Language-agnostic secure application deployment

Assignee

• Salesforce.com, Inc. · US

Inventors

• Prasad Peddada · Alameda, US
• Ryan Guest · Stockton, US
• Jonathan Brossard · San Francisco, US
• Travis Emmert · Detroit Lakes, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04W12/06
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

The disclosed technology for a hardware system to access a secure backend system uses non-volatile memory to hold encrypted secrets, volatile memory to hold decrypted secrets ready for use, a keys-for-all (K4A) server, and app servers running K4A clients. To access the backend system in production, each app server uses a decrypted secret and a certificate that identifies the app server and certifies its role and physical and logical location. At initialization of the app server, a K4A client is instantiated that launches and tracks processes, running on the app server, that are authorized to request decryption services. The K4A client responds to a decryption request from an authorized process, determined based on tracking of processes launched, by requesting decryption by a K4A server, using the certificate, and returns to the process, in volatile memory, a decrypted secret or a reference to the decrypted secret, decrypted by the K4A server.