公开(公告)号：US20240176822A1

公开(公告)日：2024-05-30

申请号：US18428694

申请日：2024-01-31

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Thierry Cruanes ,  Simon Holm Jensen ,  Allison Waingold Lee ,  Daniel N. Meredith ,  Subramanian Muralidhar ,  David Schultz ,  Zixi Zhang

IPC: G06F16/903

CPC classification number: G06F16/90335

Abstract: A database system facilitates secure data sharing by implementing projection constraints within a query processing framework. Upon receiving a query directed to a shared dataset, the system, utilizing hardware processors, identifies a subset of data within the dataset that is subject to a projection constraint policy. The applicability of the projection constraint is determined based on the context of the query, which is derived from a data sharing agreement. The system processes the query by selectively restricting the projection of data values from constrained columns, while allowing specific operations to be performed on the data. The output generated in response to the query is compliant with the projection constraint policy, providing derived data based on the allowed operations without revealing the actual data values. This ensures the confidentiality of sensitive information while enabling collaborative data analysis and sharing among various users of the database system.

公开(公告)号：US20240378305A1

公开(公告)日：2024-11-14

申请号：US18316787

申请日：2023-05-12

Applicant: Snowflake Inc.

Inventor： Suraj P. Acharya ,  Jennifer Wenjun Bi ,  Khalid Zaman Bijon ,  Damien Carru ,  Lin Chan ,  Tianyi Chen ,  Jeremy Yujui Chen ,  Thierry Cruanes ,  Benoit Dageville ,  Simon Holm Jensen ,  Boxin Jiang ,  Dmitry A. Lychagin ,  Subramanian Muralidhar ,  Shuaishuai Nie ,  Eric Robinson ,  Sahaj Saini ,  David Schultz ,  Kevin Wang ,  Wenqi Wei ,  Zixi Zhang ,  Xingzhe Zhou

IPC: G06F21/62 ,  G06F21/60

Abstract: Systems and methods for generating object references with selectable scopes are provided. The systems and methods perform operations including calling, by a first entity, a reference generator function using one or more arguments associated with a database object that the first entity is authorized to access according to a first set of access privileges, the one or more arguments comprising a scope definition that defines persistence of a reference. The operations include obtaining, from the reference generator function, a reference to the database object, the reference persisting according to the scope definition. The operations include passing the reference to a second entity to enable the second entity to perform one or more database operations on the database object according to a second set of access privileges derived from the first set of access privileges.

公开(公告)号：US11928157B2

公开(公告)日：2024-03-12

申请号：US17934814

申请日：2022-09-23

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Thierry Cruanes ,  Simon Holm Jensen ,  Allison Waingold Lee ,  Daniel N. Meredith ,  Subramanian Muralidhar ,  David Schultz ,  Zixi Zhang

IPC: G06F16/903

CPC classification number: G06F16/90335

Abstract: A constraint system enforces projection constraints on data values stored in specified columns of a shared dataset when queries are received by a database system. A projection constraint identifies that the data in a column may be restricted from being projected (e.g., presented, read, outputted) in an output to a received query, while allowing specified operations to be performed on the data and a corresponding output to be provided. For example, the projection constraint may indicate a context for a query that triggers the constraint, such as based on the user that submitted the query. Enforcing projection constraints on queries received at the database system allows for data to be shared and used anonymously by entities to perform various operations without the need to tokenize the data.

公开(公告)号：US20240303373A1

公开(公告)日：2024-09-12

申请号：US18345971

申请日：2023-06-30

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Bowei Chen ,  Thierry Cruanes ,  Simon Holm Jensen ,  Allison Waingold Lee ,  Valentin K. Kuznetsov ,  Jun Li ,  Subramanian Muralidhar ,  Carl Yates Perry ,  David Schultz ,  Zixi Zhang

IPC: G06F21/62 ,  G06F16/242

CPC classification number: G06F21/6245 ,  G06F16/244 ,  G06F2221/2113

Abstract: The cloud data platform receives a first query directed towards a shared dataset, the first query identifying a first operation. The platform accesses a first set of data from the shared dataset to perform the first operation, the first set of data including data accessed from a first table of the shared dataset. The cloud data platform determines that an aggregation constraint policy is attached to the first table, the aggregation constraint policy restricts output of data values stored in the first table and enforces the aggregation constraint policy on the first query based on a context of the first query. The cloud data platform generates an output to the first query based on the first set of data and the first operation, based on enforcing the aggregation constraint policy on the first query.

公开(公告)号：US20230401260A1

公开(公告)日：2023-12-14

申请号：US17934814

申请日：2022-09-23

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Thierry Cruanes ,  Simon Holm Jensen ,  Allison Waingold Lee ,  Daniel N. Meredith ,  Subramanian Muralidhar ,  David Schultz ,  Zixi Zhang

IPC: G06F16/903

CPC classification number: G06F16/90335

Abstract: A constraint system enforces projection constraints on data values stored in specified columns of a shared dataset when queries are received by a database system. A projection constraint identifies that the data in a column may be restricted from being projected (e.g., presented, read, outputted) in an output to a received query, while allowing specified operations to be performed on the data and a corresponding output to be provided. For example, the projection constraint may indicate a context for a query that triggers the constraint, such as based on the user that submitted the query. Enforcing projection constraints on queries received at the database system allows for data to be shared and used anonymously by entities to perform various operations without the need to tokenize the data.

公开(公告)号：US11995126B2

公开(公告)日：2024-05-28

申请号：US18104271

申请日：2023-01-31

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Thierry Cruanes ,  Simon Holm Jensen ,  Allison Waingold Lee ,  Daniel N. Meredith ,  Subramanian Muralidhar ,  David Schultz ,  Zixi Zhang

IPC: G06F16/903

CPC classification number: G06F16/90335

Abstract: A system for enforcing projection constraints on data values stored in specified variables of a shared dataset of a cloud data platform. A request is received from a first account of the cloud data platform that identifies a first operation to be performed on the shared dataset. A first set of data, including data accessed from a first variable, is accessed from the shared dataset to use in performing the first operation. A projection constraint policy attached to the first variable of the shared dataset is determined, and the projection constraint policy is further determined to be enforced based on the request. Based on the first set of data and the first operation, an output to the first request is generated.

公开(公告)号：US11934543B1

公开(公告)日：2024-03-19

申请号：US18056489

申请日：2022-11-17

Applicant: Snowflake Inc.

Inventor： Jennifer Wenjun Bi ,  Khalid Zaman Bijon ,  Damien Carru ,  Thierry Cruanes ,  Simon Holm Jensen ,  Daniel N. Meredith ,  Subramanian Muralidhar ,  Eric Robinson ,  David Schultz ,  Zixi Zhang

IPC: G06F21/60 ,  G06F21/62

CPC classification number: G06F21/604 ,  G06F21/6227 ,  G06F2221/2113 ,  G06F2221/2141

Abstract: Systems and methods for generating transient object references are provided. The systems and methods perform operations including establishing a session between a first entity and a second entity. The operations include identifying an object that the first entity is authorized to access according to a first set of access privileges. The operations include generating a reference associated with the object. The operations include temporarily authorizing the second entity to access the object using the reference according to a second set of access privileges, the second set of access privileges being derived from the first set of access privileges.

公开(公告)号：US20230409639A1

公开(公告)日：2023-12-21

申请号：US18104271

申请日：2023-01-31

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Thierry Cruanes ,  Simon Holm Jensen ,  Allison Waingold Lee ,  Daniel N. Meredith ,  Subramanian Muralidhar ,  David Schultz ,  Zixi Zhang

IPC: G06F16/903

CPC classification number: G06F16/90335

Abstract: A system for enforcing projection constraints on data values stored in specified variables of a shared dataset of a cloud data platform. A request is received from a first account of the cloud data platform that identifies a first operation to be performed on the shared dataset. A first set of data, including data accessed from a first variable, is accessed from the shared dataset to use in performing the first operation. A projection constraint policy attached to the first variable of the shared dataset is determined, and the projection constraint policy is further determined to be enforced based on the request. Based on the first set of data and the first operation, an output to the first request is generated.