	US 11,757,852 B2
	Encryption key management for international data residency
Audrei Drummond, Oakland, CA (US); Richard Crowley, San Francisco, CA (US); James Scheinblum, Oakland, CA (US); Eden Ghirmai, Oakland, CA (US); Lydia Gorham, Oakland, CA (US); Pooja Mehta, San Francisco, CA (US); Raissa Largman, San Francisco, CA (US); Karen Nguyen, San Francisco, CA (US); Ratnadeep Bhattacharjee, Palo Alto, CA (US); and Stephen Hamrick, Redwood City, CA (US)
Assigned to Salesforce, Inc., San Francisco, CA (US)
Filed by Salesforce, Inc., San Francisco, CA (US)
Filed on Nov. 4, 2022, as Appl. No. 17/981,169.
Application 17/981,169 is a continuation of application No. 16/918,284, filed on Jul. 1, 2020, granted, now 11,539,675.
Application 16/918,284 is a continuation in part of application No. 16/702,197, filed on Dec. 3, 2019.
Application 16/702,197 is a continuation in part of application No. 16/434,097, filed on Jun. 6, 2019, granted, now 10,778,419, issued on Sep. 15, 2020.
Claims priority of provisional application 62/900,297, filed on Sep. 13, 2019.
Claims priority of provisional application 62/895,333, filed on Sep. 3, 2019.
Claims priority of provisional application 62/780,067, filed on Dec. 14, 2018.
Claims priority of provisional application 62/681,578, filed on Jun. 6, 2018.
Prior Publication US 2023/0053443 A1, Feb. 23, 2023
Int. Cl. H04L 9/40 (2022.01); H04L 9/08 (2006.01)

CPC H04L 63/0428 (2013.01) [H04L 9/0822 (2013.01)]

20 Claims

1. A system for providing encryption key management for international data residency, the system comprising:

a first data store, located in a first geopolitical area;

a second data store, located in a second geopolitical area distinct from the first geopolitical area;

a group-based communication system server, located in the first geopolitical area and programmed to:

receive, from a first client device of a first user associated with an organization, a message to be posted to a group of a group-based communication system;

determine, based on the organization, that data associated with the organization should be stored in the second geopolitical area;

encrypt, as an encrypted message, the message using an organization-specific encryption key;

store information indicative of a storage location for the encrypted message in the first data store;

store the encrypted message in the second data store;

receive, from a second client device of a second user associated with the organization, an indication of an attempt to access the message;

retrieve, from the first data store, the information indicative of the storage location for the encrypted message;

retrieve the encrypted message from the second data store using the information indicative of the storage location for the encrypted message;

decrypt, as a decrypted message, the message using an organization-specific decryption key; and

transmit, to the second client device of the second user, the decrypted message.