公开(公告)号：US12242636B2

公开(公告)日：2025-03-04

申请号：US17844601

申请日：2022-06-20

Applicant: SNOWFLAKE INC.

Inventor： Allison Waingold Lee ,  Peter Povinec ,  Martin Hentschel ,  Robert Muglia

IPC: G06F21/62 ,  G06F16/22 ,  G06F16/245 ,  G06F21/78

Abstract: Systems, methods, and devices for implementing secure user-defined function (UDF) in a multi-tenant database system are disclosed. A method includes receiving a grant to access a share object comprising usage functionality associated with a secure UDF to underlying data. The method includes accessing the share object using the grant. The method includes causing a share component to implement the secure view and the usage functionality associated with the secure UDF.

公开(公告)号：US20250053576A1

公开(公告)日：2025-02-13

申请号：US18931781

申请日：2024-10-30

Applicant: Snowflake Inc.

Inventor： Benoit Dageville ,  Eric Robinson ,  Martin Hentschel

IPC: G06F16/27 ,  G06F16/245 ,  H04L67/1097

Abstract: Systems of methods of directing requests to databases based on client account association is disclosed. A method includes determining a first client account associated with a first request to perform a first transaction. The method includes determining a second client account associated with a second request to perform a second transaction. The method includes selecting, for the first request, a primary deployment that stores a first dataset responsive to determining the first client account associated with the first request. The method includes selecting, for the second request, a secondary deployment that stores a second dataset that includes the first dataset responsive to determining the second client account associated with the second request. The method includes executing, while the primary deployment and the secondary deployment are both available, the first transaction on the first dataset at the primary deployment and the second transaction on the second dataset at the secondary deployment.

公开(公告)号：US20230205912A1

公开(公告)日：2023-06-29

申请号：US18111821

申请日：2023-02-20

Applicant: Snowflake Inc.

Inventor： Benoit Dageville ,  Peter Povinec ,  Philipp Thomas Unterbrunner ,  Martin Hentschel

IPC: G06F21/62 ,  G06F21/60

CPC classification number: G06F21/6227 ,  G06F21/602 ,  G06F2221/2107

Abstract: A method for directing queries to encrypted database files includes acquiring a mapping that links a first encrypted file with a different encrypted file. The first encrypted file is generated based on a first encryption key. The method includes generating, by one or more processors based on the mapping, an updated mapping to link a second encrypted file with the different encrypted file. The second encrypted file is generated based on a second encryption key. The method includes determining an arrival time of a query. The method includes directing, based on the arrival time, the query to the first encrypted file or the second encrypted file.

公开(公告)号：US20220318419A1

公开(公告)日：2022-10-06

申请号：US17844601

申请日：2022-06-20

Applicant: SNOWFLAKE INC.

Inventor： Allison Waingold Lee ,  Peter Povinec ,  Martin Hentschel ,  Robert Muglia

IPC: G06F21/62 ,  G06F16/245 ,  G06F16/22

Abstract: Systems, methods, and devices for implementing secure user-defined function (UDF) in a multi-tenant database system are disclosed. A method includes receiving a grant to access a share object comprising usage functionality associated with a secure UDF to underlying data. The method includes accessing the share object using the grant. The method includes causing a share component to implement the secure view and the usage functionality associated with the secure UDF.

公开(公告)号：US20220114277A1

公开(公告)日：2022-04-14

申请号：US17559226

申请日：2021-12-22

Applicant: SNOWFLAKE INC.

Inventor： Allison Waingold Lee ,  Peter Povinec ,  Martin Hentschel ,  Robert Muglia

IPC: G06F21/62 ,  G06F16/245 ,  G06F16/22

Abstract: Systems, methods, and devices for implementing secure views for zero-copy data sharing in a multi-tenant database system are disclosed. A method includes receiving, by a cross-account, a grant to access a share object comprising a secure view and usage functionality associated with a secure user-defined function (UDF) to underlying data. The method includes accessing, by the cross-account, the share object using the grant. The method includes sending a request to a share component to cause the share component to implement the secure view and the usage functionality associated with the secure UDF. The method includes sending a query to the share component to cause the share component to implement the secure UDF.

公开(公告)号：US20210344655A1

公开(公告)日：2021-11-04

申请号：US17219700

申请日：2021-03-31

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Robert Bengt Benedikt Gernhardt ,  Martin Hentschel ,  Nithin Mahesh ,  Eric Robinson

IPC: H04L29/06 ,  G06F16/27 ,  H04L9/30

Abstract: A networked device communication system can configure network devices (e.g., a primary and secondary database) to send and receive sequences of messages, such as replicated data, using one or more keypairs and wrapping keys. The sequences of messages can include an initial set of messages that are encrypted by a wrapping key, and further include another set of messages that are encrypted by a replaced staggered key. The sequence of messages can be configured to be decrypted without exporting keys of hardware security modules.

公开(公告)号：US20210312070A1

公开(公告)日：2021-10-07

申请号：US17354972

申请日：2021-06-22

Applicant: SNOWFLAKE INC.

Inventor： Benoit Dageville ,  Thierry Cruanes ,  Martin Hentschel ,  Peter Povinec

IPC: G06F21/62 ,  G06F16/25

Abstract: A method of sharing data in a multi-tenant database includes generating a share object in a first account comprising a share role. The method includes associating one or more access rights with the share role, wherein the one or more access rights indicate which objects in the first account are accessible based on the share object. The method includes granting, to a second account, cross-account access rights to the share role or share object in the first account. The method includes receiving a request from the second account to access data or services of the first account. The method further includes providing a response to the second account based on the data or services of the first account.

公开(公告)号：US20210049179A1

公开(公告)日：2021-02-18

申请号：US17086279

申请日：2020-10-30

Applicant: Snowflake Inc.

Inventor： Benoit Dageville ,  Yi Fang ,  Martin Hentschel ,  Ashish Motivala ,  Spyros Triantafyllis ,  Yizhi Zhu

IPC: G06F16/2455 ,  G06F16/23 ,  G06F16/2457 ,  G06F16/22 ,  G06F16/2458 ,  G06F16/27

Abstract: The subject technology receives first metadata corresponding to a set of micro-partitions. The subject technology stores a first data structure and a second data structure in storage as a first file and a second file, first data structure including the first metadata and a second data structure including second metadata, the first metadata corresponding to a set of micro-partitions, the second metadata for a grouping of the first metadata, the second data structure including information associating the second metadata to the first metadata. The subject technology stores third metadata for a table, the third metadata comprising: cumulative table metadata comprising global information about a plurality of micro-partitions of the table, the cumulative table metadata being stored in a metadata micro-partition associated with the table.

公开(公告)号：US10862872B1

公开(公告)日：2020-12-08

申请号：US16863031

申请日：2020-04-30

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Robert Bengt Benedikt Gernhardt ,  Martin Hentschel ,  Nithin Mahesh ,  Eric Robinson

IPC: H04L29/06 ,  H04L9/08 ,  G06F16/27 ,  H04L9/30

Abstract: A networked device communication system can configure network devices (e.g., a primary and secondary database) to send and receive sequences of messages, such as replicated data, using one or more keypairs and wrapping keys. The sequences of messages can include an initial set of messages that are encrypted by a wrapping key, and further include another set of messages that are encrypted by a replaced staggered key. The sequence of messages can be configured to be decrypted without exporting keys of hardware security modules.

公开(公告)号：US20200257817A1

公开(公告)日：2020-08-13

申请号：US16833482

申请日：2020-03-27

Applicant: Snowflake Inc.

Inventor： Benoit DAGEVILLE ,  Thierry Cruanes ,  Martin Hentschel ,  Peter Povinec

IPC: G06F21/62 ,  G06F16/25

Abstract: A method for sharing data in a multi-tenant database includes generating a share object in a first account comprising a share role. The method includes associating one or more access rights with the share role, wherein the one or more access rights indicate which objects in the first account are accessible based on the share object. The method includes granting, to a second account, cross-account access rights to the share role or share object in the first account. The method includes receiving a request from the second account to access data or services of the first account. The method further includes providing a response to the second account based on the data or services of the first account.