-
公开(公告)号:US11157630B2
公开(公告)日:2021-10-26
申请号:US15972397
申请日:2018-05-07
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada , Taher ElGamal
Abstract: Methods, systems, and devices for data migration are described. In a system, databases may utilize different database-specific encryption keys for storage security. In some cases, the system may migrate data from a source database to a target database. To securely migrate the data, the source database may generate a temporary encryption key. The source database may decrypt the data using its database-specific key and may re-encrypt the data using this temporary encryption key. Additionally, the source database may wrap the temporary key with a public key corresponding to the target database. The source database may send the re-encrypted data and the wrapped temporary key to the target database. The target database may unwrap the temporary key using a private key associated with the public key and may decrypt the data using the temporary key before re-encrypting the data with its database-specific key for data storage.
-
公开(公告)号:US10951406B2
公开(公告)日:2021-03-16
申请号:US15879265
申请日:2018-01-24
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada , Taher ElGamal
Abstract: Methods, systems, and devices for encryption key storage are described. An application server may store an encryption key in volatile memory and access the key directly from the volatile memory when performing an encryption process. In some cases, a user may supply the encryption key to the application server on demand. Accordingly, when the application server is restarted, the encryption key may be purged from the memory. In some cases, the encryption key may be wrapped in a public key, and the application server may derive a private key to decrypt the public key-encrypted information to access the encryption key and store it in the volatile memory. Additionally or alternatively, the user may supply a first fragment of the encryption key, and the application server may derive the encryption key from the first fragment and a second fragment of the encryption key retrieved from a database.
-
公开(公告)号:US10411907B2
公开(公告)日:2019-09-10
申请号:US15415451
申请日:2017-01-25
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada , Taher Elgamal
Abstract: An ID service on an app server interacts with a corresponding identity app installed on a user device such as a smart phone. At setup, the ID service receives the user's public key and only a segment of the corresponding private key. A special challenge message is created and partially decrypted using the private key segment on the server side, and then decryption is completed on the client app using the remaining segment(s) of the private key to recover the challenge. A token authenticator based on the result of the decryption is sent back to the identity service, for it to verify validity of the result and, if it is valid, enable secure login without requiring a password.
-
公开(公告)号:US09672379B2
公开(公告)日:2017-06-06
申请号:US15163338
申请日:2016-05-24
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada
IPC: G06F7/04 , G06F17/30 , H04N7/16 , G06F21/62 , G06F9/44 , H04L29/06 , G06Q30/02 , H04M3/51 , G06F19/00 , G06F21/44 , H04L29/08
CPC classification number: G06F21/6245 , G06F9/452 , G06F21/44 , G06F21/62 , G06F21/6218 , G06Q30/02 , G16H40/20 , H04L63/0876 , H04L63/102 , H04L63/105 , H04L67/22 , H04L67/42 , H04M3/51
Abstract: Techniques described herein can be implemented as one or a combination of methods, systems or processor executed code to form embodiments capable of improved protection of data or other computing resources based at least in part upon limiting access to a select number of delegates. Limited access to cloud data based on customer selected or other criterion, reducing the possibility of security exposures and/or improving privacy is provided for.
-
-
-
Search Results
74
records
(took 0.016 seconds)
