logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 12143475 B1

PDFFull Text
Date of Patent:
Nov. 12, 2024

Filed:

Sep. 05, 2023

Enabling using external tenant master keys

Applicant:

Workday, Inc., Pleasanton, CA (US);

Inventors:

Miguel Leonardo Chinchilla Cartagena, Livermore, CA (US);

Karina Si-Woon Chan, Oakland, CA (US);

Aswani Kaushik Chimthapalli, Fremont, CA (US);

Michael Clarke, Dublin, IE;

Amol Anant Deshmukh, Dublin, CA (US);

Subha Gopalakrishnan, San Ramon, CA (US);

Bjorn Brook Hamel, Dublin, CA (US);

Louis James LaTouche, Danville, CA (US);

Atlee Glen Lyden, Lafayette, CO (US);

Marcus Anthony Sanchez, Everett, WA (US);

Jasmine Teresa Schladen, Dublin, CA (US);

Devaki Ajinkya Tarkunde, Mountain View, CA (US);

Harrison Yu, Dublin, CA (US);

Assignee:

Workday, Inc., Pleasanton, CA (US);

Attorney:

Van Pelt, Yi & James LLP

Primary Examiner:

Shahriar Zarrineh

Int. Cl.
CPC ...
H04L 9/08 (2006.01); H04L 9/14 (2006.01); H04L 67/561 (2022.01);
U.S. Cl.
CPC ...
H04L 9/0825 (2013.01); H04L 9/0822 (2013.01); H04L 9/14 (2013.01); H04L 67/561 (2022.05);
Abstract

The present application discloses a method, system, and computer system for managing data using keys. The method includes receiving a request to access data, wherein the data is encrypted based on a tenant service encryption key (TSEK) corresponding to the tenant database, determining a wrapper key used in connection with encrypting the TSEK based on a TSEK metadata, determining a top-level key used in connection with encrypting the wrapper key based on wrapper key metadata stored in association with the encrypted version of the wrapper key, obtaining the data stored within the tenant database, comprising decrypting at least part of the data based on (i) the TSEK, (ii) the wrapper key, and (iii) the top-level key, and providing the data in response to the request. The TSEK metadata is stored in the tenant database. An encrypted version of the wrapper key is stored in a key management service.

Find Patent Forward Citations

Loading…