公开(公告)号：US20220121766A1

公开(公告)日：2022-04-21

申请号：US17562387

申请日：2021-12-27

Applicant: salesforce.com, inc.

Inventor： Terry Chong ,  Jameison Bear Martin ,  Thomas Fanghaenel ,  Andrew Tucker ,  Nathaniel Wyatt ,  Raghavendran Hanumantharau ,  Assaf Ben Gur ,  William Charles Mortimore, JR.

IPC: G06F21/62 ,  G06F16/2455 ,  G06F21/60 ,  H04L9/08

Abstract: System and methods of the disclosed subject matter provide segregating, at a memory storage coupled to a multitenant database system, first tenant data of a first tenant from at least second tenant data of a second tenant, based on a first tenant identifier. A first encryption key associated with the first tenant may be retrieved from a key cache memory based on the first tenant identifier, to encrypt one or more fragments of the first tenant data. The fragments of the first tenant data may be encrypted based on the retrieved encryption key. Non-encrypted header information may be generated for each of the encrypted fragments of the first tenant data, where the header information may have metadata including the first tenant identifier. The encrypted fragments of the first tenant data and the corresponding non-encrypted header information may be stored in the immutable storage.

公开(公告)号：US20180359233A1

公开(公告)日：2018-12-13

申请号：US15621628

申请日：2017-06-13

Applicant: salesforce.com, inc.

Inventor： Josh Alexander ,  Seth Holloway ,  Evan Tyler Grim ,  Ian Glazer ,  William Charles Mortimore, JR.

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/0861 ,  H04L63/105 ,  H04L2463/082

Abstract: Techniques are disclosed relating to contextual authentication across different applications based on user communications. In some embodiments, a user is preauthenticated to certain actions on a second application based on the user's communication via a first application. The user's communication via a first application provides contextual information that may be used to preauthenticate a request to perform an action on the second application. Contextual information may include the user's communication itself and/or communications characteristics that are determined from the user's communications. In some embodiments, the degree of preauthentication progressively increases or decreases with the degree of use on the first application; that is, the user is preauthenticated to greater or fewer portions of an authentication procedure, to perform greater or fewer actions, or to perform actions more or less critical to security, as additional information regarding the user's communication on the first application becomes available. In some embodiments, preauthentication may be revoked as additional contextual information becomes available on the first application.

公开(公告)号：US20200322139A1

公开(公告)日：2020-10-08

申请号：US16863402

申请日：2020-04-30

Applicant: salesforce.com, Inc.

Inventor： Alexandre Hersans ,  John Bracken ,  Assaf Ben Gur ,  William Charles Mortimore, JR. ,  Swaroop Shere

IPC: H04L9/08 ,  H04L9/14 ,  G06F12/123 ,  G06F12/0813

Abstract: Methods, systems, and devices for distributed caching of encrypted encryption keys are described. Some multi-tenant database systems may support encryption of data records. To efficiently handle multiple encryption keys across multiple application servers, the database system may store the encryption keys in a distributed cache accessible by each of the application servers. To securely cache the encryption keys, the database system may encrypt (e.g., wrap) each data encryption key (DEK) using a second encryption key (e.g., a key encryption key (KEK)). The database system may store the DEKs and KEKs in separate caches to further protect the encryption keys. For example, while the encrypted DEKs may be stored in the distributed cache, the KEKs may be stored locally on application servers. The database system may further support “bring your own key” (BYOK) functionality, where a user may upload a tenant secret or tenant-specific encryption key to the database.

公开(公告)号：US20180337913A1

公开(公告)日：2018-11-22

申请号：US16030706

申请日：2018-07-09

Applicant: salesforce.com, inc.

Inventor： William Charles Mortimore, JR. ,  Sergio Isaac Koren ,  Paul Anthony Mason ,  Alan Vangpat

IPC: H04L29/06

Abstract: Mechanisms and techniques for customized user validation. A login attempt is received from a remote electronic device with one or more computing devices that provide access to one or more resources. The login attempt is analyzed to determine a profile from a plurality of profiles corresponding to the login attempt. The one or more computing devices support the plurality profiles with each profile having a corresponding flow. The flow corresponding to the profile is performed prior to allowing continuation of the login attempt. The login attempt is continued, via the one or more computing devices, after the flow corresponding to the profile is completed. Access is granted to the one or more resources, via the one or more computing devices, in response to a successful completion of the login attempt.

公开(公告)号：US20170339148A1

公开(公告)日：2017-11-23

申请号：US15158277

申请日：2016-05-18

Applicant: salesforce.com, inc.

Inventor： Alexey Syomichev ,  Lawrence Eugenio McAlpin ,  William Charles Mortimore, JR.

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/10 ,  G06F21/00 ,  G06F21/31 ,  G06F21/6218 ,  G06F21/6245 ,  G06F2221/2149 ,  H04L63/08 ,  H04L63/105 ,  H04L63/1433 ,  H04L67/02 ,  H04L67/2804 ,  H04L67/2814

Abstract: Controlling access to sensitive data can be difficult during an application development effort. A developer may not be authorized to see the data that is to be used by the application. Credentials used in a development environment to access development data can require modification when the application is migrated to a deployed environment. Changing the code in the deployed environment increases risks of change induced incidents. The technology disclosed allows for the creation of a named credential object, where the credentials for different environments are stored, and where the named credential object is called by metadata. This allows the promotion of code from a development environment to a deployed environment without changes to code, and without giving access to sensitive data to the developer.

公开(公告)号：US20200250325A1

公开(公告)日：2020-08-06

申请号：US16263751

申请日：2019-01-31

Applicant: salesforce.com, inc.

Inventor： Terry Chong ,  Jameison Bear Martin ,  Thomas Fanghaenel ,  Andrew Tucker ,  Nathaniel Wyatt ,  Raghavendran Hanumantharau ,  Assaf Ben-Gur ,  William Charles Mortimore, JR.

IPC: G06F21/62 ,  G06F21/60 ,  H04L9/08 ,  G06F16/2455

Abstract: System and methods of the disclosed subject matter provide segregating, at a memory storage coupled to a multitenant database system, first tenant data of a first tenant from at least second tenant data of a second tenant, based on a first tenant identifier. A first encryption key associated with the first tenant may be retrieved from a key cache memory based on the first tenant identifier, to encrypt one or more fragments of the first tenant data. The fragments of the first tenant data may be encrypted based on the retrieved encryption key. Non-encrypted header information may be generated for each of the encrypted fragments of the first tenant data, where the header information may have metadata including the first tenant identifier. The encrypted fragments of the first tenant data and the corresponding non-encrypted header information may be stored in the immutable storage.

公开(公告)号：US20200099685A1

公开(公告)日：2020-03-26

申请号：US16140410

申请日：2018-09-24

Applicant: salesforce.com, inc.

Inventor： Albert Wijaya ,  Benjamin Chu ,  William Charles Mortimore, JR. ,  Ian Glazer ,  Matthew Bahrenburg ,  Prashanth Mahalingam Ganesan ,  Puneet Dhaliwal

IPC: H04L29/06 ,  G06F21/45 ,  G06F21/40 ,  H04L29/08

Abstract: Systems, methods, and apparatuses for implementing authentication of a user login to an external website from a community in a cloud based computing environment. An exemplary system having at least a processor and a memory therein includes means for identifying a first domain where a user is to be allowed to login to an external web page hosted thereon, and means for connecting the external web page with a community of a cloud computing environment hosted on a second domain different than the identified first domain, the connecting means handling how the connected community authenticates the user when the user logs into the external web page and providing one of a plurality of login experiences for the user based on conditions determined at run time.

公开(公告)号：US20160301679A1

公开(公告)日：2016-10-13

申请号：US14682324

申请日：2015-04-09

Applicant: salesforce.com, inc.

Inventor： William Charles Mortimore, JR. ,  Sergio Isaac Koren ,  Paul Anthony Mason ,  Alan Vangpat

IPC: H04L29/06

CPC classification number: H04L63/083 ,  H04L63/0838 ,  H04L63/102 ,  H04L2463/082

Abstract: Mechanisms and techniques for customized user validation. A login attempt is received from a remote electronic device with one or more computing devices that provide access to one or more resources. The login attempt is analyzed to determine a profile from a plurality of profiles corresponding to the login attempt. The one or more computing devices support the plurality profiles with each profile having a corresponding flow. The flow corresponding to the profile is performed prior to allowing continuation of the login attempt. The login attempt is continued, via the one or more computing devices, after the flow corresponding to the profile is completed. Access is granted to the one or more resources, via the one or more computing devices, in response to a successful completion of the login attempt.

Abstract translation: 定制用户验证的机制和技术。 从具有提供对一个或多个资源的访问的一个或多个计算设备的远程电子设备接收登录尝试。 分析登录尝试以从对应于登录尝试的多个简档确定简档。 一个或多个计算设备支持多个轮廓，每个轮廓具有对应的流。 在允许继续登录尝试之前执行与简档对应的流程。 在对应于简档的流程完成之后，通过一个或多个计算设备继续登录尝试。 响应于登录尝试的成功完成，经由一个或多个计算设备向一个或多个资源授予访问权限。

公开(公告)号：US20160072839A1

公开(公告)日：2016-03-10

申请号：US14478795

申请日：2014-09-05

Applicant: salesforce.com, inc.

Inventor： William Charles Mortimore, JR.

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/0876

Abstract: In accordance with embodiments, there are provided mechanisms and methods for facilitating dynamic management of devices participating in a network in an on-demand services environment in an on-demand services environment in a multi-tenant environment according to one embodiment. In one embodiment and by way of example, a method includes receiving, by and incorporating into a database system, a policy document relating to a first computing device over a network, the network including Internet of Things (“IoT”), verifying, by the database, the first computing device based on contents of the policy document, and authorizing, by the database, the first computing device to participate within the network, where participating includes performing one or more tasks within the network on behalf of a user and in accordance with the policy document.

Abstract translation: 根据实施例，根据一个实施例，提供了用于在多租户环境中的按需服务环境中促进参与按需服务环境中的网络的设备的动态管理的机制和方法。 在一个实施例中，并且作为示例，一种方法包括通过网络接收和并入到数据库系统中的涉及第一计算设备的策略文档，包括物联网（“IoT”）的网络，通过 所述数据库，所述第一计算设备基于所述策略文档的内容，并且由所述数据库授权所述第一计算设备参与所述网络，其中参与包括代表用户在所述网络内执行一个或多个任务，并且 按照政策文件。

公开(公告)号：US20140019880A1

公开(公告)日：2014-01-16

申请号：US13804739

申请日：2013-03-14

Applicant: SALESFORCE.COM, INC.

Inventor： John Kucera ,  Aditya Kuruganti ,  William Charles Mortimore, JR.

IPC: H04L29/06

CPC classification number: H04L65/403 ,  G06F21/31 ,  G06Q50/01 ,  H04L51/32 ,  H04L61/1511 ,  H04L61/303 ,  H04L61/307 ,  H04L63/083

Abstract: Disclosed are methods, apparatus, systems, and computer-readable storage media for maintaining communities and providing access to communities of users in an online social network. In some implementations, an internal user of an organization is provided access to a community switcher user interface component in a user interface for switching between an external community and an internal community established at a domain associated with an organization. The external community is established at an external community root domain. A community switcher user interface component can be requested and displayed at a computing device. The community switcher user interface component includes a link to the internal community and a link to the external community.

Abstract translation: 公开了用于维护社区并提供对在线社交网络中的用户社区的访问的方法，装置，系统和计算机可读存储介质。 在一些实施方式中，向组织的内部用户提供对用户界面中的社区切换器用户界面组件的访问，用于在外部社区与在与组织相关联的域建立的内部社区之间进行切换。 外部社区建立在外部社区根域。 可以在计算设备处请求并显示社区切换器用户界面组件。 社区切换器用户界面组件包括指向内部社区的链接以及指向外部社区的链接。