公开(公告)号：US10659446B2

公开(公告)日：2020-05-19

申请号：US15621628

申请日：2017-06-13

申请人： salesforce.com, inc.

发明人： Josh Alexander ,  Seth Holloway ,  Evan Tyler Grim ,  Ian Glazer ,  William Charles Mortimore, Jr.

IPC分类号： G06F7/04 ,  H04L29/06 ,  H04W12/06

摘要： Techniques are disclosed relating to contextual authentication across different applications based on user communications. In some embodiments, a user is preauthenticated to certain actions on a second application based on the user's communication via a first application. The user's communication via a first application provides contextual information that may be used to preauthenticate a request to perform an action on the second application. Contextual information may include the user's communication itself and/or communications characteristics that are determined from the user's communications. In some embodiments, the degree of preauthentication progressively increases or decreases with the degree of use on the first application; that is, the user is preauthenticated to greater or fewer portions of an authentication procedure, to perform greater or fewer actions, or to perform actions more or less critical to security, as additional information regarding the user's communication on the first application becomes available. In some embodiments, preauthentication may be revoked as additional contextual information becomes available on the first application.

公开(公告)号：US11700112B2

公开(公告)日：2023-07-11

申请号：US16863402

申请日：2020-04-30

申请人： salesforce.com, inc.

发明人： Alexandre Hersans ,  John Bracken ,  Assaf Ben Gur ,  William Charles Mortimore, Jr. ,  Swaroop Shere

IPC分类号： H04L9/08 ,  H04L9/14 ,  G06F12/123 ,  G06F12/0813

CPC分类号： H04L9/0822 ,  G06F12/0813 ,  G06F12/123 ,  H04L9/0894 ,  H04L9/14 ,  G06F2212/60 ,  G06F2212/62

摘要： Methods, systems, and devices for distributed caching of encrypted encryption keys are described. Some multi-tenant database systems may support encryption of data records. To efficiently handle multiple encryption keys across multiple application servers, the database system may store the encryption keys in a distributed cache accessible by each of the application servers. To securely cache the encryption keys, the database system may encrypt (e.g., wrap) each data encryption key (DEK) using a second encryption key (e.g., a key encryption key (KEK)). The database system may store the DEKs and KEKs in separate caches to further protect the encryption keys. For example, while the encrypted DEKs may be stored in the distributed cache, the KEKs may be stored locally on application servers. The database system may further support “bring your own key” (BYOK) functionality, where a user may upload a tenant secret or tenant-specific encryption key to the database.

公开(公告)号：US11128624B2

公开(公告)日：2021-09-21

申请号：US16140410

申请日：2018-09-24

申请人： salesforce.com, inc.

发明人： Albert Wijaya ,  Benjamin Chu ,  William Charles Mortimore, Jr. ,  Ian Glazer ,  Matthew Bahrenburg ,  Prashanth Mahalingam Ganesan ,  Puneet Dhaliwal

IPC分类号： H04L29/06 ,  G06F21/45 ,  H04L29/08 ,  G06F21/40

摘要： Systems, methods, and apparatuses for implementing authentication of a user login to an external website from a community in a cloud based computing environment. An exemplary system having at least a processor and a memory therein includes means for identifying a first domain where a user is to be allowed to login to an external web page hosted thereon, and means for connecting the external web page with a community of a cloud computing environment hosted on a second domain different than the identified first domain, the connecting means handling how the connected community authenticates the user when the user logs into the external web page and providing one of a plurality of login experiences for the user based on conditions determined at run time.

公开(公告)号：US10298582B2

公开(公告)日：2019-05-21

申请号：US15158277

申请日：2016-05-18

申请人： salesforce.com, inc.

发明人： Alexey Syomichev ,  Lawrence Eugenio McAlpin ,  William Charles Mortimore, Jr.

IPC分类号： G06F21/00 ,  G06F21/31 ,  G06F21/62 ,  H04L29/06 ,  H04L29/08

摘要： Controlling access to sensitive data can be difficult during an application development effort. A developer may not be authorized to see the data that is to be used by the application. Credentials used in a development environment to access development data can require modification when the application is migrated to a deployed environment. Changing the code in the deployed environment increases risks of change induced incidents. The technology disclosed allows for the creation of a named credential object, where the credentials for different environments are stored, and where the named credential object is called by metadata. This allows the promotion of code from a development environment to a deployed environment without changes to code, and without giving access to sensitive data to the developer.

公开(公告)号：US11997204B2

公开(公告)日：2024-05-28

申请号：US17249149

申请日：2021-02-22

申请人： salesforce.com, inc.

发明人： Matthew Bahrenburg ,  Alan Vangpat ,  Anupam Jain ,  William Charles Mortimore, Jr. ,  Srinath Krishna Ananthakrishnan ,  Peter S. Wisnovsky

IPC分类号： H04L9/30 ,  G06F21/60 ,  H04L9/32

CPC分类号： H04L9/30 ,  G06F21/602 ,  H04L9/3213

摘要： Disclosed are some implementations of systems, apparatus, methods and computer program products for facilitating the authentication of computing system requests across tenants of at least one multi-tenant database system. Authentication is facilitated using a central registry that is accessible by and independent from the tenants of the multi-tenant database system.

公开(公告)号：US11016791B2

公开(公告)日：2021-05-25

申请号：US15929897

申请日：2020-05-28

申请人： salesforce.com, Inc.

发明人： Sergio Isaac Koren ,  Alan Vangpat ,  William Charles Mortimore, Jr. ,  Ian Glazer

IPC分类号： G06F3/0482 ,  G06F9/451 ,  G06F3/0484 ,  H04L29/06 ,  H04L12/24

摘要： Methods and systems are provided for configuring for declaratively configuring a user self-registration process and a user self-registration page process for a particular service provider. A graphical user interface is displayed that includes a plurality of options for declaratively configuring different user self-registration processes and corresponding user self-registration pages for the particular service provider. One of the options can be selected, and a type of identifier and a type of verification process can be specified from different types for each. The type of identifier is associated with a user to be verified as part of the user self-registration process, and can be specified to define how the user is identified and looked-up during the user self-registration process. The type of verification process can define how the user will be verified as part of the user self-registration process.

公开(公告)号：US10705928B2

公开(公告)日：2020-07-07

申请号：US16115472

申请日：2018-08-28

申请人： salesforce.com, inc.

发明人： William Charles Mortimore, Jr. ,  Matthew Wong ,  Matthew Bahrenburg ,  Puneet Dhaliwal ,  Anupam Jain ,  Steven S. Lawrance

IPC分类号： G06F11/20 ,  H04L12/24

摘要： Systems, methods, and apparatuses for implementing tenant-to-tenant failover in a multi-tenant could computing environment. An exemplary system having at least a processor and a memory therein includes means for identifying a first one of a plurality of tenants in a multi-tenant cloud computing system as a primary tenant for providing a function, identifying a second one of the plurality of tenants in the multi-tenant cloud computing system as a secondary tenant for providing the function should the primary tenant become unavailable, providing the function in the multi-tenant cloud computing system via the primary tenant when the primary tenant is available, and switching to providing the function in the multi-tenant cloud computing environment via the secondary tenant when the primary tenant is unavailable and the secondary tenant is available.

公开(公告)号：US10021089B2

公开(公告)日：2018-07-10

申请号：US14682324

申请日：2015-04-09

申请人： salesforce.com, inc.

发明人： William Charles Mortimore, Jr. ,  Sergio Isaac Koren ,  Paul Anthony Mason ,  Alan Vangpat

IPC分类号： H04L29/06

CPC分类号： H04L63/083 ,  H04L63/0838 ,  H04L63/102 ,  H04L2463/082

摘要： Mechanisms and techniques for customized user validation. A login attempt is received from a remote electronic device with one or more computing devices that provide access to one or more resources. The login attempt is analyzed to determine a profile from a plurality of profiles corresponding to the login attempt. The one or more computing devices support the plurality profiles with each profile having a corresponding flow. The flow corresponding to the profile is performed prior to allowing continuation of the login attempt. The login attempt is continued, via the one or more computing devices, after the flow corresponding to the profile is completed. Access is granted to the one or more resources, via the one or more computing devices, in response to a successful completion of the login attempt.

公开(公告)号：US11841967B2

公开(公告)日：2023-12-12

申请号：US17562387

申请日：2021-12-27

申请人： salesforce.com, inc.

发明人： Terry Chong ,  Jameison Bear Martin ,  Thomas Fanghaenel ,  Andrew Tucker ,  Nathaniel Wyatt ,  Raghavendran Hanumantharau ,  Assaf Ben Gur ,  William Charles Mortimore, Jr.

IPC分类号： G06F21/62 ,  G06F16/2455 ,  G06F21/60 ,  H04L9/08

CPC分类号： G06F21/6218 ,  G06F16/24552 ,  G06F21/604 ,  H04L9/08

摘要： System and methods of the disclosed subject matter provide segregating, at a memory storage coupled to a multitenant database system, first tenant data of a first tenant from at least second tenant data of a second tenant, based on a first tenant identifier. A first encryption key associated with the first tenant may be retrieved from a key cache memory based on the first tenant identifier, to encrypt one or more fragments of the first tenant data. The fragments of the first tenant data may be encrypted based on the retrieved encryption key. Non-encrypted header information may be generated for each of the encrypted fragments of the first tenant data, where the header information may have metadata including the first tenant identifier. The encrypted fragments of the first tenant data and the corresponding non-encrypted header information may be stored in the immutable storage.

公开(公告)号：US11238174B2

公开(公告)日：2022-02-01

申请号：US16263751

申请日：2019-01-31

申请人： salesforce.com, inc.

发明人： Terry Chong ,  Jameison Bear Martin ,  Thomas Fanghaenel ,  Andrew Tucker ,  Nathaniel Wyatt ,  Raghavendran Hanumantharau ,  Assaf Ben-Gur ,  William Charles Mortimore, Jr.

IPC分类号： G06F21/62 ,  G06F16/2455 ,  G06F21/60 ,  H04L9/08

摘要： System and methods of the disclosed subject matter provide segregating, at a memory storage coupled to a multitenant database system, first tenant data of a first tenant from at least second tenant data of a second tenant, based on a first tenant identifier. A first encryption key associated with the first tenant may be retrieved from a key cache memory based on the first tenant identifier, to encrypt one or more fragments of the first tenant data. The fragments of the first tenant data may be encrypted based on the retrieved encryption key. Non-encrypted header information may be generated for each of the encrypted fragments of the first tenant data, where the header information may have metadata including the first tenant identifier. The encrypted fragments of the first tenant data and the corresponding non-encrypted header information may be stored in the immutable storage.