公开(公告)号：US11190511B2

公开(公告)日：2021-11-30

申请号：US16261217

申请日：2019-01-29

Applicant: salesforce.com, inc.

Inventor： Jagadeesh Kunda ,  Ariel Anant Chavan ,  Qian Han ,  Yifan Wang ,  Kamran Riaz Khan ,  Vishal Agarwal

IPC: H04L29/06 ,  G06F21/45

Abstract: Techniques are disclosed relating to generating authentication information independent of user input. In some embodiments, an authentication application repeatedly performs operations to authenticate a client application to one or more hosts of a server system during an automated tasks. In some such embodiments, an instance of the operations includes receiving, from the client application, a request to generate authentication information. In response to the request, the authentication application may retrieve authentication data for the user and, independent of user input, generate an item of authentication information based on the authentication data. The authentication application may then output the item of authentication information to the client application, where the item of authentication information is usable by the client application to authenticate to at least one of the one or more hosts.

公开(公告)号：US20200244659A1

公开(公告)日：2020-07-30

申请号：US16261217

申请日：2019-01-29

Applicant: salesforce.com, inc.

Inventor： Jagadeesh Kunda ,  Ariel Anant Chavan ,  Qian Han ,  Yifan Wang ,  Kamran Riaz Khan ,  Vishal Agarwal

IPC: H04L29/06 ,  G06F21/45

Abstract: Techniques are disclosed relating to generating authentication information independent of user input. In some embodiments, an authentication application repeatedly performs operations to authenticate a client application to one or more hosts of a server system during an automated tasks. In some such embodiments, an instance of the operations includes receiving, from the client application, a request to generate authentication information. In response to the request, the authentication application may retrieve authentication data for the user and, independent of user input, generate an item of authentication information based on the authentication data. The authentication application may then output the item of authentication information to the client application, where the item of authentication information is usable by the client application to authenticate to at least one of the one or more hosts.

公开(公告)号：US11743044B2

公开(公告)日：2023-08-29

申请号：US17480806

申请日：2021-09-21

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal ,  Vishal Agarwal

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L9/3073 ,  H04L9/0841 ,  H04L9/0877 ,  H04L9/3271

Abstract: Multiple systems, methods, and computer program product embodiments for password-less authentication using key agreement and multi-party computation (MPC). In one or more embodiments, following an authentication request received by a host computing device, the host computing device and a user computing device generate a shared key using a key agreement algorithm. Then, the host computing device generates a challenge that is encrypted using the shared key and transmitted to the user computing device. The user computing device decrypts the challenge after regenerating the shared key and sends the decrypted result to the host computing device as the challenge response. The authentication request is granted by the host computing device if the challenge and the challenge response match. New keys and a new challenge are generated for each authentication request. This process relies on public key cryptography eliminating the needs for passwords.

公开(公告)号：US20230089865A1

公开(公告)日：2023-03-23

申请号：US17480806

申请日：2021-09-21

Applicant: salesforce.com, inc.

Inventor： Prasad PEDDADA ,  Taher Elgamal ,  Vishal Agarwal

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/32

Abstract: Multiple systems, methods, and computer program product embodiments for password-less authentication using key agreement and multi-party computation (MPC). In one or more embodiments, following an authentication request received by a host computing device, the host computing device and a user computing device generate a shared key using a key agreement algorithm. Then, the host computing device generates a challenge that is encrypted using the shared key and transmitted to the user computing device. The user computing device decrypts the challenge after regenerating the shared key and sends the decrypted result to the host computing device as the challenge response. The authentication request is granted by the host computing device if the challenge and the challenge response match. New keys and a new challenge are generated for each authentication request. This process relies on public key cryptography eliminating the needs for passwords.

公开(公告)号：US20220019478A1

公开(公告)日：2022-01-20

申请号：US16930900

申请日：2020-07-16

Applicant: salesforce.com, inc.

Inventor： Giridharan Sridharan ,  Sridhar Dutta ,  Aman Gulati ,  Fiaz Hossain ,  Vishal Agarwal ,  Gage David Laufenberg

IPC: G06F9/50 ,  H04L9/32 ,  G06F9/445

Abstract: Examples include a system and computer-implemented method to create a cloud native workload identity (CNWI) and assign the CNWI to an instance of a workload to be instantiated in a cloud computing environment of a cloud service provider (CSP); translate the CNWI into a cloud agnostic workload identity (CAWI) and assign the CAWI to the workload instance; and use the CAWI by the workload instance to communicate with other workloads in the same or a different CSP.