公开(公告)号：US12235992B2

公开(公告)日：2025-02-25

申请号：US18060504

申请日：2022-11-30

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Thierry Cruanes ,  Monica J. Holboke ,  Allison Waingold Lee ,  Subramanian Muralidhar ,  David Schultz

IPC: G06F21/62 ,  G06F9/54 ,  G06F16/2455 ,  G06F21/53

Abstract: In an embodiment, an application is created on a data-provider platform. The application includes one or more application programming interfaces (APIs) corresponding to one or more underlying code blocks. Provider data is shared with the application on the data-provider platform. An application instance of the application is installed in a trusted execution environment (TEE). The application instance includes one or more APIs corresponding to the one or more APIs in the application on the data-provider platform. Consumer data is shared with the application instance from a data-consumer platform. One or more of the APIs of the application instance are invoked to execute, on the TEE, respective associated underlying code blocks that are not visible on the TEE. The output of the one or more respective associated underlying code blocks is saved to the data-consumer platform.

公开(公告)号：US20250013776A1

公开(公告)日：2025-01-09

申请号：US18894162

申请日：2024-09-24

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Zheng Mi ,  Subramanian Muralidhar ,  David Schultz ,  Jian Xu

IPC: G06F21/62 ,  G06F16/22 ,  G06F21/60

Abstract: Row-level security (RLS) may provide fine-grained access control based on flexible, user-defined access policies to databases, tables, objects, and other data structures. A RLS policy may be an entity or object that defines rules for row access. A RLS policy may be decoupled or independent from any specific table. This allows more robust and flexible control. A RLS policy may then be attached to one or more tables. The RLS policy may include a Boolean-valued expression.

公开(公告)号：US12061717B2

公开(公告)日：2024-08-13

申请号：US18062656

申请日：2022-12-07

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Damien Carru ,  Thierry Cruanes ,  Vikas Jain ,  Zheng Mi ,  Subramanian Muralidhar

IPC: G06F16/00 ,  G06F16/22 ,  G06F16/248 ,  G06F16/25 ,  G06F16/27 ,  G06F21/62

CPC classification number: G06F21/6227 ,  G06F16/221 ,  G06F16/2282 ,  G06F16/248 ,  G06F16/252 ,  G06F16/27

Abstract: A shared database platform implements dynamic masking on data shared between users where specific data is masked, transformed, or otherwise modified based on preconfigured functions that are associated with user roles. The shared database platform can implement the masking at runtime dynamically in response to users requesting access to a database object that is associated with one or more masking policies.

公开(公告)号：US20230401333A1

公开(公告)日：2023-12-14

申请号：US18060504

申请日：2022-11-30

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Thierry Cruanes ,  Monica J. Holboke ,  Allison Waingold Lee ,  Subramanian Muralidhar ,  David Schultz

IPC: G06F21/62 ,  G06F21/53

CPC classification number: G06F21/6245 ,  G06F21/53 ,  G06F2221/032

Abstract: In an embodiment, an application is created on a data-provider platform. The application includes one or more application programming interfaces (APIs) corresponding to one or more underlying code blocks. Provider data is shared with the application on the data-provider platform. An application instance of the application is installed in a trusted execution environment (TEE). The application instance includes one or more APIs corresponding to the one or more APIs in the application on the data-provider platform. Consumer data is shared with the application instance from a data-consumer platform. One or more of the APIs of the application instance are invoked to execute, on the TEE, respective associated underlying code blocks that are not visible on the TEE. The output of the one or more respective associated underlying code blocks is saved to the data-consumer platform.

公开(公告)号：US11763029B2

公开(公告)日：2023-09-19

申请号：US18162506

申请日：2023-01-31

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Thierry Cruanes ,  Monica J. Holboke ,  Allison Waingold Lee ,  Subramanian Muralidhar ,  David Schultz

IPC: H04L29/06 ,  G06F21/62 ,  G06F21/53

CPC classification number: G06F21/6245 ,  G06F21/53 ,  G06F2221/032

Abstract: A data platform creates an application in a data-provider account, where the application includes one or more application programming interfaces (APIs) corresponding to one or more underlying code blocks. The data platform shares homomorphically encrypted provider data with the application in the data-provider account. The data platform installs, in a data-consumer account, an application instance of the application. The data platform shares homomorphically encrypted consumer data with the application instance in the data-consumer account. The data platform invokes one or more of the APIs of the application instance to execute respective associated underlying code blocks, which are not visible to the data-consumer account, and which operate on the shared homomorphically encrypted provider data and the shared homomorphically encrypted consumer data. The data platform saves homomorphically encrypted output of the one or more respective associated underlying code blocks locally within the data-consumer account.

公开(公告)号：US20240095393A1

公开(公告)日：2024-03-21

申请号：US18521589

申请日：2023-11-28

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Zheng Mi ,  Subramanian Muralidhar ,  David Schultz ,  Jian Xu

IPC: G06F21/62 ,  G06F16/22 ,  G06F21/60

CPC classification number: G06F21/6227 ,  G06F16/2282 ,  G06F21/604 ,  G06F21/62 ,  G06F21/6218 ,  G06F2221/2141

Abstract: Row-level security (RLS) may provide fine-grained access control based on flexible, user-defined access policies to databases, tables, objects, and other data structures. A RLS policy may be an entity or object that defines rules for row access. A RLS policy may be decoupled or independent from any specific table. This allows more robust and flexible control. A RLS policy may then be attached to one or more tables. The RLS policy may include a Boolean-valued expression.

公开(公告)号：US11868502B2

公开(公告)日：2024-01-09

申请号：US18341935

申请日：2023-06-27

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Zheng Mi ,  Subramanian Muralidhar ,  David Schultz ,  Jian Xu

IPC: G06F21/62 ,  G06F21/60 ,  G06F16/22

CPC classification number: G06F21/6227 ,  G06F16/2282 ,  G06F21/604 ,  G06F21/62 ,  G06F21/6218 ,  G06F2221/2141

Abstract: Row-level security (RLS) may provide fine-grained access control based on flexible, user-defined access policies to databases, tables, objects, and other data structures. A RLS policy may be an entity or object that defines rules for row access. A RLS policy may be decoupled or independent from any specific table. This allows more robust and flexible control. A RLS policy may then be attached to one or more tables. The RLS policy may include a Boolean-valued expression.

公开(公告)号：US20230334167A1

公开(公告)日：2023-10-19

申请号：US18341935

申请日：2023-06-27

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Zheng Mi ,  Subramanian Muralidhar ,  David Schultz ,  Jian Xu

IPC: G06F21/62 ,  G06F21/60 ,  G06F16/22

CPC classification number: G06F21/6227 ,  G06F21/604 ,  G06F16/2282 ,  G06F21/62 ,  G06F21/6218 ,  G06F2221/2141

Abstract: Row-level security (RLS) may provide fine-grained access control based on flexible, user-defined access policies to databases, tables, objects, and other data structures. A RLS policy may be an entity or object that defines rules for row access. A RLS policy may be decoupled or independent from any specific table. This allows more robust and flexible control. A RLS policy may then be attached to one or more tables. The RLS policy may include a Boolean-valued expression.

公开(公告)号：US11574072B2

公开(公告)日：2023-02-07

申请号：US17334315

申请日：2021-05-28

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Damien Carru ,  Thierry Cruanes ,  Vikas Jain ,  Zheng Mi ,  Subramanian Muralidhar

IPC: G06F21/62 ,  G06F16/25 ,  G06F16/248 ,  G06F16/22 ,  G06F16/27

Abstract: A shared database platform implements dynamic masking on data shared between users where specific data is masked, transformed, or otherwise modified based on preconfigured functions that are associated with user roles. The shared database platform can implement the masking at runtime dynamically in response to users requesting access to a database object that is associated with one or more masking policies.

公开(公告)号：US20220253547A1

公开(公告)日：2022-08-11

申请号：US17661089

申请日：2022-04-28

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Zheng Mi ,  Subramanian Muralidhar ,  David Schultz ,  Jian Xu

IPC: G06F21/62 ,  G06F21/60 ,  G06F16/22

Abstract: Row-level security (RLS) may provide fine-grained access control based on flexible, user-defined access policies to databases, tables, objects, and other data structures. A RLS policy may be an entity or object that defines rules for row access. A RLS policy may be decoupled or independent from any specific table. This allows more robust and flexible control. A RLS policy may then be attached to one or more tables. The RLS policy may include a Boolean-valued expression.