-
公开(公告)号:US10425224B1
公开(公告)日:2019-09-24
申请号:US15638853
申请日:2017-06-30
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada , Taher ElGamal
Abstract: Systems and methods for identify confirmation and transaction security are described. The system transmits to a client computing system an encrypted challenge generated using a public key of an asymmetric key pair and a first partially decrypted challenge generated by applying a first private key fragment of a private key of the asymmetric key pair to the encrypted challenge. The system receives a decrypted challenge generated by applying a second private key fragment of the private key to the encrypted challenge to generate a second partially decrypted challenge, applying a third private key fragment of the private key to the encrypted challenge to generate a third partially decrypted challenge, and combining the first partially decrypted challenge, the second partially decrypted challenge and the third partially decrypted challenge to generate the decrypted challenge. The system uses the decrypted challenge for verification.
-
Patent Agency Ranking
公开(公告)号:US20190340251A1
公开(公告)日:2019-11-07
申请号:US15972397
申请日:2018-05-07
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada , Taher ElGamal
Abstract: Methods, systems, and devices for data migration are described. In a system, databases may utilize different database-specific encryption keys for storage security. In some cases, the system may migrate data from a first (i.e., source) database to a second (i.e., target) database. To securely migrate the data, the source database may generate a temporary encryption key. The source database may decrypt the data using its database-specific key and may re-encrypt the data using this temporary encryption key. Additionally, the source database may wrap the temporary key with a public key corresponding to the target database. The source database may send the re-encrypted data and the wrapped temporary key to the target database. The target database may unwrap the temporary key using a private key associated with the public key and may decrypt the data using the temporary key before re-encrypting the data with its database-specific key for data storage.
-
公开(公告)号:US11157630B2
公开(公告)日:2021-10-26
申请号:US15972397
申请日:2018-05-07
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada , Taher ElGamal
Abstract: Methods, systems, and devices for data migration are described. In a system, databases may utilize different database-specific encryption keys for storage security. In some cases, the system may migrate data from a source database to a target database. To securely migrate the data, the source database may generate a temporary encryption key. The source database may decrypt the data using its database-specific key and may re-encrypt the data using this temporary encryption key. Additionally, the source database may wrap the temporary key with a public key corresponding to the target database. The source database may send the re-encrypted data and the wrapped temporary key to the target database. The target database may unwrap the temporary key using a private key associated with the public key and may decrypt the data using the temporary key before re-encrypting the data with its database-specific key for data storage.
-
公开(公告)号:US10951406B2
公开(公告)日:2021-03-16
申请号:US15879265
申请日:2018-01-24
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada , Taher ElGamal
Abstract: Methods, systems, and devices for encryption key storage are described. An application server may store an encryption key in volatile memory and access the key directly from the volatile memory when performing an encryption process. In some cases, a user may supply the encryption key to the application server on demand. Accordingly, when the application server is restarted, the encryption key may be purged from the memory. In some cases, the encryption key may be wrapped in a public key, and the application server may derive a private key to decrypt the public key-encrypted information to access the encryption key and store it in the volatile memory. Additionally or alternatively, the user may supply a first fragment of the encryption key, and the application server may derive the encryption key from the first fragment and a second fragment of the encryption key retrieved from a database.
-
公开(公告)号:US10374794B1
公开(公告)日:2019-08-06
申请号:US15638920
申请日:2017-06-30
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada , Taher ElGamal
Abstract: System and methods for secure transmission are described and include receiving, by a first computing system, an encrypted token generated using a public key of an asymmetric key pair; receiving, by the first computing system, a first partially decrypted token generated by applying a first private key fragment of a private key of the asymmetric key pair to the encrypted token; applying, by the first computing system, a second private key fragment of the private key to the encrypted token to generate a second partially decrypted token; applying, by the first computing system, a third private key fragment of the private key to the encrypted token to generate a third partially decrypted token; and combining the first partially decrypted token, the second partially decrypted token and the third partially decrypted token to generate a decrypted token.
-
公开(公告)号:US20190229908A1
公开(公告)日:2019-07-25
申请号:US15879265
申请日:2018-01-24
Applicant: salesforce.com, inc.
Inventor: Prasad Peddada , Taher ElGamal
Abstract: Methods, systems, and devices for encryption key storage are described. An application server may store an encryption key in volatile memory and access the key directly from the volatile memory when performing an encryption process. In some cases, a user may supply the encryption key to the application server on demand. Accordingly, when the application server is restarted, the encryption key may be purged from the memory. In some cases, the encryption key may be wrapped in a public key, and the application server may derive a private key to decrypt the public key-encrypted information to access the encryption key and store it in the volatile memory. Additionally or alternatively, the user may supply a first fragment of the encryption key, and the application server may derive the encryption key from the first fragment and a second fragment of the encryption key retrieved from a database.
-
-
-
-
-
Search Results
6
records
(took 0.013 seconds)
