公开(公告)号：US20220035821A1

公开(公告)日：2022-02-03

申请号：US16940867

申请日：2020-07-28

Applicant: salesforce.com, inc.

Inventor： Nicholas Chun Yuan Chen ,  Lovi Yu ,  Christopher Peterson ,  Christopher Alan Ebert ,  Michael Goldberg Boilen ,  Samantha Reynard

IPC: G06F16/2457 ,  G06F16/242 ,  G06F16/2455 ,  G06F16/2452 ,  G06F16/28

Abstract: A method and system for code introspection in a multi-tenant architecture. The method includes receiving a query for code introspection from an entity, retrieving context for the entity that sent the query, retrieving raw code information based on the query, filtering the raw code information based on the context, and returning the filtered code information.

公开(公告)号：US10783259B2

公开(公告)日：2020-09-22

申请号：US16051403

申请日：2018-07-31

Applicant: salesforce.com, inc.

Inventor： William C. Eidson ,  David Hacker ,  Yu Chen ,  Michael Goldberg Boilen ,  Shakti Prakash Das

IPC: G06F21/62 ,  G06F21/60 ,  H04L29/06 ,  G06F9/54 ,  H04L9/08 ,  G06F11/30 ,  G06F11/34 ,  H04L9/32 ,  H04L9/14 ,  H04L29/08

Abstract: A method and apparatus for tokenization of user-traceable data are described. User traceable data is data that is not directly personal data but can be traced back to the identity or an activity of the user. A first raw value is encrypted into a first token using a symmetric key encryption mechanism based on a combination of a second raw value including personal data of a user and a second token resulting from the tokenization of the second raw value where the first token is an anonymized representation of the first raw value.

公开(公告)号：US20200210216A1

公开(公告)日：2020-07-02

申请号：US16234842

申请日：2018-12-28

Applicant: salesforce.com, inc.

Inventor： Michael Goldberg Boilen ,  James Bock Wunderlich ,  Nathan Edward Lipke

IPC: G06F9/455

Abstract: A system may include an application server and one or more tenants served by the application server. The application server may host a virtual machine with multiple isolated sub-environments. Each tenant of the application server may request to run a program in a tenant-specific sub-environment of the virtual machine. The sub-environments may be configured so the execution of one tenant's code does not affect execution of another tenant's code or the hosting virtual machine, for example, by considering the resources used to execute the code. The application server may implement techniques to securely execute “untrusted” code, programmed using one or more different programming languages, in the sub-environments by enforcing resource restrictions and restricting the sub-environments from accessing the host's local file system. In this way, one tenant's code does not negatively impact execution of another tenant's code by using too many resources of the virtual machine.

公开(公告)号：US11263033B2

公开(公告)日：2022-03-01

申请号：US16234842

申请日：2018-12-28

Applicant: salesforce.com, inc.

Inventor： Michael Goldberg Boilen ,  James Bock Wunderlich ,  Nathan Edward Lipke

IPC: G06F9/455

Abstract: A system may include an application server and one or more tenants served by the application server. The application server may host a virtual machine with multiple isolated sub-environments. Each tenant of the application server may request to run a program in a tenant-specific sub-environment of the virtual machine. The sub-environments may be configured so the execution of one tenant's code does not affect execution of another tenant's code or the hosting virtual machine, for example, by considering the resources used to execute the code. The application server may implement techniques to securely execute “untrusted” code, programmed using one or more different programming languages, in the sub-environments by enforcing resource restrictions and restricting the sub-environments from accessing the host's local file system. In this way, one tenant's code does not negatively impact execution of another tenant's code by using too many resources of the virtual machine.

公开(公告)号：US10747889B2

公开(公告)日：2020-08-18

申请号：US16051390

申请日：2018-07-31

Applicant: salesforce.com, inc.

Inventor： William C. Eidson ,  Michael Goldberg Boilen ,  David Hacker

IPC: G06F21/00 ,  G06F21/60 ,  G06F21/62 ,  H04L29/06 ,  G06F9/54 ,  H04L9/08 ,  G06F11/30 ,  G06F11/34 ,  H04L9/32 ,  H04L9/14 ,  H04L29/08

Abstract: A first raw value of a first field from the first set of fields is encrypted to generate a first token using a symmetric key encryption mechanism based on a first cryptographic key associated with a first time window after which the first cryptographic key is no longer valid for tokenization of raw fields of raw log records. After the first time window has elapsed, a second raw value of a second field from the second set of fields is encrypted to generate a second token using the symmetric key encryption mechanism based on a second cryptographic key that is different from the first cryptographic key. The second cryptographic key is associated with a third time window that occurs after the first time window and after which the second cryptographic key is no longer valid for tokenization of raw fields of raw log records.