-
公开(公告)号:US10412068B2
公开(公告)日:2019-09-10
申请号:US14961784
申请日:2015-12-07
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada
Abstract: Techniques are disclosed relating to signing and authentication of network messages such as API calls. A server system and a client system may collaboratively establish a shared secret key, which is then usable to sign such messages. These techniques may be useful in various situations, such as for integrations between different systems.
-
公开(公告)号:US10356088B1
公开(公告)日:2019-07-16
申请号:US15627031
申请日:2017-06-19
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada , Taher Elgamal
Abstract: An ID service provisioned on a server interacts with a corresponding ID app installed on a user device such as a smart phone for secure user authentication (login). A user acquires two asymmetric encryption keys pairs. One of the private keys is secured on SIM on the user device, and the other one stored in the ID app on the user device. At login attempt, the ID service generates two random challenge messages, and encrypts each of them with one of the public keys. Decryption of one challenge is conducted by the SIM and decryption of the other is done by the ID app. A token based on the two decrypted challenge results is returned to the ID service. Alternatively, a single challenge can be double-wrapped with the two keys. The verifies the results and enables secure login without requiring a password.
-
公开(公告)号:US20170163618A1
公开(公告)日:2017-06-08
申请号:US14961784
申请日:2015-12-07
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada
CPC classification number: H04L63/08 , H04L9/0844 , H04L9/0869 , H04L9/3236 , H04L9/3247 , H04L63/0442 , H04L63/10 , H04L63/126
Abstract: Techniques are disclosed relating to signing and authentication of network messages such as API calls. A server system and a client system may collaboratively establish a shared secret key, which is then usable to sign such messages. These techniques may be useful in various situations, such as for integrations between different systems.
-
公开(公告)号:US20160267296A1
公开(公告)日:2016-09-15
申请号:US15163338
申请日:2016-05-24
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada
CPC classification number: G06F21/6245 , G06F9/452 , G06F21/44 , G06F21/62 , G06F21/6218 , G06Q30/02 , G16H40/20 , H04L63/0876 , H04L63/102 , H04L63/105 , H04L67/22 , H04L67/42 , H04M3/51
Abstract: Techniques described herein can be implemented as one or a combination of methods, systems or processor executed code to form embodiments capable of improved protection of data or other computing resources based at least in part upon limiting access to a select number of delegates. Limited access to cloud data based on customer selected or other criterion, reducing the possibility of security exposures and/or improving privacy is provided for.
-
25.发明申请公开(公告)号:US20150135281A1
公开(公告)日:2015-05-14
申请号:US14600525
申请日:2015-01-20
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada
IPC: H04L29/06
CPC classification number: H04L63/105 , G06F21/629 , H04L41/28
Abstract: Methods and systems are described for providing support representative access to applications deployed in an enterprise network environment. An access provisioning system defines a support user class in a user profile database for an application executed on an organization partition within the network. The support user is granted read only privileges to metadata of the application. An organization administrator can grant support personnel access to the application as a support user, thus the ability to view, analyze, and possibly modify the metadata. The access provisioning system generates a Security Assertion Markup Language (SAML) assertion upon request by the support personnel to enable access to the data to the extent of the granted privileges. The SAML protocol includes authentication of the support representative as an authorized support user within the system.
Abstract translation: 描述了用于为部署在企业网络环境中的应用提供支持代表性访问的方法和系统。 访问配置系统在用户简档数据库中为在网络内的组织分区上执行的应用定义支持用户类。 支持用户被授予对应用程序的元数据的只读权限。 组织管理员可以支持人员作为支持用户访问应用程序,从而能够查看,分析和可能修改元数据。 访问配置系统根据支持人员的请求生成安全断言标记语言(Security Assertion Markup Language,SAML)断言,以便在授予的权限的范围内访问数据。 SAML协议包括作为系统内的授权支持用户的支持代表的认证。
-
Patent Agency Ranking
公开(公告)号:US20140047117A1
公开(公告)日:2014-02-13
申请号:US13762045
申请日:2013-02-07
Applicant: Salesforce.com, Inc.
Inventor: Nathan Jensen-Horne , Dileep Burki , Walter Sims Harley , Matthew Small , Kenneth Douglas Scott , David Andrew Brooks , Prasad Peddada , Hemang Patel , Gaurav Chawla , Theresa Vietvu , Shriman Gurram
IPC: H04L12/911
CPC classification number: H04L47/70 , G06F9/5061 , H04L41/5054 , H04L47/783 , H04L67/10
Abstract: Disclosed herein are techniques for creating a representation of dependency relationships between computing resources within a computing environment. In some implementations, one or more sources for dependency analysis may be identified. Each source may be capable of being accessed to provide computing functionality via the computing environment. Each source may include one or more references to a respective one or more computing resources. Each computing resource may define a unit of the computing functionality available within the computing environment. A plurality of dependency relationships may be identified based on the one or more sources. A dependency relationship representation may be created based on the identified dependency relationships.
Abstract translation: 这里公开了用于创建在计算环境内的计算资源之间的依赖关系的表示的技术。 在一些实现中,可以识别用于依赖关系分析的一个或多个源。 每个源可以被访问以通过计算环境提供计算功能。 每个源可以包括对相应的一个或多个计算资源的一个或多个引用。 每个计算资源可以定义计算环境内可用的计算功能的单位。 可以基于一个或多个源来识别多个依赖关系。 可以基于所识别的依赖关系来创建依赖关系表示。
-
公开(公告)号:US11997215B2
公开(公告)日:2024-05-28
申请号:US17649513
申请日:2022-01-31
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada , Matthew Schechtman , Taher Elgamal
CPC classification number: H04L9/3247 , G06F21/602 , H04L9/0894
Abstract: Techniques are disclosed relating to the protection of secrets within a software development lifecycle. Developers can use an encryption service to encrypt a secret to be used by an application within a package. The secret can be associated with the application, and then encrypted and included in a package that is signed and passed through a software automation pipeline to a data center that hosts the production server for the application. The application executing on the production server can request that the secret be decrypted by a decryption service after package verification. A developer can also specify, in a manifest file, a set of secrets needed for applications executing in the same data center. The manifest file may be passed from the software development environment to the data center, where the specified secrets are created and used by the applications without ever residing or being accessible outside the data center.
-
公开(公告)号:US20230246818A1
公开(公告)日:2023-08-03
申请号:US17649499
申请日:2022-01-31
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada , Taher Elgamal
CPC classification number: H04L9/0825 , G06F16/214 , G06F16/258
Abstract: Techniques are disclosed relating to secure data migration between different data zones via a message broker system for asynchronous communication. A migration policy engine is used to determine allowable data migrations. If a data migration is permitted, a set of data in the source data zone is encrypted using a symmetric key that is generated using a key agreement protocol that utilizes a public key of a data zone key pair of a destination data zone and a private key of a migration key pair. The source data zone writes the encrypted data and a public key of the migration key pair to the message broker system. The destination data zone then reads this data from the message broker system, and decrypts the data by deriving the symmetric key using the public key of the migration key pair and a private key of the data zone key pair.
-
29.发明公开公开(公告)号:US20230168872A1
公开(公告)日:2023-06-01
申请号:US17537216
申请日:2021-11-29
Applicant: salesforce.com, inc.
Inventor: Huy N. Hang , Kevin Venkiteswaran , Nirav K. Butala , Sriram Shankarlal , Prasad Peddada
Abstract: A cloud infrastructure is configured and deployed for managing services executed on a cloud platform. The cloud infrastructure includes a control datacenter configured to communicate with one or more service datacenters. The service datacenter deploys one or more application programming interfaces (API's) associated with a service. The service datacenter also deploys an administration agent. The control datacenter hosts an engine that receives requests from users to perform administration operations by invoking the administration API's. In this manner, the control datacenter functions as a centralized control mechanism that effectively distributes administration operation requests as they are received from users to service datacenters that can service the requests. The cloud infrastructure provides an auditable, compliant and secure management system for administering services for distributed systems running in the cloud.
-
公开(公告)号:US20230130121A1
公开(公告)日:2023-04-27
申请号:US17649546
申请日:2022-01-31
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada , Taher Elgamal
Abstract: In response to a key generation request from a client application, a security controller generates a cryptographic key pair and splits the private key portion into a first fragment and a second fragment. The first fragment, but not the second fragment, is encrypted using a symmetric wrapping key that is accessible to the security controller but not the client application. A key package with the encrypted first fragment is returned to the client application. When the client application needs to digitally sign a data value with the split private key, the client application generates a first partial Multiparty Computation (MPC) signature using the second fragment. The security controller generates a second partial MPC signature with the first fragment, which has been decrypted using the symmetric wrapping key. The first and second partial MPC signatures are combinable to digitally sign the data value.
-
-
-
-
-
-
-
-
-
Search Results
74
records
(took 0.024 seconds)
