公开(公告)号：US20200250325A1

公开(公告)日：2020-08-06

申请号：US16263751

申请日：2019-01-31

申请人： salesforce.com, inc.

发明人： Terry Chong ,  Jameison Bear Martin ,  Thomas Fanghaenel ,  Andrew Tucker ,  Nathaniel Wyatt ,  Raghavendran Hanumantharau ,  Assaf Ben-Gur ,  William Charles Mortimore, JR.

IPC分类号： G06F21/62 ,  G06F21/60 ,  H04L9/08 ,  G06F16/2455

摘要： System and methods of the disclosed subject matter provide segregating, at a memory storage coupled to a multitenant database system, first tenant data of a first tenant from at least second tenant data of a second tenant, based on a first tenant identifier. A first encryption key associated with the first tenant may be retrieved from a key cache memory based on the first tenant identifier, to encrypt one or more fragments of the first tenant data. The fragments of the first tenant data may be encrypted based on the retrieved encryption key. Non-encrypted header information may be generated for each of the encrypted fragments of the first tenant data, where the header information may have metadata including the first tenant identifier. The encrypted fragments of the first tenant data and the corresponding non-encrypted header information may be stored in the immutable storage.

公开(公告)号：US20220121766A1

公开(公告)日：2022-04-21

申请号：US17562387

申请日：2021-12-27

申请人： salesforce.com, inc.

发明人： Terry Chong ,  Jameison Bear Martin ,  Thomas Fanghaenel ,  Andrew Tucker ,  Nathaniel Wyatt ,  Raghavendran Hanumantharau ,  Assaf Ben Gur ,  William Charles Mortimore, JR.

IPC分类号： G06F21/62 ,  G06F16/2455 ,  G06F21/60 ,  H04L9/08

摘要： System and methods of the disclosed subject matter provide segregating, at a memory storage coupled to a multitenant database system, first tenant data of a first tenant from at least second tenant data of a second tenant, based on a first tenant identifier. A first encryption key associated with the first tenant may be retrieved from a key cache memory based on the first tenant identifier, to encrypt one or more fragments of the first tenant data. The fragments of the first tenant data may be encrypted based on the retrieved encryption key. Non-encrypted header information may be generated for each of the encrypted fragments of the first tenant data, where the header information may have metadata including the first tenant identifier. The encrypted fragments of the first tenant data and the corresponding non-encrypted header information may be stored in the immutable storage.

公开(公告)号：US20210328789A1

公开(公告)日：2021-10-21

申请号：US16849401

申请日：2020-04-15

申请人： salesforce.com, inc.

发明人： Vadiraj Govardhan Hosur ,  Andrew Tucker ,  Terry Chong ,  Raghavendran Hanumantharau ,  Dhanashree Kashid ,  Scott Daniel Wisniewski ,  Prithviraj Vasanth ,  Pranesh Radhakrishnan

IPC分类号： H04L9/08 ,  G06F21/60 ,  G06F21/62

摘要： Disclosed techniques relate to caching tenant encryption keys for a multi-tenant database. In some embodiments, a computing system encrypts data for a database in a multi-tenant database system using encryption keys assigned to respective tenants that are using the database. The computing system may store the encryption keys in a cache and, in response to a key rotation request for a first tenant, invalidate an entry in the cache for the first encryption key of the first tenant. The computing system may block writes for the first tenant until a new key is cached (e.g., based on retrieval from a key management system). In various embodiments, disclosed techniques may reduce encryption latency.

公开(公告)号：US11841967B2

公开(公告)日：2023-12-12

申请号：US17562387

申请日：2021-12-27

申请人： salesforce.com, inc.

发明人： Terry Chong ,  Jameison Bear Martin ,  Thomas Fanghaenel ,  Andrew Tucker ,  Nathaniel Wyatt ,  Raghavendran Hanumantharau ,  Assaf Ben Gur ,  William Charles Mortimore, Jr.

IPC分类号： G06F21/62 ,  G06F16/2455 ,  G06F21/60 ,  H04L9/08

CPC分类号： G06F21/6218 ,  G06F16/24552 ,  G06F21/604 ,  H04L9/08

摘要： System and methods of the disclosed subject matter provide segregating, at a memory storage coupled to a multitenant database system, first tenant data of a first tenant from at least second tenant data of a second tenant, based on a first tenant identifier. A first encryption key associated with the first tenant may be retrieved from a key cache memory based on the first tenant identifier, to encrypt one or more fragments of the first tenant data. The fragments of the first tenant data may be encrypted based on the retrieved encryption key. Non-encrypted header information may be generated for each of the encrypted fragments of the first tenant data, where the header information may have metadata including the first tenant identifier. The encrypted fragments of the first tenant data and the corresponding non-encrypted header information may be stored in the immutable storage.

公开(公告)号：US11374748B2

公开(公告)日：2022-06-28

申请号：US16849401

申请日：2020-04-15

申请人： salesforce.com, inc.

发明人： Vadiraj Govardhan Hosur ,  Andrew Tucker ,  Terry Chong ,  Raghavendran Hanumantharau ,  Dhanashree Kashid ,  Scott Daniel Wisniewski ,  Prithviraj Vasanth ,  Pranesh Radhakrishnan

IPC分类号： H04L9/08 ,  G06F21/60 ,  G06F21/62

摘要： Disclosed techniques relate to caching tenant encryption keys for a multi-tenant database. In some embodiments, a computing system encrypts data for a database in a multi-tenant database system using encryption keys assigned to respective tenants that are using the database. The computing system may store the encryption keys in a cache and, in response to a key rotation request for a first tenant, invalidate an entry in the cache for the first encryption key of the first tenant. The computing system may block writes for the first tenant until a new key is cached (e.g., based on retrieval from a key management system). In various embodiments, disclosed techniques may reduce encryption latency.

公开(公告)号：US11238174B2

公开(公告)日：2022-02-01

申请号：US16263751

申请日：2019-01-31

申请人： salesforce.com, inc.

发明人： Terry Chong ,  Jameison Bear Martin ,  Thomas Fanghaenel ,  Andrew Tucker ,  Nathaniel Wyatt ,  Raghavendran Hanumantharau ,  Assaf Ben-Gur ,  William Charles Mortimore, Jr.

IPC分类号： G06F21/62 ,  G06F16/2455 ,  G06F21/60 ,  H04L9/08

摘要： System and methods of the disclosed subject matter provide segregating, at a memory storage coupled to a multitenant database system, first tenant data of a first tenant from at least second tenant data of a second tenant, based on a first tenant identifier. A first encryption key associated with the first tenant may be retrieved from a key cache memory based on the first tenant identifier, to encrypt one or more fragments of the first tenant data. The fragments of the first tenant data may be encrypted based on the retrieved encryption key. Non-encrypted header information may be generated for each of the encrypted fragments of the first tenant data, where the header information may have metadata including the first tenant identifier. The encrypted fragments of the first tenant data and the corresponding non-encrypted header information may be stored in the immutable storage.