively
sending only a portion of the execution data to a persistent storage based on the one or more trace preferences, wherein,
after servicing of the request is completed, an execution debug simulation is performed with the portion of execution data
sent to the persistent storage.

US Pat. No. 9,098,365

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR CONDITIONALLY ENABLING AN INSTALLATION ASPECT

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer readable medium having a computer readable program code
embodied therein, the computer readable program code causing a computer to implement a method, the method comprising:
receiving, at a system, a request to install application code, the system configured to host one or more applications;
identifying by the system prior to an installation of the application code within the system one or more actions required
to be performed by the system during the installation of the application code, where the one or more actions include accessing
data stored within the system, where the data required to be accessed during the installation of the application code is separate
from the application code to be installed within the system;

identifying, by the system, a developer of the application code; and
conditionally allowing, by the system, the installation of the application code within the system, based on a comparison of
the one or more actions to be performed by the system during the installation of the application and the identified developer
of the application code against one or more rules.

US Pat. No. 9,083,601

METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR MANAGING INTERCHANGE OF ENTERPRISE DATA MESSAGES

salesforce.com, inc., Sa...

1. A method for managing interchange of enterprise data messages, comprising:
authenticating a sending service to a message interchange network using information stored by the message interchange network;
receiving a message at the message interchange network from the sending service, wherein the message is generated to include
a header that conforms to an XML schema and a body portion and is routed from the sending service to the message interchange
network;

storing the message by the message interchange network;
authenticating a receiving service to the message interchange network using other information stored by the message interchange
network; and

providing the message to the receiving service when the receiving service polls the message interchange network for stored
messages;

wherein the receiving service periodically polls the message interchange network for messages routed to the message interchange
network;

wherein messages received by the receiving service from the message interchange network have been filtered by one or more
predetermined values and, as a result, include a subset of the messages routed to the message interchange network associated
with the one or more predetermined values;

wherein the header of the message defines a time-to-live specifying an expiration time for the message on the message interchange
network such that a lifetime of the message on the message interchange network is controlled by:

determining that the specified expiration time has passed before a retrieving of the message from the message interchange
network by the receiving service, and in response to determining that the specified expiration time has passed before the
retrieving of the message from the message interchange network by the receiving service, aborting further routing of the message.

US Pat. No. 9,495,403

METHOD AND SYSTEM FOR CLEANING DATA IN A CUSTOMER RELATIONSHIP MANAGEMENT SYSTEM

salesforce.com, inc., Sa...

1. An apparatus for cleaning data in a customer relationship management system, the apparatus comprising:
a processor; and
a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more
processors to:

receive a plurality of records;
compare the plurality of records to stored records in a database of a customer relationship management system, the plurality
of records being stored in a datastore that is independent of the database of the customer relationship management system;

identify a record from the plurality of records based on the identified record having content in a first data field that matches
content in a corresponding first data field in a stored record in the database of the customer relationship management system,
the identified record further comprising content in a second data field that differs from content in a corresponding second
data field in the stored record, the first and second fields of the identified record being different; and

update the content in the second data field in the stored record using the content in the second data field in the identified
record in response to a determination to update the content in the second data field in the stored record using the content
in the second data field in the identified record, the determination being made in response to either a user request or automatically
based on a previously selected blank auto-fill default.

US Pat. No. 9,471,619

COMPUTER IMPLEMENTED METHODS AND APPARATUS FOR CONTROLLING THE INCLUSION OF EDITED INFORMATION IN AN INFORMATION FEED

salesforce.com, inc., Sa...

1. A database system comprising:
at least one database storing a plurality of data objects; and
at least one server having at least one processor operable to cause:
processing a post received from a device associated with a first user of a social networking system implemented using the
database system, the post configured to be shared in at least one feed of the social networking system and configured to be
stored or identified using at least one of the data objects, the post having a state identified using at least one of the
data objects, the state being either editable to permit editing of the post or non-editable to prevent editing of the post;

applying at least a first criterion to content in relation to the post, the first criterion indicating at least one keyword;
determining that at least the first criterion is satisfied; and
controlling, based on the determination that at least the first criterion is satisfied, the state of the post to be editable
or non-editable.

US Pat. No. 9,262,138

ADDING DIRECTIVES FOR JAVASCRIPT FILES DIRECTLY INTO SOURCE CODE IN A MULTI-TENANT DATABASE ENVIRONMENT

salesforce.com, inc., Sa...

1. A method, comprising:
receiving, at a preprocessor, a source file for preprocessing, wherein the source file is written in a client-side scripting
language;

parsing, at the preprocessor, the source file;
identifying, at the preprocessor, a directive within the source file;
associating, at the preprocessor, metadata with the directive during the preprocessing such that the directive is a preprocessed
directive, wherein the metadata comprises: information regarding which portions of the source file have been altered since
a last preprocessing of the source file has occurred, and at least a portion of the source file in the client-side scripting
language for generating at least a portion of markup language for a web page to be served to a client device using a webserver;

retrieving, during the preprocessing, only the metadata associated with the preprocessed directive in the source file from
a database system such that the entire source file is not retrieved;

storing, during the preprocessing, the metadata associated with the preprocessed directive in a hash table;
receiving a request to access metadata associated with the preprocessed directive in the source file from the hash table;
and

generating the at least the portion of markup language for the web page to be served to the client device in accordance with
the metadata associated with the preprocessed directive in response to the request.

US Pat. No. 9,171,180

SOCIAL FILES

salesforce.com, inc., Sa...

1. An enterprise level information networking system implemented using a database system, the enterprise level information
networking system comprising:
database system software stored on a non-transitory data storage medium for execution by at least one computing device of
the enterprise level information networking system, the database system software operable to cause:

processing, using the database system, a request to share a first rights-managed file with at least one user, the first rights-managed
file being stored as one of a plurality of rights-managed files in a library as securable data objects in the database system,
the library capable of restricting access of the at least one user to the first rights-managed file according to a library
permission policy, the library permission policy configured to control authorization of offline actions regarding the first
rights-managed file and of online actions regarding the first rights-managed file by users in relation to interacting with
the rights-managed files stored in the library;

determining, using the database system, that the request complies with a plurality of access rights, the access rights comprising
at least one access right associated with the library permission policy, the at least one access right associated with the
library permission policy configured to provide an identical level of access to each of the rights-managed files stored in
the library; and

storing or updating, using the database system, a data object in the database system to associate the at least one user as
having access to the requested rights-managed file according to the access rights.

US Pat. No. 9,070,137

METHODS AND SYSTEMS FOR COMPILING MARKETING INFORMATION FOR A CLIENT

salesforce.com, inc., Sa...

1. A method of compiling marketing information for a client, the method comprising:
obtaining data from a plurality of social media websites, wherein each of the social media websites includes a universal resource
identifier that points to a client website;

extracting a plurality of insights from the obtained data, resulting in extracted insights, wherein each of the extracted
insights comprises text elements that denote product approval for at least one product available for sale at the client website;

collecting measurements of traffic to the client website, the traffic being referred to the client website by the plurality
of social media websites; and

generating a referred traffic dynamics summary table based on the extracted insights and the measurements of traffic, wherein
the referred traffic dynamics summary table aggregates the extracted insights across the plurality of social media websites
to rank the extracted insights.

US Pat. No. 9,633,101

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR PORTAL USER DATA ACCESS IN A MULTI-TENANT ON-DEMAND DATABASE SYSTEM

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer readable storage medium having a computer readable program
code embodied therein, wherein the computer readable program code is executable to cause a computer to implement a method
comprising:
providing first and second interfaces to users associated with a tenant of a multi-tenant system having hardware and software
that is shared by multiple tenants, wherein the first and second interfaces have different data access mechanisms and wherein
the second interface includes multiple portals that are each a web interface, specific to one of the multiple tenants, that
redirects users of the one of the multiple tenants to the multi-tenant system;

wherein the first interface is accessible to an administrator of each of the multiple tenants for enabling the administrator
to access the multi-tenant system;

for each of the multiple tenants, allowing the administrator of the tenant to manage, through the first interface, access
of users of a first type and users of a second type to objects stored by the multi-tenant system;

receiving a first request to access a data object stored by the multi-tenant system from a first user of the first type, wherein
the first type of user is an internal user;

determining whether to allow the first user to access the data object based on determining whether the user is included in
a user group, wherein access control information specifying the user group and whether users in the user group are allowed
to access the data object is stored externally to the data object;

providing one of the multiple portals to users of a tenant to enable the users to access the multi-tenant system;
receiving, via the provided portal, a second request to access the data object from a second user of the second type, wherein
the second type of user is a portal user;

determining whether to allow the second user to access the data object based on accessing the data object and determining
whether the data object includes a reference, in a field of the data object, to a user identifier data structure associated
with the second user; and

providing the second user with access, through the provided portal, without using access control information that is external
to the data object, to the data object as a result of determining that the data object includes a reference to a data structure
associated with the second user.

US Pat. No. 9,275,082

USER-EXTENSIBLE COMMON SCHEMA IN A SHARED DATABASE

salesforce.com, inc., Sa...

1. An apparatus comprising:
a shared database organized around a common schema defined by metadata, the shared database being shared by multiple users
having access to different subsets of the data in the shared database;

a first application to provide access to the shared database using the common schema, the first application having a purchased
first schema extension received from a first identified user, the first schema extension being defined by metadata and having
a first set of additional objects, the first set of additional objects being defined by the first application, the first schema
extension making changes to the common schema metadata to change a view of an object of the shared database and wherein the
first application tracks the changes to the common schema metadata; and

a second application to provide access to the shared database using the common schema, the second application having a second
purchased schema extension received from a second identified user, the second schema extension having a second set of additional
objects, the second set of additional objects being defined by the second application,

wherein the first and second applications present views of and operations on the shared database that are extended by the
respective schema extension.

US Pat. No. 9,268,963

ON-DEMAND DATABASE SERVICE SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR CONDITIONALLY ALLOWING AN APPLICATION OF AN ENTITY ACCESS TO DATA OF ANOTHER ENTITY

salesforce.com, inc., Sa...

1. A computer program product embodied on a non-transitory computer readable medium, the computer program product including
computer code adapted to be executed by a computer to implement a method comprising:
receiving, by a system, a package created by a first entity of the system, the package including an application and the package
specifying permissions required by the application;

storing, by the system, the package;
making the stored package available to one or more users of the system, by the system;
receiving, by the system from one of the users, a request to install the application;
determining, by the system, whether the user is authorized to install the application;
when the system determines that the user is not authorized to install the application, disallowing the user from installing
the application, by the system;

when the system determines that the user is authorized to install the application:
determining, from the stored package by the system, the permissions required by the application,
presenting, through the system, the determined permissions to the user, after presenting the determined permissions to the
user, determining, by the system, whether the user grants the permissions required by the application, wherein the presenting,
through the system, the determined permissions to the user, and the determining, by the system, whether the user grants the
permissions required by the application, are performed during the installing of the application,

when the system determines that the user does not grant the permissions required by the application, disallowing the user
from completing the installing of the application, by the system, and

when the system determines that the user grants the permissions required by the application, allowing the user to complete
the installing of the application, by the system;

after the user installs the application, receiving, by the system from the first entity, an indication that the permissions
required by the application have changed; and

in response to receiving the indication that the permissions required by the application have changed, notifying the user
of the change to the permissions required by the application.

US Pat. No. 9,253,283

SYSTEMS AND METHODS FOR GHOSTING AND PROVIDING PROXIES IN A NETWORK FEED

salesforce.com, inc., Sa...

1. A method for maintaining anonymity in a social networking system implemented using a database system, the method comprising:
designating, using a server of the database system, a first user of the social networking system as a ghost user with respect
to an entity in the social networking system, the ghost user having access to feeds associated with the entity and the ghost
user having an invisibility to other users of the social networking system;

determining, based on a seniority level of the ghost user in an organizational hierarchy of people of an organization, one
or more invisibility levels defining the invisibility of the ghost user to the other users:

generating data indicating content to be displayed in accordance with the one or more invisibility levels of the ghost user;
and

providing the generated data to a display device to display a first presentation of a feed of the feeds associated with the
entity in a user interface associated with a second user, the first presentation concealing one or more of the identity of
the ghost user or feed content associated with the ghost user according to the determined one or more invisibility levels.

US Pat. No. 9,244,599

MULTIPLE STAKEHOLDERS FOR A SINGLE BUSINESS PROCESS

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code adapted to be executed by a computer to implement a method comprising:
providing, by a system, a workflow design tool user interface operable to allow one or more users to perform operations associated
with creating a workflow;

storing, by the system, user information for the one or more users indicating user privileges for performing the operations
associated with creating the workflow;

controlling, by the system, which of the operations associated with creating the workflow are accessible to the one or more
users, based on the user privileges, including:

when the user privileges stored for a user of the one or more users indicates that the user is not allowed to perform one
or more of the operations associated with creating the workflow, then prohibiting the user from initiating the one or more
of the operations within the system, and

when the user privileges stored for the user of the one or more users indicates that the user is allowed to perform one or
more of the operations associated with creating the workflow, then allowing the user to initiate the one or more of the operations
within the system.

US Pat. No. 9,219,775

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR PUBLICLY PROVIDING WEB CONTENT OF A TENANT USING A MULTI-TENANT ON-DEMAND DATABASE SERVICE

salesforce.com, inc., Sa...

1. A non-transitory computer readable medium storing a computer program product, the computer program product comprising instruction
adapted to be executed by a computer to perform a method comprising:
storing authentication information for subscribers of a database service, each of the subscribers having an account with the
database service;

storing, by the database service, web content of each of the subscribers;
in response to a request by one of the subscribers to log into the database service, authenticating the subscriber with the
database service, using the authentication information stored for the subscriber;

after authenticating the subscriber with the database service, receiving, by the database service, information from the subscriber,
the information including:

a name by which the web content of the subscriber is capable of being accessed, wherein the name is received by the subscriber
registering the name with the database service, and

security settings for the web content, wherein the security settings indicate each portion of the web content that is allowed
to be publicly accessed by non-subscribers of the database service;

mapping the name to the account that the subscriber has established with the database service;
storing the security settings in association with the account of the subscriber;
publicly providing the web content to a non-subscriber of the database service using the database service, based on the information,
by:

receiving a request from the non-subscriber for the web content, wherein the request includes the name,
identifying the account of the subscriber using the name by identifying the mapping of the name to the account of the subscriber,
identifying the security settings for the web content using the identification of the account of the subscriber,
determining the portions of the web content that the security settings allow to be provided to the non-subscriber, and
providing the determined portions of the web content to a web-browser of a device of the non-subscriber.

US Pat. No. 9,171,150

SYSTEM AND METHOD FOR DYNAMIC ANALYSIS TRACKING OBJECTS FOR APPLICATION DATAFLOW

salesforce.com, inc., Sa...

1. An apparatus for dynamic analysis tracking objects for application dataflow, the apparatus comprising:
a processor; and
one or more stored sequences of instructions which, when executed by the processor, cause the processor to:
receive a data object from a data source;
create a source tracking object for the data object;
record information associated with the data source into the source tracking object;
create a copy of the data object for a tracking event in the application program;
create a flow tracking object for the tracking event;
record information associated with the tracking event into the flow tracking object as the tracking event processes the copy
of the data object;

output the copy of the data object to a data sink;
create a sink tracking object for the data sink;
record information associated with the data sink into the sink tracking object; and
output the source tracking object, the flow tracking object, and the sink tracking object as dynamic analysis of dataflow
in the application program.

US Pat. No. 9,165,036

STREAMING TRANSACTION NOTIFICATIONS

salesforce.com, inc., Sa...

1. A method of identifying transactions satisfying a streaming query, the method comprising:
initiating, by a first application server, a transaction for an entry in a database in response to input data from a client
device;

determining an identifier associated with a user of the client device matches an identifier associated with the streaming
query;

after determining the identifier associated with the user matches the identifier associated with the streaming query:
determining the transaction is relevant to the streaming query when the transaction involves a field of the entry associated
with the transaction that corresponds to a data field of a query statement associated with the streaming query;

determining the transaction satisfies a notification qualifier for the streaming query; and
after determining the transaction is relevant to the streaming query and satisfies the notification qualifier, determining
the transaction satisfies the streaming query when a value for the field of the entry associated with the transaction satisfies
the query statement associated with the streaming query; and

updating, by the first application server, a notification table in the database to indicate an association between the entry
and the streaming query after determining the transaction satisfies the streaming query.

US Pat. No. 9,104,484

METHODS AND SYSTEMS FOR EVALUATING BYTECODE IN AN ON-DEMAND SERVICE ENVIRONMENT INCLUDING TRANSLATION OF APEX TO BYTECODE

salesforce.com, inc., Sa...

1. A method comprising:
executing, with one or more processors, code conforming to a first programming language in a multitenant environment, the
code conforming to the first programming language having a plurality of reference types, wherein the multitenant environment
includes data for multiple client entities, each identified by a tenant identifier (ID) having one of one or more users associated
with the tenant ID, users of each of multiple client identities can only access data identified by a tenant ID associated
with the respective client entity, and the multitenant environment is at least a hosted database provided by an entity separate
from the client entities, and provides on-demand database service to the client entities wherein the code conforming to the
first programming language comprises on demand platform code capable of running without client-side servers or software;

identifying a value type reference from the plurality of reference types;
unboxing the value type;
performing an operation associated with the value type to generate a result;
boxing the result;
generating code conforming to a second programming language comprising at least the boxed result, wherein the code conforming
to the second programming language comprises bytecode; and

executing the bytecode within the multitenant environment to provide functionality corresponding to the code conforming to
the first programming language.

US Pat. No. 9,075,766

COMPUTER IMPLEMENTED METHODS AND APPARATUS FOR DETERMINING WHETHER TO CONTINUE RELATIONSHIPS IN AN ONLINE SOCIAL NETWORK

salesforce.com, inc., Sa...

1. A computer implemented method for determining whether to continue a relationship in an online social network, the method
comprising:
maintaining, at a server, data entries in one or more database tables, the data entries including:
an identification of an entity,
an identification of a user having a social networking relationship with the entity, and
an affinity score indicating an amount of interaction by the user with the entity;
adjusting the affinity score by an inflation factor to determine a normalized affinity score;
determining a ratio of the normalized affinity score to a measure of an amount of content associated with the entity and published
in a feed accessible by the user;

comparing the ratio with a threshold;
determining that the ratio meets or traverses the threshold; and
identifying, when the ratio meets or traverses the threshold, the social networking relationship between the user and the
entity as a candidate for being discontinued.

US Pat. No. 9,396,242

MULTI-MASTER DATA REPLICATION IN A DISTRIBUTED MULTI-TENANT SYSTEM

salesforce.com, inc., Sa...

1. A method comprising:
monitoring for changes to a replicated database by an instance of the replicated database, wherein the instance is one of
a plurality instances of the replicated database, and each instance is separately responsible for multiple database tables
local to the respective instances, and wherein the plurality of instances of the replicated database comprise two or more
data centers each data center having a leader instance and one or more non-leader instances, the one or more non-leader instances
to communicate with other non-leader instances of the same data center and the leader instance of the same data center and
not to instances of other data centers, the leader instance to communicate with leader instances of other data centers and
not with non-leader instances of other data centers, the monitoring including

detecting by the instance a change to at least one record of the local database tables;
in response to the detecting, adding information to a chunk, wherein a chunk stores metadata about record changes and corresponds
to a discrete unit of progress and is specific to a single instance and provide a single consistent unit for both change detection
and transport; and

serving the chunk to another instance of the replicated database via one or more leader instances to replicate the detected
change to the other instance; and

receiving by the instance a chunk from a remote instance of the replicated database, which has metadata identifying a set
of changed records for database tables of the remote instance;

in response to the receiving, requesting underlying data for changed records indicated in the received chunk via the one or
more leader instances; and

upserting the changed records into the local database tables.

US Pat. No. 9,396,018

LOW LATENCY ARCHITECTURE WITH DIRECTORY SERVICE FOR INTEGRATION OF TRANSACTIONAL DATA SYSTEM WITH ANALYTICAL DATA STRUCTURES

salesforce.com, inc., Sa...

1. A method of low latency tasking and task monitoring between a transaction processing system and an analytics processing
system, the method including:
a transaction processing system generating an analytic data store creation task request that specifies creation of an analytic
data store based on at least one data set stored by at least one transactional data management system;

queuing the task request to a named key-value task start queue;
a worker thread picking up the task request from the named key-value task start queue;
the worker thread reporting progress on the task request to a monitoring data structure independent of the task start queue;
the worker thread registering a completed analytic data store with the transaction processing system; and
upon completion of creating the analytic data store specified by the task request, the worker thread queuing a task complete
report to a named key-value task complete queue complementary to the named key-value start queue.

US Pat. No. 9,378,227

SYSTEMS AND METHODS FOR EXPORTING, PUBLISHING, BROWSING AND INSTALLING ON-DEMAND APPLICATIONS IN A MULTI-TENANT DATABASE ENVIRONMENT

salesforce.com, inc., Sa...

1. A computer-based method of sharing an application in a multi-tenant database environment, including a multi-tenant database
that stores data and objects for a plurality of organizations, including a source organization and a target organization,
the method comprising:
creating an instance of an application for the source organization responsive to selections received from a user interface,
the application comprising a metadata object and a set of one or more dependent metadata objects that are dependent upon said
metadata object, wherein the metadata object and the set of one or more dependent metadata objects are associated with the
source organization;

exporting a deployment package, including the metadata object and the set of one or more dependent metadata objects, to a
container organization, distinct from the source organization and the target organization; and

generating a URL, including a unique key of the container organization, wherein the URL provides access to import and install
the deployment package into the target organization.

US Pat. No. 9,292,589

IDENTIFYING A TOPIC FOR TEXT USING A DATABASE SYSTEM

salesforce.com, inc., Sa...

1. A database system comprising:
one or more databases;
one or more servers having one or more processors operable to cause:
maintaining a plurality of data entries in the one or more databases, each data entry of a first portion of the data entries
identifying: a text sequence, a topic, and a text-to-topic association score indicating a number of times that the text sequence
appears in a processed text associated with the topic, each data entry of a second portion of the data entries identifying
a total word score indicating a number of times that a respective text sequence appears in one or more processed texts;

processing incoming text having a length and including one or more text sequences;
identifying a topic for the incoming text by processing the one or more text sequences of the incoming text in relation to
the data entries in the one or more databases; and

responsive to a request to assign a topic to the incoming text, updating the one or more databases, the updating including,
for each text sequence of the incoming text:

identifying or creating a first data entry of the first portion of data entries that identifies the text sequence of the incoming
text and the requested topic,

incrementing the text-to-topic association score of the first data entry by an inflation factor,
identifying or creating a second data entry of the second portion of data entries that identifies the text sequence of the
incoming text, and

incrementing the total word score of the second data entry by the inflation factor.

US Pat. No. 9,262,452

METHODS AND SYSTEMS FOR STORING EMAILS IN A MULTI-TENANT DATABASE SYSTEM

salesforce.com, inc., Sa...

1. A method for managing and storing emails in an on-demand, multi-tenant database system, the method comprising:
receiving an email at a first computer system associated with the multi-tenant database system, the first computer system
operating on a first platform;

creating a message object by analyzing the email and associating email content with at least one predefined message object,
the predefined message object including at least one of a lead message object, a contact message object, an account message
object, and an opportunity message object;

determining associations between the email and other stored message objects;
determining, with one or more processors associated with the first computer system, a header portion of the email based on
header information associated with the email, the header portion including information about the determined associations;

determining, with a processor associated with the first computer system, a body portion of the email which is different from
the header portion, the body portion containing the body of the email message designated not to be stored in a database of
the multi-tenant database system;

storing, with the processor associated with the first computer system, the header portion in the multitenant database with
a reference to the body portion as stored in a remote storage device different from the database and outside the multi-tenant
database system, the remote storage device operating on a second computer system operating on a second platform different
from the first platform; and

processing the emails in the on-demand, multi-tenant database system based on at least one of the stored header portion and
the stored body portion.

US Pat. No. 9,245,257

SYSTEM AND METHOD FOR GENERATING A USER PROFILE BASED ON SKILL INFORMATION

salesforce.com, inc., Sa...

1. A method for generating and displaying user profiles, the method comprising:
receiving skill information associated with a user, the skill information including one or more data values that identify
at least one skill associated with the user, and that further identify a skill level associated with the at least one skill;

retrieving social network information from at least one external social network, the social network information including
profile information and social interaction information associated with the user;

combining the received skill information with the retrieved social network information;
generating a user profile based on the combined information;
sending the user profile to the at least one external social network; and
displaying at least a portion of the user profile via a publicly accessible web page associated with the at least one external
social network, the displayed portion of the user profile being selected based on configuration information, and wherein the
portion of the user profile includes a graphical representation of at least some of the received skill information.

US Pat. No. 9,235,631

METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR SIMULATING AN ONLINE SESSION

salesforce.com, inc., Sa...

1. A method for simulating an online session while offline, comprising:
establishing, at a server, a connection over a network to a client, the connection allowing the client, when online, to communicate
with the server;

in response to an initiation of an offline session by the client device, receiving at the server from the client device, via
the connection, a message including a request;

in response to receiving the message from the client:
invoking functional logic residing at the server through a server API solution and an Extensible Markup Language remote procedure
call (XML-RPC) to manipulate data in a database of the server;

identifying criteria defined by a user of the client for conducting an offline session;
selecting from the database a user-specified portion of the data, utilizing the criteria defined by the user of the client;
importing to the client from the server both the selected user-specified portion of the data from the database, and a portion
of functional logic residing at the server used to manipulate the data in the database of the server;

terminating the connection between the client and the server in response to the client being offline;
after the terminating of the connection, enabling the user to modify the user-specified portion of the data imported to the
client from the server using the portion of the functional logic imported to the client from the server;

receiving another connection at the server by the client via a network when the client returns online; and
performing by the server a synchronization process with the client via the other connection by uploading the modified data
from the client to the database of the server.

US Pat. No. 9,223,892

DEVICE ABSTRACTION FOR PAGE GENERATION

salesforce.com, inc., Sa...

1. A method comprising:
receiving a request for information to be provided as a page of content, the page provided by a server device communicatively
coupled to receive the request from a remote requesting device;

determining a requesting source generating the request, wherein the requesting source comprises a requesting physical device
or a requesting site;

dynamically constructing the page of content in response to the request based on the requesting source metadata stored on
the server device and context information corresponding to the request by dynamically assembling a response comprising wrapping
the page of content into a specified target object that is compatible with the requesting source, wherein the specified target
object is selected from a plurality of target objects corresponding to the requesting physical device or the requesting site;

transmitting the dynamically constructed page of content to the requesting device.

US Pat. No. 9,195,850

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR SHARING A SINGLE INSTANCE OF A DATABASE STORED USING A TENANT OF A MULTI-TENANT ON-DEMAND DATABASE SYSTEM

salesforce.com, inc., Sa...

1. A computer program product embodied on a non-transitory computer readable medium, the computer program product including
computer code adapted to be executed by a computer to perform a method comprising:
storing a database used by a first tenant of a multi-tenant on-demand database system by storing the database in a location
in memory of the multi-tenant on-demand database system that is dedicated to only the first tenant; and

allowing at least one second tenant of the multi-tenant on-demand database system to access the database, such that:
the at least one second tenant of the multi-tenant on-demand database system is allowed to perform one or more queries on
the database for retrieving data stored in the database,

the first tenant is able to alter data stored in the database, and
the at least one second tenant is prevented from altering the data stored in the database.

US Pat. No. 9,195,681

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR TRANSMITTING A GROUP OF DATA ELEMENTS

salesforce.com, inc., Sa...

1. A computer program product embodied on a non-transitory computer readable medium, comprising computer code causing a computer
to implement a method, comprising:
identifying at a first system a plurality of data elements including:
a plurality of objects,
metadata descriptions of one or more of the objects, and
a plurality of updates to a recipient system that are automatically performed by the recipient system in response to receiving
the plurality of data elements, the plurality of updates utilizing one or more of the objects;

grouping by the first system the plurality of objects, the metadata descriptions, and the plurality of updates within a single
implementation item to be implemented at the recipient system;

transmitting by the first system the single implementation item to the recipient system, utilizing a single application programming
interface (API) call;

performing, at the recipient system, the plurality of updates to the recipient system utilizing one or more of the data objects,
in response to the recipient system receiving the single implementation item;

identifying, at the recipient system, an error during the performing of the plurality of updates;
rolling back, by the recipient system, all of the plurality of updates to the recipient system within the single implementation
item; and

retransmitting to the recipient system, by the first system, the single implementation item, utilizing the single API call.

US Pat. No. 9,171,049

OFFLINE SIMULATION OF ONLINE SESSION BETWEEN CLIENT AND SERVER

salesforce.com, Inc., Sa...

1. A method of conducting and then simulating an online database session, including:
conducting from at least one client machine through a local interface an online database session via a database server API
while the client machine is connected by a network to the online database, including invoking database manipulation logic
running on a remote database server responsive to instructions transmitted through the local interface;

prior to going offline, importing to the client machine at least a data subset and a logic subset,
wherein the data subset is a subset of data from the online database to be used in an offline database session following the
online database session;

wherein the logic subset is a subset of the database manipulation logic running on the remote database server to be locally
simulated on the client machine following the online database session; and

wherein the logic subset and the data subset are embedded within at least one document and the logic subset is embedded in
the document in a format usable by the local interface; and

conducting a simulated database session using the local interface to access a local version of the database server API in
an offline mode, following the online database session, using an imported data subset and a logic subset to simulate and reproduce
a user interface to and functionality of the online database session without being connected to the online database.

US Pat. No. 9,152,796

DYNAMIC ANALYSIS INTERPRETER MODIFICATION FOR APPLICATION DATAFLOW

salesforce.com, inc., Sa...

1. An apparatus for dynamic analysis interpreter modification for application dataflow, the apparatus comprising:
a processor; and
a non-transitory computer readable medium storing a plurality of instructions, which when executed, cause the one or more
processors to:

modify an interpreter to create a source tracking object for a data object received from a data source;
modify the interpreter to record information associated with the data source into the source tracking object;
modify the interpreter to create a copy of the data object for a tracking event in an application program;
modify the interpreter to create a flow tracking object for the tracking event;
modify the interpreter to record information associated with the tracking event into the flow tracking object as the tracking
event processes the copy of the data object;

modify the interpreter to create a sink tracking object for outputting the copy of the data object to a data sink;
modify the interpreter to record information associated with the data sink into the sink tracking object; and
output the source tracking object, the flow tracking object, and the sink tracking object as dynamic analysis of dataflow
in the application program.

US Pat. No. 9,135,556

SYSTEM AND METHOD FOR FAST EVALUATION OF STANDING QUERIES IN CONJUNCTIVE NORMAL FORM

salesforce.com, inc., Sa...

1. A computer implemented method of evaluating standing queries in conjunctive normal form, comprising:
resolving the standing queries in conjunctive normal form into a set of rules, each rule comprising a sequence of conditions;
sorting, for each rule, the conditions into a logical order; identifying a fact having a plurality of properties sorted in
a logical order; evaluating the sorted fact against each sorted rule, wherein the evaluating comprises comparing the fact
to each rule using hash tables, and further comprises using a second property associated with the fact as a key into a hash
table to return a second set of rules; and

identifying a subset of the set of rules which match the fact.

US Pat. No. 9,111,006

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR COMMUNICATING DATA BETWEEN A DATABASE AND A CACHE

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code adapted to be executed to implement a method for communicating data between
a database and a cache, the method comprising:
identifying a database of a system;
associating a cache separate from the database with an application residing within a browser;
retrieving an object stored in the database in response to a request for the object;
retrieving metadata describing the object from the database;
storing the retrieved object and metadata in the cache;
providing the object and the metadata from the cache to the application;
identifying a change made to the metadata stored in the cache, the change in the metadata being made by a user utilizing the
application; and

asynchronously updating the metadata stored in the database according to the identified change.

US Pat. No. 9,075,889

MECHANISM FOR FACILITATING USER-CONTROLLED MANAGEMENT OF SITE NETWORK MAPPING AND SYNCHRONIZATION

salesforce.com, inc., Sa...

1. A database system-implemented method comprising:
generating, by and incorporating into the database system, a site template in a first site network in response to a request
for generating the site template, wherein the request is received at a first computing device;

generating, via the database system, a child site based on the site template, wherein the child site is populated based on
first contents associated with the site template;

selecting, via the database system, one or more child sites at the first site network or a second site network to be mapped
with the child site, wherein the first and second site networks communicate over a cloud network; and

mapping, over the cloud network, a parent site and the one or more child sites with the child site, wherein mapping includes
dynamically synchronizing second contents of parent site and third contents of the one or more child sites with the first
contents of the child site, wherein dynamically synchronizing includes resolving one or more errors between the first, second,
and third contents.

US Pat. No. 9,059,851

METHOD AND COMPUTER PROGRAM PRODUCT FOR ORDER PRESERVING SYMBOL BASED ENCRYPTION

salesforce.com, inc., Sa...

1. A method for generating an encryption dictionary, the method comprises:
generating a random value for each plaintext symbol of multiple plaintext symbols; and
calculating a random token for each plaintext symbol based on a random value of the plaintext symbol and on random values
of other plaintext symbols that have a lower lexicographic value than the plaintext symbol;

wherein the calculating comprises applying a monotonic increasing function;
wherein the encryption dictionary comprises a mapping between the multiple plaintext symbols and random token of the multiple
plaintext symbols based on a sensitivity level of one or more of the symbols, wherein the random token for each plaintext
symbol is based on a random value of the plaintext symbol and on random values of other plaintext symbols that have a lower
lexicographic value than the plaintext symbol.

US Pat. No. 9,489,415

SYSTEM AND METHOD FOR UPDATING INFOGRAPHICS BASED ON MULTIPLE ONLINE SOCIAL NETWORKS

salesforce.com, inc., Sa...

1. An apparatus for updating infographics based on multiple online social networks, the apparatus comprising:
a processor; and
one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps
of:

receiving a request from a client to display an information graphic;
retrieving, in response to receiving the request, previously stored information for the information graphic from a database,
the previously stored information having been created by activating a social media tool to generate a first updated information
for the information graphic by analyzing content from a plurality of online social networks at the time of activating the
social media tool to generate the first updated information, and the social media tool having been activated in response to
a previous information graphic having being sent to be displayed to the client;

sending the information graphic, based on the previously stored information, to display to the client;
activating the social media tool to generate a second updated information for the information graphic by analyzing current
content from the plurality of online social networks, in response to sending the information graphic to display to the client;
and

storing the second updated information in the database.

US Pat. No. 9,436,837

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR MESSAGING IN AN ON-DEMAND DATABASE SERVICE

salesforce.com, inc., Sa...

1. A non-transitory computer-readable medium having computer instructions stored thereon that are capable of causing operations
comprising:
receiving, from a user, a request for an email address managed by an on-demand database service;
associating a user alias with the user;
generating the email address for the user, wherein the email address includes an encrypted sequence of characters that identify
the user alias and that identify an organization of the user, and wherein the email address includes a top level email domain
representing a domain of a provider of the on-demand database service;

providing, to the user, an indication of the email address;
receiving, from the user, a first set of information specifying one or more security criteria to be applied, on behalf of
the user, to messages sent to the email address; and

receiving, from the user, a second set of information specifying one or more rules to be used to process the messages sent
to the email address in response to the messages meeting the one or more security criteria.

US Pat. No. 9,436,345

METHOD AND SYSTEM FOR CUSTOMIZING A USER INTERFACE TO AN ON-DEMAND DATABASE SERVICE

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code adapted to be executed to cause a computer to perform operations comprising:
receiving, from a user device of a user associated with a first tenant of an on-demand database service, a plurality of customizations
of a user interface, the plurality of customizations including: content stored locally on the user device, one or more information
items associated with the user stored in the on-demand database service by the user, and removal of a default button from
a list view of the user interface;

associating the customizations with the user;
storing the customizations in the on-demand database service;
receiving, from the user device, a request for one or more of the information items associated with the user stored in the
on-demand database service by the user; and

sending, to the user device, the user interface modified according to the one or more of the customizations to generate a
customized user interface, the customized user interface including a combination of the content stored locally on the user
device and the requested information items, wherein the user interface is modified prior to receipt by the user device.

US Pat. No. 9,268,822

SYSTEM AND METHOD FOR DETERMINING ORGANIZATIONAL HIERARCHY FROM BUSINESS CARD DATA

salesforce.com, inc., Sa...

1. A method for operating a database to determine an organizational hierarchy from contact data, the database being configured
to store the contact data as a plurality of contact records, each contact record having a defined set of entities, including
at least a name and a title, comprising:
receiving contact data at the database including a phrase representing a title, the phrase having a plurality of terms;
converting each term of the phrase to lower case;
concatenating the plurality of converted terms using a symbol to separate the terms thereby forming a normalized phrase, then
setting a test phrase equal to the normalized phrase;

generating one or more sets of defined phrases; and
comparing the test phrase to the sets of defined phrases, the sets of defined phrases representing known titles and stored
in one or more lookup table as normalized phrases, each of the lookup table including organizational hierarchy information
corresponding to each known title and a rank and a weight associated with the organizational hierarchy information;

wherein, if the test phrase matches a first phrase in the set of defined phrases, a contact record for the received contact
data is updated to include the organizational hierarchy information and the rank and weight corresponding with the matching
first phrase in the lookup table; and

wherein, if the test phrase does not match any phrase in the set of defined phrases, the test phrase is shortened by removing
a term, and the comparison step is repeated with the shortened test phrase.

US Pat. No. 9,251,229

METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR SIMULATING AN ONLINE SESSION

salesforce.com, inc., Sa...

1. A computer program product embodied on a non-transitory computer readable medium, the computer program product including
code adapted to be executed by a computer to perform a method comprising:
establishing, by a client device, a connection over a network with a remote system including at least one server, the connection
allowing the client device, when online, to communicate with the remote system;

using the connection, initiating execution of functional logic at the remote system through a server API solution and an Extensible
Markup Language remote procedure call (XML-RPC) to manipulate data in a database of the remote system;

sending, by the client to the remote system, a message requesting to enable an offline session;
responsive to the message, receiving by the client device from the remote system:
a portion of functional logic executable to access a user-specified portion of the data once such user-specified portion of
the data is imported to the client device from the database, so that the client device can conduct the offline session in
isolation by enabling the user to modify the user-specified portion of the data imported to the client device by using the
imported functional logic,

a directory structure, and
the user specified portion of the data from the database, wherein the user-specified portion is selected from the database
utilizing criteria defined by the user of the client device;

terminating, by the client device, the connection with the remote system in response to the client device being offline;
after the terminating of the connection with the remote system by the client device, establishing another connection with
the remote system by the client device via the network when the client device returns online; and

performing, by the client device, a synchronization process with the remote system via the other connection by sending the
modified data from the client device to the database of the remote system.

US Pat. No. 9,251,240

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR PORTAL USER DATA ACCESS IN A MULTI-TENANT ON-DEMAND DATABASE SYSTEM

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer readable storage medium having a computer readable program
code embodied therein, the computer readable program code adapted to cause a computer to be executed to implement a method,
the method comprising:
providing a platform of a multi-tenant on-demand database system having hardware and software that is shared by multiple tenants
of the multi-tenant on-demand database system;

providing, by the multi-tenant on-demand database system, multiple portals wherein each portal includes an interface specific
to one of the multiple tenants of the multi-tenant on-demand database system by being branded for the one of the multiple
tenants;

receiving, by the multi-tenant on-demand database system, a customization of the interface from the one of the multiple tenants
of the multi-tenant on-demand database system;

storing, by the multi-tenant on-demand database system, the customization of the interface for the one of the multiple tenants;
registering a user associated with a tenant with the multi-tenant on-demand database system, wherein the registering is performed
via the portal specific to the tenant such that the user appears to register with a service provided by the tenant;

storing a user object associated with the user, wherein the user object stores login information for use in authorizing a
login to the portal by the user;

receiving, from the user via the portal, a request for a set of data associated with the multi-tenant on-demand database system;
identifying a data object of the multi-tenant on-demand database system that stores the set of data that is requested by the
user;

determining whether the user object is referenced by the data object, wherein the user object is referenced by the data object
by storing a unique identifier of the user object in the data object; and

allowing the user to access the data object via the portal in response to determining that the user object is referenced by
the data object.

US Pat. No. 9,195,724

ASSOCIATING OBJECTS IN MULTI-TENANT SYSTEMS

salesforce.com, inc., Sa...

1. A method of associating objects in a database, the method comprising:
instantiating an activity object in the database that corresponds to data obtained from a first application associated with
a user of a client device;

providing, within a second application on the client device, a first graphical user interface element enabling indication
of a contact object in the database; and

after receiving indication of the contact object by the first graphical user interface element:
associating the activity object with the contact object in the database by modifying a contact association field of the activity
object to indicate the contact object;

identifying one or more objects in the database that are likely to be related to the activity object in the database based
on the contact object;

providing, within the second application on the client device, a second graphical user interface element displaying the one
or more objects and enabling indication of an opportunity object from among the one or more objects; and

after receiving indication of the opportunity object of the one or more objects by the second graphical user interface element,
associating the activity object with the opportunity object in the database by modifying an opportunity association field
of the activity object to indicate the opportunity object.

US Pat. No. 9,047,070

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR DEFINING APPLICATIONS USING METADATA RECORDS CREATED FROM AN OBJECT SPECIFYING A PREDEFINED METADATA FORMAT

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code causing a computer to implement a method, the method comprising:
receiving from a first party at a database system a definition of a custom object specifying a custom format for metadata,
wherein a creation of the metadata is required to comply with the custom format specified within the custom object when the
metadata is associated with the custom object;

storing the custom object having the definition, utilizing the database system;
creating by the first party or a second party utilizing the database system a record according to the stored custom object,
where the metadata in the record is defined according to the custom format of the custom object; and

defining at least one aspect of an application utilizing the database system, using the metadata of the record;
wherein the custom object has a one-to-many relationship with a field object representing a format for a field, the one-to-many
relationship defined by one of:

storing a foreign key to the field object in the custom object, and
creating a junction object having a reference to both the custom object and the field object.

US Pat. No. 9,626,419

OPTIMIZING DATA SYNCHRONIZATION BETWEEN MOBILE CLIENTS AND DATABASE SYSTEMS

SALESFORCE.COM, INC., Sa...

1. A method of pre-caching synchronization data, the method comprising:
receiving a synchronization request for one or more feeds of objects stored in a database system, the synchronization request
associated with a user, each feed including feed items that are each associated with one or more objects of the database system;

retrieving one or more feed items based on the synchronization request;
analyzing the retrieved feed items to identify the one or more objects related to the retrieved feed items;
retrieving at least one of the identified objects prior to receiving, from a client device, a request for the at least one
identified object; and

sending the retrieved objects to a user-accessible cache.

US Pat. No. 9,588,982

METHOD AND SYSTEM FOR SHARING DOCUMENTS BETWEEN ON-DEMAND SERVICES

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable storage medium having a computer readable program
code embodied therein, the computer readable program code adapted to be executed to cause a computer to implement a method
comprising:
providing, by a first service of a first system, a webpage associated with an account of a user with the first service, the
webpage having first content that is stored by the first service of the first system;

providing, by the first service of the first system, an option to make second content stored by a second service of a second
system viewable on the webpage, the second content associated with an account of the user with the second service;

receiving, by the first service of the first system from the user via the option, a configuration of the webpage that makes
the second content stored by the second service of the second system viewable on the webpage;

after receiving the configuration, receiving by the first service of the first system from the user, a request to view the
webpage; and

sending, from the first service of the first system in response to the request, the webpage having the first content that
is stored by the first service of the first system and the second content that is stored by the second service of the second
system.

US Pat. No. 9,473,443

METHODS AND SYSTEMS FOR SHARING EMAIL IN A MULTITENANT DATABASE SYSTEM

salesforce.com, inc., Sa...

1. A method for sharing an email in a database system, the method comprising:
receiving, at one or more computer systems associated with the database system, the email from a first user;
determining, at the one or more computer systems, a database object associated with the email, by:
identifying an email address associated with the email;
querying a plurality of contact objects of an organization to determine if there is a match between the email address and
one of the plurality of contact objects; and

when a match has been determined, mapping, at the one or more computer systems, the email to the associated database object,
by associating the one of the plurality of contact objects with the email; and

providing viewing access to the email to a second user with access rights to the database object.

US Pat. No. 9,465,806

MECHANISM FOR FACILITATING EVALUATION OF DATA TYPES FOR DYNAMIC LIGHTWEIGHT OBJECTS IN AN ON-DEMAND SERVICES ENVIRONMENT

salesforce.com, inc., Sa...

1. A database system-implemented method, comprising:
importing, by the database system, one or more dynamic objects capable of being assigned to a default product accessible to
a tenant in a multi-tenant environment, wherein the one or more dynamic objects are imported based on tenant preferences associated
with the tenant;

associating, by the database system, the one or more dynamic objects with one or more default objects of the default product
accessible the tenant; and

dynamically configuring, by the database system based on the tenant preferences, the default product based on a combination
of the one or more dynamic objects and the one or more default objects, wherein dynamically configuring includes on-the-fly
modifying of the default product into a customized product, wherein on-the-fly modifying includes on-the-fly loading of at
least one of data and metadata associated with the default product without necessitating caching or displaying of irrelevant
contents.

US Pat. No. 9,465,828

COMPUTER IMPLEMENTED METHODS AND APPARATUS FOR IDENTIFYING SIMILAR LABELS USING COLLABORATIVE FILTERING

salesforce.com, inc., Sa...

1. A system for identifying similar labels, the system comprising:
a database system implemented using a server system comprising one or more hardware processors, the database system configurable
to cause:

maintaining, through one or more databases, a plurality of data entries, each data entry of a first portion of the data entries
identifying: a text sequence, a label, and a text-to-label association score indicating a number of times that the text sequence
appears in one or more previous incoming texts associated with the label, and each data entry of a second portion of the data
entries identifying: a first label, a second label, and a similarity score;

generating a plurality of pairs based on the first portion of data entries, each pair comprising information identifying a
first label and a second label;

calculating a similarity score for each of the pairs comprising calculating a collaborative filtering similarity score for
the first label and the second label identified by the pair using a first vector of text sequences associated with the first
label and a second vector of text sequences associated with the second label, wherein a text sequence is associated with a
label when the text sequence appears in a previous incoming text associated with the label; and

updating the second portion of the data entries to identify the pairs and the respective similarity scores;
processing a request for labels having similar associated text sequences;
identifying, based on the pairs and the respective similarity scores, a set of pairs having the same first label; and
selecting a pair of the identified set of pairs as having a higher respective similarity score than one or more other pairs
of the identified set of pairs.

US Pat. No. 9,361,468

METHOD AND SYSTEM FOR GRANTING ACCESS TO SECURE DATA

salesforce.com, inc., Sa...

20. A non-transitory machine readable medium, storing one or more instructions which when executed by one or more processors
cause the one or more processors to perform the following:
receiving via a computing device an electronic format request on behalf of a customer, the electronic format request being
a request to perform a task using a subset of private data of the customer, the private data being cloud data stored on the
database system;

identifying, by the database system, a plurality of potential delegates corresponding to the electronic format request, the
plurality of potential delegates having no access to the private data unless authorization is provided to the plurality of
potential delegates, the plurality of potential delegates being identified based on an ability to resolve the electronic format
request;

determining attributes corresponding to the plurality of potential delegates, the attributes relating to the identity of a
corresponding potential delegate;

determining, by the database system, at least one authorization filter, the at least one filter including customer-specific
authorization criterion pertaining to desired attributes;

applying the at least one authorization filter to the attributes corresponding to the plurality of potential delegates to
determine a set of authorized delegates, based at least in part on determining a correspondence between at least one of the
attributes to at least one of the authorization criterion;

determining, from the set of authorized delegates, at least one delegate to be assigned to resolve the electronic format request;
issuing an authorization to the at least one delegate to be assigned to the electronic format request, wherein issuing an
authorization includes providing authorization for reviewing the subset of private data of the customer;

granting the at least one delegate access to the private data of the customer to enable the at least one delegate to impersonate
a user at the customer while tracking activities of the at least one delegate.

US Pat. No. 9,275,253

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR SHARING TENANT INFORMATION UTILIZING A MULTI-TENANT ON-DEMAND DATABASE SERVICE

salesforce.com, inc., Sa...

1. A method comprising:
receiving, at a database service from a first subscriber of the database service, an indication of permission to share a portion
of first subscriber information with a second subscriber, the first subscriber information managed using the database service,
wherein the second subscriber is otherwise blocked from accessing the portion of first subscriber information absent the indication
of permission;

permitting, through the database service, the second subscriber to access the portion of first subscriber information based
on the indication of permission, utilizing a processor;

receiving, at the database service, from the second subscriber another indication of permission to share a portion of information
of the second subscriber with the first subscriber, wherein the first subscriber is otherwise blocked from accessing the portion
of the information of the second subscriber absent the other indication of permission; and

permitting, through the database service, the first subscriber to access the portion of the information of the second subscriber
based on the other indication of permission, to provide reciprocity of sharing of subscriber information between the first
subscriber and the second subscriber;

wherein the indication of permission is received from the first subscriber via a graphical user interface generated by the
database service;

wherein the graphical user interface generated by the database service further provides an option to allow the first subscriber
to subsequently block the second subscriber from accessing the portion of first subscriber information.

US Pat. No. 9,223,852

METHODS AND SYSTEMS FOR ANALYZING SEARCH TERMS IN A MULTI-TENANT DATABASE SYSTEM ENVIRONMENT

salesforce.com, inc., Sa...

1. A method for analyzing search terms in a database system, the method comprising:
tracking, over a first period of time, by a host system including one or more machines having a processor system having one
or more processors, data received from a user system that includes at least one keyword searched in at least one database,
the at least one keyword searched including a first category and a second category, the first keyword category being a word
or phrase having provided successful retrieval of one or more articles, the second keyword category being a word or phrase
associated with unsuccessful retrieval of one or more articles, the host system being part of the database system, the at
least one database including a knowledge base associated with a community website, the knowledge base having a collection
of articles related to problems and solutions related to common interests of a community, including documentation of knowledge
and self-learning for reducing costs associated with a customer support system, the customer support system including customer
records linking to articles of the knowledge base;

determining, by the host system, for the at least one keyword searched at least: a quantity of how many times the keyword
was searched, a quantity of how many times one or more articles with the keyword was viewed, and a quantity of how many votes
for the one or more articles was received;

aggregating, by the host system, the tracked data of the first period of time by at least summarizing the tracked data of
the keyword searched, the aggregating including at least:

sorting, by the host system, the tracked data of the first period of time according to the first keyword category capable
of storing tracked data concerning the one or more articles successfully retrieved and the second keyword category capable
of storing tracked data concerning the one or more articles unsuccessfully retrieved,

adding, by the host system, the quantity of how many times the keyword was searched to the first keyword category of the tracked
data of the first period of time,

adding, by the host system, the quantity of how many times one or more articles with the keyword was viewed to the first keyword
category of the tracked data of the first period of time,

adding, by the host system, the quantity of how many votes for the one or more articles was received to the first keyword
category of the tracked data of the first period of time,

identifying, by the host system, previously tracked data of a second period of time, the second period of time having a greater
duration than the first period of time, and

combining, by the host system, the tracked data of the first period of time with the previously tracked data of the second
period of time, the combined tracked data incorporating data from the first keyword category and the second keyword category
of the first period of time, the combined tracked data being stored as the aggregated tracked data at the host system; and

generating a report, by the host system, including information about the at least one keyword searched based on the stored
aggregated tracked data.

US Pat. No. 9,195,687

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR VALIDATING ONE OR MORE METADATA OBJECTS

Salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code adapted to be executed to implement a method, the method comprising:
creating, by a first user of an on-demand database service, a package, defining at least an application, that references a
set of one or more metadata objects, wherein the package includes:

profile information defining at least one group of users allowed to access the application,
user interface information defining a customization to a user interface, and
a flag set to indicate that customization of the one or more metadata objects is allowed;
editing the package;
verifying automatically the package; and
exporting the package for use by a second user of the on-demand database service, wherein the package including the customization
to the user interface is accessible to the second user when the user is included in the group of users allowed to access the
application;

wherein the verifying occurs prior to installation of the application;
wherein the package includes at least one of an object, a field, and a relationship.

US Pat. No. 9,195,971

METHOD AND SYSTEM FOR PLANNING A MEETING IN A CLOUD COMPUTING ENVIRONMENT

salesforce.com, inc., Sa...

1. A method for planning a meeting in a cloud computing environment, the method comprising:
receiving by a server a meeting configuration file including information identifying at least one of a meeting, a plurality
of meeting collaborators and a plurality of meeting participants;

in response to receiving the meeting configuration file, generating by the server a virtual planning space associated with
the meeting and located in a cloud computing environment;

transmitting by the server a message to the plurality of meeting collaborators, the message including an invitation to collaborate
in the meeting via the virtual planning space;

receiving by the server an indication to load planning content, the indication including at least one data object; and
in response to receiving the indication, associating the planning content with the virtual planning space associated with
the meeting, wherein the planning content is accessible by the plurality of meeting collaborators who are involved in planning
the meeting during a planning phase of the meeting, via the virtual planning space in the cloud computing environment, wherein
the planning content differs from meeting content accessible by the plurality of meeting participants during a presentation
phase of the meeting, and wherein the plurality of meeting collaborators differs from the plurality of meeting participants
and wherein at least one of the plurality of meeting collaborators is automatically assigned by the server at least one of
a plurality of tasks based on at least one of a role and skill of the at least one meeting collaborator.

US Pat. No. 9,148,438

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR PUBLISHING NON-MALICIOUS THIRD PARTY CONTENT TO A DATA FEED

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code adapted to be executed by a computer to implement a method, the method
comprising:
receiving, by a first system providing a data feed as a service, a request to publish within the data feed to one or more
users a link to content stored by a second system;

prior to publishing the link within the data feed, determining, by the first system, whether the content is at least potentially
malicious, by applying at least one predefined rule to the link without retrieving the content from the second system;

when it is determined that the content is not at least potentially malicious, publishing the link within the data feed, by
the first system, for allowing the one or more users to access the content from the second system via selection of the link
within the data feed; and,

when it is determined that the content is at least potentially malicious:
retrieving, by the first system, the content from the second system using the link,
determining, by the first system, which portion of the retrieved content is at least potentially malicious,
cleaning, by the first system, the portion determined to be at least potentially malicious,
storing the cleaned content in memory of the first system,
creating, by the first system, a new link to the stored cleaned content, and
publishing within the data feed, by the first system, the new link to the stored cleaned content.

US Pat. No. 9,137,124

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR SERVING AN APPLICATION FROM A CUSTOM SUBDOMAIN

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code adapted to be executed by a computer to implement a method comprising:
storing, by a system, a web application of each of a plurality of different organizations that have registered with the system;
for each of the organizations:
receiving, by the system from the organization, a name to be used to create for the organization a custom subdomain of a domain
of the system,

creating, by the system for the organization, the custom subdomain of the domain of the system using the name received from
the organization,

associating, by the system, the custom subdomain created for the organization with the web application of the organization,
and

serving, by the system, the web application of the organization via the custom subdomain.

US Pat. No. 9,092,501

CUSTOM ENTITIES AND FIELDS IN A MULTI-TENANT DATABASE SYSTEM

salesforce.com, inc., Sa...

1. A method, comprising:
defining a multi-tenant data structure including a data table having a plurality of data columns and a plurality of rows,
wherein at least two of the rows of the data table are each specific to a different tenant and store data for the specific
tenant;

for a single one of the data columns:
receiving from a first tenant a first definition for the data column, the first definition designating the data column for
storing data that is of a first data type, and

receiving from a second tenant a second definition for the data column, the second definition designating the data column
for storing data that is of a second data type, wherein the second data type is different than the first data type;

storing, in a metadata table of the multi-tenant data structure that is separate from the data table, the first definition
for the data column and the second definition for the data column by:

storing in a first row of the metadata table an identifier of the first tenant, an identifier of the data column, and an identifier
of the first data type, and

storing in a second row of the metadata table an identifier of the second tenant, the identifier of the data column, and an
identifier of the second data type;

storing by the first tenant in a first data field of the data column a first data value of the first data type, and storing
by the second tenant in a second data field of the data column a second data value of the second data type, such that the
single data column includes data values having different data types for different tenants.

US Pat. No. 9,064,287

COMPUTER IMPLEMENTED METHODS AND APPARATUS FOR PROVIDING GROUP-RELATED SOCIAL NETWORK INFORMATION

salesforce.com, inc., Sa...

1. A method for providing information to an information feed associated with a designated group of users of an online social
network implemented in an enterprise using a database system, the group of users of the social network having a distinct social
network designator stored in or in association with the database system, the method comprising:
receiving, at a computing device associated with the database system, a network communication including data associated with
one or more business records associated with the enterprise and stored in the database system, the network communication being
addressed to a designated group address associated with the group of users of the social network for receiving electronic
communications, the designated group address being other than a social network designator and being a network address external
to the social network, the network communication including a format other than a feed format of information feeds of the social
network;

processing, using the database system, the network communication to associate the distinct social network designator of the
group with the designated group address or information based on the designated group address of the network communication;

providing, using the database system, at least a portion of the data in the network communication as an information update
to the information feed associated with the group; and

providing the information feed including at least the portion of the data from the database system in a format suitable for
inclusion in an information feed to one or more members in the group for display on a display device.

US Pat. No. 9,053,231

SYSTEMS AND METHODS FOR ANALYZING OPERATIONS IN A MULTI-TENANT DATABASE SYSTEM ENVIRONMENT

salesforce.com, inc., Sa...

1. A system for analyzing operations in a multi-tenant database system environment, comprising:
a database storing tenant application code, the tenant application code unique and accessible to only one of a plurality of
tenants of the multi-tenant database system, and storing common application code, the common application code common and accessible
to a plurality of tenants of the multi-tenant database system, the tenant application code and common application code both
controlling a modification of an object in the multi-tenant database system environment; and

a processor to:
identify the object in the multi-tenant database system environment;
tracing through the tenant application code to identify therein every instance where system rules modify the object before
and after the object is saved,

tracing through the common application code to identify therein every instance where tenant rules modify the object before
and after the object is saved, and

generate a debugging report identifying every instance in the tenant application code and the common application code where
the object is being modified.

US Pat. No. 9,894,072

INTER-APPLICATION MANAGEMENT OF USER CREDENTIAL DATA

salesforce.com, inc., Sa...

8. A system comprising:
at least one memory system;
one or more processors coupled with the at least one memory system, the one or more processors configurable to enable an authorization
procedure with at least one of the computing devices, wherein the enhanced authorization procedure provides access to at least
two authorization procedures one of which utilizes a cookie and one of which utilizes server side-storage, to execute at least
one of the authorization procedures utilizing developer-defined user information (DDUI) within the authorization procedure
when performed by at least one of the computing devices, wherein the DDUI comprises at least security credential information
from at least two disparate network domains stored as digital data, and to store the results of a successful authorization
procedure in a database in the memory system as a security context object, wherein when a cookie is to be used to perform
user authorizations, the cookie is sent for authentication purposes to provide re-authentication with each request each time
a user makes a request, and wherein when using the server-side storage, the one or more processors are to be configured to
not write locally to an application memory, but instead to access a shared session cache memory.

US Pat. No. 9,553,783

SPAM FLOOD DETECTION METHODOLOGIES

salesforce.com, inc., Sa...

1. A computer-implemented method comprising:
analyzing characteristics of a website to determine whether the website represents a potential source of spam content, wherein
the analyzing comprises:

computing a total number of posts associated with the website;
calculating a publication frequency for the total number of posts in posts per minute based on a ratio of the computed total
number of content items to a difference between a publication time of a newest content item in the website and a publication
time of an oldest content item in the website; and

determining whether the website in its entirety represents spam content, based on the computed total number and the calculated
publication frequency, wherein the determining comprises: comparing the calculated publication frequency to a threshold frequency;
and when the calculated publication frequency is greater than the threshold frequency, identifying the website in its entirety
as spam content; and

in response to the analyzing, flagging the website in its entirety as spam content.

US Pat. No. 9,508,060

SYSTEM, METHOD AND USER INTERFACE FOR GENERATING ELECTRONIC MAIL WITH EMBEDDED OPTIMIZED LIVE CONTENT

SALESFORCE.COM, INC., Sa...

1. A system for introducing behaviorally tested live content into an electronic mail message comprising at least one dynamic
live content area sent through an e-mail service provider system, the system comprising:
memory including a plurality of live content, each live content of the plurality of live content comprising image data corresponding
to a marketing advertisement and expiration data related to an expiration date for the marketing advertisement, wherein each
live content of the plurality of live content is measured for campaign effectiveness through behavioral testing by evaluating
an open or a click of the marketing advertisement in electronic mail messages sent within a time period relative to the expiration
date, wherein the image data includes an image of a coupon, and wherein the expiration data includes data selected from the
group consisting of:

an initial number of times the image of the coupon is available to be rendered prior to the expiration date;
a number of times the image of the coupon has been rendered prior to the expiration date;
a remaining number of times the image of the coupon is available to be rendered prior to the expiration date; and
an indication of whether the image of the coupon is no longer available to be rendered prior to the expiration date; and
a click manager that receives an indication of the opening of the message by a recipient, wherein, after receiving the indication,
the click manager, accesses the memory to retrieve at least one of the plurality of live content based at least in part on
the measured campaign effectiveness and sends the retrieved live content for rendering in the dynamic live content area of
the electronic mail message opened by the one of the plurality of recipients.

US Pat. No. 9,442,974

SYSTEMS, METHODS AND TECHNIQUES FOR POLYMORPHIC QUERIES

salesforce.com, inc., Sa...

1. A method for polymorphic selection of data, the method comprising:
receiving a request, via a graphical user interface and with hardware computing device to provide database search functionality,
wherein a database object having a target object type has been selected via the graphical user interface and the request comprises
at least a database query, wherein the database query comprises at least an expression using a polymorphic relationship corresponding
to the target object type, wherein the database query is for a multitenant database;

processing, with the hardware computing device, the request utilizing the polymorphic relationship by at least, automatically
and without user interaction, selecting relevant set of one or more fields corresponding to the polymorphic reference based
on a runtime type of the polymorphic reference, wherein the polymorphic relationship is specified by the expression that within
a clause that allows the request to specify fields of a related parent object that are to be selected based on the type of
the parent object; and

providing, with the hardware computing device, a user-readable result on the graphical user interface for the query where
the result is defined by at least the polymorphic relationship.

US Pat. No. 9,432,320

SYSTEM AND METHOD FOR PROVIDING AN INFORMATION-CENTRIC APPLICATION

salesforce.com, inc., Sa...

1. A method for providing an information-centric application in an online social network implemented using a database system,
the method comprising:
receiving content from one or more data sources;
processing, using the database system, the content from the one or more data sources to determine that the content is relevant
for a user based upon:

the user's role in a first business process, the first business process being related to a business objective of an enterprise,
the user being an employee of the enterprise and the user having at least one further role in at least one of a plurality
of further business processes within the enterprise, and

one or both of: the user's preference or the user's behavior;
determining, using the database system, that the content is associated with an application or online service based upon the
user's role in the first business process and one or both of: the user's preference or the user's behavior;

causing, based on the determination that the content is relevant for the user, the content to be accessible via the user's
news feed;

causing, based on the determination that the content is associated with the application or online service, the associated
application or online service to be presented in a user interface displaying the user's news feed on the user's display device;

receiving, at the server associated with the database system, an indication of user input submitted via the user's display
device to interact with the associated application or online service; and

causing, responsive to receiving the indication of user input, one or more records stored in a database maintained apart from
the online social network to be created or updated.

US Pat. No. 9,430,536

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR CREATING A VISUAL COMPONENT FOR TENANTS OF AN ON-DEMAND DATABASE SERVICE

salesforce.com, inc., Sa...

1. A method, comprising:
storing, by an on-demand database system, a definition of a component for displaying a visual object within user interfaces,
wherein the definition includes a first value for a configurable attribute that affects a manner in which the visual object
is displayed within the user interface, and wherein the definition of the component is stored with a plurality of other components
in a component library of the on-demand database system that is accessible by a plurality of users of the on-demand database
system;

receiving, at the on-demand database system, a request to modify the configurable attribute of the component for a first user
of the plurality of users to have a second value different from the first value;

storing, by the on-demand database system, the second value separately from the component library in a storage portion within
the on-demand database system associated with the first user; and

in response to a request, to the on-demand database system, to render a user interface for the first user that includes the
component:

accessing, by the on-demand database system the storage portion associated with the first user that stores the second value;
and

returning, by the on-demand database system, the second value to the component such that the component can be displayed according
to the second value of the configurable attribute.

US Pat. No. 9,424,329

OPTIMIZING DATA SYNCHRONIZATION BETWEEN MOBILE CLIENTS AND DATABASE SYSTEMS

salesforce.com, inc., Sa...

1. A method of synchronizing user data based on client type, the method comprising:
receiving a client request to synchronize the client with updates from a database;
determining a client type based on the request;
selecting, based on the determined client type, a routine from a plurality of routines to retrieve data associated with the
update from the database;

invoking the selected routine to retrieve the data from the database;
receiving data from the database via the invoked routine, the data corresponding to the requested updates; and
sending the received data to the client.

US Pat. No. 9,405,797

METHODS AND SYSTEMS FOR JOINING INDEXES FOR QUERY OPTIMIZATION IN A MULTI-TENANT DATABASE

salesforce.com, inc., Sa...

1. A computer-implemented method of improving a query, the method comprising:
receiving, with a server computing device, an original query transmitted by a remote computing device, wherein the original
query is associated with data within a database, wherein data in the database has different characteristics for specific columns
and at least one of the columns comprises information for tenant-specific filtering, and wherein the database includes at
least a first index and a second index, wherein the first index is a standard index and wherein the second index is a custom
index;

retrieving, using a processor of the server, tenant-level metadata associated with the data, wherein at least a portion of
the data is stored in a common table within the database system;

scanning a first index column to identify a first set of rows, wherein the first index column is selected based on the original
query;

scanning a second index column to identify a second set of rows, wherein the second index column is based on the original
query;

analyzing, with the processor, metadata generated from tenant-level metadata generated from the data accessible by the group
to determine a query syntax; and

generating, using the processor, an improved query using the query syntax, wherein the improved query is based at least in
part upon the original query and a result of a join between a first number of rows associated with the first index and a second
number of rows associated with the second index.

US Pat. No. 9,367,431

TESTING DATA SILO

salesforce.com, inc., Sa...

1. A method comprising:
initiating a test sequence against a production database within a system of a host organization, the system having a processor
and memory therein, wherein the test sequence specifies (i) new data for insertion into the production database during the
test sequence and (ii) one or more test queries against the production database during the test sequence;

performing a database transaction to insert the new data into the production database without committing the new data to the
production database;

recording names of one or more objects corresponding to the inserted new data, the one or more objects created as part of
the transaction to insert the new data into the production database within a transaction entity object map, wherein recording
the names of the one or more objects corresponding to the inserted new data comprises recording the names of the one or more
objects created within the transaction entity object map during the performing of the database transaction to insert the new
data into the production database in which the transaction entity object map is used for transaction management operations,
including:

(i) checking locks on objects stored within the production database,
(ii) protecting against deadlock by queries executed against the production database,
(iii) determining a failure occurs during transactions with the production database,
(iv) determining a rollback is required for transactions with the production database,
(v) determining any new changes to data have occurred before committing transactions to the production database affected by
the new changes to data, and

(vi) determining a commit operation is permissible for transactions with the production database;
the method further comprising:
modifying the one or more test queries specified by the test sequence to no longer query against the production database by
substituting the one or more test queries with references to the names of the one or more objects in operating memory separate
from information stored within the production database; and

executing the one or more modified test queries.

US Pat. No. 9,288,108

MECHANISM FOR FACILITATING SPIN MODE-BASED DYNAMIC UPDATING OF APPLICATION SERVERS IN AN ON-DEMAND SERVICES ENVIRONMENT

Salesforce.com, inc., Sa...

1. A database system-implemented method comprising:
maintaining, by the database system, a cluster of computing device, wherein each computing device includes an application
server associated with a version of an application software;

retiring, by the database system, one or more computing devices from the cluster of computing devices for upgrading from a
first version to a second version;

receiving, by the database system, one or more requests to initiate one or more organizational tasks to be processed by the
one or more computing devices using the second version;

dynamically holding, by the database system, the one or more requests in a wait stage while the one or more computing devices
are being upgraded from the first version to the second version; and

upon upgrading, by the database system, of the one or more computing devices from the first version to the second version,
selectively routing, by the database system, the one or more requests from the wait stage to the upgraded one or more computing
devices for processing by the second version;

wherein dynamically holding further includes continuously holding, in the wait state, one or more requests to be processed
by a third version while the one or more computing devices are being upgraded from the first version to the third version,
wherein the wait stage includes a spin mode, and

wherein, upon upgrading the one or more computing devices, selectively routing the one or more requests from the wait stage
to the one or more computing devices for processing by the third version.

US Pat. No. 9,237,080

SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR MONITORING DATA ACTIVITY UTILIZING A SHARED DATA STORE

salesforce.com, inc., Sa...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code adapted to be executed by a computer to perform a method comprising:
monitoring, by a system, a plurality of requests received across multiple servers of the system;
maintaining, by the system in a shared data store of the system, a count of a number of the plurality of requests that are
outstanding across the multiple servers of the system; and

limiting, by the system, additional requests issued across the multiple servers of the system, based on the count of the number
plurality of the requests that are outstanding across the multiple servers of the system.

US Pat. No. 9,230,068

METHOD AND SYSTEM FOR MANAGING LICENSE OBJECTS TO APPLICATIONS IN AN APPLICATION PLATFORM

salesforce.com, inc., Sa...

1. A method comprising:
providing, by a system a platform shared by license managers, application developers, and subscribers;
installing, to the system by one of the license managers, a license manager organization for the license manager, the license
manager organization allowing the license manager to access applications associated therewith;

receiving, by the system from the license manager, a license manager application allowing the license manager to manage the
applications associated with the license manager organization;

creating, through the system by one of the developers, an application;
receiving, by the system from the developer, a specification of the license manager organization for the application;
associating, in the system, the license manager organization with the application;
storing, by the system, the application in an application exchange directory of the system;
retrieving, within the system by the license manager application, package information for the application stored in the application
exchange directory;

installing, through the system by one of the subscribers, the application from the application exchange directory to an organization
of the subscriber within the system;

storing, by the system through the license manager application, a record of the installing of the application to the organization
of the subscriber; and

enabling the license manager to manage licensing properties of the application including access by the subscriber to the application
using the license manager application.

US Pat. No. 9,195,760

METHODS AND SYSTEMS FOR DYNAMICALLY SUGGESTING ANSWERS TO QUESTIONS SUBMITTED TO A PORTAL OF AN ONLINE SERVICE

salesforce.com, inc., Sa...

1. A method comprising:
receiving, from a user system at a host system having a processor system including at least one processor and a memory system,
user input for conducting a search, the user input including one or more input terms;

automatically searching, by the processor system, a storage area in the memory system at the host system for stored search
strings recorded from prior searches that are similar to the user input, the search strings each having one or more search
terms;

identifying a subset of the stored search strings that are similar to the user input, as a result of the searching;
automatically determining, by the host system, a score for each of the search strings in the subset, the score being a value
that indicates an expected likelihood that the user will be interested in the search string, wherein the score for each of
the search strings is based on a plurality of factors including:

a count of a number of the input terms in the user input that are the same as the one or more the search terms in the search
string,

a relevancy of a collection of documents found when a search is performed using the search string, and
how often users have chosen the search string when suggested by the host system;
ranking the search strings in the subset, in accordance with the determined scores; and
sending, from the host system to the user system, the search strings in the subset, listed in order of the ranking as search
suggestions.

US Pat. No. 9,185,149

SYSTEMS, METHODS, AND APPARATUSES FOR IMPLEMENTING FRAME AGGREGATION WITH SCREEN SHARING

salesforce.com, inc., Sa...

1. A method comprising:
receiving, at a server, a stream of delta frames from a publishing client as part of a screen sharing session with one or
more viewing clients;

establishing a FIFO buffer for each of the respective one or more viewing clients on 1:1 basis;
queuing a copy of the stream of delta frames into each of the FIFO buffers corresponding to the one or more viewing clients,
wherein the stream of delta frames are transmitted from the respective FIFO buffers to the corresponding one or more client
viewers;

monitoring each of the respective FIFO buffers for each of the one or more viewing clients to determine if two or more delta
frames are concurrently queued in any single one of the respective FIFO buffers at any given time;

aggregating the two or more delta frames into a single aggregated delta frame;
re-queuing the aggregated delta frame, wherein re-queuing the aggregated delta frame comprises queuing the aggregated delta
frame in the respective FIFO buffer with a priority according to an original position of the two or more delta frames aggregated;
and

transmitting the aggregated delta frame to the respective viewing client.

US Pat. No. 9,141,983

SHARED DATA SETS COMBINED WITH USER-SPECIFIC PURCHASED DATA SETS

salesforce.com, inc., Sa...

1. A computer-implemented method comprising:
identifying a user;
associating the user with data in a shared database, the shared database being shared by multiple users having access to different
subsets of the data in the shared database;

receiving a purchased dataset from the identified user, wherein the purchased dataset comprises multiple child data sets related
to a particular fields of the shared database;

determining relationships between records of the purchased dataset and records of the shared database;
determining relationships between fields of the purchased dataset and fields of the shared database;
adding the purchased dataset to a delta tune associated with the slanted database based on the determined record relationships
and field relationships;

storing the delta table for the identified user;
adding references to the shared, database to provide access to the delta table;
providing access to the purchased dataset stored in the delta table to the user through requests for data in the shared database;
receiving a second purchased data set from the identified user;
adding the second purchased dataset to the delta table; and
simultaneously providing access to the first and second purchased datasets through request for data in the shared database.

US Pat. No. 9,069,593

SYSTEMS AND METHODS FOR DELETION OF UNTRACKED DATASTORE PATHS

salesforce.com, inc., Sa...

1. A method for deleting datastore paths corresponding to deleted virtual machines on a host computer, the method comprising:
obtaining a first set of datastore paths from a datastore, the first set of datastore paths corresponding to a first set of
virtual machines;

obtaining a second set of datastore paths, the second set of datastore paths corresponding to all existing virtual machines
on the host computer, wherein the first and second sets of datastore paths identify locations on one or more physical disks
of the datastore;

comparing the first set of datastore paths with the second list set of datastore paths; and
deleting, based on the comparison, datastore paths in the first set of datastore paths that are not contained in the second
set of datastore paths from the one or more physical disks of the datastore, the deleted datastore paths representing mappings
to files corresponding to one or more deleted virtual machines, and the deleted one or more virtual machines having been base
image virtual machines from which linked clone virtual machines were created prior to deletion.

US Pat. No. 9,069,858

SYSTEMS AND METHODS FOR IDENTIFYING ENTITY MENTIONS REFERENCING A SAME REAL-WORLD ENTITY

salesforce.com, inc., Sa...

1. A method for identifying entity mentions referencing a same real-world entity, the method including:
selecting one or more core entity attributes that represent a real-world entity as a first search attribute set for use in
searching biographical sources, including in the selection applying one or more probability distribution functions or joint
probability distribution functions to estimate resulting cohort size;

generating one or more searches for processing by a plurality of biographical sources using the first search attribute set;
electronically receiving, responsive to the first search attribute set, entity reflections that include supplemental entity
attributes for the real-world entity;

combining the core and supplemental attributes in an anchor entity candidate data object with extended entity attributes that
represent the real-world entity;

selecting one or more extended entity attributes as a second search attribute set for use in searching web sources, including
applying one or more further probability distribution functions or joint probability distribution functions to estimate resulting
cohort size,

generating one or more further web searches using the second search attribute set;
electronically receiving, responsive to the second search attribute set, more entity reflections that include meta entity
attributes for the real-world entity; and

updating the anchor entity candidate to include one or more of the meta entity attributes.

US Pat. No. 9,071,594

APPLICATION IDENTITY DESIGN

salesforce.com, inc., Sa...

1. An interoperability network comprising one or more computing devices configured to:
receive a request for a first service to perform a particular task involving a second service on behalf of a first user, wherein
the first and second services are in communication with an interoperability network and are provided by first and second independent
service providers, respectively;

determine whether the first user has provided a first set of credentials that defines access information associated with the
second service, the first set of credentials being included among a plurality of sets of credentials stored on one or more
storage media accessible through the interoperability network;

determine whether the first service is authorized to act on behalf of the first user with respect to the second service with
reference to one or more of a plurality of permissions stored on the one or more storage media; and

where the first user has provided the first set of credentials, and where the first service is authorized to act on behalf
of the first user with respect to the second service, authorizing the first service to perform the particular task involving
the second service on behalf of the first user.

US Pat. No. 9,069,788

TRUNCATING DATA ASSOCIATED WITH OBJECTS IN A MULTI-TENANT DATABASE

salesforce.com, inc., Sa...

6. A computer-implemented method of removing stored data associated with a database object, the method comprising:
assigning a new and previously unused key prefix to an existing database object to disassociate stored data from an old key
prefix, resulting in an empty database object that is void of data;

updating a graphical representation of a table to reflect the empty database object and
presenting the graphical representation of the table to a user, wherein:
the existing database object includes a first entry that is linked to a foreign key maintained in a second entry of a target
database object, the foreign key stored in a field identified by a first column number; and

the method further comprises altering metadata for the second entry of the target database object by replacing the first column
number with a new and previously unused column number, in response to assigning the new and previously unused key prefix to
the existing database object.

US Pat. No. 9,948,721

METHODS AND SYSTEMS FOR PROVIDING TIME AND DATE SPECIFIC SOFTWARE USER INTERFACES

salesforce.com, inc., Sa...

1. A computer processing system including one or more processors and a non-transitory computer-readable medium storing computer-executable instructions for controlling the one or more processors to:receive a first login request from a user at a first time;
register a second time at which the user logs out;
store an interface state for a web page responsive to the user logging out at the second time;
receive a second login request from the user at a third time after the second time;
determine a first amount of time that elapsed between the third time and the first time;
determine whether the first amount time is more than a first threshold amount of time;
provide, responsive to a determination that the first amount of time is more than a first threshold amount of time, the web page according to a default display state; and
provide, responsive to a determination that the first amount of time is less than a first threshold amount of time, the web page according to the interface state.

US Pat. No. 9,569,060

COMPUTER IMPLEMENTED METHODS AND APPARATUS FOR COMPOSING AND BATCH PUBLISHING FEED ITEMS IN A FEED-BASED INTERACTION CONTEXT

salesforce.com, inc., Sa...

1. A computer-implemented method for composing and batch publishing feed items in a user interface of an online social network,
the method comprising:
causing display of the user interface on a display device, the user interface comprising a first user interface component
and a second user interface component in the same window, the first user interface component comprising a plurality of unpublished
feed items, the second user interface component comprising a plurality of previously published feed items from a social media
feed of the online social network, the social media feed associated with a first record stored in a database;

receiving, via a first prompt in the first user interface component, first feed item data for a first feed item related to
the first record;

receiving a request to compose a second feed item;
receiving, via a second prompt in the first user interface component, second feed item data for a second feed item related
to the first record, the first feed item remaining unpublished while the second feed item data is received;

receiving a single input requesting simultaneous publishing of at least the first feed item and the second feed item; and
responsive to receiving the single input, causing the second user interface component to be updated to simultaneously include
at least the first feed item and the second feed item among the plurality of previously published feed items from the social
media feed of the online social network.

US Pat. No. 9,507,627

METHODS AND SYSTEMS FOR BATCH PROCESSING IN AN ON-DEMAND SERVICE ENVIRONMENT

salesforce.com, inc., Sa...

1. A method in a system having at least a processor and a memory therein for executing instructions, wherein the method comprises:
communicating, via a request interface of the system, with a remotely connected client device during a synchronous request/reply
session established between the client device and the request interface of the system;

receiving at the request interface of the system, a request for synchronous processing from the remotely connected client
device, the request specifying a real-time transaction request to retrieve or store data on behalf of the client device at
a database system communicably interfaced with the system;

rejecting or terminating the real-time transaction request;
receiving, at the system, a batch processing request from the remotely connected client device, the batch processing request
re-submitting the real-time transaction request to retrieve or store data on behalf of the client device at a database system
as a batch processing request to be completed via asynchronous processing at the database system;

dividing the batch processing request into a plurality of processing target sub-groups;
queuing the batch processing request within a batch processing queue;
releasing each of the plurality of processing target sub-groups for processing by the database system at one or more times
specified by the batch processing queue; and

sending a completion status to an originator of the batch processing request, the completion status indicating a successful
or unsuccessful completion for each processing target sub-group, wherein each completion status comprises a status selected
from the group comprising:

complete and committed without error;
complete and committed after re-try due to excessive use of resources;
complete and committed after re-try due to excessive workload at the database system; and
abort due to one or more errors for the respective processing target sub-group, wherein any database transaction error for
the respective processing target sub-group prevents committing transaction associated with the respective processing target
sub-group to the database system.

US Pat. No. 9,495,282

METHOD AND SYSTEMS FOR A DASHBOARD TESTING FRAMEWORK IN AN ONLINE DEMAND SERVICE ENVIRONMENT

salesforce.com, inc., Sa...

1. A method for testing a dashboard framework in an online demand service environment, the method comprising:
identifying a Graphical User Interface (GUI) application created by a computing system and displayed on a display of the computing
system, the GUI application having a plurality of elements on the online demand service environment;

capturing a first set of text values for the plurality of elements for the GUI application in a first state, each text value
of the first set of text values representing an element attribute;

normalizing at least some of the first set of text values of the plurality of elements to remove the text value element attributes
and to form a set of normalized values for the at least some of the first set of text values of the plurality of elements
by replacing a first text value element attribute of the first set of text values in the GUI application with a first canonical
value that matches a first corresponding benchmark value for a first corresponding element, the first canonical value replacing
the text value element attributes associated with the GUI application that change from a first run of the GUI application
to a second run of the GUI application;

comparing the first set of normalized values for the plurality of elements with a first set of benchmark values for the GUI
application in the first state; and

validating the first set of normalized values for the plurality of elements when the first set of normalized values for the
plurality of elements matches the first set of benchmark values for the GUI application in the first state.

US Pat. No. 9,442,783

METHODS AND SYSTEMS FOR PROVIDING SECURITY FOR PAGE FRAMING

salesforce.com, inc., Sa...

1. A method for analyzing a page to be presented by a browser executed by one or more processors of a computing platform,
the method comprising:
blocking loading of the page with the one or more processors;
determining, with the one or more processors, if the page is framed by a second page;
enabling the page with the one or more processors if the testing indicates that the page is not framed by a second page;
inspecting each level of a hierarchy of framing pages with the one or more processors to determine whether each level is authorized
by, for each level of the hierarchy, determining whether the page at that level of the hierarchy is authorized to frame by

launching a frame having a locator address corresponding to a domain of the framing page to be tested,
determining whether the domain of the launched frame matches a domain of the framing page to be tested, and
providing an indication to the framed page of whether the domain of the launched frame and the domain of the framing page
to be tested match by utilizing a challenge request-response exchange between the domain of the launched frame and the domain
of the framed page to secure the verification process; and

enabling the page with the one or more processors if the inspecting indicates that each level of the hierarchy of framing
pages is authorized.

US Pat. No. 9,424,283

SOCIAL FILES

salesforce.com, inc., Sa...

1. A system comprising:
database system software stored on a non-transitory data storage medium for execution by at least one processor associated
with a database system, the database system software operable to cause:

processing, using the database system, a first request to share a private file with a community, the community being a shared
online resource accessible only to a plurality of community members added by a community owner;

storing, using the database system, the private file as a first one of a plurality of community files in a community library
maintained in at least one database of the database system on behalf of the community, the community files configured to allow
only at least one designated community member to update the community files, the first community file capable of being updated
with activity stream updates capable of being identified in an activity stream associated with the community library, the
activity stream provided to inform the community members of activity associated with the community;

displaying, at a user device of a first community member, at least a portion of the activity stream in a user interface, the
portion of the activity stream comprising a first activity stream update identifying the first community file;

processing, using the database system, a second request to update the first community file, the second request received from
the user device on behalf of the first community member;

responsive to processing the second request, identifying, using the database system, at least one of a plurality of access
roles for the first community member, the access roles comprising at least one of: an editor role, a contributor role, or
a reader role;

determining, using the database system, that the identified access role is the editor role or the contributor role;
responsive to determining that the identified access role is the editor role or the contributor role, updating, using the
database system, the first community file with a first update; and

displaying, at the user device in the activity stream, a second activity stream update identifying the first update to the
first community file.

US Pat. No. 9,348,576

METHODS AND SYSTEMS FOR UPGRADING AND INSTALLING APPLICATION PACKAGES TO AN APPLICATION PLATFORM

salesforce.com, inc., Sa...

1. A method for upgrading application packages installed to an application platform and managed by an on-demand database service,
comprising:
storing an uploaded application package at a directory that is accessible by a plurality of subscribers, the application package
being created by a developer and including a set of metadata components;

wherein application packages subject to a name conflict are enhanced with explicit namespace declarations;
responsive to receiving from a first subscriber a selection of the application package, installing the application package
to the first subscriber on an application platform of the on-demand database service;

receiving, from the developer, a new version of the uploaded application package at the directory;
enforcing restrictions on modification of software entities in the new version of the uploaded application package, wherein
the restrictions prevent the developer from making invalid changes to custom field types and API names of the uploaded application
package;

storing the new version, wherein the stored new version includes a) any new metadata component or components relative to a
prior version, b) any changes to a metadata component of a prior version;

informing the first subscriber of the new version of the application package; and
responsive to receiving from the first subscriber a selection of the new version, installing the new version to the first
subscriber.

US Pat. No. 9,171,033

METHOD AND SYSTEM FOR ALLOWING ACCESS TO DEVELOPED APPLICATIONS VIA A MULTI-TENANT ON-DEMAND DATABASE SERVICE

salesforce.com, inc., Sa...

1. A method, comprising:
receiving a developed application at a system from a developer;
determining by the system whether one or more functional tests have been written for the developed application that cover
a predetermined percentage of code of the developed application;

in response to a determination by the system that the one or more functional tests have been written and cover the predetermined
percentage of code of the developed application, testing the developed application by the system utilizing the one or more
functional tests, and conditionally allowing publication by the system of the developed application, based on the testing;

in response to a determination by the system that the one or more functional tests have been written and do not cover the
predetermined percentage of code of the developed application, or that one or more functional tests have not been written
for the developed application, disallowing publication by the system of the developed application; and

in response to the publication by the system of the developed application, limiting by the system a plurality of aspects of
the developed application, the plurality of aspects including:

a number of electronic mail messages sent utilizing the developed application,
an amount of resources made available to each of the developed application,
service calls out by the developed application to other systems external to the system,
a number of queries made utilizing the developed application,
a number of rows processed,
a number of transaction statements,
a duration of processing by the developed application, and
a number of modification statements to a database made utilizing the developed application.

US Pat. No. 9,058,361

METHOD AND SYSTEM FOR APPLYING A GROUP OF INSTRUCTIONS TO METADATA

salesforce.com, inc., Sa...

1. A method, comprising:
identifying, at a database system, that a rule has been triggered;
in response to the rule being triggered, receiving, at the database system from an application running on the database system,
a first request including a first instruction indicating an operation to be performed on a set of first metadata, wherein
the set of first metadata includes a name, a data type, and an object name, and describes a portion of data stored by the
database system, and wherein the first request indicates that the operation is to be handled by an asynchronous process;

based on the first instruction:
performing the operation on the set of first metadata;
prompting, by the database system, a subscriber of the database system for user input;
receiving, at the database system, the user input from the subscriber, the user input including a second request including
a second instruction indicating a modification to be performed on a set of second metadata that specifies a data type for
another portion of data stored by the database service, wherein the second request indicates that the modification is to be
handled by a synchronous process;

determining whether the modification is permissible using a rule that indicates a size limit associated with the set of second
metadata;

performing the modification to the set of second metadata, when it is determined that the modification is permissible;
wherein the asynchronous process includes a thread pool that is allocated a finite amount of a local resources such that the
at least one first instruction is only processed when the local thread pool has sufficient capacity to process the at least
one first instruction and is only processed in at least near-real time when, in response to receipt of the first request,
the local thread pool has the sufficient capacity to process the at least one first instruction;

wherein the synchronous process is automatically allocated with sufficient resources to process the second instruction such
that the second instruction is processed in at least near-real time.

US Pat. No. 9,619,642

UNICODE-BASED IMAGE GENERATION AND TESTING

salesforce.com, inc., Sa...

11. A system for generating an image for use in a test to tell computers and humans apart comprising:
a web server, the web server receiving a request for an image from a client device; and
a test server, the test server being configured to:
receive the request for the image via the web server;
receive a selection of a range of characters corresponding to code points from Unicode plane 0, the selected range of characters
at least including the 8-bit ASCII character range;

receive a selection of a font for the selected range of characters;
test each character in the selected range of characters, characters of the selected range of characters that pass the testing
forming a challenge character subset, the testing comprising:

determining if the character has a glyph in the selected font;
determining if the character is a whitespace character;
determining if the character leaves a visible impression;
receive a selection of a number of challenge characters;
generate, in response to receiving the request for the image:
a challenge comprising a plurality of selected characters from the challenge character subset, the number of characters in
the challenge equaling the selected number of challenge characters, and

a response comprising a plurality of characters from the challenge character subset, the response having a character count
that is greater than the selected number of challenge characters and the response including the characters in the challenge,
each character in the response having a font size selected from a range having a predetermined maximum, the generated image
comprising the generated challenge and the generated response;

calculate a solution threshold, the solution threshold being a value based on the selected font size of each of the characters
in the challenge included in the response and a predetermined distance from the locations of each of the characters in the
challenge included in the response; and

providing the generated image to the web server.

US Pat. No. 9,602,597

SYSTEM AND METHOD FOR SYNCHRONIZING DATA OBJECTS IN A CLOUD BASED SOCIAL NETWORKING ENVIRONMENT

salesforce.com, inc., Sa...

1. A method of synchronizing and sharing data objects in a cloud based social networking environment of the type including
a collaboration cloud, the method comprising:
defining a sharing configuration based on at least one metadata key word, within the collaboration cloud, the sharing configuration
including a second computing device;

running a dedicated client synchronization application on a first computing device;
updating a data object using the first computing device;
automatically synchronizing the updated data object with the collaboration cloud; and
propagating, using the collaboration cloud, the updated data object to the second computing device.

US Pat. No. 9,507,940

ADAPTING A SECURITY TOOL FOR PERFORMING SECURITY ANALYSIS ON A SOFTWARE APPLICATION

salesforce.com, inc., Sa...

1. A method for adapting a security tool for performing security analysis on a software application, the method comprising:
maintaining a registry of security tools comprising a plurality of registry entries, wherein each of the plurality of registry
entries is associated with a particular security tool and with software component criteria;

receiving code for a software application;
comparing component criteria for each security tool against each component of the software application, wherein the component
criteria for each respective security tool indicate which components of the software application the respective security tool
is designed to analyze for security vulnerabilities;

receiving a questionnaire associated with the software application, wherein the questionnaire includes one or more queries
regarding security-related tasks previously performed by the user and security vulnerabilities identified by the;

generating a risk score based on the questionnaire;
generating a tool-specific package for each component of the software application based on the components of the software
application, the questionnaire, and the risk score, wherein the tool-specific package comprises one or more security tools
that are designed to analyze the respective component of the software application for security vulnerabilities;

processing the tool-specific package for each component of the software application to analyze the software application to
identify one or more security vulnerabilities using the tool-specific package; and

notifying a user of the identified one or more security vulnerabilities.

US Pat. No. 9,462,002

SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR SHARING FILES BASED ON USER PROFILE VISIBILITY

salesforce.com, inc., Sa...

1. A non-transitory computer-readable medium having computer readable program code embodied therein, the computer readable
program code capable of being executed to implement a method comprising:
providing a community network service to a plurality of users through a computer system, wherein the computer system is configured
to store in memory one or more profiles for various sets of one or more of the plurality of users, wherein each of the one
or more profiles identifies which of the plurality of users are permitted to access information associated with that profile;

receiving, by the community network service from a first user of the plurality of users, a first file posted to a first set
of two or more users that are a subset of the plurality of users;

in response to receiving the first file, including a reference to the first file in one or more profiles associated with the
first set of users;

receiving, by the community network service from a second user of the plurality of users, a request for one or more files,
wherein the request specifies criteria for identifying the one or more files;

generating, by the community network service, a query in accordance with the request;
executing the query, including:
in response to determining that the first file meets the specified criteria and in response to determining a set of profiles
that each include a reference to the first file, providing, to the second user, access to the first file when at least one
of the determined set of profiles is accessible to the second user; and

otherwise, denying the second user from accessing the first file.

US Pat. No. 9,361,366

METHOD AND SYSTEM FOR CONTROLLING ACCESS TO A MULTI-TENANT DATABASE SYSTEM USING A VIRTUAL PORTAL

salesforce.com, inc., Sa...

1. A method for controlling access to a multi-tenant database system using a virtual portal, the multi-tenant database system
to provide a customer relationship management (CRM) system via one or more server computing system that provide CRM applications,
related data, code, forms pages and database system related data, objects and content, wherein the system stores data for
multiple tenants in the same physical database object with tenant data arranged so that data corresponding to respective tenants
is kept logically separate from that of other tenants so that one tenant does not have access to another tenant's data unless
such data is expressly shared, the method comprising:
receiving from one of a plurality of tenants, a request to permit at least one first tenant user to access a sub-portion of
authorized content on the database authorized to the one of a plurality of tenants to access, which is stored with remaining
content authorized to remaining tenants of the plurality of tenants to access on-demand;

configuring a plurality of portal display registries to be associated with one of the plurality of tenants such that anyone
of the plurality of tenants is associated with a display registry that is different from the portal display registry associated
with the remaining tenants of the plurality of tenants storing in one of the plurality of portal display registries information
identifying accessible content that may be accessed by the tenant associated therewith and a subpart of the accessible content
that the tenant may not allow the at least one first tenant user to access, with the accessible content including said authorized
content and the sub-part including content provided by an owner of the multi-tenant based system; and

permitting the at least one first tenant user to access the sub-portion through a portal in response to determining that the
sub-portion is not included in the sub-part.