公开(公告)号：US11588840B2

公开(公告)日：2023-02-21

申请号：US16778325

申请日：2020-01-31

Applicant: salesforce.com, inc.

Inventor： Ramesh Ramani

IPC: G06F21/00 ,  H04L9/40

Abstract: Communication security is an ongoing problem. Over time, various protocols have been used and then replaced due to insufficient protection. For example, some client/server web communication used to rely on Secure Socket Layers (SSL) to protect communication, but was replaced with a more secure Transport Layer Security (TLS) protocol. TLS itself has undergone several revisions, and TLS 1.0 is now considered not secure. TLS and other protocols provide backwards compatibility, so while a higher security level is desired, communication may fallback to an undesirable level, e.g., TLS 1.0, if required by either communication endpoint. An intermediary to communication with an organization may capture data to facilitate analyzing it to determine what caused a fallback, and to decide if and how to remediate it. Remediation may vary depending on, for example, whether the cause was from within the organization, or external, such as from a client.

公开(公告)号：US20210243183A1

公开(公告)日：2021-08-05

申请号：US16779247

申请日：2020-01-31

Applicant: salesforce.com, inc.

Inventor： LaDean CLARK ,  Ramesh Ramani

IPC: H04L29/06 ,  H04W84/18 ,  H04L12/46 ,  H04L12/58

Abstract: Complex cloud-based system with many different entities, e.g., servers, clients, databases, firewalls, other machines, etc. often require on call engineers to be available to help with maintenance, emergencies, and other tasks. Sometimes ad hoc access is required when on call engineers are unable to resolve a particular issue. Organizations that manually manage access to on call and ad hoc engineer access, may do so relatively easily if they are a smaller organization. But, for larger or more complex environments, manual processes represent a significant burden. An alternative is automatically grant and revoke access. For example, if a vendor tracks your on call engineers, on call statuses may be identified to automatically grant access while on call. For ad hoc access, a requestor may request temporary access, and if valid, access may also be automatically granted for a desired time period. Automation frees valuable limited resources for other tasks.

公开(公告)号：US11297501B2

公开(公告)日：2022-04-05

申请号：US16779226

申请日：2020-01-31

Applicant: salesforce.com, inc.

Inventor： Ramesh Ramani ,  Anurag Bhatt

IPC: H04W12/088 ,  G06F12/0804 ,  H04W12/06 ,  H04W12/71

Abstract: Updating firewalls can be difficult if many devices need to be manually reconfigured. To assist, vendors provide management tools. If the tool requires manual adding/deleting known firewalls, this is problematic in networks with many devices. If devices are hosted within a virtual private cloud, the tool may adopt a centralized “star” configuration and maintain live contact with all firewalls. This exposes firewalls to risk if the central tool is compromised. An alternative to a central tool is to implement a tool local to an environment, secure the tool with multi-level authentication, and provide automatic active firewall discovery, e.g., automate adding/deleting firewalls in an environment defined with respect to criteria that may be used to define a collection of active firewalls. Configuration changes may be pushed to the collection. Authentication credentials to access the firewalls are ephemerally cached and flushed after use so the tool cannot be compromised.

公开(公告)号：US11233787B2

公开(公告)日：2022-01-25

申请号：US16779247

申请日：2020-01-31

Applicant: salesforce.com, inc.

Inventor： LaDean Clark ,  Ramesh Ramani

IPC: H04L29/06 ,  H04L12/58 ,  H04L12/46 ,  H04W84/18

Abstract: Complex cloud-based system with many different entities, e.g., servers, clients, databases, firewalls, other machines, etc. often require on call engineers to be available to help with maintenance, emergencies, and other tasks. Sometimes ad hoc access is required when on call engineers are unable to resolve a particular issue. Organizations that manually manage access to on call and ad hoc engineer access, may do so relatively easily if they are a smaller organization. But, for larger or more complex environments, manual processes represent a significant burden. An alternative is automatically grant and revoke access. For example, if a vendor tracks your on call engineers, on call statuses may be identified to automatically grant access while on call. For ad hoc access, a requestor may request temporary access, and if valid, access may also be automatically granted for a desired time period. Automation frees valuable limited resources for other tasks.