Method and system for enryption key versioning and key rotation in a multi-tenant environment
First Claim
Patent Images
1. A computer-implemented method for managing encryption keys in a multi-tenant environment, comprising:
- maintaining by a multi-tenant platform operator, a server platform that interfaces with a multi-tenant database and dynamically executes virtual applications for a plurality of tenants each having a unique organization level encryption key, the server platform including a source code memory sector not located at said multi-tenant database and accessible by said tenants;
storing a first portion of a master key in a first sector of a file system associated with said multi-tenant database such that said first portion of said master key is not accessible by said tenants and is accessible by said platform operator; and
storing a second portion of said master key in said source code memory sector accessible by only a first one of said tenants.
1 Assignment
0 Petitions
Accused Products
Abstract
Various techniques and procedures related to encryption key versioning and rotation in a multi-tenant environment are presented here. One approach employs a computer-implemented method of managing encrypted data and their associated encryption keys. In accordance with this approach, a key splitting process securely stores a master key used to encrypt tenant-level encryption keys, a key versioning process is used to securely track updated encryption keys, and a key rotation process is used to rotate encrypted data to an updated version of a tenant-level encryption key.
144 Citations
20 Claims
-
1. A computer-implemented method for managing encryption keys in a multi-tenant environment, comprising:
-
maintaining by a multi-tenant platform operator, a server platform that interfaces with a multi-tenant database and dynamically executes virtual applications for a plurality of tenants each having a unique organization level encryption key, the server platform including a source code memory sector not located at said multi-tenant database and accessible by said tenants; storing a first portion of a master key in a first sector of a file system associated with said multi-tenant database such that said first portion of said master key is not accessible by said tenants and is accessible by said platform operator; and storing a second portion of said master key in said source code memory sector accessible by only a first one of said tenants. - View Dependent Claims (2, 3)
-
-
4. A computer-implemented method for managing encryption keys in a multi-tenant environment wherein a multi-tenant platform operator maintains a server platform that interfaces with a multi-tenant database and dynamically executes virtual applications for a plurality of tenants each having a unique organization level encryption key, the server platform including a source code memory sector not located at said multi-tenant database and not accessible by said tenants, the method comprising:
-
storing a first portion of a master key in a first sector of a file system associated with said multi-tenant database such that said first portion of said master key is not accessible by said tenants and is accessible by said platform operator; storing a second portion of said master key in said source code memory sector accessible by only a first one of said tenants; retrieving, during runtime execution of a first one of said virtual applications, said first and second portions of said master key; combining said first and second portions to produce a master key associated with said server platform; executing an obfuscation algorithm on said master key; generating a first organization-level encryption key and encrypting said first organization-level encryption key with said master key to produce and encrypted value of said first organization-level encryption key; persisting said encrypted value of said first organization-level encryption key to said first sector of said file system; storing said first organization-level encryption key in a runtime cache associated with said server platform; and using said first organization-level encryption key to encrypt first data associated with said first tenant during runtime execution of said first virtual application. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for managing encryption keys for a server platform, comprising:
-
providing a multi-tenant database that interfaces with the server platform; dynamically executing a virtual application for a tenant having a tenant encryption key, the server platform including local source code memory; retrieving a first portion of a master key from a first sector of a file system associated with said database; and retrieving a second portion of said master key from said source code memory; combining said first and second portions to create a unique master key associated with said server platform; and assigning a version key number to said tenant encryption key; and
encrypting said tenant encryption key with said master key to produce an encrypted value of said tenant encryption key.
-
-
15. A method for managing encryption keys for a server platform that interfaces with a multi-tenant database and dynamically executes a virtual application for a tenant having a tenant encryption key, the server platform including local source code memory, the method comprising:
-
retrieving a first portion of a master key from a file system associated with said database; and retrieving a second portion of said master key from said source code memory; combining said first and second portions to create a unique master key associated with said server platform and assigning a version key number to said tenant encryption key; encrypting said tenant encryption key with said master key to produce an encrypted value of said tenant encryption key; storing said tenant encryption key in an unencrypted format in a runtime cache of said server platform; using said tenant encryption key to encrypt data associated with said tenant during runtime execution of said virtual application; and storing said encrypted data and a version key number associated with said encrypted data in said multi-tenant database. - View Dependent Claims (16, 17, 18)
-
-
19. A method for managing encryption keys for a server platform that interfaces with a multi-tenant database and dynamically executes a virtual application for a tenant having a tenant encryption key, the server platform including local source code memory, the method comprising:
-
retrieving a first portion of a master key from a file system associated with said database; and retrieving a second portion of said master key from said source code memory; combining said first and second portions to create a unique master key associated with said server platform and assigning a version key number to said tenant encryption key; encrypting said tenant encryption key with said master key to produce an encrypted value of said tenant encryption key; periodically providing updated versions of said first and said second portions of said master key; combining said updated versions of said first and second portions to create an updated master key associated with said server platform; and re-encrypting said tenant encryption key with said updated master key.
-
-
20. A method for updating the encryption key version for encrypted data stored in a multi-tenant database maintained by a server platform which dynamically executes virtual applications for a plurality of tenants, the server platform including source code memory not located at said database, the method comprising:
-
storing a first portion of a master key in a file system associated with said database; storing a second portion of said master key in said source code memory; retrieving, during runtime execution of a first one of said virtual applications, said first and second portions of said master key; combining said first and second portions to produce a master key associated with said server platform; generating a first organization-level encryption key for a first one of said tenants; assigning a first version number to said first organization-level encryption key; storing said first organization-level encryption key in a runtime cache associated with said server platform; encrypting said first organization-level encryption key with said master key to produce an encrypted value of said first organization-level encryption key; persisting the encrypted value of said first organization-level encryption key and its associated version number to said database; using said first organization-level encryption key to encrypt first data associated with said first tenant during runtime execution of said first virtual application; storing said first version number along with said encrypted value of said first data in said database; generating a second organization-level encryption key; assigning a second version number to said second organization-level encryption key; appending said second version number to said second organization-level encryption key; encrypting said second organization-level encryption key with said master key to produce an encrypted value of said second organization-level encryption key; and persisting said second version number and said encrypted value of said second organization-level encryption key to said first sector of said file system; storing said second organization-level encryption key in said runtime cache; removing said first organization-level encryption key from said runtime cache; retrieving said encrypted value of said first data from said first sector of said file system; retrieving said encrypted value of said first organization-level encryption key from said first sector of said file system; retrieving said master key associated with said server platform; using said unique master key to decrypt said encrypted first organization-level encryption key; using the decrypted value of said first organization-level encryption key to decrypt the encrypted value of said first data; and using said second organization-level encryption key in said runtime cache to re-encrypt said first data.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeSalesforce.com, Inc.
-
Original AssigneeSalesforce.com, Inc.
-
InventorsLee, Jong, Mortimore, Charles
-
Primary Examiner(s)Mehedi, Morshed
-
Application NumberUS13/206,194Publication NumberTime in Patent Office805 DaysField of Search380/44, 380/277US Class Current380/44CPC Class CodesH04L 9/088 Usage controlling of secret...H04L 9/0894 Escrow, recovery or storing...
