Abstract: Methods, systems, and devices supporting data processing are described. In some systems, a first service executing on a datacenter may receive a request to establish a secure connection and a certificate from a second service. The datacenter may be provisioned with an indication of certificates that have been revoked by a certificate authority (CA). The first service may validate a certificate chain for the certificate from the second service based on the certificates that have been revoked by the CA. If a certificate of the certificate chain has been revoked, the first service may not establish the connection with the second service. If the certificates of the certificate chain have not been revoked, the first service may establish a secure connection with the second service. The services may communicate in accordance with validating the certificate chain.

Abstract: A client application and a local security controller (LSC) executing on a host computing device use a Multiparty Computation (MPC) cryptographic key generation technique to create two fragments of a split private key, which are held by the client application and LSC, respectively. The client application generates a certificate signing request (CSR). The client application and LSC sign the CSR with the split private key using an MPC technique. The LSC then signs a token from the client application to indicate that the private key corresponding to the CSR is MPC-backed. A package with the CSR and the first and second signatures is then sent to a remote device acting as a certificate authority. The remote device verifies the two signatures and issues a certificate to the client application. The second signature is verified using information sent to the remote device from the LSC during a registration process.

Abstract: Techniques are disclosed relating to the protection of secrets within a software development lifecycle. Developers can use an encryption service to encrypt a secret to be used by an application within a package. The secret can be associated with the application, and then encrypted and included in a package that is signed and passed through a software automation pipeline to a data center that hosts the production server for the application. The application executing on the production server can request that the secret be decrypted by a decryption service after package verification. A developer can also specify, in a manifest file, a set of secrets needed for applications executing in the same data center. The manifest file may be passed from the software development environment to the data center, where the specified secrets are created and used by the applications without ever residing or being accessible outside the data center.

Abstract: Multiple systems, methods, and computer program product embodiments for password-less authentication using key agreement and multi-party computation (MPC). In one or more embodiments, following an authentication request received by a host computing device, the host computing device and a user computing device generate a shared key using a key agreement algorithm. Then, the host computing device generates a challenge that is encrypted using the shared key and transmitted to the user computing device. The user computing device decrypts the challenge after regenerating the shared key and sends the decrypted result to the host computing device as the challenge response. The authentication request is granted by the host computing device if the challenge and the challenge response match. New keys and a new challenge are generated for each authentication request. This process relies on public key cryptography eliminating the needs for passwords.

Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A security module running on a database server may generate a private key-public key pair in response to receiving a request to store client data in a database. The security module may then transmit a request to derive a symmetric key to a key server, the request including the generated public key. The key server may derive a symmetric key, using key agreement and a key derivation function, based on the received public key and a private key managed by the key server. The security module may then receive the symmetric key from the key server and encrypt the client data. To facilitate decryption, the public key used to generate the symmetric key and an identifier for the private key managed by the key server may be stored in metadata associated with the client data.

Abstract: Techniques are disclosed relating to the protection of secrets within a software development lifecycle. Developers can use an encryption service to encrypt a secret to be used by an application within a package. The secret can be associated with the application, and then encrypted and included in a package that is signed and passed through a software automation pipeline to a data center that hosts the production server for the application. The application executing on the production server can request that the secret be decrypted by a decryption service after package verification. A developer can also specify, in a manifest file, a set of secrets needed for applications executing in the same data center. The manifest file may be passed from the software development environment to the data center, where the specified secrets are created and used by the applications without ever residing or being accessible outside the data center.

Abstract: Techniques are disclosed relating to secure data migration between different data zones via a message broker system for asynchronous communication. A migration policy engine is used to determine allowable data migrations. If a data migration is permitted, a set of data in the source data zone is encrypted using a symmetric key that is generated using a key agreement protocol that utilizes a public key of a data zone key pair of a destination data zone and a private key of a migration key pair. The source data zone writes the encrypted data and a public key of the migration key pair to the message broker system. The destination data zone then reads this data from the message broker system, and decrypts the data by deriving the symmetric key using the public key of the migration key pair and a private key of the data zone key pair.

Abstract: A client application and a local security controller (LSC) executing on a host computing device use a Multiparty Computation (MPC) cryptographic key generation technique to create two fragments of a split private key, which are held by the client application and LSC, respectively. The client application generates a certificate signing request (CSR). The client application and LSC sign the CSR with the split private key using an MPC technique. The LSC then signs a token from the client application to indicate that the private key corresponding to the CSR is MPC-backed. A package with the CSR and the first and second signatures is then sent to a remote device acting as a certificate authority. The remote device verifies the two signatures and issues a certificate to the client application. The second signature is verified using information sent to the remote device from the LSC during a registration process.

Abstract: In response to a key generation request from a client application, a security controller generates a cryptographic key pair and splits the private key portion into a first fragment and a second fragment. The first fragment, but not the second fragment, is encrypted using a symmetric wrapping key that is accessible to the security controller but not the client application. A key package with the encrypted first fragment is returned to the client application. When the client application needs to digitally sign a data value with the split private key, the client application generates a first partial Multiparty Computation (MPC) signature using the second fragment. The security controller generates a second partial MPC signature with the first fragment, which has been decrypted using the symmetric wrapping key. The first and second partial MPC signatures are combinable to digitally sign the data value.

Abstract: A remote security controller (RSC) generates a private key for a client application on a different host computing device and splits the private key into a first fragment and a second fragment. The first fragment, but not the second fragment, is encrypted using a symmetric key. The split private key is returned to the different host computing device. A local security controller (LSC) on the different host computing device is able to derive the symmetric key using a key agreement protocol with the RSC. When the client application needs to digitally sign a data value with the split private key, the client application generates a first partial Multiparty Computation (MPC) signature using the second fragment. The LSC generates a second partial MPC signature with the first fragment, which has been decrypted using the symmetric key. The first and second partial MPC signatures are combinable to digitally sign the data value.

Abstract: A client may transmit an authentication request to a server. The server may initiate a key agreement process using a short-lived private key generated at the server and a public key of the device, generate a shared secret, and derive a symmetric key. The symmetric key may be used to encrypt a random challenge. Further, the server initiates a key agreement process for the client using the partial private key that was generated for the client and the short-lived public key generated at the server. A partial key agreement result and the encrypted random challenge may be transmitted to the client. The client may complete the key agreement process using the partial key agreement result and a respective portion of the private key. The client may derive the encryption key and decrypt the random challenge. An indication of the random challenge may be transmitted to the server, which authenticates the client.

Abstract: Multiple systems, methods, and computer program product embodiments for password-less authentication using key agreement and multi-party computation (MPC). In one or more embodiments, following an authentication request received by a host computing device, the host computing device and a user computing device generate a shared key using a key agreement algorithm. Then, the host computing device generates a challenge that is encrypted using the shared key and transmitted to the user computing device. The user computing device decrypts the challenge after regenerating the shared key and sends the decrypted result to the host computing device as the challenge response. The authentication request is granted by the host computing device if the challenge and the challenge response match. New keys and a new challenge are generated for each authentication request. This process relies on public key cryptography eliminating the needs for passwords.

Abstract: Techniques are disclosed relating to user authentication using multi-party computation and public key cryptography. In some embodiments, a server may receive, from a client, a request to authenticate a user to a service. The server may access key-pair information that includes, for a server key-pair, a first component of a server private key and, for a client key-pair, a client public key and a first component of a client private key. The server may generate a partial signature value that is based on the first component, but not the entirety, of the server private key. The server may send, to the client, an authentication challenge that includes challenge information and the partial signature value. The server may then determine whether to authenticate the user based on an authentication response from the client.

Abstract: Methods, systems, and devices supporting data processing are described. In some systems, a first service executing on a datacenter may receive a request to establish a secure connection and a certificate from a second service. The datacenter may be provisioned with an indication of certificates that have been revoked by a certificate authority (CA). The first service may validate a certificate chain for the certificate from the second service based on the certificates that have been revoked by the CA. If a certificate of the certificate chain has been revoked, the first service may not establish the connection with the second service. If the certificates of the certificate chain have not been revoked, the first service may establish a secure connection with the second service. The services may communicate in accordance with validating the certificate chain.

Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A key identifier received from a security server may be stored by an application server. The key identifier may be associated with a private key that is accessible by the security server and not accessible by the application server. A request to derive a symmetric key may be transmitted from the application server to the security server, the request including a public key generated by the application server, a salt value, and the key identifier. The symmetric key may then be derived based on the transmitted public key and the private key using a key derivation function. The application server may then receive and store the symmetric key in an in-memory cache, and be used to securely encrypt data received by the application server from client devices.

Abstract: A service may leverage a mutual transport layer security (mTLS) service to authenticate a client that is configured with a client certificate chain. The client may request access to the service, and the service may transmit a redirection response to the client. The redirection response may indicate an endpoint for the mTLS service that is associated with the tenant. In response to receiving the redirection response, the client may perform a digital handshake with the mTLS service, and the mTLS service may validate the client digital certificate and digitally sign the client digital certificate. The mTLS may transmit a redirection response, which redirects the client to the service where the client presents an indication of the digitally signed digital certificate chain. The service may validate the chain of trust associated with the digitally signed digital certificate chain and issue an indication that the client is authenticated to access the service.

Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A security module running on a database server may generate a private key-public key pair in response to receiving a request to store client data in a database. The security module may then transmit a request to derive a symmetric key to a key server, the request including the generated public key. The key server may derive a symmetric key, using key agreement and a key derivation function, based on the received public key and a private key managed by the key server. The security module may then receive the symmetric key from the key server and encrypt the client data. To facilitate decryption, the public key used to generate the symmetric key and an identifier for the private key managed by the key server may be stored in metadata associated with the client data.

Abstract: Methods and systems for securing customer data in a multi-tenant database environment are described. A key identifier received from a security server may be stored by an application server. The key identifier may be associated with a private key that is accessible by the security server and not accessible by the application server. A request to derive a symmetric key may be transmitted from the application server to the security server, the request including a public key generated by the application server, a salt value, and the key identifier. The symmetric key may then be derived based on the transmitted public key and the private key using a key derivation function. The application server may then receive and store the symmetric key in an in-memory cache, and be used to securely encrypt data received by the application server from client devices.

Abstract: A service may leverage a mutual transport layer security (mTLS) service to authenticate a client that is configured with a client certificate chain. The client may request access to the service, and the service may transmit a redirection response to the client. The redirection response may indicate an endpoint for the mTLS service that is associated with the tenant. In response to receiving the redirection response, the client may perform a digital handshake with the mTLS service, and the mTLS service may validate the client digital certificate and digitally sign the client digital certificate. The mTLS may transmit a redirection response, which redirects the client to the service where the client presents an indication of the digitally signed digital certificate chain. The service may validate the chain of trust associated with the digitally signed digital certificate chain and issue an indication that the client is authenticated to access the service.

Abstract: A client may transmit an authentication request to a server. The server may initiate a key agreement process using a short-lived private key generated at the server and a public key of the device, generate a shared secret, and derive a symmetric key. The symmetric key may be used to encrypt a random challenge. Further, the server initiates a key agreement process for the client using the partial private key that was generated for the client and the short-lived public key generated at the server. A partial key agreement result and the encrypted random challenge may be transmitted to the client. The client may complete the key agreement process using the partial key agreement result and a respective portion of the private key. The client may derive the encryption key and decrypt the random challenge. An indication of the random challenge may be transmitted to the server, which authenticates the client.