logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 11799633 B1

PDFFull Text
Date of Patent:
Oct. 24, 2023

Filed:

Sep. 27, 2021

Enabling using external tenant master keys

Applicant:

Workday, Inc., Pleasanton, CA (US);

Inventors:

Miguel Leonardo Chinchilla Cartagena, Livermore, CA (US);

Karina Si-Woon Chan, Oakland, CA (US);

Aswani Kaushik Chimthapalli, Fremont, CA (US);

Michael Clarke, Dublin, IE;

Amol Anant Deshmukh, Dublin, CA (US);

Subha Gopalakrishnan, San Ramon, CA (US);

Bjorn Brook Hamel, Dublin, CA (US);

Louis James LaTouche, Danville, CA (US);

Atlee Glen Lyden, Lafayette, CO (US);

Marcus Anthony Sanchez, Everett, WA (US);

Jasmine Teresa Schladen, Dublin, CA (US);

Devaki Ajinkya Tarkunde, Mountain View, CA (US);

Harrison Yu, Dublin, CA (US);

Assignee:

Workday, Inc., Pleasanton, CA (US);

Attorney:

Van Pelt, Yi & James LLP

Primary Examiner:

Shahriar Zarrineh

Int. Cl.
CPC ...
H04L 9/08 (2006.01); H04L 9/14 (2006.01); H04L 67/561 (2022.01);
U.S. Cl.
CPC ...
H04L 9/0825 (2013.01); H04L 9/0822 (2013.01); H04L 9/14 (2013.01); H04L 67/561 (2022.05);
Abstract

The present application discloses a method, system, and computer system for managing data using keys. The method includes receiving a request to access data stored within a tenant database associated with a tenant, wherein the data is encrypted based at least in part on a tenant service encryption key (TSEK) corresponding to the tenant database, determining a wrapper key used in connection with encrypting the TSEK based at least in part on a TSEK metadata stored in association with the TSEK, determining a top-level key used in connection with encrypting the wrapper key based at least in part on wrapper key metadata stored in association with the encrypted version of the wrapper key, obtaining the data stored within the tenant database, comprising decrypting at least part of the data based at least in part on (i) the TSEK, (ii) the wrapper key, and (iii) the top-level key, and providing the data in response to the request. The TSEK metadata is stored in the tenant database. An encrypted version of the wrapper key is stored in a key management service that is in communication with the tenant database.

Find Patent Forward Citations

Loading…