What technology area does this patent fall under?

Primary CPC classification G06F21/6227. Mapped technology areas include Physics.

When was this patent published?

Publication date Thu Nov 17 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Field level data protection for cloud services using asymmetric cryptography

US2016335451A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016335451-A1
Application number	US-201615153439-A
Country	US
Kind code	A1
Filing date	May 12, 2016
Priority date	Sep 18, 2013
Publication date	Nov 17, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Systems, apparatuses, and methods for providing data security for data that is stored in a cloud-level platform. In one embodiment, each session is associated with specific session “keys” for use in encrypting and decrypting data. The session specific keys are generated by a client application and the client public key of a public/private key pair is provided to the cloud platform as part of a user authentication process. If the user is properly authenticated, then the platform creates its own set of keys and sends the server public key of a public/private key pair to the client. When the client requests a data record or document, the platform can determine if the user is authorized to have access to the entire data record or document or only to certain fields or portions of the record or document. Based on that determination, the platform may selectively encrypt certain fields or portions of the record or document with the client public key.

First claim

Opening claim text (preview).

1 - 24 . (canceled) 25 . A method for improving the performance of a computing platform, the method comprising: receiving a first electronic communication from a remote computing device requesting access to a data record having a plurality of elements stored in a data storage element of the platform, the first electronic communication including authentication data corresponding to a user of the remote computing device; analyzing the authentication data to determine that the user is authorized to access some but not all of the plurality of elements of the data record; generating a second electronic communication to the remote computing device that includes an encrypted version of the requested data record, wherein the encrypted version includes a first set of elements of the plurality of elements that are encrypted such that the remote computing device is configured to decrypt the first set of elements and a second set of elements of the plurality of elements that are encrypted such that the remote computing device cannot decrypt the second set of elements. 26 . The method of claim 25 , further comprising: accessing the data record from the data store; and decrypting the plurality of elements of the data record prior to generating the second electronic communication. 27 . The method of claim 25 , wherein analyzing the authentication data further comprises: verifying the authentication data against a database of users' authentication data; and determining each element of the requested data record that the user is authorized to access. 28 . The method of claim 25 , wherein analyzing the authentication data further comprises: Determining a user's role in an organization based on the authentication data; and determining each element of the requested data record that the user is authorized to access based on the user's role. 29 . The method of claim 25 , further comprising: receiving a first public key that is part of a first public/private key pair with the authentication data in the request; using the first public key to encrypt the elements determined to be accessible by the user based on the analysis of the authentication data; and using a second public key of a second public/private key pair to encrypt the elements determined to be inaccessible by the user based on the analysis of the authentication data. 30 . The method of claim 25 , wherein the element comprises data contained in a data field of the data record. 31 . A multi-tenant computing service platform, comprising: an electronic processor programmed to execute a set of instructions; a data storage element in which the set of instructions are stored and in which data records are stored, wherein when executed by the processor the set of instructions cause the platform to be configured to receive a first electronic communication from a remote computing device requesting access to a data record having a plurality of elements stored in the data storage element, the electronic communication including authentication data corresponding to a user of the remote computing device; analyze the authentication data to determine that the user is authorized to access some but not all of the plurality of elements of the data record; generate a second electronic communication to the remote computing device that includes an encrypted version of the requested data record wherein the encrypted version includes a first set of elements that are encrypted such that the remote computing device is configured to decrypt the first set of elements and a second set of elements that are encrypted such that the remote computing device cannot decrypt the second set of elements. 32 . The multi-tenant computing service platform of claim 31 , wherein the multi-tenant computing service platform is further configured to: access the data record from a data storage element; and decrypt the plurality of elements of the data record prior to generating the second electronic communication. 33 . The multi-tenant computing service platform of claim 31 , wherein the data storage element comprises a database. 34 . The multi-tenant computing service platform of claim 31 , further configured to: receive a first public key that is part of a first public/private key pair with the authentication data in the request; encrypt the elements determined to be accessible by the user based on the analysis of the authentication data using the first public key; and encrypt the elements determined to be inaccessible by the user based on the analysis of the authentication data using a second public key of a second public/private key pair. 35 . The multi-tenant computing service platform of claim 31 , wherein the element comprises data contained in a data field of the data record. 36 . A method comprising: sending a first electronic communication from a client computing device to a remote multi-tenant computing platform requesting access to a data record having a plurality of elements stored in a data storage of a multi-tenant computing platform, the electronic communication including authentication data corresponding to a user of the client computing device; receiving at the client device a second electronic communication from the multi-tenant computing platform that includes an encrypted version of the requested data record, wherein the encrypted version includes a first set of elements of the plurality of elements that are encrypted such that the client computing device is able to decrypt the first set of elements and a second set of elements of the plurality of elements that are encrypted such that the client computing device cannot decrypt the second set of elements; and decrypting the first set of elements. 37 . The method of claim 36 , further comprising: sending a public key of a public/private encryption key pair to the multi-tenant computing platform; and decrypting the first set of elements of the received encrypted data record using a private key of the public/private encryption key pair. 38 . The method of claim 36 , wherein the authentication data further comprises a username and password corresponding to a user of the client computing device. 39 . The method of claim 36 , wherein the authentication data further comprises user's role in an organization. 40 . The method of claim 36 , wherein the second set of elements in the received encrypted data record are encrypted with a public/private key pair that is inaccessible to the user of the client computing device. 41 . The method of claim 36 , wherein the element comprises data contained in a data field of the data record. 42 . A client computing device, comprising: a processor programmed to execute a set of instructions; a data storage element in which the set of instructions are stored, wherein when executed by the processor the set of instructions cause the client computing device to be configured to send a first electronic communication from the client computing device to a remote multi-tenant computing platform requesting access to a data record having a plurality of elements stored in a data storage at the multi-tenant computing platform, the electronic communication including authentication data corresponding to a user of the client computing device; receive a second electronic communication from the multi-tenant computing platform that includes an encrypted version of the requested data record wherein the encrypted version includes a first set of elements that are encrypted such that the client computing device is

Assignees

Netsuite Inc

Inventors

Sinor Dale

Classifications

H04L67/42
Electricity · mapped topic
H04L63/0442
wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for public-key encryption H04L9/30) · CPC title
G06F21/6227Primary
where protection concerns the structure of data, e.g. records, types, queries · CPC title
H04L63/102
Entity profiles · CPC title
H04L63/06
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title

Patent family

Related publications grouped by family.

View patent family 56100717

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016335451A1 cover?: Systems, apparatuses, and methods for providing data security for data that is stored in a cloud-level platform. In one embodiment, each session is associated with specific session “keys” for use in encrypting and decrypting data. The session specific keys are generated by a client application and the client public key of a public/private key pair is provided to the cloud platform as part of a …
Who is the assignee on this patent?: Netsuite Inc
What technology area does this patent fall under?: Primary CPC classification G06F21/6227. Mapped technology areas include Physics.
When was this patent published?: Publication date Thu Nov 17 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).