公开(公告)号：US20160261408A1

公开(公告)日：2016-09-08

申请号：US14635265

申请日：2015-03-02

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Jeremy Horwitz ,  Taher Elgamal ,  Matthew Steele ,  Ryan Guest

IPC: H04L9/08

Abstract: Embodiments include an apparatus for securing customer data and include a processor, and one or more stored sequences of instructions which, when executed, cause the processor to store an encrypted first key fragment in a first storage area, store an encrypted second key fragment in a separate second storage area, wherein access to the first storage area and to the second storage area is mutually exclusive. The instructions further cause the processor to decrypt the encrypted first key fragment and the encrypted second key fragment using a key set and keys associated with a hardware security module based on receiving a request to derive a master key. The master key is derived using the decrypted first key fragment and the decrypted second key fragment and stored in an in-memory cache. The master key is used to encrypt or to decrypt encrypted customer data.

Abstract translation: 实施例包括用于保护客户数据并包括处理器的装置，以及一个或多个存储的指令序列，当被执行时，使得处理器将加密的第一密钥片段存储在第一存储区域中，将加密的第二密钥片段存储在 分离的第二存储区域，其中对第一存储区域和第二存储区域的访问是互斥的。 所述指令还使所述处理器基于接收到导出主密钥的请求，使用与硬件安全模块相关联的密钥集和密钥对所述加密的第一密钥片段和加密的第二密钥片段进行解密。 使用解密的第一密钥片段和解密的第二密钥片段导出主密钥并存储在内存中的高速缓存中。 主密钥用于加密或解密加密的客户数据。

公开(公告)号：US10929555B2

公开(公告)日：2021-02-23

申请号：US16443659

申请日：2019-06-17

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Jeremy Horwitz

IPC: G06F21/62 ,  H04L29/06 ,  H04L9/08

Abstract: Some embodiments of the present invention include an apparatus for securing data and include a processor, and one or more stored sequences of instructions which, when executed by the processor, cause the processor to set a data download threshold, encrypt data to be downloaded by a user based on detecting size of the data violating the download threshold such that the user receives encrypted downloaded data, and manage a decryption key used to decrypt the encrypted downloaded data. The decryption key may be deconstructed into “N” key fragments and may be reconstructed using “K” key fragments where “N” is equal to “2K−1”.

公开(公告)号：US10325107B2

公开(公告)日：2019-06-18

申请号：US14863034

申请日：2015-09-23

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Jeremy Horwitz

IPC: G06F21/62 ,  H04L29/06 ,  H04L9/08

Abstract: Some embodiments of the present invention include an apparatus for securing data and include a processor, and one or more stored sequences of instructions which, when executed by the processor, cause the processor to set a data download threshold, encrypt data to be downloaded by a user based on detecting size of the data violating the download threshold such that the user receives encrypted downloaded data, and manage a decryption key used to decrypt the encrypted downloaded data. The decryption key may be deconstructed into “N” key fragments and may be reconstructed using “K” key fragments where “N” is equal to “2K−1”.

公开(公告)号：US11526539B2

公开(公告)日：2022-12-13

申请号：US16264367

申请日：2019-01-31

Applicant: salesforce.com, inc.

Inventor： Benjamin Busjaeger ,  Michael Sgroi ,  Jeremy Horwitz

IPC: G06F16/31 ,  G06F16/16

Abstract: Systems, methods, and computer-readable media for temporary reservation schemes, are provided. In embodiments, temporary reservations are inserted into non-relational datastore, and update records indicating changes to the non-relational datastore are streamed to processing nodes. The processing nodes store the update records in local expiration windows. The expiration windows are periodically polled for expired temporary reservations, which are then removed from the non-relational datastore. Other embodiments may be described and/or claimed.

公开(公告)号：US20210099301A1

公开(公告)日：2021-04-01

申请号：US16588550

申请日：2019-09-30

Applicant: salesforce.com, inc.

Inventor： Benjamin Busjaeger ,  Koson Thambundit ,  Jeremy Horwitz ,  Michael Sgroi ,  Jeffrey M. Bergan ,  Benjamin James Fry ,  Brian Robert McNamara

IPC: H04L9/32 ,  H04L29/06 ,  G06F16/955 ,  G06F16/9035 ,  G06F16/907

Abstract: A multi-tenant computer system implements a platform for providing data protection scopes to shared infrastructure services according to a nested tenant model that permits a hierarchy having a plurality of levels. The multi-tenant computer system provisions data protection scopes for cloud products, service products, cloud product tenants, service products operating in the context of cloud products, service products operating in the context of cloud product tenants, and combinations of the foregoing.

公开(公告)号：US11695559B2

公开(公告)日：2023-07-04

申请号：US16588550

申请日：2019-09-30

Applicant: salesforce.com, inc.

Inventor： Benjamin Busjaeger ,  Koson Thambundit ,  Jeremy Horwitz ,  Michael Sgroi ,  Jeffrey M. Bergan ,  Benjamin James Fry ,  Brian Robert McNamara

IPC: H04L9/32 ,  H04L9/40 ,  G06F16/9035 ,  G06F16/907 ,  G06F16/955 ,  G06F9/50

CPC classification number: H04L9/3213 ,  G06F16/907 ,  G06F16/9035 ,  G06F16/955 ,  H04L63/10 ,  H04L63/1408 ,  G06F9/5072

Abstract: A multi-tenant computer system implements a platform for providing data protection scopes to shared infrastructure services according to a nested tenant model that permits a hierarchy having a plurality of levels. The multi-tenant computer system provisions data protection scopes for cloud products, service products, cloud product tenants, service products operating in the context of cloud products, service products operating in the context of cloud product tenants, and combinations of the foregoing.

公开(公告)号：US20200250210A1

公开(公告)日：2020-08-06

申请号：US16264367

申请日：2019-01-31

Applicant: salesforce.com, inc.

Inventor： Benjamin BUSJAEGER ,  Michael Sgroi ,  Jeremy Horwitz

IPC: G06F16/31 ,  G06F16/16

Abstract: Systems, methods, and computer-readable media for temporary reservation schemes, are provided. In embodiments, temporary reservations are inserted into non-relational datastore, and update records indicating changes to the non-relational datastore are streamed to processing nodes. The processing nodes store the update records in local expiration windows. The expiration windows are periodically polled for expired temporary reservations, which are then removed from the non-relational datastore. Other embodiments may be described and/or claimed.

公开(公告)号：US10541811B2

公开(公告)日：2020-01-21

申请号：US14635265

申请日：2015-03-02

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Jeremy Horwitz ,  Taher Elgamal ,  Matthew Steele ,  Ryan Guest

IPC: H04L9/08

Abstract: Embodiments include an apparatus for securing customer data and include a processor, and one or more stored sequences of instructions which, when executed, cause the processor to store an encrypted first key fragment in a first storage area, store an encrypted second key fragment in a separate second storage area, wherein access to the first storage area and to the second storage area is mutually exclusive. The instructions further cause the processor to decrypt the encrypted first key fragment and the encrypted second key fragment using a key set and keys associated with a hardware security module based on receiving a request to derive a master key. The master key is derived using the decrypted first key fragment and the decrypted second key fragment and stored in an in-memory cache. The master key is used to encrypt or to decrypt encrypted customer data.