ENHANCED SYSTEM SECURITY

US 20100257351A1
Filed: 03/30/2010
Published: 10/07/2010
Est. Priority Date: 04/01/2009
Status: Active Grant

First Claim

Patent Images

1. A method of maintaining the confidentiality of data provided by an organization for storage on a third party database system, the method comprising:

receiving data encrypted using a first key, wherein the first key is stored on an internal network of the organization;

storing the encrypted data on the third party database system;

associating, on the third party database system, metadata with the encrypted data, wherein the metadata includes information usable to locate the first key;

receiving a request for the encrypted data from a computing device communicating on the internal network of the organization; and

sending the encrypted data with the associated metadata to the computing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for maintaining the confidentiality of data provided by an organization for storage on a third party database system are provided. The data can encrypted on an internal network of the organization and sent to the third party database system for storage. The third party database system can associate metadata with the encrypted data and can store the encrypted data. Accordingly, when a request for the encrypted data is received from a computing device communicating with an internal network of the organization, the encrypted data and associated metadata can be sent to the computing device. A key that is stored on an internal network of the organization can be called through an applet, which utilizes information within the metadata to locate the key on the internal network of the organization. The computing device to which the encrypted data is sent can use the key location information to retrieve the key and decrypt the data for display to a user.

161 Citations

View as Search Results

25 Claims

1. A method of maintaining the confidentiality of data provided by an organization for storage on a third party database system, the method comprising:
- receiving data encrypted using a first key, wherein the first key is stored on an internal network of the organization;
  
  storing the encrypted data on the third party database system;
  
  associating, on the third party database system, metadata with the encrypted data, wherein the metadata includes information usable to locate the first key;
  
  receiving a request for the encrypted data from a computing device communicating on the internal network of the organization; and
  
  sending the encrypted data with the associated metadata to the computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the first key is located on a server on the internal network of the organization.
  - 3. The method of claim 1, wherein the computer device is operable to:
    - locate the first key utilizing the associated metadata;
      
      decrypt the encrypted data using the first key; and
      
      display the unencrypted data.
  - 4. The method of claim 1, further comprising:
    - sending code to the computing device, wherein the code uses the metadata to obtain the first key.
  - 5. The method of claim 4, wherein the code is provided by the third party database system.
  - 6. The method of claim 1, wherein the information usable to locate the first key is an address of where the first key is stored on the internal network of the organization.
  - 7. The method of claim 6, wherein the address is a URL.
  - 8. The method of claim 6, wherein the address is an address usable for LDAP or SOAP.
  - 9. The method of claim 1, wherein the metadata further includes an identifier associated with the encrypted data.
  - 10. The method of claim 9, wherein the data provided by the organization is encrypted with two or more different keys.
  - 11. The method of claim 10, wherein the different keys are utilized for different users or groups of users within the organization.
  - 12. The method of claim 9, wherein the identifier is an identifier that is unique on the internal network of the organization.
  - 13. The method of claim 9, wherein the internal network identifies the first key using the identifier and sends the first key to the computing device.
  - 14. The method of claim 9, wherein the identifier is an identifier that is globally unique on the third party database system.
  - 15. The method of claim 1, wherein the unencrypted data is provided transparently to the user.
  - 16. The method of claim 1, further comprising:
    - determining an IP address of the requestor, and not sending the metadata from the requestor if the IP address does not meet a predetermined criteria.
  - 17. The method of claim 1, wherein data for multiple organizations are stored on the third party server.

18. A system of maintaining confidentiality of data provided by an organization for storage on a third party database system, the system comprising:
- one or more processors;
  
  a network interface; and
  
  a memory for storing instructions to control the processors, the instructions including;
  
  receiving data encrypted using a first key, wherein the first key is stored on an internal network of the organization;
  
  storing the encrypted data on the third party database system;
  
  associating, on the third party database system, metadata with the encrypted data, wherein the metadata includes information usable to locate the first key;
  
  receiving a request for the encrypted data from a computing device communicating on the internal network of the organization; and
  
  sending the encrypted data with the associated metadata to the computing device.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The system of claim 18, wherein the computing device is operable to:
    - locate the first key;
      
      decrypt the encrypted data using the first key; and
      
      display the unencrypted data.
  - 20. The system of claim 18, wherein the instructions further comprise:
    - sending code to the computing device, wherein in the code uses the metadata to locate the first key.
  - 21. The system of claim 18, wherein the metadata includes:
    - an address of where the first key is stored on an internal server of the organization; and
      
      an identifier associated with the encrypted data.
  - 22. The system of claim 18, wherein data provided by the organizations is encrypted with two or more keys.

23. A computer program product comprising a tangible computer readable medium storing a plurality of instructions for controlling one or more processors of a third party database system to perform an operation for maintaining the confidentiality of data provided by an organization for storage on a the database, the instructions comprising:
- receiving, from the organization, data encrypted using a first key, wherein the first key is stored on an internal server of the organization;
  
  storing the encrypted data on the third party database system;
  
  associating, on the third party database system, metadata with the encrypted data, wherein the metadata includes information usable to locate the first key,receiving a request for the encrypted data from a computing device communicating with an internal network of the organization; and
  
  sending the encrypted data with the associated metadata to the computing device.

24. A method of maintaining the confidentiality of data provided by an organization to a third party server, the method comprising:
- encrypting data using a first key, wherein the first key is located on a first server at the organization;
  
  sending the encrypted data to the third party server for storage, wherein the data is associated with metadata including information usable to locate the first key on the first server;
  
  a computing device requesting, from the third party server, a page of encrypted data, the computing device being in communication with the first server;
  
  receiving, from the third party server, the page and associated metadata;
  
  locating the first key on the first server; and
  
  decrypting the encrypted data using the first key to obtain the requested data.
- View Dependent Claims (25)
- - 25. The method of claim 24, further comprising:
    - displaying the requested data on the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
O'Connor, Brendan T., Cavalieri, James L. III, Fly, Robert C.

Granted Patent

US 8,751,826 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2115   Third party

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless network architectu...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/321   involving a third party or ...

ENHANCED SYSTEM SECURITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

161 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

ENHANCED SYSTEM SECURITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

161 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links