公开(公告)号：US11700112B2

公开(公告)日：2023-07-11

申请号：US16863402

申请日：2020-04-30

Applicant: salesforce.com, inc.

Inventor： Alexandre Hersans ,  John Bracken ,  Assaf Ben Gur ,  William Charles Mortimore, Jr. ,  Swaroop Shere

IPC: H04L9/08 ,  H04L9/14 ,  G06F12/123 ,  G06F12/0813

CPC classification number: H04L9/0822 ,  G06F12/0813 ,  G06F12/123 ,  H04L9/0894 ,  H04L9/14 ,  G06F2212/60 ,  G06F2212/62

Abstract: Methods, systems, and devices for distributed caching of encrypted encryption keys are described. Some multi-tenant database systems may support encryption of data records. To efficiently handle multiple encryption keys across multiple application servers, the database system may store the encryption keys in a distributed cache accessible by each of the application servers. To securely cache the encryption keys, the database system may encrypt (e.g., wrap) each data encryption key (DEK) using a second encryption key (e.g., a key encryption key (KEK)). The database system may store the DEKs and KEKs in separate caches to further protect the encryption keys. For example, while the encrypted DEKs may be stored in the distributed cache, the KEKs may be stored locally on application servers. The database system may further support “bring your own key” (BYOK) functionality, where a user may upload a tenant secret or tenant-specific encryption key to the database.

公开(公告)号：US20160102879A1

公开(公告)日：2016-04-14

申请号：US14684803

申请日：2015-04-13

Applicant: salesforce.com, inc.

Inventor： Ryan Guest ,  Swaroop Shere ,  Reid Scott Carlberg

IPC: F24F11/00 ,  G05B15/02

CPC classification number: F24F11/30 ,  F24F11/62 ,  F24F11/64 ,  F24F2110/00 ,  G05B15/02

Abstract: Examples of database systems, apparatus, methods and computer program products are disclosed for causing automated system events to be performed in response to environmental sensing. In some implementations, a database system can receive environmental data and location data from a computing device capable of reading environmental data using an environmental sensor. The sensor is situated at a geographic location identified by the location data. An occurrence of an environmental condition can be determined using the environmental data. A database record in a database can be created or updated to identify the environmental data and/or the environmental condition. A system event to perform can then be determined based on the creating or updating of the database record.

Abstract translation: 公开了数据库系统，装置，方法和计算机程序产品的示例，用于响应于环境感测而执行自动化系统事件。 在一些实现中，数据库系统可以从能够使用环境传感器读取环境数据的计算设备接收环境数据和位置数据。 传感器位于由位置数据标识的地理位置。 可以使用环境数据来确定环境条件的发生。 可以创建或更新数据库中的数据库记录，以识别环境数据和/或环境条件。 然后可以基于创建或更新数据库记录来确定要执行的系统事件。

公开(公告)号：US10942906B2

公开(公告)日：2021-03-09

申请号：US16026819

申请日：2018-07-03

Applicant: salesforce.com, inc.

Inventor： Alexandre Hersans ,  Swaroop Shere ,  Chenghung Ker ,  Parth Vijay Vaishnav ,  Assaf Ben-Gur ,  Victor Weilin Liu ,  Daniel McGarry ,  Samatha Sanikommu

IPC: G06F16/00 ,  G06F16/215 ,  G06F21/60 ,  G06Q30/00 ,  G06F16/22 ,  G06F16/23 ,  G06F16/2458

Abstract: Disclosed herein are system, method, and computer program product embodiments for detecting duplicates with exact and fuzzy matching on encrypted match indexes using an encryption key in a cloud computing platform. An embodiment operates by determining a match rule index value upon reception of a new record. The embodiment encrypts the match index rule value using the customer's encryption key and a deterministic encryption method and stores the encrypted match rule index value. Duplicate detection may be later performed by using the same deterministic encryption method to determine a cypher text for a candidate entry and comparing the ciphertext to the stored encrypted match indexes.

公开(公告)号：US11354285B2

公开(公告)日：2022-06-07

申请号：US16848878

申请日：2020-04-15

Applicant: salesforce.com, inc.

Inventor： Chenghung Ker ,  Danil Dvinov ,  Parth Vijay Vaishnav ,  Swaroop Shere ,  Alexandre Hersans

IPC: G06F16/215 ,  G06F21/60 ,  G06F16/28 ,  H04L9/06

Abstract: Provided herein are system, methods and computer program products for identifying duplicate records stored in a database system, comprising: generating a plurality of encrypted match indexes for each of a plurality of records stored in the database system, each of the plurality of encrypted match indexes encrypts a value of each encryption enabled field of a respective one of the plurality of records defined by at least one match rule, creating a cluster of records comprising at least one set containing at least two records of the plurality of records, the at least two records having respective encrypted match indexes corresponding to the at least one match rule, causing identification of duplicate records in the at least one set according to detection of records of the at least one set having respective match indexes matching the at least one match rule, and outputting an indication of the identified duplicate records.

公开(公告)号：US20190097791A1

公开(公告)日：2019-03-28

申请号：US15716677

申请日：2017-09-27

Applicant: salesforce.com, Inc.

Inventor： Alexandre Hersans ,  John Bracken ,  Assaf Ben Gur ,  Charles Mortimore ,  Swaroop Shere

IPC: H04L9/08 ,  H04L9/14 ,  G06F12/0813 ,  G06F12/123

Abstract: Methods, systems, and devices for distributed caching of encrypted encryption keys are described. Some multi-tenant database systems may support encryption of data records. To efficiently handle multiple encryption keys across multiple application servers, the database system may store the encryption keys in a distributed cache accessible by each of the application servers. To securely cache the encryption keys, the database system may encrypt (e.g., wrap) each data encryption key (DEK) using a second encryption key (e.g., a key encryption key (KEK)). The database system may store the DEKs and KEKs in separate caches to further protect the encryption keys. For example, while the encrypted DEKs may be stored in the distributed cache, the KEKs may be stored locally on application servers. The database system may further support “bring your own key” (BYOK) functionality, where a user may upload a tenant secret or tenant-specific encryption key to the database.

公开(公告)号：US11748320B2

公开(公告)日：2023-09-05

申请号：US17184697

申请日：2021-02-25

Applicant: salesforce.com, inc.

Inventor： Alexandre Hersans ,  Swaroop Shere ,  Chenghung Ker ,  Parth Vijay Vaishnav ,  Assaf Ben-Gur ,  Victor Weilin Liu ,  Daniel McGarry ,  Samatha Sanikommu

IPC: G06F16/00 ,  G06F16/215 ,  G06F21/60 ,  G06Q30/01 ,  G06F16/22 ,  G06F16/23 ,  G06F16/2458

CPC classification number: G06F16/215 ,  G06F16/2237 ,  G06F16/2365 ,  G06F16/2468 ,  G06F21/602 ,  G06Q30/01

Abstract: Disclosed herein are system, method, and computer program product embodiments for detecting duplicates with exact and fuzzy matching on encrypted match indexes using an encryption key in a cloud computing platform. An embodiment operates by determining a match rule index value upon reception of a new record. The embodiment encrypts the match index rule value using the customer's encryption key and a deterministic encryption method and stores the encrypted match rule index value. Duplicate detection may be later performed by using the same deterministic encryption method to determine a cypher text for a candidate entry and comparing the ciphertext to the stored encrypted match indexes.

公开(公告)号：US20200322139A1

公开(公告)日：2020-10-08

申请号：US16863402

申请日：2020-04-30

Applicant: salesforce.com, Inc.

Inventor： Alexandre Hersans ,  John Bracken ,  Assaf Ben Gur ,  William Charles Mortimore, JR. ,  Swaroop Shere

IPC: H04L9/08 ,  H04L9/14 ,  G06F12/123 ,  G06F12/0813

Abstract: Methods, systems, and devices for distributed caching of encrypted encryption keys are described. Some multi-tenant database systems may support encryption of data records. To efficiently handle multiple encryption keys across multiple application servers, the database system may store the encryption keys in a distributed cache accessible by each of the application servers. To securely cache the encryption keys, the database system may encrypt (e.g., wrap) each data encryption key (DEK) using a second encryption key (e.g., a key encryption key (KEK)). The database system may store the DEKs and KEKs in separate caches to further protect the encryption keys. For example, while the encrypted DEKs may be stored in the distributed cache, the KEKs may be stored locally on application servers. The database system may further support “bring your own key” (BYOK) functionality, where a user may upload a tenant secret or tenant-specific encryption key to the database.

公开(公告)号：US10680804B2

公开(公告)日：2020-06-09

申请号：US15716677

申请日：2017-09-27

Applicant: salesforce.com, inc.

Inventor： Alexandre Hersans ,  John Bracken ,  Assaf Ben Gur ,  William Charles Mortimore, Jr. ,  Swaroop Shere

IPC: H04L9/08 ,  H04L9/14 ,  G06F12/123 ,  G06F12/0813

Abstract: Methods, systems, and devices for distributed caching of encrypted encryption keys are described. Some multi-tenant database systems may support encryption of data records. To efficiently handle multiple encryption keys across multiple application servers, the database system may store the encryption keys in a distributed cache accessible by each of the application servers. To securely cache the encryption keys, the database system may encrypt (e.g., wrap) each data encryption key (DEK) using a second encryption key (e.g., a key encryption key (KEK)). The database system may store the DEKs and KEKs in separate caches to further protect the encryption keys. For example, while the encrypted DEKs may be stored in the distributed cache, the KEKs may be stored locally on application servers. The database system may further support “bring your own key” (BYOK) functionality, where a user may upload a tenant secret or tenant-specific encryption key to the database.