公开(公告)号：US11431753B2

公开(公告)日：2022-08-30

申请号：US16431169

申请日：2019-06-04

Applicant: Palantir Technologies Inc.

Inventor： Mark Elliot ,  Jason Zhao ,  Brian Schimpf ,  Jacob Meacham ,  Marco Gelmi ,  Benjamin Duffield ,  Savino Sguera ,  James Baker ,  Neil Rickards ,  Javier Campanini ,  Qinfeng Chen ,  Derek Cicerone ,  Nathan Ziebart

IPC: H04L29/06 ,  G06F21/00 ,  H04L9/40 ,  G06F21/60

Abstract: Aspects of the present disclosure include a system comprising a computer-readable storage medium storing at least one program and a method for managing access permissions associated with data resources. Example embodiments involve evaluating user access permissions with respect to shared data resources of a group of network applications. The method includes receiving a request to access a data resource. The method further includes accessing a policy object linked to the data resource that includes an effective policy for the data resource. The method further includes evaluating a user's access permissions with respect to the data resource based on the policy object and communicating a response to the network application that includes the access permission of the user.

公开(公告)号：US20210124766A1

公开(公告)日：2021-04-29

申请号：US17077792

申请日：2020-10-22

Applicant: Palantir Technologies Inc.

Inventor： James Baker ,  Sander Kromwijk

IPC: G06F16/28 ,  G06F16/22 ,  G06F16/2455 ,  G06F16/248 ,  G06F21/62

Abstract: Systems and methods are provided for determining a query involving at least one dataset comprising a plurality of records, the query being submitted by a first user operating a computing device. An archetype policy that governs access to records of the at least one dataset can be determined, wherein the archetype policy includes at least one logical formula to be evaluated when determining whether a requesting user is permitted to access a given record, and wherein the at least one logical formula is satisfied based at least in part on a state associated with the requesting user and at least one first variable evaluated by the at least one logical formula. At least one record that the first user is permitted to access can be determined based at least in part on satisfaction of the at least one logical formula associated with the archetype policy.

公开(公告)号：US20210064475A1

公开(公告)日：2021-03-04

申请号：US17006109

申请日：2020-08-28

Applicant: Palantir Technologies Inc.

Inventor： James Baker

IPC: G06F11/14 ,  G06F16/27 ,  G06F16/215 ,  G06F16/23

Abstract: A distributed, transactional database uses timestamps, such as logical clock values, for entry versioning and transaction management in the database. To write to the database, a service requests a timestamp to be inserted into the database with a new version of data. During a backup procedure, a cleanup process is paused, issuing new timestamps is paused, and a backup timestamp is generated, which results in an effective backup copy. Such steps approximate turning off all of the database servers and backing up the servers due to the external devices and services being unable to write new data for a period of time and having the cleanup turned off for a period of time. A snapshot of the database can have some inconsistent entries. During a restore of a backup, a snapshot of the database is loaded and any entries older than the backup timestamp are deleted, which ensures that a consistent restore has occurred. Uploads of backup copies can be expedited by only uploading incremental changes and keeping track of data that is associated with multiple backup copy versions.

公开(公告)号：US20200073859A1

公开(公告)日：2020-03-05

申请号：US16249740

申请日：2019-01-16

Applicant: Palantir Technologies Inc.

Inventor： Joseph Ellis ,  Jakub Kozlowski ,  James Baker ,  Mark Elliot

IPC: G06F16/21 ,  G06F16/22 ,  G06F16/28 ,  G06F16/18

Abstract: Example embodiments describe a data storage method and system. For example, the method described, performed by one or more processors, may comprise in an application for enforcing one or more policies for reading and writing data to a database receiving, over a data network, instructions for performing a read or write request for data, and sending the read or write request to a transaction manager for providing transactions for a key-value store of the database, the request being in accordance with one or more policies to be enforced by the enforcing application. The method may also comprise receiving, from the transaction manager, a response message based on operations performed by the transaction manager in response to the read or write request.

公开(公告)号：US20190289036A1

公开(公告)日：2019-09-19

申请号：US16431169

申请日：2019-06-04

Applicant: Palantir Technologies Inc.

Inventor： Mark Elliot ,  Jason Zhao ,  Brian Schimpf ,  Jacob Meacham ,  Marco Gelmi ,  Benjamin Duffield ,  Savino Sguera ,  James Baker ,  Neil Rickards ,  Javier Campanini ,  Qinfeng Chen ,  Derek Cicerone ,  Nathan Ziebart

IPC: H04L29/06

Abstract: Aspects of the present disclosure include a system comprising a computer-readable storage medium storing at least one program and a method for managing access permissions associated with data resources. Example embodiments involve evaluating user access permissions with respect to shared data resources of a group of network applications. The method includes receiving a request to access a data resource. The method further includes accessing a policy object linked to the data resource that includes an effective policy for the data resource. The method further includes evaluating a user's access permissions with respect to the data resource based on the policy object and communicating a response to the network application that includes the access permission of the user.

公开(公告)号：US09888039B2

公开(公告)日：2018-02-06

申请号：US15204866

申请日：2016-07-07

Applicant: Palantir Technologies Inc.

Inventor： Mark Elliot ,  Jason Zhao ,  Brian Schimpf ,  Jacob Meacham ,  Marco Gelmi ,  Benjamin Duffield ,  Savino Sguera ,  James Baker ,  Neil Rickards ,  Javier Campanini ,  Qinfeng Chen ,  Derek Cicerone ,  Nathan Ziebart

IPC: H04L29/06 ,  G06F21/00

CPC classification number: H04L63/20 ,  G06F21/60 ,  H04L63/08 ,  H04L63/10 ,  H04L2463/121

Abstract: Aspects of the present disclosure include a system comprising a computer-readable storage medium storing at least one program and a method for managing access permissions associated with data resources. Example embodiments involve evaluating user access permissions with respect to shared data resources of a group of network applications. The method includes receiving a request, from one of the network applications, to access a particular data resource. The request includes an identifier of a requesting user. The method further includes accessing a policy object associated with the data resource that includes policy information specifying operations the user is authorized to perform with respect to the data resource based on satisfaction of one or more conditions. The method further includes evaluating the user's access permissions with respect to the data resource based on the policy object, and communicating a response to the network application that includes the access permission of the user.

公开(公告)号：US12118013B2

公开(公告)日：2024-10-15

申请号：US18473562

申请日：2023-09-25

Applicant: Palantir Technologies Inc.

Inventor： Robert Fink ,  James Baker ,  Mark Elliot

IPC: G06F16/25 ,  G06F16/23 ,  G06F16/2457

CPC classification number: G06F16/254 ,  G06F16/2358 ,  G06F16/2457

Abstract: Disclosed herein are systems and computer-implemented methods that include storing a sequence of events, each event associated with a sequence number indicating a temporal position of an event within the sequence of events; further storing one or more read-offsets that are associated with respective consumers and that indicate the sequence number up to which the respective consumers have read events within the sequence of events; determining a smallest read-offset of all read-offsets; compacting events and/or earlier snapshots with sequence numbers smaller than the smallest read-offset into a new snapshot; and replacing, in the sequence of events, the events and/or earlier snapshots with sequence numbers smaller than the smallest read-offset with the new snapshot.

公开(公告)号：US12067020B2

公开(公告)日：2024-08-20

申请号：US17949965

申请日：2022-09-21

Applicant: Palantir Technologies Inc.

Inventor： Jakob Juelich ,  James Baker

IPC: G06F16/2455 ,  G06F16/16 ,  G06F16/901 ,  G06F16/953 ,  G06F21/62

CPC classification number: G06F16/24566 ,  G06F16/162 ,  G06F16/9024 ,  G06F16/953 ,  G06F21/6227

Abstract: Systems, methods, and non-transitory computer readable media are provided for recursively searching a plurality of workspaces of the system for linked data associated with the seed data, initiating an endpoint process for each the seed data and the linked data, and, upon completion of the search, delete the seed data and the linked data identified based at least in part on the endpoint process. The process may be automatically repeated at a predetermined time interval to identify and remove future data that is stored in the plurality of datasets.

公开(公告)号：US11687525B2

公开(公告)日：2023-06-27

申请号：US17334286

申请日：2021-05-28

Applicant: Palantir Technologies Inc.

Inventor： Grgur Petric Maretic ,  James Baker ,  Nathan Ziebart ,  Sandor Van Wassenhove

IPC: G06F7/00 ,  G06F16/23 ,  G06F16/21 ,  G06F16/2455

CPC classification number: G06F16/2379 ,  G06F16/219 ,  G06F16/2322 ,  G06F16/2329 ,  G06F16/2365 ,  G06F16/24554

Abstract: A computer-implemented method for targeted sweep of a key-value data storage is provided. The method comprises before a write transaction to a database having a key value store commits, and before each of one or more write commands of the write transaction are persisted to the key value store, writing an entry for each of the one or more write commands to an end of a targeted sweep queue, the entry comprising metadata including: data identifying a cell to which the write command relates, a start timestamp of the write transaction, and information identifying a type of the write transaction.

公开(公告)号：US11263336B2

公开(公告)日：2022-03-01

申请号：US16733415

申请日：2020-01-03

Applicant: Palantir Technologies Inc.

Inventor： Lam Tran ,  James Baker ,  Lili Yang

IPC: G06F21/62 ,  G06F21/60 ,  H04L9/06 ,  H04L41/22 ,  H04L29/06

Abstract: Systems and methods generate a first security node hash identifier by performing a first hash operation, such as a one-way hash, on a first data resource identifier associated with a first data resource, such as a data set, produced by a data resource platform. The systems and methods generate a dependent second security node hash identifier by performing a second hash operation on a second data resource identifier associated with a dependent second data resource produced by the data resource platform and on the first security node hash identifier, receive an access request for access to the dependent second data resource; and in response to the access request, grant permission to access the dependent second data resource to a user associated with the access request based on the dependent second security node hash identifier.