-
公开(公告)号:US20220021524A1
公开(公告)日:2022-01-20
申请号:US16931210
申请日:2020-07-16
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada , Taher Elgamal , Aaron Johnson , Ryan Guest
Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A key identifier received from a security server may be stored by an application server. The key identifier may be associated with a private key that is accessible by the security server and not accessible by the application server. A request to derive a symmetric key may be transmitted from the application server to the security server, the request including a public key generated by the application server, a salt value, and the key identifier. The symmetric key may then be derived based on the transmitted public key and the private key using a key derivation function. The application server may then receive and store the symmetric key in an in-memory cache, and be used to securely encrypt data received by the application server from client devices.
-
Patent Agency Ranking
公开(公告)号:US11522691B2
公开(公告)日:2022-12-06
申请号:US17157843
申请日:2021-01-25
Applicant: salesforce.com, inc.
Inventor: Aaron Johnson , Christopher Pylypko , William Johnson
Abstract: Methods, systems, and devices supporting virtual cryptographic key ceremonies are described. A server may receive a plurality of public keys and a plurality of digital signatures comprising data encrypted using a plurality of private keys, where each private key of the plurality of private keys corresponds to a respective public key of the plurality of public keys. The server may generate a quorum token based on the plurality of signatures and the plurality of public keys, where generating the quorum token is based on the plurality of signatures representing at least a threshold number of pools. The server may receive a plurality of encrypted shares associated with respective pools of a plurality of pools, generate a master wrapping key based on generating the quorum token and receiving the plurality of encrypted shares, unwrap a root key using the master wrapping key, and generate a certificate based on the root key.
-
公开(公告)号:US20220123929A1
公开(公告)日:2022-04-21
申请号:US17157843
申请日:2021-01-25
Applicant: salesforce.com, inc.
Inventor: Aaron Johnson , Christopher Pylypko , William Johnson
Abstract: Methods, systems, and devices supporting virtual cryptographic key ceremonies are described. A server may receive a plurality of public keys and a plurality of digital signatures comprising data encrypted using a plurality of private keys, where each private key of the plurality of private keys corresponds to a respective public key of the plurality of public keys. The server may generate a quorum token based on the plurality of signatures and the plurality of public keys, where generating the quorum token is based on the plurality of signatures representing at least a threshold number of pools. The server may receive a plurality of encrypted shares associated with respective pools of a plurality of pools, generate a master wrapping key based on generating the quorum token and receiving the plurality of encrypted shares, unwrap a root key using the master wrapping key, and generate a certificate based on the root key.
-
公开(公告)号:US11522686B2
公开(公告)日:2022-12-06
申请号:US16931226
申请日:2020-07-16
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada , Taher Elgamal , Aaron Johnson , Ryan Guest
Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A key identifier received from a security server may be stored by an application server. The key identifier may be associated with a private key that is accessible by the security server and not accessible by the application server. A request to derive a symmetric key may be transmitted from the application server to the security server, the request including a public key generated by the application server, a salt value, and the key identifier. The symmetric key may then be derived based on the transmitted public key and the private key using a key derivation function. The application server may then receive and store the symmetric key in an in-memory cache, and be used to securely encrypt data received by the application server from client devices.
-
公开(公告)号:US11368292B2
公开(公告)日:2022-06-21
申请号:US16931210
申请日:2020-07-16
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada , Taher Elgamal , Aaron Johnson , Ryan Guest
Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A key identifier received from a security server may be stored by an application server. The key identifier may be associated with a private key that is accessible by the security server and not accessible by the application server. A request to derive a symmetric key may be transmitted from the application server to the security server, the request including a public key generated by the application server, a salt value, and the key identifier. The symmetric key may then be derived based on the transmitted public key and the private key using a key derivation function. The application server may then receive and store the symmetric key in an in-memory cache, and be used to securely encrypt data received by the application server from client devices.
-
公开(公告)号:US20220021525A1
公开(公告)日:2022-01-20
申请号:US16931226
申请日:2020-07-16
Applicant: salesforce.com, inc.
Inventor: Prasad PEDDADA , Taher Elgamal , Aaron Johnson , Ryan Guest
Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A key identifier received from a security server may be stored by an application server. The key identifier may be associated with a private key that is accessible by the security server and not accessible by the application server. A request to derive a symmetric key may be transmitted from the application server to the security server, the request including a public key generated by the application server, a salt value, and the key identifier. The symmetric key may then be derived based on the transmitted public key and the private key using a key derivation function. The application server may then receive and store the symmetric key in an in-memory cache, and be used to securely encrypt data received by the application server from client devices.
-
-
-
-
-
Search Results
6
records
(took 0.01 seconds)
