公开(公告)号：US11379605B2

公开(公告)日：2022-07-05

申请号：US17332793

申请日：2021-05-27

Applicant: Snowflake Inc.

Inventor： Allison Waingold Lee ,  Peter Povinec ,  Martin Hentschel ,  Robert Muglia

IPC: G06F7/04 ,  H04N7/16 ,  G06F21/62 ,  G06F16/245 ,  G06F16/22

Abstract: Systems, methods, and devices for secure view-based data sharing are disclosed. A method in accordance with embodiments disclosed herein comprises associating, by one or more processors, view privileges of a secure view with one or more of a plurality of underlying details of a share object of a first account such that each of the one or more underlying details of the share object comprises a definition of the secure view. The method further comprises: in response to receiving a request from a second account to access any underlying details of the share object, using a secure projection that does not match any rewrite rule preconditions to rewrite a query plan of the request to prevent expressions that do not originate from the secure view from being pushed down below a boundary of the secure view.

公开(公告)号：US20220100890A1

公开(公告)日：2022-03-31

申请号：US17521348

申请日：2021-11-08

Applicant: Snowflake Inc.

Inventor： Justin Langseth ,  Matthew J. Glickman ,  Christian Kleinerman ,  Robert Muglia ,  Daniel Freundel ,  Thierry Cruanes ,  Allison Waingold Lee

IPC: G06F21/62 ,  G06F16/2455 ,  H04L9/32

Abstract: Systems, methods, and devices for generating a secure join of database data are disclosed. A method includes hashing datapoints of a consumer account and creating a secure view of the hashed datapoints of the consumer account. The method further includes processing, using a secure user defined function (UDF), the hashed datapoints of the consumer account and datapoints of a provider account to generate a secure join key, wherein the hashed data points of the consumer account are provided to the secure UDF using the secure view. The secure join key is then analyzed.

公开(公告)号：US20210286892A1

公开(公告)日：2021-09-16

申请号：US17332793

申请日：2021-05-27

Applicant: Snowflake Inc.

Inventor： Allison Waingold Lee ,  Peter Povinec ,  Martin Hentschel ,  Robert Muglia

IPC: G06F21/62 ,  G06F16/245 ,  G06F16/22

Abstract: Systems, methods, and devices for secure view-based data sharing are disclosed. A method in accordance with embodiments disclosed herein comprises associating, by one or more processors, view privileges of a secure view with one or more of a plurality of underlying details of a share object of a first account such that each of the one or more underlying details of the share object comprises a definition of the secure view. The method further comprises: in response to receiving a request from a second account to access any underlying details of the share object, using a secure projection that does not match any rewrite rule preconditions to rewrite a query plan of the request to prevent expressions that do not originate from the secure view from being pushed down below a boundary of the secure view.

公开(公告)号：US11048815B2

公开(公告)日：2021-06-29

申请号：US16055824

申请日：2018-08-06

Applicant: Snowflake Inc.

Inventor： Allison Waingold Lee ,  Peter Povinec ,  Martin Hentschel ,  Robert Muglia

IPC: G06F21/62 ,  G06F21/60 ,  G06F16/245 ,  G06F16/22 ,  G06F21/71

Abstract: Systems, methods, and devices for implementing secure views for zero-copy data sharing in a multi-tenant database system are disclosed. A method includes generating a share object in a first account comprising a share role. The method includes associating view privileges for the share object such that an underlying detail of the share object comprises a secure view definition. The method includes granting, to a second account, cross-account access rights to the share role or share object in the first account. The method includes receiving a request from the second account to access data or services of the first account and providing a response to the second account based on the data or services of the first account. The method is such that the underlying detail of the share object that comprises the secure view definition is hidden from the second account and visible to the first account.

公开(公告)号：US20200311297A1

公开(公告)日：2020-10-01

申请号：US16368339

申请日：2019-03-28

Applicant: Snowflake Inc.

Inventor： Justin Langseth ,  Matthew J. Glickman ,  Christian Kleinerman ,  Robert Muglia ,  Daniel Freundel ,  Thierry Cruanes ,  Allison Waingold Lee

IPC: G06F21/62 ,  G06F16/2455 ,  H04L9/32

Abstract: Systems, methods, and devices for generating a secure join of database data are disclosed. A method includes determining data stored in a first account to be compared with data stored in a second account. The method includes determining a function for generating a secure join key, wherein the secure join key includes a hashed string that hashes one or more of a data entry of the first account and a data entry of the second account. The method includes providing the secure join key to the first account and/or the second account.

公开(公告)号：US20200042734A1

公开(公告)日：2020-02-06

申请号：US16241463

申请日：2019-01-07

Applicant: Snowflake Inc.

Inventor： Allison Waingold Lee ,  Peter Povinec ,  Martin Hentschel ,  Robert Muglia

IPC: G06F21/62 ,  G06F16/245 ,  G06F16/22

Abstract: Systems, methods, and devices for implementing secure views for zero-copy data sharing in a multi-tenant database system are disclosed. A method includes generating a share object in a first account comprising a share role. The method includes associating view privileges for the share object such that an underlying detail of the share object comprises a secure user-defined function definition. The method includes granting, to a second account, cross-account access rights to the share role or share object in the first account. The method includes receiving a request from the second account to access data or services of the first account and providing a response to the second account based on the data or services of the first account. The method is such that the underlying detail of the share object that comprises the secure user-defined function definition is hidden from the second account and visible to the first account.

公开(公告)号：US20230169200A1

公开(公告)日：2023-06-01

申请号：US18153082

申请日：2023-01-11

Applicant: SNOWFLAKE INC.

Inventor： Justin Langseth ,  Matthew J. Glickman ,  Christian Kleinerman ,  Robert Muglia ,  Daniel Freundel ,  Thierry Cruanes ,  Allison Waingold Lee

IPC: G06F21/62 ,  G06F16/2455 ,  H04L9/32

CPC classification number: G06F21/6227 ,  G06F16/2456 ,  H04L9/3242

Abstract: Systems, methods, and devices for generating a secure join of database data are disclosed. A method generates a secure user defined function (UDF) that includes a one-way hash. The method uses the secure UDF to convert datapoints of a first account and datapoints of a second account into a secure join key, which is unidentifiable to the first account and the second account based on the one-way hash. The method then determines a count value of overlapping datapoints between the first account and the second account based on the secure join key.

公开(公告)号：US11461493B1

公开(公告)日：2022-10-04

申请号：US17847681

申请日：2022-06-23

Applicant: SNOWFLAKE INC.

Inventor： Justin Langseth ,  Matthew J. Glickman ,  Christian Kleinerman ,  Robert Muglia ,  Daniel Freundel ,  Thierry Cruanes ,  Allison Waingold Lee

IPC: H04L29/06 ,  G06F21/62 ,  G06F16/2455 ,  H04L9/32

Abstract: Systems, methods, and devices for generating a secure join of database data are disclosed. A method creates a secure view of datapoints of a consumer account and processes, using a secure user defined function (UDF), the datapoints of the consumer account and datapoints of a provider account to generate a secure join key. The datapoints of the consumer account are provided to the secure UDF using the secure view. The method further performs, by a processor, an analysis of the datapoints of the consumer account and the datapoints of the provider account of the secure join key. The analysis returns a count value of overlapping datapoints between the consumer account and the provider account. The method further adjusts the count value of overlapping datapoints based on a number of distinct rows associated with the provider account, and provides the adjusted count value of overlapping datapoints to the consumer account.

公开(公告)号：US11216582B2

公开(公告)日：2022-01-04

申请号：US17333343

申请日：2021-05-28

Applicant: SNOWFLAKE INC.

Inventor： Allison Waingold Lee ,  Peter Povinec ,  Martin Hentschel ,  Robert Muglia

IPC: G06F21/62 ,  G06F21/78 ,  G06F16/245 ,  G06F16/22 ,  G06F21/71

Abstract: Systems, methods, and devices for implementing secure views for zero-copy data sharing in a multi-tenant database system are disclosed. A method includes granting, to one or more cross-accounts, access to a share object comprising a secure view and usage functionality associated with a user-defined function (UDF) to underlying data without providing a view of the procedural logic associated with the UDF.

公开(公告)号：US11188670B2

公开(公告)日：2021-11-30

申请号：US16368339

申请日：2019-03-28

Applicant: Snowflake Inc.

Inventor： Justin Langseth ,  Matthew J. Glickman ,  Christian Kleinerman ,  Robert Muglia ,  Daniel Freundel ,  Thierry Cruanes ,  Allison Waingold Lee

IPC: G06F21/62 ,  G06F16/2455 ,  H04L9/32

Abstract: Systems, methods, and devices for generating a secure join of database data are disclosed. A method includes determining data stored in a first account to be compared with data stored in a second account. The method includes determining a function for generating a secure join key, wherein the secure join key includes a hashed string that hashes one or more of a data entry of the first account and a data entry of the second account. The method includes providing the secure join key to the first account and/or the second account.