公开(公告)号：US11290282B2

公开(公告)日：2022-03-29

申请号：US16694924

申请日：2019-11-25

Applicant: salesforce.com, inc.

Inventor： Shiloh Cory Heurich ,  Frank Siebenlist ,  Taher Elgamal ,  Clayten Tyler Joseph Hamacher ,  Matthew Steele ,  Pathik Ashok Solanki ,  Matthew B. Schechtman

IPC: H04L9/32 ,  H04L29/06

Abstract: In accordance with embodiments, there are provided mechanisms and methods for facilitating dynamic end-to-end integrity for data repositories in an on-demand services environment, where a database system-implemented method includes receiving, by the database system, a content file and metadata to be submitted to a data repository of the database system. The content file may include content, where the metadata may include identifying data associated with at least one of the content and a user associated with the content. The method may include verifying, by the database system, the identifying data of the metadata. The verification of the identifying data represents authentication of at least one of the user and the content. The method may include submitting, by the database system, the content file and the metadata to the data repository, upon authentication of at least one of the user and the content via successful verification of the identifying data.

公开(公告)号：US10541811B2

公开(公告)日：2020-01-21

申请号：US14635265

申请日：2015-03-02

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Jeremy Horwitz ,  Taher Elgamal ,  Matthew Steele ,  Ryan Guest

IPC: H04L9/08

Abstract: Embodiments include an apparatus for securing customer data and include a processor, and one or more stored sequences of instructions which, when executed, cause the processor to store an encrypted first key fragment in a first storage area, store an encrypted second key fragment in a separate second storage area, wherein access to the first storage area and to the second storage area is mutually exclusive. The instructions further cause the processor to decrypt the encrypted first key fragment and the encrypted second key fragment using a key set and keys associated with a hardware security module based on receiving a request to derive a master key. The master key is derived using the decrypted first key fragment and the decrypted second key fragment and stored in an in-memory cache. The master key is used to encrypt or to decrypt encrypted customer data.

公开(公告)号：US20160261408A1

公开(公告)日：2016-09-08

申请号：US14635265

申请日：2015-03-02

Applicant: salesforce.com, inc.

Inventor： Prasad Peddada ,  Jeremy Horwitz ,  Taher Elgamal ,  Matthew Steele ,  Ryan Guest

IPC: H04L9/08

Abstract: Embodiments include an apparatus for securing customer data and include a processor, and one or more stored sequences of instructions which, when executed, cause the processor to store an encrypted first key fragment in a first storage area, store an encrypted second key fragment in a separate second storage area, wherein access to the first storage area and to the second storage area is mutually exclusive. The instructions further cause the processor to decrypt the encrypted first key fragment and the encrypted second key fragment using a key set and keys associated with a hardware security module based on receiving a request to derive a master key. The master key is derived using the decrypted first key fragment and the decrypted second key fragment and stored in an in-memory cache. The master key is used to encrypt or to decrypt encrypted customer data.

Abstract translation: 实施例包括用于保护客户数据并包括处理器的装置，以及一个或多个存储的指令序列，当被执行时，使得处理器将加密的第一密钥片段存储在第一存储区域中，将加密的第二密钥片段存储在 分离的第二存储区域，其中对第一存储区域和第二存储区域的访问是互斥的。 所述指令还使所述处理器基于接收到导出主密钥的请求，使用与硬件安全模块相关联的密钥集和密钥对所述加密的第一密钥片段和加密的第二密钥片段进行解密。 使用解密的第一密钥片段和解密的第二密钥片段导出主密钥并存储在内存中的高速缓存中。 主密钥用于加密或解密加密的客户数据。