Facilitating dynamic end-to-end integrity for data repositories in an on-demand services environment

US 10,491,398 B2
Filed: 09/12/2014
Issued: 11/26/2019
Est. Priority Date: 09/12/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a dynamic security verification device in a multi-tenant database system, a content file having at least one of data and metadata, wherein the content file includes embedded security data representing multiple integrity checks to ensure the content file is protected from tampering or unauthorized accesses, wherein the multiple integrity checks include at least two end-to-end checks of the content file, an author of the content file, and a consumer of the content file, wherein the dynamic security verification device is capable of tracing back the multiple integrity checks to origin of the embedded security data without having to shift from the dynamic security verification device to another security verification device, wherein the origin of the embedded security data refers to a development code including a source code;

prior to submission of the content file to a data repository, performing, by the security verification device, a first integrity check of the multiple integrity checks to authenticate the author of the content file by selectively confirming a first component of the embedded security data;

performing, by the dynamic security verification device, a second integrity check of the multiple integrity checks when submitting the content file to the data repository to authenticate the consumer of the content file by selectively confirming a second component of the embedded security data;

wherein the first and second components include a combination of at least two or more of one or more cryptographic signatures, one or more digital fingerprints, one or more public or private keys, one or more timestamps, and authorship data identifying at least one of the data, the metadata, the author, and the consumer; and

determining, by the security verification device, whether to allow submission of the content file to the data repository based on a result of the first integrity check or the second integrity check, wherein the first integrity check is extended to include verifying built artifacts including an original source code supported by the embedded security data, wherein the second integrity check is extended to include verifying a running code based on the original code.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with embodiments, there are provided mechanisms and methods for facilitating dynamic end-to-end integrity for data repositories in an on-demand services environment, where a database system-implemented method includes receiving, by the database system, a content file and metadata to be submitted to a data repository of the database system. The content file may include content, where the metadata may include identifying data associated with at least one of the content and a user associated with the content. The method may include verifying, by the database system, the identifying data of the metadata. The verification of the identifying data represents authentication of at least one of the user and the content. The method may include submitting, by the database system, the content file and the metadata to the data repository, upon authentication of at least one of the user and the content via successful verification of the identifying data.

136 Citations

18 Claims

1. A method comprising:
- receiving, by a dynamic security verification device in a multi-tenant database system, a content file having at least one of data and metadata, wherein the content file includes embedded security data representing multiple integrity checks to ensure the content file is protected from tampering or unauthorized accesses, wherein the multiple integrity checks include at least two end-to-end checks of the content file, an author of the content file, and a consumer of the content file, wherein the dynamic security verification device is capable of tracing back the multiple integrity checks to origin of the embedded security data without having to shift from the dynamic security verification device to another security verification device, wherein the origin of the embedded security data refers to a development code including a source code;
  
  prior to submission of the content file to a data repository, performing, by the security verification device, a first integrity check of the multiple integrity checks to authenticate the author of the content file by selectively confirming a first component of the embedded security data;
  
  performing, by the dynamic security verification device, a second integrity check of the multiple integrity checks when submitting the content file to the data repository to authenticate the consumer of the content file by selectively confirming a second component of the embedded security data;
  
  wherein the first and second components include a combination of at least two or more of one or more cryptographic signatures, one or more digital fingerprints, one or more public or private keys, one or more timestamps, and authorship data identifying at least one of the data, the metadata, the author, and the consumer; and
  
  determining, by the security verification device, whether to allow submission of the content file to the data repository based on a result of the first integrity check or the second integrity check, wherein the first integrity check is extended to include verifying built artifacts including an original source code supported by the embedded security data, wherein the second integrity check is extended to include verifying a running code based on the original code.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the one or more cryptographic signatures are generated using cryptographic keys and assigned to the metadata, origin of the embedded security data comprises one or more of a development code, a source code, a build and deploy system, a cryptography and protection system, a production and authentication device, a workstation, and a client computing device.
  - 3. The method of claim 1, wherein the one or more digital fingerprints are generated using hash values and assigned to the metadata.
  - 4. The method of claim 1, wherein the authorship data includes user credentials having one or more of a name of the user, an employee number of the user, and a birth date of the user.
  - 5. The method of claim 1, wherein the one or more timestamps are generated by a third-party entity.
  - 6. The method of claim 1, wherein the metadata serves as an attribute to the content file, wherein upon submission to the data repository, the metadata remains associated with the content file.

7. A system comprising a dynamic security verification device having one or more processors coupled to a memory, the one or more processors to perform operations comprising:
- receiving a content file having at least one of data and metadata, wherein the content file includes embedded security data representing multiple integrity checks to ensure the content file is protected from tampering or unauthorized accesses, wherein the multiple integrity checks include at least two end-to-end checks of the content file, an author of the content file, and a consumer of the content file, wherein the dynamic security verification device in a multi-tenant database system is capable of tracing back the multiple integrity checks to origin of the embedded security data without having to shift from the dynamic security verification device to another security verification device, wherein the origin of the embedded security data refers to a development code including a source code;
  
  prior to submission of the content file to a data repository, performing a first integrity check of the multiple integrity checks to authenticate the author of the content file by selectively confirming a first component of the embedded security data;
  
  performing a second integrity check of the multiple integrity checks when submitting the content file to the data repository to authenticate the consumer of the content file by selectively confirming a second component of the embedded security data;
  
  wherein the first and second components include a combination of at least two or more of one or more cryptographic signatures, one or more digital fingerprints, one or more public or private keys, one or more timestamps, and authorship data identifying at least one of the data, the metadata, the author, and the consumer; and
  
  determining whether to allow submission of the content file to the data repository based on a result of the first integrity check or the second integrity check, wherein the first integrity check is extended to include verifying built artifacts including an original source code supported by the embedded security data, wherein the second integrity check is extended to include verifying a running code based on the original code.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the one or more cryptographic signatures are generated using cryptographic keys and assigned to the metadata, origin of the embedded security data comprises one or more of a development code, a source code, a build and deploy system, a cryptography and protection system, a production and authentication device, a workstation, and a client computing device.
  - 9. The system of claim 7, wherein the one or more digital fingerprints are generated using hash values and assigned to the metadata.
  - 10. The system of claim 7, wherein the authorship data includes user credentials having one or more of a name of the user, an employee number of the user, and a birth date of the user.
  - 11. The system of claim 7, wherein the one or more timestamps are generated a third-party entity.
  - 12. The system of claim 7, wherein the metadata serves as an attribute to the content file, wherein upon submission to the data repository, the metadata remains associated with the content file.

13. A non-transitory machine-readable medium comprising instructions which, when executed by a computing device, cause the computing device to perform operations comprising:
- receiving a content file having at least one of data and metadata, wherein the content file includes embedded security data representing multiple integrity checks to ensure the content file is protected from tampering or unauthorized accesses, wherein the multiple integrity checks include at least two end-to-end checks of the content file, an author of the content file, and a consumer of the content file, wherein the computing device includes a dynamic security verification device in a multi-tenant database system, wherein the dynamic security verification device is capable of tracing back the multiple integrity checks to origin of the embedded security data without having to shift from the dynamic security verification device to another security verification device, wherein the origin of the embedded security data refers to a development code including a source code;
  
  prior to submission of the content file to a data repository, performing, by the single verification system, a first integrity check of the multiple integrity checks to authenticate the author of the content file by selectively confirming a first component of the embedded security data;
  
  performing a second integrity check of the multiple integrity checks when submitting the content file to the data repository to authenticate the consumer of the content file by selectively confirming a second component of the embedded security data;
  
  wherein the first and second components include a combination of at least two or more of one or more cryptographic signatures, one or more digital fingerprints, one or more public or private keys, one or more timestamps, and authorship data identifying at least one of the data, the metadata, the author, and the consumer; and
  
  determining, by the verification system, whether to allow submission of the content file to the data repository based on a result the first integrity check or the second integrity check, wherein the first integrity check is extended to include verifying built artifacts including an original source code supported by the embedded security data, wherein the second integrity check is extended to include verifying a running code based on the original code.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory machine-readable medium of claim 13, wherein the one or more cryptographic signatures are generated using cryptographic keys and assigned to the metadata, origin of the embedded security data comprises one or more of a development code, a source code, a build and deploy system, a cryptography and protection system, a production and authentication device, a workstation, and a client computing device.
  - 15. The non-transitory machine-readable medium of claim 13, wherein the one or more digital fingerprints are generated using hash values and assigned to the metadata.
  - 16. The non-transitory machine-readable medium of claim 13, wherein the authorship data includes user credentials having one or more of a name of the user, an employee number of the user, and a birth date of the user.
  - 17. The non-transitory machine-readable medium of claim 13, wherein the one or more timestamps are generated a third-party entity.
  - 18. The non-transitory machine-readable medium of claim 13, wherein the metadata serves as an attribute to the content file, wherein upon submission to the data repository, the metadata remains associated with the content file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Heurich, Shiloh Cory, Siebenlist, Frank, Elgamal, Taher, Hamacher, Clayten Tyler Joseph, Steele, Matthew, Solanki, Pathik Ashok, Schechtman, Matthew B.
Primary Examiner(s)
Rashid, Harunur
Assistant Examiner(s)
Taylor, Sakinah White

Application Number

US14/485,340
Publication Number

US 20160080368A1
Time in Patent Office

1,901 Days
Field of Search

713156
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/12   Applying verification of th...

H04L 9/3247   involving digital signatures

Facilitating dynamic end-to-end integrity for data repositories in an on-demand services environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

136 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Facilitating dynamic end-to-end integrity for data repositories in an on-demand services environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

136 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links