公开(公告)号：US11755769B2

公开(公告)日：2023-09-12

申请号：US16265936

申请日：2019-02-01

Applicant: Snowflake Inc.

Inventor： Christopher Hockenbrocht ,  Ishaan Nerurkar ,  Alexander Rozenshteyn ,  Liam Damewood ,  David Spies ,  Mihai Maruseac

IPC: G06F21/62 ,  G06F16/245

CPC classification number: G06F21/6245 ,  G06F16/245

Abstract: A differentially private security system communicatively coupled to a database storing restricted data receives a database query from a client. The database query includes a relation specifying a set of data in the database upon which to perform the query and privacy parameters associated with the query. The differentially private security system determines a worst-case privacy spend for the query based on the privacy parameters and the relation. The differentially private security system performs the query upon the set of data specified by the relation and decrements the determined worst-case privacy spend from a privacy budget associated with the client. The differentially private security system records the worst-case privacy spend and the query at a log and determines a privacy budget refund based on queries recorded in the log. The differentially private security system applies the determined privacy budget refund to the privacy budget associated with the client.

公开(公告)号：US20240012928A1

公开(公告)日：2024-01-11

申请号：US18225573

申请日：2023-07-24

Applicant: Snowflake Inc.

Inventor： Ishaan Nerurkar ,  Christopher Hockenbrocht ,  Liam Damewood ,  Mihai Maruseac ,  Alexander Rozenshteyn

IPC: G06F21/62 ,  G06F16/248 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/2453 ,  H04L9/40 ,  G06N5/01 ,  G06N20/00 ,  G06N20/20 ,  G06F16/25

CPC classification number: G06F21/6227 ,  G06F16/248 ,  G06F16/2455 ,  G06F16/2462 ,  G06F16/2465 ,  G06F16/24547 ,  H04L63/105 ,  G06F21/6218 ,  G06F21/6245 ,  G06F21/6254 ,  G06N5/01 ,  G06N20/00 ,  G06N20/20 ,  G06F16/25

Abstract: A hardware database privacy device is communicatively coupled to a private database system. The hardware database privacy device receives a request from a client device to perform a query of the private database system and identifies a level of differential privacy corresponding to the request. The identified level of differential privacy includes privacy parameters (ε,δ) indicating the degree of information released about the private database system. The hardware database privacy device identifies a set of operations to be performed on the set of data that corresponds to the requested query. After the set of data is accessed, the set of operations is modified based on the identified level of differential privacy such that a performance of the modified set of operations produces a result set that is (ε,δ)-differentially private.

公开(公告)号：US20240005030A1

公开(公告)日：2024-01-04

申请号：US18225569

申请日：2023-07-24

Applicant: Snowflake Inc.

Inventor： Christopher Hockenbrocht ,  Ishaan Nerurkar ,  Alexander Rozenshteyn ,  Liam Damewood ,  David Spies ,  Mihai Maruseac

IPC: G06F21/62 ,  G06F16/245

CPC classification number: G06F21/6245 ,  G06F16/245

Abstract: A differentially private security system communicatively coupled to a database storing restricted data receives a database query from a client. The database query includes a relation specifying a set of data in the database upon which to perform the query and privacy parameters associated with the query. The differentially private security system determines a worst-case privacy spend for the query based on the privacy parameters and the relation. The differentially private security system performs the query upon the set of data specified by the relation and decrements the determined worst-case privacy spend from a privacy budget associated with the client. The differentially private security system records the worst-case privacy spend and the query at a log and determines a privacy budget refund based on queries recorded in the log. The differentially private security system applies the determined privacy budget refund to the privacy budget associated with the client.

公开(公告)号：US11861032B2

公开(公告)日：2024-01-02

申请号：US17714785

申请日：2022-04-06

Applicant: Snowflake Inc.

Inventor： Liam Damewood ,  Oana Niculaescu ,  Alexander Rozenshteyn ,  Ann Yang

IPC: G06F16/245 ,  G06F21/62

CPC classification number: G06F21/6227 ,  G06F16/245

Abstract: A differentially private security system communicatively coupled to a database storing restricted data receives a database query from a client. The database query includes an operation, a target accuracy, and a maximum privacy spend for the query. The system performs the operation to produce a result, then injects the result with noise sampled from a Laplace distribution to produce a differentially private result. The system iteratively calibrates the noise value of the differentially private result using a secondary distribution different from the Laplace distribution and a new fractional privacy spend. The system ceases to iterate when an iteration uses the maximum privacy spend or a relative error of the differentially private result is determined to satisfy the target accuracy, or both. The system sends the differentially private result to the client.

公开(公告)号：US12223083B2

公开(公告)日：2025-02-11

申请号：US18225573

申请日：2023-07-24

Applicant: Snowflake Inc.

Inventor： Ishaan Nerurkar ,  Christopher Hockenbrocht ,  Liam Damewood ,  Mihai Maruseac ,  Alexander Rozenshteyn

IPC: G06F21/62 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/248 ,  G06F16/25 ,  G06N5/01 ,  G06N20/00 ,  G06N20/20 ,  H04L9/40

Abstract: A hardware database privacy device is communicatively coupled to a private database system. The hardware database privacy device receives a request from a client device to perform a query of the private database system and identifies a level of differential privacy corresponding to the request. The identified level of differential privacy includes privacy parameters (ε,δ) indicating the degree of information released about the private database system. The hardware database privacy device identifies a set of operations to be performed on the set of data that corresponds to the requested query. After the set of data is accessed, the set of operations is modified based on the identified level of differential privacy such that a performance of the modified set of operations produces a result set that is (ε,δ)-differentially private.

公开(公告)号：US12072998B2

公开(公告)日：2024-08-27

申请号：US17389100

申请日：2021-07-29

Applicant: Snowflake Inc.

Inventor： Ishaan Nerurkar ,  Christopher Hockenbrocht ,  Liam Damewood ,  Mihai Maruseac ,  Alexander Rozenshteyn

IPC: G06F21/62 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/248 ,  G06F16/25 ,  G06N5/01 ,  G06N20/00 ,  G06N20/20 ,  H04L9/40

CPC classification number: G06F21/6227 ,  G06F16/24547 ,  G06F16/2455 ,  G06F16/2462 ,  G06F16/2465 ,  G06F16/248 ,  G06F16/25 ,  G06F21/6218 ,  G06F21/6245 ,  G06F21/6254 ,  G06N5/01 ,  G06N20/00 ,  G06N20/20 ,  H04L63/105

Abstract: A hardware database privacy device is communicatively coupled to a private database system. The hardware database privacy device receives a request from a client device to perform a query of the private database system and identifies a level of differential privacy corresponding to the request. The identified level of differential privacy includes privacy parameters (ε,δ) indicating the degree of information released about the private database system. The hardware database privacy device identifies a set of operations to be performed on the set of data that corresponds to the requested query. After the set of data is accessed, the set of operations is modified based on the identified level of differential privacy such that a performance of the modified set of operations produces a result set that is (ε,δ)-differentially private.

公开(公告)号：US12204679B2

公开(公告)日：2025-01-21

申请号：US18225569

申请日：2023-07-24

Applicant: Snowflake Inc.

Inventor： Christopher Hockenbrocht ,  Ishaan Nerurkar ,  Alexander Rozenshteyn ,  Liam Damewood ,  David Spies ,  Mihai Maruseac

IPC: G06F21/62 ,  G06F16/245

Abstract: A differentially private security system communicatively coupled to a database storing restricted data receives a database query from a client. The database query includes a relation specifying a set of data in the database upon which to perform the query and privacy parameters associated with the query. The differentially private security system determines a worst-case privacy spend for the query based on the privacy parameters and the relation. The differentially private security system performs the query upon the set of data specified by the relation and decrements the determined worst-case privacy spend from a privacy budget associated with the client. The differentially private security system records the worst-case privacy spend and the query at a log and determines a privacy budget refund based on queries recorded in the log. The differentially private security system applies the determined privacy budget refund to the privacy budget associated with the client.

公开(公告)号：US12019779B2

公开(公告)日：2024-06-25

申请号：US17389100

申请日：2021-07-29

Applicant: Snowflake Inc.

Inventor： Ishaan Nerurkar ,  Christopher Hockenbrocht ,  Liam Damewood ,  Mihai Maruseac ,  Alexander Rozenshteyn

IPC: G06F21/62 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/248 ,  G06F16/25 ,  G06N5/01 ,  G06N20/00 ,  G06N20/20 ,  H04L9/40

CPC classification number: G06F21/6227 ,  G06F16/24547 ,  G06F16/2455 ,  G06F16/2462 ,  G06F16/2465 ,  G06F16/248 ,  G06F16/25 ,  G06F21/6218 ,  G06F21/6245 ,  G06F21/6254 ,  G06N5/01 ,  G06N20/00 ,  G06N20/20 ,  H04L63/105

Abstract: A hardware database privacy device is communicatively coupled to a private database system. The hardware database privacy device receives a request from a client device to perform a query of the private database system and identifies a level of differential privacy corresponding to the request. The identified level of differential privacy includes privacy parameters (ε,δ) indicating the degree of information released about the private database system. The hardware database privacy device identifies a set of operations to be performed on the set of data that corresponds to the requested query. After the set of data is accessed, the set of operations is modified based on the identified level of differential privacy such that a performance of the modified set of operations produces a result set that is (ε,δ)-differentially private.

公开(公告)号：US11893133B2

公开(公告)日：2024-02-06

申请号：US17336252

申请日：2021-06-01

Applicant: Snowflake Inc.

Inventor： Christopher Hockenbrocht ,  Ishaan Nerurkar ,  Liam Damewood ,  Mihai Maruseac ,  Alexander Rozenshteyn

IPC: G06F21/62

CPC classification number: G06F21/6245 ,  G06F21/6227

Abstract: Techniques are described for budget tracking in a differentially private security system. A request to perform a query of a private database system is received by a privacy device from a client device. The request is associated with a level of differential privacy. A privacy budget corresponding to the received request is accessed by the privacy device. The privacy budget includes a cumulative privacy spend and a maximum privacy spend, the cumulative privacy spend representative of previous queries of the private database system. A privacy spend associated with the received request is determined by the privacy device based at least in part on the level of differential privacy associated with the received request. If a sum of the determined privacy spend and the cumulative privacy spend is less than the maximum privacy spend, the query is performed. Otherwise a security action is performed based on a security policy.

公开(公告)号：US11775671B2

公开(公告)日：2023-10-03

申请号：US17389100

申请日：2021-07-29

Applicant: Snowflake Inc.

Inventor： Ishaan Nerurkar ,  Christopher Hockenbrocht ,  Liam Damewood ,  Mihai Maruseac ,  Alexander Rozenshteyn

IPC: G06F21/62 ,  G06F16/248 ,  G06F16/2455 ,  G06F16/2458 ,  H04L9/40 ,  G06N20/00 ,  G06F16/2453 ,  G06F16/25 ,  G06N20/20 ,  G06N5/01

CPC classification number: G06F21/6227 ,  G06F16/248 ,  G06F16/2455 ,  G06F16/2462 ,  G06F16/2465 ,  G06F16/24547 ,  G06F16/25 ,  G06F21/6218 ,  G06F21/6245 ,  G06F21/6254 ,  G06N5/01 ,  G06N20/00 ,  G06N20/20 ,  H04L63/105

Abstract: A hardware database privacy device is communicatively coupled to a private database system. The hardware database privacy device receives a request from a client device to perform a query of the private database system and identifies a level of differential privacy corresponding to the request. The identified level of differential privacy includes privacy parameters (ε,δ) indicating the degree of information released about the private database system. The hardware database privacy device identifies a set of operations to be performed on the set of data that corresponds to the requested query. After the set of data is accessed, the set of operations is modified based on the identified level of differential privacy such that a performance of the modified set of operations produces a result set that is (ε,δ)-differentially private.