公开(公告)号：US11017368B2

公开(公告)日：2021-05-25

申请号：US16449112

申请日：2019-06-21

Applicant: salesforce.com, inc.

Inventor： Irandi U. Bulumulla ,  Ryan Guest

IPC: G06Q20/14 ,  G06F11/34 ,  G06Q30/04 ,  G06Q30/06 ,  H04L12/911 ,  H04L29/08 ,  G06Q20/10 ,  G06Q40/00 ,  G06Q40/02 ,  G06Q50/18 ,  G06Q40/04 ,  G06Q10/10 ,  H04L12/24

Abstract: A method of collecting data from multiple sources in a multi-tenant system is provided. The method includes obtaining data corresponding to a first tenant in the multi-tenant system and a second tenant in the multi-tenant system from a first source, obtaining data corresponding to the first tenant in the multi-tenant system and the second tenant in the multi-tenant system from a second source, and aggregating the data obtained from the first and second sources into a single database and associating each entry of the obtained data with at least one of the tenants of the multi-tenant system.

公开(公告)号：US10749689B1

公开(公告)日：2020-08-18

申请号：US15638249

申请日：2017-06-29

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Ryan Guest ,  Jonathan Brossard ,  Travis Emmert

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08 ,  H04W12/04 ,  H04W12/08 ,  H04W12/06

Abstract: The disclosed technology for a hardware system to access a secure backend system uses non-volatile memory to hold encrypted secrets, volatile memory to hold decrypted secrets ready for use, a keys-for-all (K4A) server, and app servers running K4A clients. To access the backend system in production, each app server uses a decrypted secret and a certificate that identifies the app server and certifies its role and physical and logical location. At initialization of the app server, a K4A client is instantiated that launches and tracks processes, running on the app server, that are authorized to request decryption services. The K4A client responds to a decryption request from an authorized process, determined based on tracking of processes launched, by requesting decryption by a K4A server, using the certificate, and returns to the process, in volatile memory, a decrypted secret or a reference to the decrypted secret, decrypted by the K4A server.

公开(公告)号：US10332084B2

公开(公告)日：2019-06-25

申请号：US15059792

申请日：2016-03-03

Applicant: salesforce.com, inc.

Inventor： Irandi U. Bulumulla ,  Ryan Guest

IPC: G06Q20/14 ,  G06F11/34 ,  G06Q30/04 ,  G06Q30/06 ,  H04L12/911 ,  H04L29/08 ,  G06Q20/10 ,  G06Q40/00 ,  G06Q40/02 ,  G06Q50/18 ,  G06Q40/04 ,  G06Q10/10 ,  H04L12/24

Abstract: A method of collecting data from multiple sources in a multi-tenant system is provided. The method includes obtaining data corresponding to a first tenant in the multi-tenant system and a second tenant in the multi-tenant system from a first source, obtaining data corresponding to the first tenant in the multi-tenant system and the second tenant in the multi-tenant system from a second source, and aggregating the data obtained from the first and second sources into a single database and associating each entry of the obtained data with at least one of the tenants of the multi-tenant system.

公开(公告)号：US10122592B2

公开(公告)日：2018-11-06

申请号：US15691269

申请日：2017-08-30

Applicant: salesforce.com, inc.

Inventor： Jayesh Sureshchandra ,  Peter Dapkus ,  Aaron Fiske ,  Nikita Prokopev ,  Ryan Guest ,  Addison Luh

IPC: G06F15/16 ,  H04L12/24 ,  H04L29/12 ,  H04L29/08

Abstract: In accordance with embodiments, there are provided mechanisms and methods for serving an application from a custom subdomain. These mechanisms and methods for serving an application from a custom subdomain can enable improved data security, enhanced system performance, optimized resource utilization, etc.

公开(公告)号：US09137172B2

公开(公告)日：2015-09-15

申请号：US13854492

申请日：2013-04-01

Applicant: salesforce.com, inc.

Inventor： Ryan Guest ,  Steven Lawrance

IPC: G06F15/173 ,  H04L12/911 ,  G06F17/30

CPC classification number: H04L47/827 ,  G06F17/3089

Abstract: A system and method for managing a plurality of proxy servers in a multi-tenant database system is provided. The method, for example, may include, but is not limited to, receiving, by a processor, a first command, generating, by the processor, a second command for each of the plurality of proxy servers based upon the first command, and transmitting each of the generated second commands to the respective proxy server.

Abstract translation: 提供了一种用于在多租户数据库系统中管理多个代理服务器的系统和方法。 该方法例如可以包括但不限于由处理器接收第一命令，由处理器根据第一命令为每个代理服务器生成第二命令，并且发送 每个生成的第二命令到相应的代理服务器。

公开(公告)号：US20140156794A1

公开(公告)日：2014-06-05

申请号：US14173754

申请日：2014-02-05

Applicant: salesforce.com, inc.

Inventor： Jayesh Sureshchandra ,  Peter Dapkus ,  Aaron Fiske ,  Nikita Prokopev ,  Ryan Guest ,  Addison Luh

IPC: H04L12/24

CPC classification number: H04L41/50 ,  H04L61/1511 ,  H04L61/305 ,  H04L67/02 ,  H04L67/16

Abstract: In accordance with embodiments, there are provided mechanisms and methods for serving an application from a custom subdomain. These mechanisms and methods for serving an application from a custom subdomain can enable improved data security, enhanced system performance, optimized resource utilization, etc.

Abstract translation: 根据实施例，提供了用于从定制子域服务应用程序的机制和方法。 用于从自定义子域服务应用程序的这些机制和方法可以实现改进的数据安全性，增强的系统性能，优化的资源利用率等。

公开(公告)号：US11368292B2

公开(公告)日：2022-06-21

申请号：US16931210

申请日：2020-07-16

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Taher Elgamal ,  Aaron Johnson ,  Ryan Guest

IPC: H04L9/08 ,  H04L9/06 ,  H04L9/30 ,  H04L9/32

Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A key identifier received from a security server may be stored by an application server. The key identifier may be associated with a private key that is accessible by the security server and not accessible by the application server. A request to derive a symmetric key may be transmitted from the application server to the security server, the request including a public key generated by the application server, a salt value, and the key identifier. The symmetric key may then be derived based on the transmitted public key and the private key using a key derivation function. The application server may then receive and store the symmetric key in an in-memory cache, and be used to securely encrypt data received by the application server from client devices.

公开(公告)号：US20220021525A1

公开(公告)日：2022-01-20

申请号：US16931226

申请日：2020-07-16

Applicant: salesforce.com, inc.

Inventor： Prasad PEDDADA ,  Taher Elgamal ,  Aaron Johnson ,  Ryan Guest

IPC: H04L9/08 ,  H04L9/30

Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A key identifier received from a security server may be stored by an application server. The key identifier may be associated with a private key that is accessible by the security server and not accessible by the application server. A request to derive a symmetric key may be transmitted from the application server to the security server, the request including a public key generated by the application server, a salt value, and the key identifier. The symmetric key may then be derived based on the transmitted public key and the private key using a key derivation function. The application server may then receive and store the symmetric key in an in-memory cache, and be used to securely encrypt data received by the application server from client devices.

公开(公告)号：US10541811B2

公开(公告)日：2020-01-21

申请号：US14635265

申请日：2015-03-02

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Jeremy Horwitz ,  Taher Elgamal ,  Matthew Steele ,  Ryan Guest

IPC: H04L9/08

Abstract: Embodiments include an apparatus for securing customer data and include a processor, and one or more stored sequences of instructions which, when executed, cause the processor to store an encrypted first key fragment in a first storage area, store an encrypted second key fragment in a separate second storage area, wherein access to the first storage area and to the second storage area is mutually exclusive. The instructions further cause the processor to decrypt the encrypted first key fragment and the encrypted second key fragment using a key set and keys associated with a hardware security module based on receiving a request to derive a master key. The master key is derived using the decrypted first key fragment and the decrypted second key fragment and stored in an in-memory cache. The master key is used to encrypt or to decrypt encrypted customer data.

公开(公告)号：US09755916B2

公开(公告)日：2017-09-05

申请号：US14818220

申请日：2015-08-04

Applicant: salesforce.com, inc.

Inventor： Jayesh Sureshchandra ,  Peter Dapkus ,  Aaron Fiske ,  Nikita Prokopev ,  Ryan Guest ,  Addison Luh

IPC: G06F15/173 ,  H04L12/24 ,  H04L29/08 ,  H04L29/12

CPC classification number: H04L41/50 ,  H04L61/1511 ,  H04L61/305 ,  H04L67/02 ,  H04L67/16

Abstract: In accordance with embodiments, there are provided mechanisms and methods for serving an application from a custom subdomain. These mechanisms and methods for serving an application from a custom subdomain can enable improved data security, enhanced system performance, optimized resource utilization, etc.