公开(公告)号：US20180212785A1

公开(公告)日：2018-07-26

申请号：US15415451

申请日：2017-01-25

Applicant: salesforce.com, inc.

Inventor： Prasad PEDDADA ,  Taher ELGAMAL

IPC: H04L9/32 ,  H04L29/06 ,  H04L9/08

CPC classification number: H04L9/3271 ,  G06F21/31 ,  G06F2221/2111 ,  H04L9/085 ,  H04L9/3213 ,  H04L9/3297 ,  H04L63/0442 ,  H04W12/06

Abstract: An ID service on an app server interacts with a corresponding identity app installed on a user device such as a smart phone. At setup, the ID service receives the user's public key and only a segment of the corresponding private key. A special challenge message is created and partially decrypted using the private key segment on the server side, and then decryption is completed on the client app using the remaining segment(s) of the private key to recover the challenge. A token authenticator based on the result of the decryption is sent back to the identity service, for it to verify validity of the result and, if it is valid, enable secure login without requiring a password.

公开(公告)号：US20170083718A1

公开(公告)日：2017-03-23

申请号：US14863034

申请日：2015-09-23

Applicant: salesforce.com, inc.

Inventor： Prasad PEDDADA ,  Jeremy HORWITZ

IPC: G06F21/62 ,  H04L29/06

CPC classification number: G06F21/6218 ,  G06F21/6227 ,  G06F2221/2107 ,  G06F2221/2125 ,  H04L9/085 ,  H04L63/0435 ,  H04L63/062 ,  H04L63/10 ,  H04L63/1425

Abstract: Some embodiments of the present invention include an apparatus for securing data and include a processor, and one or more stored sequences of instructions which, when executed by the processor, cause the processor to set a data download threshold, encrypt data to be downloaded by a user based on detecting size of the data violating the download threshold such that the user receives encrypted downloaded data, and manage a decryption key used to decrypt the encrypted downloaded data. The decryption key may be deconstructed into “N” key fragments and may be reconstructed using “K” key fragments where “N” is equal to “2K−1”.

公开(公告)号：US20230089865A1

公开(公告)日：2023-03-23

申请号：US17480806

申请日：2021-09-21

Applicant: salesforce.com, inc.

Inventor： Prasad PEDDADA ,  Taher Elgamal ,  Vishal Agarwal

IPC: H04L9/30 ,  H04L9/08 ,  H04L9/32

Abstract: Multiple systems, methods, and computer program product embodiments for password-less authentication using key agreement and multi-party computation (MPC). In one or more embodiments, following an authentication request received by a host computing device, the host computing device and a user computing device generate a shared key using a key agreement algorithm. Then, the host computing device generates a challenge that is encrypted using the shared key and transmitted to the user computing device. The user computing device decrypts the challenge after regenerating the shared key and sends the decrypted result to the host computing device as the challenge response. The authentication request is granted by the host computing device if the challenge and the challenge response match. New keys and a new challenge are generated for each authentication request. This process relies on public key cryptography eliminating the needs for passwords.

公开(公告)号：US20220021525A1

公开(公告)日：2022-01-20

申请号：US16931226

申请日：2020-07-16

Applicant: salesforce.com, inc.

Inventor： Prasad PEDDADA ,  Taher Elgamal ,  Aaron Johnson ,  Ryan Guest

IPC: H04L9/08 ,  H04L9/30

Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A key identifier received from a security server may be stored by an application server. The key identifier may be associated with a private key that is accessible by the security server and not accessible by the application server. A request to derive a symmetric key may be transmitted from the application server to the security server, the request including a public key generated by the application server, a salt value, and the key identifier. The symmetric key may then be derived based on the transmitted public key and the private key using a key derivation function. The application server may then receive and store the symmetric key in an in-memory cache, and be used to securely encrypt data received by the application server from client devices.

公开(公告)号：US20180212762A1

公开(公告)日：2018-07-26

申请号：US15476833

申请日：2017-03-31

Applicant: salesforce.com, inc.

Inventor： Prasad PEDDADA ,  Taher ELGAMAL

IPC: H04L9/08 ,  G06F21/34

CPC classification number: H04L9/085 ,  G06F21/34 ,  H04L9/3234 ,  H04L9/3271

Abstract: In a computing system, methods for secure OS level login authentication for internal users to access servers. Some or all servers in a group each utilize a local ID Service for generating and validating a challenge responsive to an OS login request. The challenge is processed in a centralized secure server HSM. Rather than copying individual user public keys to each host in the data center, we need only copy the public key of the HSM to each host in the group. When a user attempts OS level login to a host, it encrypts the challenge using the public key of the HSM and forwards the request for processing in the HSM. There, it decrypts the challenge using the private key in the HSM and re-encrypts the challenge with the public key of the individual user. The user's mobile device, previously registered, is required to complete the authentication process.