Confidential Data Processing System
US-2018082078-A1 · Mar 22, 2018 · US
Enabling and validating data encryption
US11487885B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11487885-B2 |
| Application number | US-201815884885-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 31, 2018 |
| Priority date | Jan 31, 2018 |
| Publication date | Nov 1, 2022 |
| Grant date | Nov 1, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods, systems, and devices for enabling and validating data encryption are described. A data storage system (e.g., including a database and validation server) may receive an encryption request indicating a data object or data field. Prior to performing encryption, the validation server may perform one or more validations to determine whether the system supports encrypting the indicated data. The validation server may identify any formula fields that directly or indirectly (e.g., via other formula fields) reference the data object or field, and may determine whether each of these formula fields is encryption compatible. In some cases, the validation process may involve synchronously executing a first set of validators, marking the data as pending encryption, and asynchronously executing a second set of validators. Based on the results of the validation process, the system may or may not encrypt the indicated data, and may transmit an indication of the validation results.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for data encryption, comprising: receiving, at a data storage system, a request to encrypt a plaintext value stored in the data storage system; identifying a function in the data storage system that uses the plaintext value as an input; determining, based at least in part on the request, potential resources corresponding to a validation process for the function, wherein the validation process determines whether the function is compatible with encrypted data; performing, in response to the request and based at least in part on the potential resources, a first sub-process of the validation process for the function, the first sub-process utilizing resources less than a threshold amount of resources; indicating, prior to performing a second sub-process of the validation process, that an encryption process of the plaintext value is in progress; performing, in response to the request and based at least in part on the potential resources, the second sub-process of the validation process utilizing resources greater than or equal to the threshold amount of resources; and transmitting an indication of a result of the validation process. 2. The method of claim 1 , further comprising: performing the second sub-process. 3. The method of claim 1 , wherein a potential time used to perform the first sub-process is below a pre-determined time threshold. 4. The method of claim 1 , wherein a potential amount of server resources used to perform the first sub-process is below a pre-determined resource threshold. 5. The method of claim 1 , wherein indicating that the encryption process of the plaintext value is in progress comprises enabling an encryption constraint on the plaintext value. 6. The method of claim 1 , wherein the first sub-process comprises a set of field validations, and wherein performing the first sub-process further comprises: performing each field validation of the set of field validations synchronously. 7. The method of claim 1 , wherein the second sub-process comprises a set of field validations, and wherein performing the second sub-process further comprises: enqueuing each field validation of the set of field validations into a processing queue; and processing the set of field validations asynchronously according to an order of the processing queue. 8. The method of claim 1 , further comprising: receiving, at the data storage system, a second request to encrypt a second plaintext value stored in the data storage system, wherein the second request is associated with the request and wherein performing the validation process is in response to both the request and the second request. 9. The method of claim 8 , further comprising: determining a negative result of the first sub-process associated with the plaintext value, the second plaintext value, or a combination thereof; and refraining from encrypting both the plaintext value and the second plaintext value based on the negative result. 10. The method of claim 8 , further comprising: determining a negative result of the second sub-process associated with the plaintext value and a positive result of the second sub-process associated with the second plaintext value; refraining from encrypting the plaintext value based at least in part on the negative result; and encrypting the second plaintext value based at least in part on the positive result. 11. The method of claim 1 , further comprising: encrypting the plaintext value based at least in part on the result of the validation process. 12. The method of claim 1 , further comprising: identifying at least one additional function in the data storage system that uses an output of the function as an additional function input, wherein the validation process further determines whether the at least one additional function supports using encrypted data as the additional function input. 13. The method of claim 1 , wherein the validation process further determines whether a data type associated with the plaintext value, an additional function associated with the plaintext value, a query associated with the plaintext value, or a combination thereof supports encryption. 14. An apparatus for data encryption, comprising: a processor; memory in electronic communication with the processor; and instructions stored in the memory and executable by the processor to cause the apparatus to: receive, at a data storage system, a request to encrypt a plaintext value stored in the data storage system; identify a function in the data storage system that uses the plaintext value as an input; determine, based at least in part on the request, potential resources corresponding to a validation process for the function, wherein the validation process determines whether the function is compatible with encrypted data; perform, in response to the request and based at least in part on the potential resources, a first sub-process of the validation process for the function, the first sub-process utilizing resources less than a threshold amount of resources; indicate, prior to performing a second sub-process of the validation process, that an encryption process of the plaintext value is in progress; perform, in response to the request and based at least in part on the potential resources, the second sub-process of the validation process utilizing resources greater than or equal to the threshold amount of resources; and transmit an indication of a result of the validation process. 15. The apparatus of claim 14 , wherein the instructions are further executable by the processor to cause the apparatus to: perform the second sub-process. 16. The apparatus of claim 14 , wherein the first sub-process comprises a set of field validations, and wherein the instructions for performing the first sub-process are further executable by the processor to cause the apparatus to: perform each field validation of the set of field validations synchronously. 17. The apparatus of claim 14 , wherein the second sub-process comprises a set of field validations, and wherein the instructions for performing the second sub-process are further executable by the processor to cause the apparatus to: enqueue each field validation of the set of field validations into a processing queue; and process the set of field validations asynchronously according to an order of the processing queue. 18. The apparatus of claim 14 , wherein the instructions are further executable by the processor to cause the apparatus to: encrypt the plaintext value based at least in part on the result of the validation process. 19. A non-transitory computer-readable medium storing code for data encryption, the code comprising instructions executable by a processor to: receive, at a data storage system, a request to encrypt a plaintext value stored in the data storage system; identify a function in the data storage system that uses the plaintext value as an input; determine, based at least in part on the request, potential resources corresponding to a validation process for the function, wherein the validation process determines whether the function is compatible with encrypted data; perform, in response to the request and based at least in part on the potential resources, a first sub-process of the validation process for the function, the first sub-process utilizing resources less than a threshold amount of resources; indicate, prior to performing a second sub-process of the validation process, that an encryption process of the plaintext value is in p
Assignees
Inventors
Classifications
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
to a system of files or objects, e.g. local or distributed file system or database · CPC title
- G06F21/6227Primary
where protection concerns the structure of data, e.g. records, types, queries · CPC title
Applying verification of the received information (cryptographic mechanisms or cryptographic arrangements for data integrity or data verification H04L9/32) · CPC title
in relation to content · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11487885B2 cover?
- Methods, systems, and devices for enabling and validating data encryption are described. A data storage system (e.g., including a database and validation server) may receive an encryption request indicating a data object or data field. Prior to performing encryption, the validation server may perform one or more validations to determine whether the system supports encrypting the indicated data.…
- Who is the assignee on this patent?
- Salesforce Com Inc, Salesforce Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6227. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 01 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).