-
51.发明授权公开(公告)号:US09596246B2
公开(公告)日:2017-03-14
申请号:US14600525
申请日:2015-01-20
申请人: salesforce.com, inc.
发明人: Prasad Peddada
CPC分类号: H04L63/105 , G06F21/629 , H04L41/28
摘要: Methods and systems are described for providing support representative access to applications deployed in an enterprise network environment. An access provisioning system defines a support user class in a user profile database for an application executed on an organization partition within the network. The support user is granted read only privileges to metadata of the application. An organization administrator can grant support personnel access to the application as a support user, thus the ability to view, analyze, and possibly modify the metadata. The access provisioning system generates a Security Assertion Markup Language (SAML) assertion upon request by the support personnel to enable access to the data to the extent of the granted privileges. The SAML protocol includes authentication of the support representative as an authorized support user within the system.
摘要翻译: 描述了用于为部署在企业网络环境中的应用提供支持代表性访问的方法和系统。 访问配置系统在用户简档数据库中为在网络内的组织分区上执行的应用定义支持用户类。 支持用户被授予对应用程序的元数据的只读权限。 组织管理员可以支持人员作为支持用户访问应用程序,从而能够查看,分析和可能修改元数据。 访问配置系统根据支持人员的请求生成安全断言标记语言(Security Assertion Markup Language,SAML)断言,以便在授予的权限的范围内访问数据。 SAML协议包括作为系统内的授权支持用户的支持代表的认证。
-
公开(公告)号:US09501661B2
公开(公告)日:2016-11-22
申请号:US14320135
申请日:2014-06-30
申请人: salesforce.com, inc.
发明人: Mukul Raj Kumar , Prasad Peddada
CPC分类号: G06F21/6227 , G06F17/30011 , G06F17/30321 , G06F17/30336 , G06F17/30477 , G06F17/3071 , G06F17/30864 , G06F21/6209 , G06F21/6218 , G06F21/6245 , G06F21/6254 , G06F2221/2107 , H04L63/08
摘要: A search index stored within the system having a plurality of individual search index files having information stored therein. At least one of the individual search index files constitutes a term dictionary or a term index type file having internal structure that allows a portion of the individual search index file to be updated, encrypted, and/or decrypted without affecting the internal structure of the individual search index file. A file input/output (IO) layer encrypts the information being written into the individual search index file and to decrypt the information being read from the individual search index file. The file TO layer encrypts and decrypts only a portion of the individual search index file in reply to an operation without requiring decryption or encryption of the individual search index file in its entirety. A query interface executes the operation against the information stored in the memory in its decrypted form.
摘要翻译: 存储在系统内的搜索索引具有存储有信息的多个单独搜索索引文件。 各个搜索索引文件中的至少一个构成术语词典或具有内部结构的术语索引类型文件,该文件允许单个搜索索引文件的一部分被更新,加密和/或解密而不影响个体的内部结构 搜索索引文件。 文件输入/输出(IO)层将被写入各个搜索索引文件的信息加密,并解密从各个搜索索引文件读取的信息。 文件TO层仅对单个搜索索引文件的一部分进行加密和解密,以回复操作,而不需要对整个搜索索引文件进行解密或加密。 查询接口以解密形式对存储在存储器中的信息进行操作。
-
公开(公告)号:US09361468B2
公开(公告)日:2016-06-07
申请号:US13781139
申请日:2013-02-28
申请人: salesforce.com, inc.
发明人: Prasad Peddada
IPC分类号: G06F7/04 , G06F17/30 , H04N7/16 , G06F21/62 , G06F9/44 , H04L29/06 , G06Q30/02 , H04M3/51 , G06F19/00 , G06F21/44
CPC分类号: G06F21/6245 , G06F9/452 , G06F21/44 , G06F21/62 , G06F21/6218 , G06Q30/02 , G16H40/20 , H04L63/0876 , H04L63/102 , H04L63/105 , H04L67/22 , H04L67/42 , H04M3/51
摘要: Techniques described herein can be implemented as one or a combination of methods, systems or processor executed code to form embodiments capable of improved protection of data or other computing resources based at least in part upon limiting access to a select number of delegates. Limited access to cloud data based on customer selected or other criterion, reducing the possibility of security exposures and/or improving privacy is provided for.
摘要翻译: 本文描述的技术可以实现为方法,系统或处理器执行代码的一个或组合,以形成能够至少部分地基于限制对选定数量的代表的访问而能够改进对数据或其他计算资源的保护的实施例。 根据客户选择或其他标准有限的访问云数据,降低安全风险和/或改善隐私的可能性。
-
公开(公告)号:US20130276142A1
公开(公告)日:2013-10-17
申请号:US13781139
申请日:2013-02-28
申请人: SALESFORCE.COM, INC.
发明人: Prasad Peddada
IPC分类号: G06F21/62
CPC分类号: G06F21/6245 , G06F9/452 , G06F21/44 , G06F21/62 , G06F21/6218 , G06Q30/02 , G16H40/20 , H04L63/0876 , H04L63/102 , H04L63/105 , H04L67/22 , H04L67/42 , H04M3/51
摘要: Techniques described herein can be implemented as one or a combination of methods, systems or processor executed code to form embodiments capable of improved protection of data or other computing resources based at least in part upon limiting access to a select number of delegates. Limited access to cloud data based on customer selected or other criterion, reducing the possibility of security exposures and/or improving privacy is provided for.
摘要翻译: 本文描述的技术可以实现为方法,系统或处理器执行代码的一个或组合,以形成能够至少部分地基于限制对选定数量的代表的访问而能够改进对数据或其他计算资源的保护的实施例。 根据客户选择或其他标准有限的访问云数据,降低安全风险和/或改善隐私的可能性。
-
公开(公告)号:US11606348B2
公开(公告)日:2023-03-14
申请号:US17221340
申请日:2021-04-02
申请人: salesforce.com, inc.
发明人: Prasad Peddada , Taher Elgamal
摘要: Techniques are disclosed relating to user authentication using multi-party computation and public key cryptography. In some embodiments, a server may receive, from a client, a request to authenticate a user to a service. The server may access key-pair information that includes, for a server key-pair, a first component of a server private key and, for a client key-pair, a client public key and a first component of a client private key. The server may generate a partial signature value that is based on the first component, but not the entirety, of the server private key. The server may send, to the client, an authentication challenge that includes challenge information and the partial signature value. The server may then determine whether to authenticate the user based on an authentication response from the client.
-
公开(公告)号:US11522686B2
公开(公告)日:2022-12-06
申请号:US16931226
申请日:2020-07-16
申请人: salesforce.com, inc.
发明人: Prasad Peddada , Taher Elgamal , Aaron Johnson , Ryan Guest
摘要: Methods and systems for securing customer data in a multi-tenant database environment are described. A key identifier received from a security server may be stored by an application server. The key identifier may be associated with a private key that is accessible by the security server and not accessible by the application server. A request to derive a symmetric key may be transmitted from the application server to the security server, the request including a public key generated by the application server, a salt value, and the key identifier. The symmetric key may then be derived based on the transmitted public key and the private key using a key derivation function. The application server may then receive and store the symmetric key in an in-memory cache, and be used to securely encrypt data received by the application server from client devices.
-
公开(公告)号:US11431481B2
公开(公告)日:2022-08-30
申请号:US16677572
申请日:2019-11-07
申请人: salesforce.com, inc.
发明人: Brian Toal , Prasad Peddada
摘要: Disclosed are some implementations of systems, apparatus, methods and computer program products for securing memory dumps. In response to a trigger condition, a server generates a symmetric key corresponding to an instance of a memory dump. The server encrypts memory contents of the server using the symmetric key. In addition, the server encrypts the symmetric key using a key-encrypting key (kek), which can include a public key Both the encrypted memory contents and the encrypted symmetric key are stored for the instance of the memory dump. Responsive to a request for information pertaining to the instance of the memory dump, the encrypted memory contents and the encrypted symmetric key are retrieved from storage, the encrypted symmetric key is decrypted using a private key, and the symmetric key is used to decrypt the encrypted memory contents.
-
公开(公告)号:US11233636B1
公开(公告)日:2022-01-25
申请号:US16938632
申请日:2020-07-24
申请人: salesforce.com, inc.
发明人: Prasad Peddada , Taher Elgamal
摘要: A client may transmit an authentication request to a server. the server may initiate a key agreement process using a short-lived private key generated at the server and a public key of the device, generate a shared secret, and derive a symmetric key. The symmetric key may be used to encrypt a random challenge. Further, the server initiates a key agreement process for the client using the partial private key that was generated for the client and the short-lived public key generated at the server. A partial key agreement result and the encrypted random challenge may be transmitted to the client. The client may complete the key agreement process using the partial key agreement result and a respective portion of the private key. The client may derive the encryption key and decrypt the random challenge. An indication of the random challenge may be transmitted to the server, which authenticates the client.
-
公开(公告)号:US11163910B2
公开(公告)日:2021-11-02
申请号:US16371428
申请日:2019-04-01
申请人: salesforce.com, inc.
发明人: Yujia Hu , Prasad Peddada , Ryan Guest
摘要: Systems and methods for performing migration may include receiving, by a server computing system, a request to access a data element from a second data store, the data element having been migrated to the second data store from a first data store; accessing, by the server computing system, the data element from the second data store and its counterpart data element from the first data store; and based on the data element from the second data store being different from the counterpart data element from the first data store, responding, by the server computing system, to the request by providing the counterpart data element from the first data store instead of the data element from the second data store.
-
公开(公告)号:US11157630B2
公开(公告)日:2021-10-26
申请号:US15972397
申请日:2018-05-07
申请人: salesforce.com, inc.
发明人: Prasad Peddada , Taher ElGamal
摘要: Methods, systems, and devices for data migration are described. In a system, databases may utilize different database-specific encryption keys for storage security. In some cases, the system may migrate data from a source database to a target database. To securely migrate the data, the source database may generate a temporary encryption key. The source database may decrypt the data using its database-specific key and may re-encrypt the data using this temporary encryption key. Additionally, the source database may wrap the temporary key with a public key corresponding to the target database. The source database may send the re-encrypted data and the wrapped temporary key to the target database. The target database may unwrap the temporary key using a private key associated with the public key and may decrypt the data using the temporary key before re-encrypting the data with its database-specific key for data storage.
-
-
-
-
-
-
-
-
-
搜索结果
63 条记录 (耗时 0.021 秒)
