Enhanced system security

US 9,436,841 B2
Filed: 04/30/2014
Issued: 09/06/2016
Est. Priority Date: 04/01/2009
Status: Active Grant

First Claim

Patent Images

1. A method of maintaining the confidentiality of data provided by an organization for storage on a database system including a server and a database, the method comprising:

receiving, by the server, data encrypted on an internal network of the organization using a first key, wherein the first key is stored on the internal network of the organization, the internal network being separate from an external network having the server of the database system by a firewall;

storing, by the server, the encrypted data on the database in association with metadata usable to locate the first key on the internal network of the organization;

providing, by the server, a login page allowing a user of a computing device on the internal network of the organization to log in as a client of the database system,receiving, by the server, a request for the encrypted data from the computing device; and

sending, by the server, the encrypted data with the associated metadata to the computing device, wherein the metadata is usable by the computing device to locate the first key on the internal network of the organization and decrypt the encrypted data using the first key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for maintaining the confidentiality of data provided by an organization for storage on a third party database system are provided. The data can be encrypted on an internal network of the organization and sent to the third party database system for storage. The third party database system can associate metadata with the encrypted data and can store the encrypted data. Accordingly, when a request for the encrypted data is received from a computing device communicating with an internal network of the organization, the encrypted data and associated metadata can be sent to the computing device. A key that is stored on an internal network of the organization can be called through an applet, which utilizes information within the metadata to locate the key on the internal network of the organization.

Citations

20 Claims

1. A method of maintaining the confidentiality of data provided by an organization for storage on a database system including a server and a database, the method comprising:
- receiving, by the server, data encrypted on an internal network of the organization using a first key, wherein the first key is stored on the internal network of the organization, the internal network being separate from an external network having the server of the database system by a firewall;
  
  storing, by the server, the encrypted data on the database in association with metadata usable to locate the first key on the internal network of the organization;
  
  providing, by the server, a login page allowing a user of a computing device on the internal network of the organization to log in as a client of the database system,receiving, by the server, a request for the encrypted data from the computing device; and
  
  sending, by the server, the encrypted data with the associated metadata to the computing device, wherein the metadata is usable by the computing device to locate the first key on the internal network of the organization and decrypt the encrypted data using the first key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the user logs in to the database system through the login page and selects an object stored on the database system for viewing, wherein the encrypted data comprises one or more fields within the object.
  - 3. The method of claim 1, wherein sending the encrypted data comprises sending the encrypted data as part of a requested page including an applet, wherein the metadata specifies an algorithm utilized for encryption and for use by the applet, wherein the applet utilizes the metadata to obtain the first key and decrypt the encrypted data using the first key.
  - 4. The method of claim 3, wherein the applet prompts for a password used to authenticate the computing device.
  - 5. The method of claim 1, further comprising receiving selection of one or more fields of an object via an application running on the server of the database system, wherein the encrypted data comprises the one or more fields within the object.
  - 6. The method of claim 5, wherein the data entered into the one or more fields is encrypted prior to transfer to the database system.
  - 7. The method of claim 5, wherein different keys are used for different fields of the one or more fields.
  - 8. The method of claim 5, wherein the metadata instructs the computing device which particular data fields of the object are associated with the metadata.
  - 9. The method of claim 1, wherein:
    - the metadata includes an identifier corresponding to the first key; and
      
      the organization provides the identifier associated with the first key to the database system at the same time that the encrypted data is sent to the database system.
  - 10. The method of claim 1, further comprising providing a setup page within an administrator editor application running on the server of the database system, wherein an administrator is able to open, save, or edit the first key in the administrator editor application.
  - 11. The method of claim 1, further comprising analyzing an address associated with the request, wherein sending the encrypted data with the associated metadata to the computing device comprises sending an encrypted page along with the metadata when the address is associated with the organization and meets predetermined criteria.
  - 12. The method of claim 1, further comprising searching the database system using an encrypted search string from the computing device.
  - 13. The method of claim 1, wherein sending the encrypted data comprises sending the encrypted data as part of a requested page including an applet, the metadata including one or more data entity types, wherein the applet performs one or more security methods on the encrypted data after decryption prior to displaying the decrypted data on the computing device.
  - 14. A computer program product comprising a non-transitory computer readable medium storing a plurality of instructions for controlling one or more processors of the database system to perform the method of claim 1.

15. A system of maintaining confidentiality of data provided by an organization for storage on a database, the system comprising:
- one or more processors;
  
  a network interface to an external network separated from an internal network of the organization by a firewall; and
  
  a memory for storing instructions to control the processors, the instructions being executable by the one or more processors to;
  
  receive data encrypted on an internal network of the organization using a first key, wherein the first key is stored on the internal network of the organization;
  
  store the encrypted data on the database in association with metadata usable to locate the first key on the internal network of the organization;
  
  receive a request for the encrypted data from a computing device communicating on the internal network of the organization; and
  
  send the encrypted data with the associated metadata to the computing device, wherein the metadata is usable by the computing device to locate the first key on the internal network of the organization and decrypt the encrypted data using the first key.

16. A method of maintaining the confidentiality of data provided by an organization for storage on a database system including a server and a database, the method comprising:
- receiving, by the server, data encrypted on an internal network of the organization using a key, wherein the key is stored on the internal network of the organization and the internal network is separate from an external network having the server of the database system by a firewall;
  
  storing, by the server, the encrypted data on the database in association with metadata including key location information usable to locate the key on the internal network of the organization;
  
  providing, by the server, a webpage allowing a user of a computing device communicating on the internal network of the organization to log in as a client of the database system;
  
  receiving, by the server, a request for a page including the encrypted data from the computing device; and
  
  sending, by the server, the encrypted data and the associated metadata to the computing device as part of the requested page, wherein the associated metadata is usable by the computing device to locate the key on the internal network of the organization and decrypt the encrypted data using the key.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further comprising analyzing an Internet protocol (IP) address of the computing device, wherein the requested page is only sent to the computing device if the IP address is associated with the organization.
  - 18. The method of claim 16, further comprising indexing an encrypted data value on the database system and returning the encrypted data when the encrypted data value matches an encrypted search value.
  - 19. The method of claim 16, further comprising sending code to the computing device, wherein the code uses the metadata to obtain the key.
  - 20. The method of claim 16, wherein the requested page includes an applet to be run on the computing device, the applet utilizing the key location information to call the key from a specified location in the internal network, decrypt the encrypted data using the key to obtain plain text data, and display the plain text data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
O'Connor, Brendan T., Cavalieri, James L. III, Fly, Robert C.
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
Murphy, J. Brant

Application Number

US14/266,657
Publication Number

US 20140237234A1
Time in Patent Office

860 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2115   Third party

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless

H04L 9/0894   Escrow, recovery or storing...

H04L 9/321   involving a third party or ...

Enhanced system security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Enhanced system security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links