METHOD AND SYSTEM FOR ENRYPTION KEY VERSIONING AND KEY ROTATION IN A MULTI-TENANT ENVIRONMENT

US 20120140923A1
Filed: 08/09/2011
Published: 06/07/2012
Est. Priority Date: 12/03/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for managing encryption keys in a multi-tenant environment wherein a multi-tenant platform operator maintains a server platform that interfaces with a multi-tenant database and dynamically executes virtual applications for a plurality of tenants each having a unique organization level encryption key, the server platform including a source code memory sector not located at said multi-tenant database and not accessible by said tenants, the method comprising:

storing a first portion of a master key in a first sector of a file system associated with said multi-tenant database such that said first portion of said master key is accessible by only a first one of said tenants and is not accessible by said platform operator; and

storing a second portion of said master key in said source code memory sector.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various techniques and procedures related to encryption key versioning and rotation in a multi-tenant environment are presented here. One approach employs a computer-implemented method of managing encrypted data and their associated encryption keys. In accordance with this approach, a key splitting process securely stores a master key used to encrypt tenant-level encryption keys, a key versioning process is used to securely track updated encryption keys, and a key rotation process is used to rotate encrypted data to an updated version of a tenant-level encryption key.

119 Citations

20 Claims

1. A computer-implemented method for managing encryption keys in a multi-tenant environment wherein a multi-tenant platform operator maintains a server platform that interfaces with a multi-tenant database and dynamically executes virtual applications for a plurality of tenants each having a unique organization level encryption key, the server platform including a source code memory sector not located at said multi-tenant database and not accessible by said tenants, the method comprising:
- storing a first portion of a master key in a first sector of a file system associated with said multi-tenant database such that said first portion of said master key is accessible by only a first one of said tenants and is not accessible by said platform operator; and
  
  storing a second portion of said master key in said source code memory sector.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - retrieving, during runtime execution of a first one of said virtual applications, said first and second portions of said master key;
      
      combining said first and second portions to produce a master key associated with said server platform; and
      
      executing an obfuscation algorithm on said master key.
  - 3. The method of claim 2, further comprising:
    - generating a first organization-level encryption key and encrypting said first organization-level encryption key with said master key to produce and encrypted value of said first organization-level encryption key.
  - 4. The method of claim 3, further comprising:
    - persisting said encrypted value of said first organization-level encryption key to said first sector of said file system;
      
      storing said first organization-level encryption key in a runtime cache associated with said server platform; and
      
      using said first organization-level encryption key to encrypt first data associated with said first tenant during runtime execution of said first virtual application.
  - 5. The method of claim 4, further comprising:
    - assigning a first version number to said first organization-level encryption key; and
      
      appending said first version number to said encrypted value of said first organization-level encryption key.
  - 6. The method of claim 5, wherein said persisting step comprises writing said encrypted value of said first organization-level encryption key, along with a prefix corresponding to said first version number, to said first sector of said file system which is accessible to said first tenant but not accessible to other tenants.
  - 7. The method of claim 6, further comprising:
    - appending said first version number to the encrypted value of said first data; and
      
      storing said first version number and said encrypted value of said first data in said first sector of said file system.
  - 8. The method of claim 7, further comprising:
    - retrieving said encrypted value of said first data from said first sector of said file system;
      
      retrieving said encrypted value of said first organization-level encryption key from said first sector of said file system;
      
      retrieving said unique master key associated with said server platform;
      
      using said unique master key to decrypt said encrypted first organization-level encryption key; and
      
      using the decrypted value of said first organization-level encryption key to decrypt the encrypted value of said first data.
  - 9. The method of claim 8, further comprising:
    - generating a second organization-level encryption key;
      
      assigning a second version number to said second organization-level encryption key;
      
      appending said second version number to said second organization-level encryption key;
      
      encrypting said second organization-level encryption key with said master key to produce an encrypted value of said second organization-level encryption key; and
      
      persisting said second version number and said encrypted value of said second organization-level encryption key to said first sector of said file system.
  - 10. The method of claim 9, further comprising:
    - storing said second organization-level encryption key in said runtime cache;
      
      removing said first organization-level encryption key from said runtime cache; and
      
      using said second organization-level encryption key to encrypt data during runtime execution of said first virtual application.
  - 11. The method of claim 10, further comprising:
    - retrieving the decrypted value of said first data; and
      
      using said second organization-level encryption key in said runtime cache to re-encrypt said first data.
  - 12. The method of claim 11, further comprising:
    - appending said second version number to the re-encrypted value of said first data; and
      
      storing the re-encrypted value of said first data, along with said second version number, in said first sector of said file system.
  - 13. The method of claim 2, wherein said first and second portions of said master key are combined using an exclusive OR combination technique.

14. A method for managing encryption keys for a server platform that interfaces with a multi-tenant database and dynamically executes a virtual application for a tenant having a tenant encryption key, the server platform including local source code memory, the method comprising:
- retrieving a first portion of a master key from a file system associated with said database; and
  
  retrieving a second portion of said master key from said source code memory;
  
  combining said first and second portions to create a unique master key associated with said server platform; and
  
  assigning a version key number to said tenant encryption key; and
  
  encrypting said tenant encryption key with said master key to produce an encrypted value of said tenant encryption key.
- View Dependent Claims (15, 18, 19)
- - 15. The method of claim 14, further comprising:
    - storing said tenant encryption key in an unencrypted format in a runtime cache of said server platform;
      
      using said tenant encryption key to encrypt data associated with said tenant during runtime execution of said virtual application; and
      
      storing said encrypted data and its associated version key number in said multi-tenant database.
  - 18. The method of claim 14, further comprising executing an obfuscation algorithm on said master key, wherein said first and second portions are combined to create a unique master key using an exclusive OR function, and further wherein said master key comprises an AES 128 bit key.
  - 19. The method of claim 14, further comprising:
    - periodically providing updated versions of said first and said second portions of said master key;
      
      combining said updated versions of said first and second portions to create an updated master key associated with said server platform; and
      
      re-encrypting said tenant encryption key with said updated master key.

16. The method of claim 16, further comprising persisting said encrypted value of said tenant encryption key along with said version number to said database.
- View Dependent Claims (17)
- - 17. The method of claim 16, further comprising:
    - retrieving, from said database, said encrypted data and its associated encryption key version number;
      
      retrieving, from said database, the encrypted value of the tenant encryption key corresponding to the version key number associated with said encrypted data;
      
      retrieving said master key;
      
      decrypting said tenant encryption key with said master key to reveal the decrypted value of said tenant encryption key;
      
      decrypting said encrypted data with said decrypted tenant encryption key; and
      
      re-encrypting said data using the tenant encryption key currently residing in said runtime cache.

20. A method for updating the encryption key version for encrypted data stored in a multi-tenant database maintained by a server platform which dynamically executes virtual applications for a plurality of tenants, the server platform including source code memory not located at said database, the method comprising:
- storing a first portion of a master key in a file system associated with said database;
  
  storing a second portion of said master key in said source code memory;
  
  retrieving, during runtime execution of a first one of said virtual applications, said first and second portions of said master key;
  
  combining said first and second portions to produce a master key associated with said server platform;
  
  generating a first organization-level encryption key for a first one of said tenants;
  
  assigning a first version number to said first organization-level encryption key;
  
  storing said first organization-level encryption key in a runtime cache associated with said server platform;
  
  encrypting said first organization-level encryption key with said master key to produce an encrypted value of said first organization-level encryption key;
  
  persisting the encrypted value of said first organization-level encryption key and its associated version number to said database;
  
  using said first organization-level encryption key to encrypt first data associated with said first tenant during runtime execution of said first virtual application;
  
  storing said first version number along with said encrypted value of said first data in said database;
  
  generating a second organization-level encryption key;
  
  assigning a second version number to said second organization-level encryption key;
  
  appending said second version number to said second organization-level encryption key;
  
  encrypting said second organization-level encryption key with said master key to produce an encrypted value of said second organization-level encryption key; and
  
  persisting said second version number and said encrypted value of said second organization-level encryption key to said first sector of said file system;
  
  storing said second organization-level encryption key in said runtime cache;
  
  removing said first organization-level encryption key from said runtime cache;
  
  retrieving said encrypted value of said first data from said first sector of said file system;
  
  retrieving said encrypted value of said first organization-level encryption key from said first sector of said file system;
  
  retrieving said master key associated with said server platform;
  
  using said unique master key to decrypt said encrypted first organization-level encryption key;
  
  using the decrypted value of said first organization-level encryption key to decrypt the encrypted value of said first data; and
  
  using said second organization-level encryption key in said runtime cache to re-encrypt said first data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Lee, Jong, Mortimore, Charles

Granted Patent

US 8,565,422 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/45
CPC Class Codes

H04L 9/088 Usage controlling of secret...

H04L 9/0894 Escrow, recovery or storing...

METHOD AND SYSTEM FOR ENRYPTION KEY VERSIONING AND KEY ROTATION IN A MULTI-TENANT ENVIRONMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

119 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

METHOD AND SYSTEM FOR ENRYPTION KEY VERSIONING AND KEY ROTATION IN A MULTI-TENANT ENVIRONMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

119 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others