公开(公告)号：US10929555B2

公开(公告)日：2021-02-23

申请号：US16443659

申请日：2019-06-17

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Jeremy Horwitz

IPC: G06F21/62 ,  H04L29/06 ,  H04L9/08

Abstract: Some embodiments of the present invention include an apparatus for securing data and include a processor, and one or more stored sequences of instructions which, when executed by the processor, cause the processor to set a data download threshold, encrypt data to be downloaded by a user based on detecting size of the data violating the download threshold such that the user receives encrypted downloaded data, and manage a decryption key used to decrypt the encrypted downloaded data. The decryption key may be deconstructed into “N” key fragments and may be reconstructed using “K” key fragments where “N” is equal to “2K−1”.

公开(公告)号：US20190394042A1

公开(公告)日：2019-12-26

申请号：US16015768

申请日：2018-06-22

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada

IPC: H04L9/32 ,  H04L29/08 ,  H04L29/06 ,  H04L9/08 ,  G06F17/30

Abstract: Methods, systems, and devices for validation at an application server are described. The application server may validate a user device utilizing a public-private key pair, and may refrain from establishing a database connection until the user device is validated. For example, the application server may transmit a private key and a public key identifier to the user device. When the application server receives a session establishment message that is based on a private key and that contains the public key identifier, the application server may determine the public key of the public-private key pair based on the identifier. The application server may validate that the session establishment message is received from the user device based on the private key and the determined public key. Based on this validation procedure, the application server may establish a database connection with a database, granting the validated user device access to requested data.

公开(公告)号：US20190354719A1

公开(公告)日：2019-11-21

申请号：US16530937

申请日：2019-08-02

Applicant: salesforce.com, inc.

Inventor： Olumayokun Obembe ,  Gregory Lapouchnian ,  Vijayanth Devadhar ,  Jason Woods ,  Karthikeyan Govindarajan ,  Ashwini Bijwe ,  Prasad Peddada

IPC: G06F21/62 ,  G06F16/31 ,  H04L9/32 ,  G06F9/46

Abstract: Within one or more instances of a computing environment where an instance is a self-contained architecture to provide at least one database with corresponding search and file system. User information from the one or more instances of the computing environment is organized as zones. A zone is based on one or more characteristics of corresponding user information that are different than the instance to which the user information belongs. User information is selectively obfuscated prior to transmitting blocks of data including the obfuscated user information. The selective obfuscation is based on zone information for one or more zones to which the user information belongs.

公开(公告)号：US10476855B1

公开(公告)日：2019-11-12

申请号：US15689098

申请日：2017-08-29

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  G06F21/33

Abstract: Systems and methods for identify confirmation and transaction security are described. The system generates a challenge. The system transmits to a client computing system an encrypted challenge generated using the challenge and a public key of an asymmetric key pair to a client computing system. The system fragments a private key of the asymmetric key pair into a first, second and third private key fragments. The system generates a first partially decrypted challenge using the first private key fragment and the encrypted challenge. The system receives a second and a third partially decrypted challenges from the client computing system. The system generates a decrypted challenge using the first, second and third partially decrypted challenges. The system compares the decrypted challenge and the challenge for identity verification.

公开(公告)号：US10425224B1

公开(公告)日：2019-09-24

申请号：US15638853

申请日：2017-06-30

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher ElGamal

IPC: H04L9/30 ,  H04L9/08 ,  H04L29/06

Abstract: Systems and methods for identify confirmation and transaction security are described. The system transmits to a client computing system an encrypted challenge generated using a public key of an asymmetric key pair and a first partially decrypted challenge generated by applying a first private key fragment of a private key of the asymmetric key pair to the encrypted challenge. The system receives a decrypted challenge generated by applying a second private key fragment of the private key to the encrypted challenge to generate a second partially decrypted challenge, applying a third private key fragment of the private key to the encrypted challenge to generate a third partially decrypted challenge, and combining the first partially decrypted challenge, the second partially decrypted challenge and the third partially decrypted challenge to generate the decrypted challenge. The system uses the decrypted challenge for verification.

公开(公告)号：US10325107B2

公开(公告)日：2019-06-18

申请号：US14863034

申请日：2015-09-23

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Jeremy Horwitz

IPC: G06F21/62 ,  H04L29/06 ,  H04L9/08

Abstract: Some embodiments of the present invention include an apparatus for securing data and include a processor, and one or more stored sequences of instructions which, when executed by the processor, cause the processor to set a data download threshold, encrypt data to be downloaded by a user based on detecting size of the data violating the download threshold such that the user receives encrypted downloaded data, and manage a decryption key used to decrypt the encrypted downloaded data. The decryption key may be deconstructed into “N” key fragments and may be reconstructed using “K” key fragments where “N” is equal to “2K−1”.

公开(公告)号：US10025951B2

公开(公告)日：2018-07-17

申请号：US15344353

申请日：2016-11-04

Applicant: salesforce.com, inc.

Inventor： Mukul Raj Kumar ,  Prasad Peddada

IPC: H04L29/06 ,  G06F17/30 ,  G06F17/00 ,  G06F7/00 ,  G06F21/62

Abstract: An encrypted search index is disclosed. For instance, an exemplary system may include a search index stored on disk with customer information stored therein, the search index files having a term dictionary or a term index type file having internal structure which allows a portion of the individual search index file to be updated, encrypted, and/or decrypted without affecting the internal structure of the individual search index file; a file input/output (IO) layer to encrypt the customer information being written into the individual search index file and to decrypt the customer information being read from the individual search index file; and a query interface to execute the operation against the customer information stored in the memory in its decrypted form.

公开(公告)号：US09596246B2

公开(公告)日：2017-03-14

申请号：US14600525

申请日：2015-01-20

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada

IPC: G06F17/00 ,  H04L29/06 ,  G06F21/62 ,  H04L12/24

CPC classification number: H04L63/105 ,  G06F21/629 ,  H04L41/28

Abstract: Methods and systems are described for providing support representative access to applications deployed in an enterprise network environment. An access provisioning system defines a support user class in a user profile database for an application executed on an organization partition within the network. The support user is granted read only privileges to metadata of the application. An organization administrator can grant support personnel access to the application as a support user, thus the ability to view, analyze, and possibly modify the metadata. The access provisioning system generates a Security Assertion Markup Language (SAML) assertion upon request by the support personnel to enable access to the data to the extent of the granted privileges. The SAML protocol includes authentication of the support representative as an authorized support user within the system.

Abstract translation: 描述了用于为部署在企业网络环境中的应用提供支持代表性访问的方法和系统。 访问配置系统在用户简档数据库中为在网络内的组织分区上执行的应用定义支持用户类。 支持用户被授予对应用程序的元数据的只读权限。 组织管理员可以支持人员作为支持用户访问应用程序，从而能够查看，分析和可能修改元数据。 访问配置系统根据支持人员的请求生成安全断言标记语言（Security Assertion Markup Language，SAML）断言，以便在授予的权限的范围内访问数据。 SAML协议包括作为系统内的授权支持用户的支持代表的认证。

公开(公告)号：US09501661B2

公开(公告)日：2016-11-22

申请号：US14320135

申请日：2014-06-30

Applicant: salesforce.com, inc.

Inventor： Mukul Raj Kumar ,  Prasad Peddada

IPC: H04L29/06 ,  G06F17/30 ,  G06F17/00 ,  G06F7/00 ,  G06F21/62

CPC classification number: G06F21/6227 ,  G06F17/30011 ,  G06F17/30321 ,  G06F17/30336 ,  G06F17/30477 ,  G06F17/3071 ,  G06F17/30864 ,  G06F21/6209 ,  G06F21/6218 ,  G06F21/6245 ,  G06F21/6254 ,  G06F2221/2107 ,  H04L63/08

Abstract: A search index stored within the system having a plurality of individual search index files having information stored therein. At least one of the individual search index files constitutes a term dictionary or a term index type file having internal structure that allows a portion of the individual search index file to be updated, encrypted, and/or decrypted without affecting the internal structure of the individual search index file. A file input/output (IO) layer encrypts the information being written into the individual search index file and to decrypt the information being read from the individual search index file. The file TO layer encrypts and decrypts only a portion of the individual search index file in reply to an operation without requiring decryption or encryption of the individual search index file in its entirety. A query interface executes the operation against the information stored in the memory in its decrypted form.

Abstract translation: 存储在系统内的搜索索引具有存储有信息的多个单独搜索索引文件。 各个搜索索引文件中的至少一个构成术语词典或具有内部结构的术语索引类型文件，该文件允许单个搜索索引文件的一部分被更新，加密和/或解密而不影响个体的内部结构 搜索索引文件。 文件输入/输出（IO）层将被写入各个搜索索引文件的信息加密，并解密从各个搜索索引文件读取的信息。 文件TO层仅对单个搜索索引文件的一部分进行加密和解密，以回复操作，而不需要对整个搜索索引文件进行解密或加密。 查询接口以解密形式对存储在存储器中的信息进行操作。

公开(公告)号：US09361468B2

公开(公告)日：2016-06-07

申请号：US13781139

申请日：2013-02-28

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada

IPC: G06F7/04 ,  G06F17/30 ,  H04N7/16 ,  G06F21/62 ,  G06F9/44 ,  H04L29/06 ,  G06Q30/02 ,  H04M3/51 ,  G06F19/00 ,  G06F21/44

CPC classification number: G06F21/6245 ,  G06F9/452 ,  G06F21/44 ,  G06F21/62 ,  G06F21/6218 ,  G06Q30/02 ,  G16H40/20 ,  H04L63/0876 ,  H04L63/102 ,  H04L63/105 ,  H04L67/22 ,  H04L67/42 ,  H04M3/51

Abstract: Techniques described herein can be implemented as one or a combination of methods, systems or processor executed code to form embodiments capable of improved protection of data or other computing resources based at least in part upon limiting access to a select number of delegates. Limited access to cloud data based on customer selected or other criterion, reducing the possibility of security exposures and/or improving privacy is provided for.

Abstract translation: 本文描述的技术可以实现为方法，系统或处理器执行代码的一个或组合，以形成能够至少部分地基于限制对选定数量的代表的访问而能够改进对数据或其他计算资源的保护的实施例。 根据客户选择或其他标准有限的访问云数据，降低安全风险和/或改善隐私的可能性。