-
公开(公告)号:US11057359B2
公开(公告)日:2021-07-06
申请号:US16102191
申请日:2018-08-13
Applicant: salesforce.com, inc.
Inventor: Scott Wisniewski , David Murray , Xiongjian Fu , Harish Krishnamurthy
Abstract: A set of hardware security modules (HSMs) in a database system may implement a key management system with a database storing encryption keys or other secrets. The set of HSMs may identify a first key encryption key (KEK) and a second KEK stored in the set of HSMs. The set of HSMs may retrieve, from the database, a set of encryption keys encrypted by the first KEK and decrypt each encryption key of the set of encryption keys using the first KEK. The set of HSMs may re-encrypt each encryption key of the set of encryption keys with the second KEK and transmit, to the database, the set of encrypted encryption keys encrypted by the second KEK for storage. Then, the set of HSMs may delete the first KEK from the set of HSMs.
-
公开(公告)号:US20200045080A1
公开(公告)日:2020-02-06
申请号:US16051147
申请日:2018-07-31
Applicant: salesforce.com, inc.
Inventor: Scott Wisniewski , David Lucey , David Murray , Xiongjian Fu
Abstract: Methods, systems, and devices for transparent data encryption are described. A transparent proxy may enforce a specific encryption policy for a data transmission from a source host to a target host, where the transparent proxy determines if the data transmission is encrypted according to a specific encryption policy prior to forwarding the data transmission to the target host. As such, if the data transmission is not encrypted according to the specific encryption policy, the transparent proxy may encrypt the data transmission and then forward it to the target host. Alternatively, if the transparent proxy determines that the data transmission is encrypted according to the specific encryption policy, then the transparent proxy may refrain from further encrypting the data transmission and forward the data transmission to the target host without the additional encryption.
-
公开(公告)号:US11228615B2
公开(公告)日:2022-01-18
申请号:US16051147
申请日:2018-07-31
Applicant: salesforce.com, inc.
Inventor: Scott Wisniewski , David Lucey , David Murray , Xiongjian Fu
Abstract: Methods, systems, and devices for transparent data encryption are described. A transparent proxy may enforce a specific encryption policy for a data transmission from a source host to a target host, where the transparent proxy determines if the data transmission is encrypted according to a specific encryption policy prior to forwarding the data transmission to the target host. As such, if the data transmission is not encrypted according to the specific encryption policy, the transparent proxy may encrypt the data transmission and then forward it to the target host. Alternatively, if the transparent proxy determines that the data transmission is encrypted according to the specific encryption policy, then the transparent proxy may refrain from further encrypting the data transmission and forward the data transmission to the target host without the additional encryption.
-
公开(公告)号:US20200053065A1
公开(公告)日:2020-02-13
申请号:US16102191
申请日:2018-08-13
Applicant: salesforce.com, inc.
Inventor: Scott Wisniewski , David Murray , Xiongjian Fu , Harish Krishnamurthy
Abstract: A set of hardware security modules (HSMs) in a database system may implement a key management system with a database storing encryption keys or other secrets. The set of HSMs may identify a first key encryption key (KEK) and a second KEK stored in the set of HSMs. The set of HSMs may retrieve, from the database, a set of encryption keys encrypted by the first KEK and decrypt each encryption key of the set of encryption keys using the first KEK. The set of HSMs may re-encrypt each encryption key of the set of encryption keys with the second KEK and transmit, to the database, the set of encrypted encryption keys encrypted by the second KEK for storage. Then, the set of HSMs may delete the first KEK from the set of HSMs.
-
-
-
Search Results
4
records
(took 0.012 seconds)
