Data encryption in a multi-tenant cloud environment
US-2017262645-A1 · Sep 14, 2017 · US
Mass encryption management
US10496830B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10496830-B2 |
| Application number | US-201715782087-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 12, 2017 |
| Priority date | Oct 12, 2017 |
| Publication date | Dec 3, 2019 |
| Grant date | Dec 3, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods, systems, and devices for mass encryption management are described. In some database systems, users may select encryption settings for storing data records at rest. A database may receive a request to perform an encryption process on multiple data records corresponding to a user, for example, based on a user input or a change in encryption settings. A database server may partition the data records for encryption (e.g., encryption, decryption, key rotation, or scheme modification) into one or more data record groups of similar sizes, and may perform the encryption process on one record group at a time (e.g., to reduce overhead in the system). The database server may additionally support restricting user access to the data records being actively processed, estimating resources needed for the processing, determining data record encryption statuses to be displayed by a user device, or some combination of these features.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for encryption management, comprising: receiving, at a database server, an encryption request to perform an encryption process on a set of records stored at the database server; partitioning the set of records into a plurality of record groups based at least in part on a default group size; performing the encryption process on a first record group of the plurality of record groups based at least in part on the encryption request; refraining from updating one or more data modification timestamps associated with the first record group; restricting access to the first record group during the encryption process of the first record group; and restoring access to the first record group upon completion of the encryption process of the first record group. 2. The method of claim 1 , further comprising: transmitting an encryption status associated with the first record group to a user interface; and performing the encryption process on a second record group of the plurality of record groups based at least in part on the encryption request, wherein the second record group is different from the first record group. 3. The method of claim 1 , further comprising: calculating a size of each of the plurality of record groups and a total size of the plurality of record groups; and determining to perform the encryption process on the plurality of record groups if the total size of the plurality of record groups is less than a threshold size. 4. The method of claim 3 , wherein: the size of a record group comprises a number of records associated with the record group; and the total size of the plurality of record groups comprises a number of record groups for performing the encryption process based at least in part on the encryption request, a total number of records associated with the plurality of record groups, or both. 5. The method of claim 3 , further comprising: dynamically determining a size range for the plurality of record groups based at least in part on the default group size, wherein the size of each of the plurality of record groups is within the size range. 6. The method of claim 1 , further comprising: determining an estimated processing time associated with the encryption process; and transmitting an indication of the estimated processing time to a user interface. 7. The method of claim 6 , further comprising: determining whether the estimated processing time is above a processing time threshold, wherein the indication of the estimated processing time comprises an indication of whether the estimated processing time is above the processing time threshold. 8. The method of claim 1 , further comprising: determining an estimated amount of resources associated with the encryption process; and transmitting an indication of the estimated amount of resources to a user interface. 9. The method of claim 1 , further comprising: determining an encryption status associated with each record of the set of records; and transmitting an indication of the determined encryption statuses to a user interface. 10. The method of claim 9 , wherein the indication of the determined encryption statuses comprises a ratio of encrypted records to non-encrypted records, a ratio of records encrypted with a first encryption key to records encrypted with a second encryption key, a ratio of records encrypted using a first encryption scheme to records encrypted using a second encryption scheme, a total number of encrypted records, a total number of records encrypted using a revoked encryption key, or a combination thereof. 11. The method of claim 1 , further comprising: receiving, from a user, a request to access a record of the set of records; identifying that the record is included in the first record group; and transmitting, to a user interface, an indication that access is restricted to the record based at least in part on restricting access to the first record group and the identification. 12. The method of claim 1 , further comprising: identifying an encrypted record of the set of records encrypted using a revoked encryption key; and transmitting an indication of the encrypted record to a user interface. 13. The method of claim 1 , wherein the default group size is based at least in part on a tenant identifier, a user input, or a combination thereof. 14. The method of claim 1 , wherein the encryption process on the first record group comprises a mass encryption process, a mass decryption process, a mass key rotation process, an encryption scheme modification, or a combination thereof. 15. An apparatus for encryption management, comprising: a processor; memory in electronic communication with the processor; and instructions stored in the memory and operable, when executed by the processor, to cause the apparatus to: receive, at a database server, an encryption request to perform an encryption process on a set of records stored at the database server; partition the set of records into a plurality of record groups based at least in part on a default group size; perform the encryption process on a first record group of the plurality of record groups based at least in part on the encryption request; refrain from updating one or more data modification timestamps associated with the first record group; restrict access to the first record group during the encryption process of the first record group; and restore access to the first record group upon completion of the encryption process of the first record group. 16. The apparatus of claim 15 , wherein the instructions are further executable by the processor to: transmit an encryption status associated with the first record group to a user interface; and perform the encryption process on a second record group of the plurality of record groups based at least in part on the encryption request, wherein the second record group is different from the first record group. 17. The apparatus of claim 15 , wherein the instructions are further executable by the processor to: calculate a size of each of the plurality of record groups and a total size of the plurality of record groups; and determine to perform the encryption process on the plurality of record groups if the total size of the plurality of record groups is less than a threshold size. 18. A non-transitory computer readable medium storing code for encryption management, the code comprising instructions executable by a processor to: receive, at a database server, an encryption request to perform an encryption process on a set of records stored at the database server; partition the set of records into a plurality of record groups based at least in part on a default group size; perform the encryption process on a first record group of the plurality of record groups based at least in part on the encryption request; refrain from updating one or more data modification timestamps associated with the first record group; restrict access to the first record group during the encryption process of the first record group; and restore access to the first record group upon completion of the encryption process of the first record group. 19. The non-transitory computer-readable medium of claim 18 , wherein the instructions are further executable by the processor to: transmit an encryption status associated with the first record group to a user interface; and perform the encryption process on a second record group of the plurality of record groups based at least in part on the encrypt
Assignees
Inventors
Classifications
- G06F16/278Primary
Data partitioning, e.g. horizontal or vertical partitioning · CPC title
to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself · CPC title
to a system of files or objects, e.g. local or distributed file system or database · CPC title
File encryption · CPC title
by using cryptography (for digital transmission H04L9/00) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10496830B2 cover?
- Methods, systems, and devices for mass encryption management are described. In some database systems, users may select encryption settings for storing data records at rest. A database may receive a request to perform an encryption process on multiple data records corresponding to a user, for example, based on a user input or a change in encryption settings. A database server may partition the d…
- Who is the assignee on this patent?
- Salesforce Com Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F16/278. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Dec 03 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).