公开(公告)号：US20240303366A1

公开(公告)日：2024-09-12

申请号：US18651570

申请日：2024-04-30

Applicant: Snowflake Inc.

Inventor： Justin Langseth ,  Michael Earle Rainey

IPC: G06F21/62 ,  G06F16/245 ,  G06F16/25 ,  G06F16/27 ,  G06F21/60

CPC classification number: G06F21/6227 ,  G06F16/245 ,  G06F16/258 ,  G06F16/27 ,  G06F21/602

Abstract: Embodiments of the present disclosure may provide a data clean room allowing encryption based data analysis across multiple accounts of different database users. The data clean room may also restrict which data may be used in the analysis and may restrict the output. A requesting user's data can be encrypted using a key and a provider user can generate a shareable database function that accepts the key to decrypt the data to generate the results data without exposing each others' data.

公开(公告)号：US12067019B2

公开(公告)日：2024-08-20

申请号：US17538785

申请日：2021-11-30

Applicant: Snowflake Inc.

Inventor： Rachel Frances Blum ,  Justin Langseth ,  Michael Earle Rainey

IPC: G06F16/2455 ,  G06F16/242 ,  G06F16/27 ,  G06F21/62

CPC classification number: G06F16/24565 ,  G06F16/2443 ,  G06F16/27 ,  G06F21/6227

Abstract: Embodiments of the present disclosure may provide a data clean room architecture that dynamically restricts data included in the clean room. The data clean room architecture can implement row access policy or dynamic data masking for row and column based restrictions of data provided through the clean room. The data clean room architecture can provide a limited set of data that does not require obfuscation of data for direction matching and correlation of data in the different datasets, such as matching user identifiers or emails.

公开(公告)号：US12001581B2

公开(公告)日：2024-06-04

申请号：US18162705

申请日：2023-01-31

Applicant: Snowflake Inc.

Inventor： Justin Langseth ,  Michael Earle Rainey

IPC: G06F21/62 ,  G06F16/245 ,  G06F16/25 ,  G06F16/27 ,  G06F21/60

CPC classification number: G06F21/6227 ,  G06F16/245 ,  G06F16/258 ,  G06F16/27 ,  G06F21/602

Abstract: A first database account shares, with a second database account, a secure function configured to accept an encrypted dataset and a decryption parameter. The first database account includes a first dataset. The second database account includes a second dataset. The second database account selects one or more rows and one or more columns of the second dataset as a searchable dataset, generates an encrypted searchable dataset by encrypting the searchable dataset with a key, and calls the secure function with the encrypted searchable dataset and the key. The secure function generates results of a query by: generating a decrypted searchable dataset by decrypting the encrypted searchable dataset with the key in a secure environment, obtaining the results by executing the query against a combination of the first dataset and the decrypted dataset in the secure environment to generated query-results data, and outputting the results to the second database account.

公开(公告)号：US20230177203A1

公开(公告)日：2023-06-08

申请号：US18162705

申请日：2023-01-31

Applicant: Snowflake Inc.

Inventor： Justin Langseth ,  Michael Earle Rainey

IPC: G06F21/62 ,  G06F21/60 ,  G06F16/245 ,  G06F16/25 ,  G06F16/27

CPC classification number: G06F21/6227 ,  G06F21/602 ,  G06F16/245 ,  G06F16/258 ,  G06F16/27

Abstract: A first database account shares, with a second database account, a secure function configured to accept an encrypted dataset and a decryption parameter. The first database account includes a first dataset. The second database account includes a second dataset. The second database account selects one or more rows and one or more columns of the second dataset as a searchable dataset, generates an encrypted searchable dataset by encrypting the searchable dataset with a key, and calls the secure function with the encrypted searchable dataset and the key. The secure function generates results of a query by: generating a decrypted searchable dataset by decrypting the encrypted searchable dataset with the key in a secure environment, obtaining the results by executing the query against a combination of the first dataset and the decrypted dataset in the secure environment to generated query-results data, and outputting the results to the second database account.

公开(公告)号：US11567943B1

公开(公告)日：2023-01-31

申请号：US17652873

申请日：2022-02-28

Applicant: Snowflake Inc.

Inventor： Rachel Frances Blum ,  Justin Langseth ,  Michael Earle Rainey

IPC: G06F16/2455 ,  G06F16/242 ,  G06F16/27

Abstract: Embodiments of the present disclosure may provide a data clean room architecture that restricts data included in the clean room. The data clean room architecture can implement a policy to enable data restrictions for data shared between multiple parties via a distributed database. Multiple database accounts can implement validation instances to validate queries when received from other database accounts. One or more of the database accounts can provide a query template that is congruent with the validation instance for use by the other database accounts to generate queries against the data shared in the data clean room.

公开(公告)号：US20230004669A1

公开(公告)日：2023-01-05

申请号：US17390935

申请日：2021-07-31

Applicant: Snowflake Inc.

Inventor： Justin Langseth ,  Michael Earle Rainey

IPC: G06F21/62 ,  G06F21/60 ,  G06F16/27 ,  G06F16/25 ,  G06F16/245

Abstract: Embodiments of the present disclosure may provide a data clean room allowing encryption based data analysis across multiple accounts of different database users. The data clean room may also restrict which data may be used in the analysis and may restrict the output. A requesting user's data can be encrypted using a key and a provider user can generate a shareable database function that accepts the key to decrypt the data to generate the results data without exposing each others' data.

公开(公告)号：US20250013648A1

公开(公告)日：2025-01-09

申请号：US18892783

申请日：2024-09-23

Applicant: Snowflake Inc.

Inventor： Rachel Frances Blum ,  Justin Langseth ,  Michael Earle Rainey

IPC: G06F16/2455 ,  G06F16/242 ,  G06F16/27 ,  G06F21/62

Abstract: Disclosed herein are systems and methods for query processing with restrictions in a database clean room. In an embodiment, a system receives a query directed to a combination of a first source dataset from a first database account of a distributed database and a second source dataset from a second database account of the distributed database. The system generates an approved statements table that contains database statement language that can be executed against the combination of the first and second source datasets. Based on determining that the approved statements table includes the query, the system executes the query to produce results data, and stores the results data in the first database account.

公开(公告)号：US20240168958A1

公开(公告)日：2024-05-23

申请号：US18425312

申请日：2024-01-29

Applicant: Snowflake Inc.

Inventor： Rachel Frances Blum ,  Justin Langseth ,  Michael Earle Rainey

IPC: G06F16/2455 ,  G06F16/242 ,  G06F16/27 ,  G06F21/62

CPC classification number: G06F16/24565 ,  G06F16/2443 ,  G06F16/27 ,  G06F21/6227

Abstract: Disclosed herein are systems and methods for query processing with restrictions in a database clean room. In an embodiment, a system receives a query directed to a combination of a first source dataset from a first database account of a distributed database and a second source dataset from a second database account of the distributed database. The system generates an approved statements table that contains database statement language that can be executed against the combination of the first and second source datasets. Based on determining that the approved statements table includes the query, the system executes the query to produce results data, and stores the results data in the first database account.

公开(公告)号：US11934553B2

公开(公告)日：2024-03-19

申请号：US17390935

申请日：2021-07-31

Applicant: Snowflake Inc.

Inventor： Justin Langseth ,  Michael Earle Rainey

IPC: G06F21/62 ,  G06F16/245 ,  G06F16/25 ,  G06F16/27 ,  G06F21/60

CPC classification number: G06F21/6227 ,  G06F16/245 ,  G06F16/258 ,  G06F16/27 ,  G06F21/602

Abstract: Embodiments of the present disclosure may provide a data clean room allowing encryption based data analysis across multiple accounts of different database users. The data clean room may also restrict which data may be used in the analysis and may restrict the output. A requesting user's data can be encrypted using a key and a provider user can generate a shareable database function that accepts the key to decrypt the data to generate the results data without exposing each others' data.

公开(公告)号：US20230401201A1

公开(公告)日：2023-12-14

申请号：US18162710

申请日：2023-01-31

Applicant: Snowflake Inc.

Inventor： Rachel Frances Blum ,  Justin Langseth ,  Michael Earle Rainey

IPC: G06F16/242 ,  G06F16/27 ,  G06F16/2455

CPC classification number: G06F16/242 ,  G06F16/27 ,  G06F16/2456

Abstract: A method includes generating a defined access clean room in a provider database account, as well as installing, in a consumer account, an application instance that implements the defined access clean room. The method also includes sharing, by the provider database account, source provider data with the defined access clean room, where the sharing makes the source provider data accessible to the consumer database account via the application instance. The method further includes sharing, by the provider database account, a query template with the consumer database account via the application instance. Additionally, the method includes receiving a query generated by the consumer database account based on the query template, validating that the query is consistent with the query template, responsively generating query results by executing the query, as well as storing the query results in the consumer database account.