Centrally rotating private/public encryption keys in a large scale system

Assignee

• Salesforce, Inc. · US

Inventors

• Jayanth Parayil Kumarji · San Francisco, US
• Mugdha Choudhari · Redwood City, US
• Percy Mehta · Foster City, US
• Rajkumar Pellakuru · San Jose, US
• Kevin Terusaki · Palo Alto, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/14
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A system and method for rotating private encryption keys for tenants of a database system has been developed. First, three separate public-private encryption keys are generated for a tenant of the database system. The three separate private encryption keys for the tenant are then stored in cloud-based storage. A defined cadence is created to rotate the private encryption keys for the tenant. The three separate private encryption keys for the tenant are defined as a a past private key, a present private key and a future private key. Next, the public encryption key is stored for the tenant in a global tenant directory. The present private key and the public encryption key are retrieved to encrypt and decrypt data from the tenant. The three separate private encryption keys are rotated at the defined cadence, where the past private key is discarded, the present private key becomes a new past private key, the future private key becomes a new present private key, and a new future private key is generated. The new past private key, the new present private key and the new future private key for the tenant are then stored in cloud-based storage.