公开(公告)号：US20130276142A1

公开(公告)日：2013-10-17

申请号：US13781139

申请日：2013-02-28

Applicant: SALESFORCE.COM, INC.

Inventor： Prasad Peddada

IPC: G06F21/62

CPC classification number: G06F21/6245 ,  G06F9/452 ,  G06F21/44 ,  G06F21/62 ,  G06F21/6218 ,  G06Q30/02 ,  G16H40/20 ,  H04L63/0876 ,  H04L63/102 ,  H04L63/105 ,  H04L67/22 ,  H04L67/42 ,  H04M3/51

Abstract: Techniques described herein can be implemented as one or a combination of methods, systems or processor executed code to form embodiments capable of improved protection of data or other computing resources based at least in part upon limiting access to a select number of delegates. Limited access to cloud data based on customer selected or other criterion, reducing the possibility of security exposures and/or improving privacy is provided for.

Abstract translation: 本文描述的技术可以实现为方法，系统或处理器执行代码的一个或组合，以形成能够至少部分地基于限制对选定数量的代表的访问而能够改进对数据或其他计算资源的保护的实施例。 根据客户选择或其他标准有限的访问云数据，降低安全风险和/或改善隐私的可能性。

公开(公告)号：US11968203B2

公开(公告)日：2024-04-23

申请号：US17537234

申请日：2021-11-29

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Sriram Shankarlal

IPC: H04L9/40 ,  G06F16/22 ,  H04L9/32 ,  H04L67/133

CPC classification number: H04L63/083 ,  G06F16/2272 ,  H04L9/3247 ,  H04L67/133

Abstract: A cloud infrastructure is configured and deployed for managing services executed on a cloud platform. The cloud infrastructure includes a control datacenter configured to communicate with one or more service datacenters. The service datacenter deploys one or more application programming interfaces (API's) associated with a service. The service datacenter also deploys an administration agent. The control datacenter hosts an engine that receives requests from users to perform administration operations by invoking the administration API's. In this manner, the control datacenter functions as a centralized control mechanism that effectively distributes administration operation requests as they are received from users to service datacenters that can service the requests. The cloud infrastructure provides an auditable, compliant and secure management system for administering services for distributed systems running in the cloud.

公开(公告)号：US11743044B2

公开(公告)日：2023-08-29

申请号：US17480806

申请日：2021-09-21

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal ,  Vishal Agarwal

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/32

CPC classification number: H04L9/3073 ,  H04L9/0841 ,  H04L9/0877 ,  H04L9/3271

Abstract: Multiple systems, methods, and computer program product embodiments for password-less authentication using key agreement and multi-party computation (MPC). In one or more embodiments, following an authentication request received by a host computing device, the host computing device and a user computing device generate a shared key using a key agreement algorithm. Then, the host computing device generates a challenge that is encrypted using the shared key and transmitted to the user computing device. The user computing device decrypts the challenge after regenerating the shared key and sends the decrypted result to the host computing device as the challenge response. The authentication request is granted by the host computing device if the challenge and the challenge response match. New keys and a new challenge are generated for each authentication request. This process relies on public key cryptography eliminating the needs for passwords.

公开(公告)号：US20230171244A1

公开(公告)日：2023-06-01

申请号：US17537234

申请日：2021-11-29

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Sriram Shankarlal

IPC: H04L9/32 ,  H04L67/133 ,  G06F16/22

CPC classification number: H04L63/083 ,  H04L9/3247 ,  H04L67/40 ,  G06F16/2272

Abstract: A cloud infrastructure is configured and deployed for managing services executed on a cloud platform. The cloud infrastructure includes a control datacenter configured to communicate with one or more service datacenters. The service datacenter deploys one or more application programming interfaces (API's) associated with a service. The service datacenter also deploys an administration agent. The control datacenter hosts an engine that receives requests from users to perform administration operations by invoking the administration API's. In this manner, the control datacenter functions as a centralized control mechanism that effectively distributes administration operation requests as they are received from users to service datacenters that can service the requests. The cloud infrastructure provides an auditable, compliant and secure management system for administering services for distributed systems running in the cloud.

公开(公告)号：US20230171243A1

公开(公告)日：2023-06-01

申请号：US17537226

申请日：2021-11-29

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Sriram Shankarlal ,  Giridharan Sridharan

IPC: H04L67/133 ,  H04L61/4505

CPC classification number: H04L63/083 ,  H04L67/40 ,  H04L61/1505

Abstract: A cloud infrastructure is configured and deployed for managing services executed on a cloud platform. The cloud infrastructure includes a control datacenter configured to communicate with one or more service datacenters. The service datacenter deploys one or more application programming interfaces (API's) associated with a service. The service datacenter also deploys an administration agent. The control datacenter hosts an engine that receives requests from users to perform administration operations by invoking the administration API's. In this manner, the control datacenter functions as a centralized control mechanism that effectively distributes administration operation requests as they are received from users to service datacenters that can service the requests. The cloud infrastructure provides an auditable, compliant and secure management system for administering services for distributed systems running in the cloud.

公开(公告)号：US11606348B2

公开(公告)日：2023-03-14

申请号：US17221340

申请日：2021-04-02

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal

IPC: H04L9/40 ,  H04L9/32 ,  H04L9/30

Abstract: Techniques are disclosed relating to user authentication using multi-party computation and public key cryptography. In some embodiments, a server may receive, from a client, a request to authenticate a user to a service. The server may access key-pair information that includes, for a server key-pair, a first component of a server private key and, for a client key-pair, a client public key and a first component of a client private key. The server may generate a partial signature value that is based on the first component, but not the entirety, of the server private key. The server may send, to the client, an authentication challenge that includes challenge information and the partial signature value. The server may then determine whether to authenticate the user based on an authentication response from the client.

公开(公告)号：US11522686B2

公开(公告)日：2022-12-06

申请号：US16931226

申请日：2020-07-16

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal ,  Aaron Johnson ,  Ryan Guest

IPC: H04L9/08 ,  H04L9/30

Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A key identifier received from a security server may be stored by an application server. The key identifier may be associated with a private key that is accessible by the security server and not accessible by the application server. A request to derive a symmetric key may be transmitted from the application server to the security server, the request including a public key generated by the application server, a salt value, and the key identifier. The symmetric key may then be derived based on the transmitted public key and the private key using a key derivation function. The application server may then receive and store the symmetric key in an in-memory cache, and be used to securely encrypt data received by the application server from client devices.

公开(公告)号：US11431481B2

公开(公告)日：2022-08-30

申请号：US16677572

申请日：2019-11-07

Applicant: salesforce.com, inc.

Inventor： Brian Toal ,  Prasad Peddada

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/40 ,  H04L9/30

Abstract: Disclosed are some implementations of systems, apparatus, methods and computer program products for securing memory dumps. In response to a trigger condition, a server generates a symmetric key corresponding to an instance of a memory dump. The server encrypts memory contents of the server using the symmetric key. In addition, the server encrypts the symmetric key using a key-encrypting key (kek), which can include a public key Both the encrypted memory contents and the encrypted symmetric key are stored for the instance of the memory dump. Responsive to a request for information pertaining to the instance of the memory dump, the encrypted memory contents and the encrypted symmetric key are retrieved from storage, the encrypted symmetric key is decrypted using a private key, and the symmetric key is used to decrypt the encrypted memory contents.

公开(公告)号：US11233636B1

公开(公告)日：2022-01-25

申请号：US16938632

申请日：2020-07-24

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  G06F21/31 ,  H04L9/30 ,  G06K19/06 ,  G06F16/182

Abstract: A client may transmit an authentication request to a server. the server may initiate a key agreement process using a short-lived private key generated at the server and a public key of the device, generate a shared secret, and derive a symmetric key. The symmetric key may be used to encrypt a random challenge. Further, the server initiates a key agreement process for the client using the partial private key that was generated for the client and the short-lived public key generated at the server. A partial key agreement result and the encrypted random challenge may be transmitted to the client. The client may complete the key agreement process using the partial key agreement result and a respective portion of the private key. The client may derive the encryption key and decrypt the random challenge. An indication of the random challenge may be transmitted to the server, which authenticates the client.

公开(公告)号：US11163910B2

公开(公告)日：2021-11-02

申请号：US16371428

申请日：2019-04-01

Applicant: salesforce.com, inc.

Inventor： Yujia Hu ,  Prasad Peddada ,  Ryan Guest

IPC: G06F21/64 ,  G06F21/60 ,  G06F16/23 ,  H04L9/08 ,  H04L9/32

Abstract: Systems and methods for performing migration may include receiving, by a server computing system, a request to access a data element from a second data store, the data element having been migrated to the second data store from a first data store; accessing, by the server computing system, the data element from the second data store and its counterpart data element from the first data store; and based on the data element from the second data store being different from the counterpart data element from the first data store, responding, by the server computing system, to the request by providing the counterpart data element from the first data store instead of the data element from the second data store.