知搜-全球专利检索

  1. Login
  2. Sign Up

Search Results

74 records (took 0.018 seconds)

    USER SELECTED KEY AUTHENTICATION
    11.
    发明申请
    USER SELECTED KEY AUTHENTICATION 审中-公开

    公开(公告)号:US20190124066A1

    公开(公告)日:2019-04-25

    申请号:US15788732

    申请日:2017-10-19

    Applicant: salesforce.com, inc.

    Inventor: Prasad Peddada Taher Elgamal Gursev Singh Kalra

    IPC: H04L29/06

    CPC classification number: H04L63/083 G06F21/31 H04L63/0838 H04L63/0853 H04L63/0861 H04L63/166

    Abstract: Methods, systems, and devices for user authentication are described. A user may attempt an authentication procedure when accessing an application or cloud platform. When the user requests access to the application or cloud platform, a server may determine one or more unique identifiers to display at a first application for the user, and the user may select one of the unique identifiers. The server may then display unique identifiers (e.g., in some cases, the same unique identifiers) at a second application associated with the user. The user may verify that the selected unique identifier is displayed on the second application, and may select the same unique identifier in the second application. Additionally, the user may input a user-specific identifier to confirm their identity. The server may authenticate the user's identity if the user selected matching unique identifiers, and if the user-specific identifier matches an expected identifier for the user.

    SYSTEMS AND METHODS FOR SECURING DATA
    13.
    发明申请
    SYSTEMS AND METHODS FOR SECURING DATA 审中-公开
    用于保护数据的系统和方法

    公开(公告)号:US20160261408A1

    公开(公告)日:2016-09-08

    申请号:US14635265

    申请日:2015-03-02

    Applicant: salesforce.com, inc.

    Inventor: Prasad Peddada Jeremy Horwitz Taher Elgamal Matthew Steele Ryan Guest

    IPC: H04L9/08

    Abstract: Embodiments include an apparatus for securing customer data and include a processor, and one or more stored sequences of instructions which, when executed, cause the processor to store an encrypted first key fragment in a first storage area, store an encrypted second key fragment in a separate second storage area, wherein access to the first storage area and to the second storage area is mutually exclusive. The instructions further cause the processor to decrypt the encrypted first key fragment and the encrypted second key fragment using a key set and keys associated with a hardware security module based on receiving a request to derive a master key. The master key is derived using the decrypted first key fragment and the decrypted second key fragment and stored in an in-memory cache. The master key is used to encrypt or to decrypt encrypted customer data.

    Abstract translation: 实施例包括用于保护客户数据并包括处理器的装置,以及一个或多个存储的指令序列,当被执行时,使得处理器将加密的第一密钥片段存储在第一存储区域中,将加密的第二密钥片段存储在 分离的第二存储区域,其中对第一存储区域和第二存储区域的访问是互斥的。 所述指令还使所述处理器基于接收到导出主密钥的请求,使用与硬件安全模块相关联的密钥集和密钥对所述加密的第一密钥片段和加密的第二密钥片段进行解密。 使用解密的第一密钥片段和解密的第二密钥片段导出主密钥并存储在内存中的高速缓存中。 主密钥用于加密或解密加密的客户数据。

    Resolving information in a multitenant database environment
    14.
    发明授权
    Resolving information in a multitenant database environment 有权
    在多租户数据库环境中解析信息

    公开(公告)号:US08904011B2

    公开(公告)日:2014-12-02

    申请号:US13762045

    申请日:2013-02-07

    Applicant: salesforce.com, inc.

    Inventor: Nathan Jensen-Horne Dileep Burki Walter Sims Harley Matthew Small Kenneth Douglas Scott David Andrew Brooks Prasad Peddada Hemang Patel Gaurav Chawla Theresa Vietvu Shriman Gurram

    IPC: G06F15/173 G06F9/50 H04L12/911

    CPC classification number: H04L47/70 G06F9/5061 H04L41/5054 H04L47/783 H04L67/10

    Abstract: Disclosed herein are techniques for creating a representation of dependency relationships between computing resources within a computing environment. In some implementations, one or more sources for dependency analysis may be identified. Each source may be capable of being accessed to provide computing functionality via the computing environment. Each source may include one or more references to a respective one or more computing resources. Each computing resource may define a unit of the computing functionality available within the computing environment. A plurality of dependency relationships may be identified based on the one or more sources. A dependency relationship representation may be created based on the identified dependency relationships.

    Abstract translation: 这里公开了用于在计算环境内创建计算资源之间的依赖关系表示的技术。 在一些实现中,可以识别用于依赖关系分析的一个或多个源。 每个源可以被访问以通过计算环境提供计算功能。 每个源可以包括对相应的一个或多个计算资源的一个或多个引用。 每个计算资源可以定义计算环境内可用的计算功能的单位。 可以基于一个或多个源来识别多个依赖关系。 可以基于所识别的依赖关系来创建依赖关系表示。

    Protecting application private keys with remote and local security controllers and local MPC key generation
    15.
    发明授权
    Protecting application private keys with remote and local security controllers and local MPC key generation 有权

    公开(公告)号:US12088696B2

    公开(公告)日:2024-09-10

    申请号:US17649549

    申请日:2022-01-31

    Applicant: salesforce.com, inc.

    Inventor: Prasad Peddada Taher Elgamal

    IPC: H04L9/08 H04L9/32

    CPC classification number: H04L9/0825 H04L9/0841 H04L9/085 H04L9/0894 H04L9/3213 H04L9/3247 H04L9/3263 H04L2209/46

    Abstract: A client application and a local security controller (LSC) executing on a host computing device use a Multiparty Computation (MPC) cryptographic key generation technique to create two fragments of a split private key, which are held by the client application and LSC, respectively. The client application generates a certificate signing request (CSR). The client application and LSC sign the CSR with the split private key using an MPC technique. The LSC then signs a token from the client application to indicate that the private key corresponding to the CSR is MPC-backed. A package with the CSR and the first and second signatures is then sent to a remote device acting as a certificate authority. The remote device verifies the two signatures and issues a certificate to the client application. The second signature is verified using information sent to the remote device from the LSC during a registration process.

    Secret Protection During Software Development Life Cycle
    16.
    发明公开
    Secret Protection During Software Development Life Cycle 审中-公开

    公开(公告)号:US20230246845A1

    公开(公告)日:2023-08-03

    申请号:US17649513

    申请日:2022-01-31

    Applicant: salesforce.com, inc.

    Inventor: Prasad Peddada Matthew Schechtman Taher Elgamal

    IPC: H04L9/32 G06F21/60 H04L9/08

    CPC classification number: H04L9/3247 G06F21/602 H04L9/0894

    Abstract: Techniques are disclosed relating to the protection of secrets within a software development lifecycle. Developers can use an encryption service to encrypt a secret to be used by an application within a package. The secret can be associated with the application, and then encrypted and included in a package that is signed and passed through a software automation pipeline to a data center that hosts the production server for the application. The application executing on the production server can request that the secret be decrypted by a decryption service after package verification. A developer can also specify, in a manifest file, a set of secrets needed for applications executing in the same data center. The manifest file may be passed from the software development environment to the data center, where the specified secrets are created and used by the applications without ever residing or being accessible outside the data center.

    SECRETS MANAGEMENT USING KEY AGREEMENT
    18.
    发明申请
    SECRETS MANAGEMENT USING KEY AGREEMENT 有权

    公开(公告)号:US20220029790A1

    公开(公告)日:2022-01-27

    申请号:US16938715

    申请日:2020-07-24

    Applicant: salesforce.com, inc.

    Inventor: Prasad Peddada Taher Elgamal Aaron Marcus Johnson

    IPC: H04L9/08 H04L9/30 H04L9/06

    Abstract: A client system may generate a new key pair for a secrets management process. The client may generate a shared secret using the private key of the new key pair and a public key of a secrets management server. Using the shared secret, the client may derive an encryption key and encrypt a data payload for subsequent decryption by the secrets management server. Upon encryption of the data payload, the client may erase the private key. Subsequently, the client or an associated client may call the secrets management server for decryption of the data payload. The secrets management server may derive the encryption key using the public key associated with the encrypted payload and the private key of the secrets management server and use the encryption key to decrypt the data payload for use by the client or an associated client.

    Language-agnostic secure application development
    19.
    发明授权
    Language-agnostic secure application development 有权

    公开(公告)号:US10749689B1

    公开(公告)日:2020-08-18

    申请号:US15638249

    申请日:2017-06-29

    Applicant: salesforce.com, inc.

    Inventor: Prasad Peddada Ryan Guest Jonathan Brossard Travis Emmert

    IPC: H04L29/06 H04L9/32 H04L9/08 H04W12/04 H04W12/08 H04W12/06

    Abstract: The disclosed technology for a hardware system to access a secure backend system uses non-volatile memory to hold encrypted secrets, volatile memory to hold decrypted secrets ready for use, a keys-for-all (K4A) server, and app servers running K4A clients. To access the backend system in production, each app server uses a decrypted secret and a certificate that identifies the app server and certifies its role and physical and logical location. At initialization of the app server, a K4A client is instantiated that launches and tracks processes, running on the app server, that are authorized to request decryption services. The K4A client responds to a decryption request from an authorized process, determined based on tracking of processes launched, by requesting decryption by a K4A server, using the certificate, and returns to the process, in volatile memory, a decrypted secret or a reference to the decrypted secret, decrypted by the K4A server.

Patent Agency Ranking