Abstract: System and methods of the disclosed subject matter provide segregating, at a memory storage coupled to a multitenant database system, first tenant data of a first tenant from at least second tenant data of a second tenant, based on a first tenant identifier. A first encryption key associated with the first tenant may be retrieved from a key cache memory based on the first tenant identifier, to encrypt one or more fragments of the first tenant data. The fragments of the first tenant data may be encrypted based on the retrieved encryption key. Non-encrypted header information may be generated for each of the encrypted fragments of the first tenant data, where the header information may have metadata including the first tenant identifier. The encrypted fragments of the first tenant data and the corresponding non-encrypted header information may be stored in the immutable storage.

Abstract: Data to define a travel rewards promotion is received over a network. The travel rewards promotion comprises traveler eligibility criteria and travel rewards criteria. At least one traveler is selected where the travel itinerary of the respective traveler matches traveler eligibility criteria for the promotion. The traveler is notified that he or she is eligible for the travel rewards promotion, the notification comprising a representation of the travel rewards criteria. A travel rewards promotion total is then compiled for the traveler and the traveler is notified of his or her respective promotion rewards total. In one embodiment, the traveler's current context is determined and matched to promotion alert criteria. The traveler is then alerted, over the network, that a travel rewards promotion is available to the respective traveler in the respective traveler's current context, the alert comprising a representation of the travel rewards criteria.

Abstract: Methods, systems, and devices for distributed caching of encrypted encryption keys are described. Some multi-tenant database systems may support encryption of data records. To efficiently handle multiple encryption keys across multiple application servers, the database system may store the encryption keys in a distributed cache accessible by each of the application servers. To securely cache the encryption keys, the database system may encrypt (e.g., wrap) each data encryption key (DEK) using a second encryption key (e.g., a key encryption key (KEK)). The database system may store the DEKs and KEKs in separate caches to further protect the encryption keys. For example, while the encrypted DEKs may be stored in the distributed cache, the KEKs may be stored locally on application servers. The database system may further support “bring your own key” (BYOK) functionality, where a user may upload a tenant secret or tenant-specific encryption key to the database.

Abstract: Techniques are disclosed relating to contextual authentication across different applications based on user communications. In some embodiments, a user is preauthenticated to certain actions on a second application based on the user's communication via a first application. The user's communication via a first application provides contextual information that may be used to preauthenticate a request to perform an action on the second application. Contextual information may include the user's communication itself, communications characteristics that are determined from the user's communications, or both.

Abstract: System and methods of the disclosed subject matter provide segregating, at a memory storage coupled to a multitenant database system, first tenant data of a first tenant from at least second tenant data of a second tenant, based on a first tenant identifier. A first encryption key associated with the first tenant may be retrieved from a key cache memory based on the first tenant identifier, to encrypt one or more fragments of the first tenant data. The fragments of the first tenant data may be encrypted based on the retrieved encryption key. Non-encrypted header information may be generated for each of the encrypted fragments of the first tenant data, where the header information may have metadata including the first tenant identifier. The encrypted fragments of the first tenant data and the corresponding non-encrypted header information may be stored in the immutable storage.

Abstract: System and methods of the disclosed subject matter provide segregating, at a memory storage coupled to a multitenant database system, first tenant data of a first tenant from at least second tenant data of a second tenant, based on a first tenant identifier. A first encryption key associated with the first tenant may be retrieved from a key cache memory based on the first tenant identifier, to encrypt one or more fragments of the first tenant data. The fragments of the first tenant data may be encrypted based on the retrieved encryption key. Non-encrypted header information may be generated for each of the encrypted fragments of the first tenant data, where the header information may have metadata including the first tenant identifier. The encrypted fragments of the first tenant data and the corresponding non-encrypted header information may be stored in the immutable storage.

Abstract: Systems, methods, and apparatuses for implementing authentication of a user login to an external website from a community in a cloud based computing environment. An exemplary system having at least a processor and a memory therein includes means for identifying a first domain where a user is to be allowed to login to an external web page hosted thereon, and means for connecting the external web page with a community of a cloud computing environment hosted on a second domain different than the identified first domain, the connecting means handling how the connected community authenticates the user when the user logs into the external web page and providing one of a plurality of login experiences for the user based on conditions determined at run time.

Abstract: Disclosed are some implementations of systems, apparatus, methods and computer program products for facilitating the authentication of computing system requests across tenants of at least one multi-tenant database system. Authentication is facilitated using a central registry that is accessible by and independent from the tenants of the multi-tenant database system.

Abstract: Methods and systems are provided for configuring for declaratively configuring a user self-registration process and a user self-registration page process for a particular service provider. A graphical user interface is displayed that includes a plurality of options for declaratively configuring different user self-registration processes and corresponding user self-registration pages for the particular service provider. One of the options can be selected, and a type of identifier and a type of verification process can be specified from different types for each. The type of identifier is associated with a user to be verified as part of the user self-registration process, and can be specified to define how the user is identified and looked-up during the user self-registration process. The type of verification process can define how the user will be verified as part of the user self-registration process.

Abstract: Disclosed are some implementations of systems, apparatus, methods and computer program products for facilitating the authentication of computing system requests across tenants of at least one multi-tenant database system. Authentication is facilitated using a central registry that is accessible by and independent from the tenants of the multi-tenant database system.

Abstract: Methods, systems, and devices for distributed caching of encrypted encryption keys are described. Some multi-tenant database systems may support encryption of data records. To efficiently handle multiple encryption keys across multiple application servers, the database system may store the encryption keys in a distributed cache accessible by each of the application servers. To securely cache the encryption keys, the database system may encrypt (e.g., wrap) each data encryption key (DEK) using a second encryption key (e.g., a key encryption key (KEK)). The database system may store the DEKs and KEKs in separate caches to further protect the encryption keys. For example, while the encrypted DEKs may be stored in the distributed cache, the KEKs may be stored locally on application servers. The database system may further support “bring your own key” (BYOK) functionality, where a user may upload a tenant secret or tenant-specific encryption key to the database.

Abstract: Methods and systems are provided for configuring for declaratively configuring a user self-registration process and a user self-registration page process for a particular service provider. A graphical user interface is displayed that includes a plurality of options for declaratively configuring different user self-registration processes and corresponding user self-registration pages for the particular service provider. One of the options can be selected, and a type of identifier and a type of verification process can be specified from different types for each. The type of identifier is associated with a user to be verified as part of the user self-registration process, and can be specified to define how the user is identified and looked-up during the user self-registration process. The type of verification process can define how the user will be verified as part of the user self-registration process.

Abstract: Techniques are disclosed relating to contextual authentication across different applications based on user communications. In some embodiments, a user is preauthenticated to certain actions on a second application based on the user's communication via a first application. The user's communication via a first application provides contextual information that may be used to preauthenticate a request to perform an action on the second application. Contextual information may include the user's communication itself, communications characteristics that are determined from the user's communications, or both.

Abstract: Mechanisms and techniques for customized user validation. A login attempt is received from a remote electronic device with one or more computing devices that provide access to one or more resources. The login attempt is analyzed to determine a profile from a plurality of profiles corresponding to the login attempt. The one or more computing devices support the plurality profiles with each profile having a corresponding flow. The flow corresponding to the profile is performed prior to allowing continuation of the login attempt. The login attempt is continued, via the one or more computing devices, after the flow corresponding to the profile is completed. Access is granted to the one or more resources, via the one or more computing devices, in response to a successful completion of the login attempt.

Abstract: System and methods of the disclosed subject matter provide segregating, at a memory storage coupled to a multitenant database system, first tenant data of a first tenant from at least second tenant data of a second tenant, based on a first tenant identifier. A first encryption key associated with the first tenant may be retrieved from a key cache memory based on the first tenant identifier, to encrypt one or more fragments of the first tenant data. The fragments of the first tenant data may be encrypted based on the retrieved encryption key. Non-encrypted header information may be generated for each of the encrypted fragments of the first tenant data, where the header information may have metadata including the first tenant identifier. The encrypted fragments of the first tenant data and the corresponding non-encrypted header information may be stored in the immutable storage.

Abstract: Systems, methods, and apparatuses for implementing tenant-to-tenant failover in a multi-tenant could computing environment. An exemplary system having at least a processor and a memory therein includes means for identifying a first one of a plurality of tenants in a multi-tenant cloud computing system as a primary tenant for providing a function, identifying a second one of the plurality of tenants in the multi-tenant cloud computing system as a secondary tenant for providing the function should the primary tenant become unavailable, providing the function in the multi-tenant cloud computing system via the primary tenant when the primary tenant is available, and switching to providing the function in the multi-tenant cloud computing environment via the secondary tenant when the primary tenant is unavailable and the secondary tenant is available.

Abstract: Methods, systems, and devices for distributed caching of encrypted encryption keys are described. Some multi-tenant database systems may support encryption of data records. To efficiently handle multiple encryption keys across multiple application servers, the database system may store the encryption keys in a distributed cache accessible by each of the application servers. To securely cache the encryption keys, the database system may encrypt (e.g., wrap) each data encryption key (DEK) using a second encryption key (e.g., a key encryption key (KEK)). The database system may store the DEKs and KEKs in separate caches to further protect the encryption keys. For example, while the encrypted DEKs may be stored in the distributed cache, the KEKs may be stored locally on application servers. The database system may further support “bring your own key” (BYOK) functionality, where a user may upload a tenant secret or tenant-specific encryption key to the database.

Abstract: Data to define a travel rewards promotion is received over a network. The travel rewards promotion comprises traveler eligibility criteria and travel rewards criteria. At least one traveler is selected where the travel itinerary of the respective traveler matches traveler eligibility criteria for the promotion. The traveler is notified that he or she is eligible for the travel rewards promotion, the notification comprising a representation of the travel rewards criteria. A travel rewards promotion total is then compiled for the traveler and the traveler is notified of his or her respective promotion rewards total. In one embodiment, the traveler's current context is determined and matched to promotion alert criteria. The traveler is then alerted, over the network, that a travel rewards promotion is available to the respective traveler in the respective traveler's current context, the alert comprising a representation of the travel rewards criteria.

Abstract: Techniques are disclosed relating to contextual authentication across different applications based on user communications. In some embodiments, a user is preauthenticated to certain actions on a second application based on the user's communication via a first application. The user's communication via a first application provides contextual information that may be used to preauthenticate a request to perform an action on the second application. Contextual information may include the user's communication itself and/or communications characteristics that are determined from the user's communications.

Abstract: Systems, methods, and apparatuses for implementing authentication of a user login to an external website from a community in a cloud based computing environment. An exemplary system having at least a processor and a memory therein includes means for identifying a first domain where a user is to be allowed to login to an external web page hosted thereon, and means for connecting the external web page with a community of a cloud computing environment hosted on a second domain different than the identified first domain, the connecting means handling how the connected community authenticates the user when the user logs into the external web page and providing one of a plurality of login experiences for the user based on conditions determined at run time.