公开(公告)号：US20230246818A1

公开(公告)日：2023-08-03

申请号：US17649499

申请日：2022-01-31

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal

IPC: H04L9/08 ,  G06F16/21 ,  G06F16/25

CPC classification number: H04L9/0825 ,  G06F16/214 ,  G06F16/258

Abstract: Techniques are disclosed relating to secure data migration between different data zones via a message broker system for asynchronous communication. A migration policy engine is used to determine allowable data migrations. If a data migration is permitted, a set of data in the source data zone is encrypted using a symmetric key that is generated using a key agreement protocol that utilizes a public key of a data zone key pair of a destination data zone and a private key of a migration key pair. The source data zone writes the encrypted data and a public key of the migration key pair to the message broker system. The destination data zone then reads this data from the message broker system, and decrypts the data by deriving the symmetric key using the public key of the migration key pair and a private key of the data zone key pair.

公开(公告)号：US20230130121A1

公开(公告)日：2023-04-27

申请号：US17649546

申请日：2022-01-31

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal

IPC: H04L9/08 ,  H04L9/32

Abstract: In response to a key generation request from a client application, a security controller generates a cryptographic key pair and splits the private key portion into a first fragment and a second fragment. The first fragment, but not the second fragment, is encrypted using a symmetric wrapping key that is accessible to the security controller but not the client application. A key package with the encrypted first fragment is returned to the client application. When the client application needs to digitally sign a data value with the split private key, the client application generates a first partial Multiparty Computation (MPC) signature using the second fragment. The security controller generates a second partial MPC signature with the first fragment, which has been decrypted using the symmetric wrapping key. The first and second partial MPC signatures are combinable to digitally sign the data value.

公开(公告)号：US11368292B2

公开(公告)日：2022-06-21

申请号：US16931210

申请日：2020-07-16

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal ,  Aaron Johnson ,  Ryan Guest

IPC: H04L9/08 ,  H04L9/06 ,  H04L9/30 ,  H04L9/32

Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A key identifier received from a security server may be stored by an application server. The key identifier may be associated with a private key that is accessible by the security server and not accessible by the application server. A request to derive a symmetric key may be transmitted from the application server to the security server, the request including a public key generated by the application server, a salt value, and the key identifier. The symmetric key may then be derived based on the transmitted public key and the private key using a key derivation function. The application server may then receive and store the symmetric key in an in-memory cache, and be used to securely encrypt data received by the application server from client devices.

公开(公告)号：US11258617B1

公开(公告)日：2022-02-22

申请号：US17111972

申请日：2020-12-04

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/30

Abstract: A client device may be provisioned with a digital certificate to support various operations. The client may transmit a certificate request to a server. The server may initiate a key agreement process using a short-lived private key generated at the server and a public key of the device to derive a symmetric key. The symmetric key may be used to encrypt a payload that includes the digital certificate and an associated private key. Further, the server initiates a key agreement process using the partial private key that was generated for the client and the short-lived public key. A partial key agreement result, and the encrypted payload may be transmitted to the client. The client may complete the key agreement process using the partial key agreement result and a respective portion of the private key. The client may derive the encryption key and decrypt the payload to access the digital certificate.

公开(公告)号：US20220021525A1

公开(公告)日：2022-01-20

申请号：US16931226

申请日：2020-07-16

Applicant: salesforce.com, inc.

Inventor： Prasad PEDDADA ,  Taher Elgamal ,  Aaron Johnson ,  Ryan Guest

IPC: H04L9/08 ,  H04L9/30

Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A key identifier received from a security server may be stored by an application server. The key identifier may be associated with a private key that is accessible by the security server and not accessible by the application server. A request to derive a symmetric key may be transmitted from the application server to the security server, the request including a public key generated by the application server, a salt value, and the key identifier. The symmetric key may then be derived based on the transmitted public key and the private key using a key derivation function. The application server may then receive and store the symmetric key in an in-memory cache, and be used to securely encrypt data received by the application server from client devices.

公开(公告)号：US11095634B2

公开(公告)日：2021-08-17

申请号：US16263871

申请日：2019-01-31

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/30

Abstract: Techniques are disclosed relating to user authentication using multi-party computation and public key cryptography. In some embodiments, a client system may receive, from a server system, an authentication challenge that includes a first partial signature value. The client system may access key-pair information that includes, for a server key-pair, a server public key and a second component of a server private key, where the server system has access to a first component of the server private key. The client system may then generate a second partial signature value using the second component of the server private key but not an entirety of the server private key, and may generate a final signature value based on the first and second partial signature values. Using the final signature value, the client system may then determine whether the authentication challenge was sent by the server system.

公开(公告)号：US10541811B2

公开(公告)日：2020-01-21

申请号：US14635265

申请日：2015-03-02

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Jeremy Horwitz ,  Taher Elgamal ,  Matthew Steele ,  Ryan Guest

IPC: H04L9/08

Abstract: Embodiments include an apparatus for securing customer data and include a processor, and one or more stored sequences of instructions which, when executed, cause the processor to store an encrypted first key fragment in a first storage area, store an encrypted second key fragment in a separate second storage area, wherein access to the first storage area and to the second storage area is mutually exclusive. The instructions further cause the processor to decrypt the encrypted first key fragment and the encrypted second key fragment using a key set and keys associated with a hardware security module based on receiving a request to derive a master key. The master key is derived using the decrypted first key fragment and the decrypted second key fragment and stored in an in-memory cache. The master key is used to encrypt or to decrypt encrypted customer data.