公开(公告)号：US11728974B2

公开(公告)日：2023-08-15

申请号：US17162766

申请日：2021-01-29

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal

IPC: H04L9/08 ,  H04L9/30

CPC classification number: H04L9/0825 ,  H04L9/083 ,  H04L9/085 ,  H04L9/0841 ,  H04L9/0894 ,  H04L9/3066

Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A security module running on a database server may generate a private key-public key pair in response to receiving a request to store client data in a database. The security module may then transmit a request to derive a symmetric key to a key server, the request including the generated public key. The key server may derive a symmetric key, using key agreement and a key derivation function, based on the received public key and a private key managed by the key server. The security module may then receive the symmetric key from the key server and encrypt the client data. To facilitate decryption, the public key used to generate the symmetric key and an identifier for the private key managed by the key server may be stored in metadata associated with the client data.

公开(公告)号：US20230128131A1

公开(公告)日：2023-04-27

申请号：US17649549

申请日：2022-01-31

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal

IPC: H04L9/08 ,  H04L9/32

Abstract: A client application and a local security controller (LSC) executing on a host computing device use a Multiparty Computation (MPC) cryptographic key generation technique to create two fragments of a split private key, which are held by the client application and LSC, respectively. The client application generates a certificate signing request (CSR). The client application and LSC sign the CSR with the split private key using an MPC technique. The LSC then signs a token from the client application to indicate that the private key corresponding to the CSR is MPC-backed. A package with the CSR and the first and second signatures is then sent to a remote device acting as a certificate authority. The remote device verifies the two signatures and issues a certificate to the client application. The second signature is verified using information sent to the remote device from the LSC during a registration process.

公开(公告)号：US20230126356A1

公开(公告)日：2023-04-27

申请号：US17649547

申请日：2022-01-31

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal

IPC: H04L9/08 ,  H04L9/32

Abstract: A remote security controller (RSC) generates a private key for a client application on a different host computing device and splits the private key into a first fragment and a second fragment. The first fragment, but not the second fragment, is encrypted using a symmetric key. The split private key is returned to the different host computing device. A local security controller (LSC) on the different host computing device is able to derive the symmetric key using a key agreement protocol with the RSC. When the client application needs to digitally sign a data value with the split private key, the client application generates a first partial Multiparty Computation (MPC) signature using the second fragment. The LSC generates a second partial MPC signature with the first fragment, which has been decrypted using the symmetric key. The first and second partial MPC signatures are combinable to digitally sign the data value.

公开(公告)号：US20220182374A1

公开(公告)日：2022-06-09

申请号：US17112525

申请日：2020-12-04

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal

IPC: H04L29/06

Abstract: A service may leverage a mutual transport layer security (mTLS) service to authenticate a client that is configured with a client certificate chain. The client may request access to the service, and the service may transmit a redirection response to the client. The redirection response may indicate an endpoint for the mTLS service that is associated with the tenant. In response to receiving the redirection response, the client may perform a digital handshake with the mTLS service, and the mTLS service may validate the client digital certificate and digitally sign the client digital certificate. The mTLS may transmit a redirection response, which redirects the client to the service where the client presents an indication of the digitally signed digital certificate chain. The service may validate the chain of trust associated with the digitally signed digital certificate chain and issue an indication that the client is authenticated to access the service.

公开(公告)号：US11265156B2

公开(公告)日：2022-03-01

申请号：US16938715

申请日：2020-07-24

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal ,  Aaron Marcus Johnson

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/06 ,  H04L9/30

Abstract: A client system may generate a new key pair for a secrets management process. The client may generate a shared secret using the private key of the new key pair and a public key of a secrets management server. Using the shared secret, the client may derive an encryption key and encrypt a data payload for subsequent decryption by the secrets management server. Upon encryption of the data payload, the client may erase the private key. Subsequently, the client or an associated client may call the secrets management server for decryption of the data payload. The secrets management server may derive the encryption key using the public key associated with the encrypted payload and the private key of the secrets management server and use the encryption key to decrypt the data payload for use by the client or an associated client.

公开(公告)号：US20210226938A1

公开(公告)日：2021-07-22

申请号：US17221340

申请日：2021-04-02

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/30

Abstract: Techniques are disclosed relating to user authentication using multi-party computation and public key cryptography. In some embodiments, a server may receive, from a client, a request to authenticate a user to a service. The server may access key-pair information that includes, for a server key-pair, a first component of a server private key and, for a client key-pair, a client public key and a first component of a client private key. The server may generate a partial signature value that is based on the first component, but not the entirety, of the server private key. The server may send, to the client, an authentication challenge that includes challenge information and the partial signature value. The server may then determine whether to authenticate the user based on an authentication response from the client.

公开(公告)号：US10594685B2

公开(公告)日：2020-03-17

申请号：US15788732

申请日：2017-10-19

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal ,  Gursev Singh Kalra

IPC: H04L29/06 ,  G06F21/31

Abstract: Methods, systems, and devices for user authentication are described. A user may attempt an authentication procedure when accessing an application or cloud platform. When the user requests access to the application or cloud platform, a server may determine one or more unique identifiers to display at a first application for the user, and the user may select one of the unique identifiers. The server may then display unique identifiers (e.g., in some cases, the same unique identifiers) at a second application associated with the user. The user may verify that the selected unique identifier is displayed on the second application, and may select the same unique identifier in the second application. Additionally, the user may input a user-specific identifier to confirm their identity. The server may authenticate the user's identity if the user selected matching unique identifiers, and if the user-specific identifier matches an expected identifier for the user.

公开(公告)号：US20190124066A1

公开(公告)日：2019-04-25

申请号：US15788732

申请日：2017-10-19

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal ,  Gursev Singh Kalra

IPC: H04L29/06

CPC classification number: H04L63/083 ,  G06F21/31 ,  H04L63/0838 ,  H04L63/0853 ,  H04L63/0861 ,  H04L63/166

Abstract: Methods, systems, and devices for user authentication are described. A user may attempt an authentication procedure when accessing an application or cloud platform. When the user requests access to the application or cloud platform, a server may determine one or more unique identifiers to display at a first application for the user, and the user may select one of the unique identifiers. The server may then display unique identifiers (e.g., in some cases, the same unique identifiers) at a second application associated with the user. The user may verify that the selected unique identifier is displayed on the second application, and may select the same unique identifier in the second application. Additionally, the user may input a user-specific identifier to confirm their identity. The server may authenticate the user's identity if the user selected matching unique identifiers, and if the user-specific identifier matches an expected identifier for the user.

公开(公告)号：US20160261408A1

公开(公告)日：2016-09-08

申请号：US14635265

申请日：2015-03-02

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Jeremy Horwitz ,  Taher Elgamal ,  Matthew Steele ,  Ryan Guest

IPC: H04L9/08

Abstract: Embodiments include an apparatus for securing customer data and include a processor, and one or more stored sequences of instructions which, when executed, cause the processor to store an encrypted first key fragment in a first storage area, store an encrypted second key fragment in a separate second storage area, wherein access to the first storage area and to the second storage area is mutually exclusive. The instructions further cause the processor to decrypt the encrypted first key fragment and the encrypted second key fragment using a key set and keys associated with a hardware security module based on receiving a request to derive a master key. The master key is derived using the decrypted first key fragment and the decrypted second key fragment and stored in an in-memory cache. The master key is used to encrypt or to decrypt encrypted customer data.

Abstract translation: 实施例包括用于保护客户数据并包括处理器的装置，以及一个或多个存储的指令序列，当被执行时，使得处理器将加密的第一密钥片段存储在第一存储区域中，将加密的第二密钥片段存储在 分离的第二存储区域，其中对第一存储区域和第二存储区域的访问是互斥的。 所述指令还使所述处理器基于接收到导出主密钥的请求，使用与硬件安全模块相关联的密钥集和密钥对所述加密的第一密钥片段和加密的第二密钥片段进行解密。 使用解密的第一密钥片段和解密的第二密钥片段导出主密钥并存储在内存中的高速缓存中。 主密钥用于加密或解密加密的客户数据。

公开(公告)号：US11997215B2

公开(公告)日：2024-05-28

申请号：US17649513

申请日：2022-01-31

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Matthew Schechtman ,  Taher Elgamal

IPC: G06F21/60 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L9/3247 ,  G06F21/602 ,  H04L9/0894

Abstract: Techniques are disclosed relating to the protection of secrets within a software development lifecycle. Developers can use an encryption service to encrypt a secret to be used by an application within a package. The secret can be associated with the application, and then encrypted and included in a package that is signed and passed through a software automation pipeline to a data center that hosts the production server for the application. The application executing on the production server can request that the secret be decrypted by a decryption service after package verification. A developer can also specify, in a manifest file, a set of secrets needed for applications executing in the same data center. The manifest file may be passed from the software development environment to the data center, where the specified secrets are created and used by the applications without ever residing or being accessible outside the data center.