公开(公告)号：US10740475B2

公开(公告)日：2020-08-11

申请号：US16051414

申请日：2018-07-31

Applicant: salesforce.com, inc.

Inventor： William C. Eidson ,  David Hacker ,  Yu Chen ,  Hui Fung Herman Kwong ,  Wolfgang Krause

IPC: G06F21/60 ,  H04L29/06 ,  H04L9/32 ,  G06F21/62 ,  G06F9/54 ,  H04L9/08 ,  G06F11/30 ,  G06F11/34 ,  H04L9/14 ,  H04L29/08

Abstract: A method and a system for enabling multiple log record consumers to comply with regulations and requirements regarding privacy and handling of data are described. A determination, based on a log record format being of a first of the log record types, that a first field from a raw log record is to be tokenized based on a first tokenization strategy of multiple tokenization strategies in the first log record type, is performed. Each one of the tokenization strategies identifies a tokenization mechanism from tokenization mechanisms for generating a token from a raw value to enable compliance with a set of regulations and requirements regarding privacy and the handling of data. For a first raw value in the first field a first token is generated that is an anonymized representation of the first raw value using a tokenization mechanism identified by the first tokenization strategy in the log record type.

公开(公告)号：US11489839B2

公开(公告)日：2022-11-01

申请号：US16264624

申请日：2019-01-31

Applicant: salesforce.com, inc.

Inventor： Sneha Krishna Sankavaram ,  Hui Fung Herman Kwong

IPC: H04L9/40 ,  G06F16/955 ,  G06K9/62 ,  G06N20/00

Abstract: Clustering-based machine learning is utilized to generate and update permissions data in a computing system. The computing system logs permissions-related user activity for users of the system over time. Feature vectors are generated for the users based on the logs, where each feature corresponds to a specific permission or permission-related operation of the system. A clustering-based learning algorithm analyzes the feature vectors and generates clusters of similar users based on their feature vectors. The permissions of the users may be updated to reflect attributes of the clusters to which they were assigned. For example, the clusters may be utilized to seed and/or update access control groups or other permissions-related user groups in the system. Or, some or all permissions not used by any users within a cluster over a recent period of time may be automatically removed from any user in the cluster.

公开(公告)号：US20200252405A1

公开(公告)日：2020-08-06

申请号：US16264624

申请日：2019-01-31

Applicant: salesforce.com, inc.

Inventor： Sneha Krishna Sankavaram ,  Hui Fung Herman Kwong

IPC: H04L29/06 ,  G06N20/00 ,  G06K9/62 ,  G06F16/955

Abstract: Clustering-based machine learning is utilized to generate and update permissions data in a computing system. The computing system logs permissions-related user activity for users of the system over time. Feature vectors are generated for the users based on the logs, where each feature corresponds to a specific permission or permission-related operation of the system. A clustering-based learning algorithm analyzes the feature vectors and generates clusters of similar users based on their feature vectors. The permissions of the users may be updated to reflect attributes of the clusters to which they were assigned. For example, the clusters may be utilized to seed and/or update access control groups or other permissions-related user groups in the system. Or, some or all permissions not used by any users within a cluster over a recent period of time may be automatically removed from any user in the cluster.

公开(公告)号：US10382463B2

公开(公告)日：2019-08-13

申请号：US15385491

申请日：2016-12-20

Applicant: salesforce.com, inc.

Inventor： Ping Yan ,  Huy Hang ,  Hui Fung Herman Kwong

IPC: H04L29/06

Abstract: Threat detection in a multi-organizational environment. Attribute data corresponding to accesses to a multi-organizational environment and entity data corresponding to accesses to the multi-organizational environment are maintained. A graph based on the attribute data and the entity data where graph edges represent a relationship between an attribute and an entity is generated. Subsequent access are compared to the graph to determine if the subsequent access corresponds to a new relationship. The subsequent access is allowed if the subsequent access does not correspond to a new relationship. The subsequent access further analyzed if the subsequent access corresponds to a new, unexpected relationship.