公开(公告)号：US11483150B2

公开(公告)日：2022-10-25

申请号：US16889285

申请日：2020-06-01

Applicant: salesforce.com, inc.

Inventor： Dhanashree Kashid ,  Raghavendran Hanumantharau ,  Terry Chong ,  Andrew Stewart Tucker ,  Vadiraj Govardhan Hosur

IPC: H04L29/06 ,  H04L9/08 ,  G06F21/60 ,  G06F21/62 ,  H04L9/14

Abstract: Disclosed techniques relate to storing a key cache within a secure enclave. In some embodiments, a computing system receives, from an application, a request to access a database, where the request is associated with a particular account. The computing system then accesses, using an identifier associated with the particular account, a key cache stored in a secure enclave of a memory of the computing system to determine at least one private key associated with the request, where the key cache stores private keys of a key management system (KMS) for a plurality of accounts. The computing system performs a cryptographic operation for accessing the database within the secure enclave using the at least one private key. In various embodiments, disclosed techniques may improve the security of cryptographic private keys cached for a plurality of tenants.

公开(公告)号：US20210377020A1

公开(公告)日：2021-12-02

申请号：US16889285

申请日：2020-06-01

Applicant: salesforce.com, inc.

Inventor： Dhanashree Kashid ,  Raghavendran Hanumantharau ,  Terry Chong ,  Andrew Stewart Tucker ,  Vadiraj Govardhan Hosur

IPC: H04L9/08 ,  G06F21/60 ,  H04L9/14 ,  G06F21/62

Abstract: Disclosed techniques relate to storing a key cache within a secure enclave. In some embodiments, a computing system receives, from an application, a request to access a database, where the request is associated with a particular account. The computing system then accesses, using an identifier associated with the particular account, a key cache stored in a secure enclave of a memory of the computing system to determine at least one private key associated with the request, where the key cache stores private keys of a key management system (KMS) for a plurality of accounts. The computing system performs a cryptographic operation for accessing the database within the secure enclave using the at least one private key. In various embodiments, disclosed techniques may improve the security of cryptographic private keys cached for a plurality of tenants.