公开(公告)号：US12101294B2

公开(公告)日：2024-09-24

申请号：US18341954

申请日：2023-06-27

Applicant: Snowflake Inc.

Inventor： Robert Bengt Benedikt Gernhardt ,  Mikhail Kazhamiaka ,  Nithin Mahesh ,  Eric Robinson

IPC: H04L9/40

CPC classification number: H04L63/0218 ,  H04L63/0236 ,  H04L63/0245

Abstract: Different database deployments, or other data system deployments, may want to communicate with each other without sacrificing security or control. To this end, embodiments of the present disclosure may provide secure message exchange techniques for a source and/or target deployment. Configurable rule sets may be stored in the deployments; the rule sets may define what messages may be communicated between deployments. The deployments may implement a selective filtering scheme in one or more stages based on the rule sets to filter outgoing and/or incoming messages.

公开(公告)号：US11539672B2

公开(公告)日：2022-12-27

申请号：US17808429

申请日：2022-06-23

Applicant: Snowflake Inc.

Inventor： Robert Bengt Benedikt Gernhardt ,  Mikhail Kazhamiaka ,  Eric Robinson ,  Rodney Weaver

IPC: H04L9/40 ,  G06F16/27

Abstract: A network device communication system can configure network devices (e.g., a primary and secondary database) to send and receive sequences messages, such as replication data, over a channel comprising a plurality of private network nodes. The messages can be generated and encrypted using one or more key pairs and changing wrapping replication keys to send and receive the messages between different types of database deployments.

公开(公告)号：US20210281544A1

公开(公告)日：2021-09-09

申请号：US17156072

申请日：2021-01-22

Applicant: Snowflake Inc.

Inventor： Robert Bengt Benedikt Gernhardt ,  Mikhail Kazhamiaka ,  Nithin Mahesh ,  Eric Robinson

IPC: H04L29/06

Abstract: Different database deployments, or other data system deployments, may want to communicate with each other without sacrificing security or control. To this end, embodiments of the present disclosure may provide secure message exchange techniques for a source and/or target deployment. Configurable rule sets may be stored in the deployments; the rule sets may define what messages may be communicated between deployments. The deployments may implement a selective filtering scheme in one or more stages based on the rule sets to filter outgoing and/or incoming messages.

公开(公告)号：US10999261B1

公开(公告)日：2021-05-04

申请号：US17086261

申请日：2020-10-30

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Robert Bengt Benedikt Gernhardt ,  Martin Hentschel ,  Nithin Mahesh ,  Eric Robinson

IPC: H04L29/06 ,  H04L9/30 ,  G06F16/27

Abstract: A networked device communication system can configure network devices (e.g., a primary and secondary database) to send and receive sequences of messages, such as replicated data, using one or more keypairs and wrapping keys. The sequences of messages can include an initial set of messages that are encrypted by a wrapping key, and further include another set of messages that are encrypted by a replaced staggered key. The sequence of messages can be configured to be decrypted without exporting keys of hardware security modules.

公开(公告)号：US10938780B1

公开(公告)日：2021-03-02

申请号：US16809209

申请日：2020-03-04

Applicant: Snowflake Inc.

Inventor： Robert Bengt Benedikt Gernhardt ,  Mikhail Kazhamiaka ,  Nithin Mahesh ,  Eric Robinson

IPC: H04L29/06

Abstract: Different database deployments, or other data system deployments, may want to communicate with each other without sacrificing security or control. To this end, embodiments of the present disclosure may provide secure message exchange techniques for a source and/or target deployment. Configurable rule sets may be stored in the deployments; the rule sets may define what messages may be communicated between deployments. The deployments may implement a selective filtering scheme in one or more stages based on the rule sets to filter outgoing and/or incoming messages.

公开(公告)号：US20240422127A1

公开(公告)日：2024-12-19

申请号：US18810804

申请日：2024-08-21

Applicant: Snowflake Inc.

Inventor： Robert Bengt Benedikt Gernhardt ,  Mikhail Kazhamiaka ,  Nithin Mahesh ,  Eric Robinson

IPC: H04L9/40

Abstract: Different database deployments, or other data system deployments, may want to communicate with each other without sacrificing security or control. To this end, embodiments of the present disclosure may provide secure message exchange techniques for a source and/or target deployment. Configurable rule sets may be stored in the deployments; the rule sets may define what messages may be communicated between deployments. The deployments may implement a selective filtering scheme in one or more stages based on the rule sets to filter outgoing and/or incoming messages.

公开(公告)号：US20240370406A1

公开(公告)日：2024-11-07

申请号：US18775830

申请日：2024-07-17

Applicant: Snowflake Inc.

Inventor： Lin Chan ,  Tianyi Chen ,  Robert Bengt Benedikt Gernhardt ,  Nithin Mahesh ,  Eric Robinson

IPC: G06F16/14 ,  G06F16/16

Abstract: Techniques for executing show commands are described herein. A plurality of navigation steps is utilized, each navigation step corresponding to a different layer in a database structure and each navigation step including an operator to fetch items from a metadata database up to respective bounded limits. Dependency information is also fetched for objects of the specified object type in the show command. After a set of objects from the last layer are processed, memory for the navigation steps is flushed and the next set of objects are processed.

公开(公告)号：US20230344796A1

公开(公告)日：2023-10-26

申请号：US18341954

申请日：2023-06-27

Applicant: Snowflake Inc.

Inventor： Robert Bengt Benedikt Gernhardt ,  Mikhail Kazhamiaka ,  Nithin Mahesh ,  Eric Robinson

IPC: H04L9/40

CPC classification number: H04L63/0218 ,  H04L63/0236 ,  H04L63/0245

Abstract: Different database deployments, or other data system deployments, may want to communicate with each other without sacrificing security or control. To this end, embodiments of the present disclosure may provide secure message exchange techniques for a source and/or target deployment. Configurable rule sets may be stored in the deployments; the rule sets may define what messages may be communicated between deployments. The deployments may implement a selective filtering scheme in one or more stages based on the rule sets to filter outgoing and/or incoming messages.

公开(公告)号：US20230185825A1

公开(公告)日：2023-06-15

申请号：US17935869

申请日：2022-09-27

Applicant: Snowflake Inc.

Inventor： Robert Bengt Benedikt Gernhardt ,  Chao-Yang LO ,  Nithin Mahesh ,  Subramanian Muralidhar ,  Sahaj Saini

IPC: G06F16/27 ,  G06F16/185

CPC classification number: G06F16/273 ,  G06F16/185

Abstract: A system for data object replication includes at least one hardware processor and at least one memory storing instructions. The instructions cause the at least one hardware processor to perform operations including decoding a replication request to obtain a data object. Object dependencies associated with the data object and a plurality of additional data objects are determined. A replication sequence of the data object and the plurality of additional data objects is determined based on the object dependencies. A replication of the data object and at least one of the plurality of additional data objects is performed according to the replication sequence. A notification of a successful completion of the replication is generated.

公开(公告)号：US11494411B1

公开(公告)日：2022-11-08

申请号：US17643646

申请日：2021-12-10

Applicant: Snowflake Inc.

Inventor： Robert Bengt Benedikt Gernhardt ,  Chao-Yang Lo ,  Nithin Mahesh ,  Subramanian Muralidhar ,  Sahaj Saini

IPC: G06F16/00 ,  G06F16/27 ,  G06F16/185

Abstract: Provided herein are systems and methods for configuring replication of account object metadata. A system includes at least one hardware processor coupled to a memory and configured to decode a replication request received from a client device of a data provider. The replication request indicates at least a first account object, a source account, and a target account of the data provider. An object dependency of the at least first account object to at least a second account object of the data provider is determined. A replication of the at least first account object and the at least second account object is performed from the source account into the target account of the data provider.