公开(公告)号：US20240362347A1

公开(公告)日：2024-10-31

申请号：US18637855

申请日：2024-04-17

Applicant: Neo4j Sweden AB

Inventor： Sascha Peukert

IPC: G06F21/60

CPC classification number: G06F21/604 ,  G06F2221/2113 ,  G06F2221/2141

Abstract: A user interface to manage effective permissions on a graph database is disclosed. An input data identifying one or both of a portion of the graph database and a user or role associated with the graph database is received. For each of at least a subset of one or more nodes and one or more relationships comprising an identified portion of the graph database a set of selectable user controls is provided. A user input associated with changing the display state from the selected display state to the not selected display state, or vice versa, is received. A set of access rights data as stored in a memory is updated to associate with the identified user or role said set of one or more access rights with respect to the node or relationship in the identified portion of the graph database.

公开(公告)号：US12124602B2

公开(公告)日：2024-10-22

申请号：US18228546

申请日：2023-07-31

Applicant: Snowflake Inc.

Inventor： Vikas Jain ,  Eric Karlson ,  Sepideh Khoshnood

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/40

CPC classification number: G06F21/6227 ,  G06F21/604 ,  G06F21/6218 ,  H04L63/10 ,  H04L63/102 ,  H04L63/105 ,  H04L63/101 ,  H04L63/104 ,  H04L63/107

Abstract: Embodiments of the present disclosure provide systems and methods for using secure schemas to address inconsistencies between standard RBAC rules and the use of inherited grants. A secure schema may be defined that transfers ownership of an object created in the secure schema to a role that owns the secure schema. An inherited grant may be attached to the secure schema, where the inherited grant specifies a permission on a first type of object in the secure schema and a grant of the permission to the role that owns the secure schema. When objects are created in the secure schema, ownership of each of the set of objects is transferred to the role that owns the secure schema to authorize the role that owns the secure schema to manage grants to the set of objects on the secure schema.

公开(公告)号：US20240348610A1

公开(公告)日：2024-10-17

申请号：US18750627

申请日：2024-06-21

Applicant: Cyral Inc.

Inventor： Manav Ratan Mital ,  Srinivas Nageswarrao Vadlamani ,  Pramod Chandraiah ,  Hugo Araújo de Sousa

IPC: H04L9/40 ,  G06F11/30 ,  G06F11/34 ,  G06F16/2453 ,  G06F21/31 ,  G06F21/60 ,  G06F21/62 ,  H04L67/01 ,  H04L69/326 ,  H04L69/329

CPC classification number: H04L63/0884 ,  G06F11/3006 ,  G06F11/3438 ,  G06F11/3476 ,  G06F16/24547 ,  G06F21/31 ,  G06F21/604 ,  G06F21/6227 ,  G06F21/6254 ,  H04L63/0281 ,  H04L63/101 ,  H04L63/102 ,  H04L63/104 ,  H04L63/105 ,  H04L63/1425 ,  H04L63/166 ,  H04L63/168 ,  H04L69/326 ,  H04L69/329 ,  G06F2221/2107 ,  H04L67/01 ,  H04L2463/082

Abstract: A method and system for performing federated identity management are described. The method and system include receiving a communication for a data source at a wrapper. The wrapper includes a dispatcher and a service. The dispatcher receives the communication and is data agnostic. The communication corresponds to end user credentials for an end user. The method and system include providing the communication from the dispatcher to the data source and to the service. The method and system also use the service to authenticate the end user based on the end user credentials and utilizing federated identity management.

公开(公告)号：US20240346105A1

公开(公告)日：2024-10-17

申请号：US18751155

申请日：2024-06-21

Applicant: Stripe, Inc.

Inventor： Gabriel HURLEY ,  Julia CHAVES ,  Peter YAWORSKI ,  Fred KUO ,  Konstantin TENNHARD ,  Jorge Eugenio AGUIRRE GONZALEZ

IPC: G06F16/957 ,  G06F16/958 ,  G06F21/60

CPC classification number: G06F16/9577 ,  G06F16/958 ,  G06F21/604 ,  G06F2221/2149

Abstract: In some embodiments, an electronic device is configured to transmit a first request for an account session key, receive the account session key associated with a first set of permissions corresponding to the embedded interface element and a second set of permissions corresponding to the embedded app, transmit a second request for an embedded app key, receive the embedded app key associated with a third set of permissions corresponding to the embedded app, and proxy communications between the embedded interface element and the processor server, based on the account session key associated with the first set of permissions, and between the embedded app and the processor server, based on the embedded app key associated with the third set of permissions.

公开(公告)号：US12118122B2

公开(公告)日：2024-10-15

申请号：US18297320

申请日：2023-04-07

Applicant: Amazon Technologies, Inc.

Inventor： Ning Liao ,  Josef Schiefer ,  Karishma Chawla ,  Ruiwen Zhao ,  Michael Banfield ,  Fusheng Yuan ,  Kaiwen Qu

IPC: G06F21/62 ,  G06F16/33 ,  G06F21/60

CPC classification number: G06F21/6245 ,  G06F21/604 ,  G06F16/334

Abstract: Unstructured data items are stored at an object storage service. A filtering requirement to be used to generate a result set for an access request is determined. Using a transformed representation of the filtering requirement, a target set of tokens of the filtering requirement which are to be obfuscated within a log record is identified. A log record that comprises substitute tokens for the target set of tokens is generated and stored.

公开(公告)号：US12118106B2

公开(公告)日：2024-10-15

申请号：US16286979

申请日：2019-02-27

Applicant: K2 Software, Inc.

Inventor： Paul Hoeffer ,  Lewis Garmston ,  Grant Dickinson

IPC: G06F21/60 ,  G06F21/62

CPC classification number: G06F21/6218 ,  G06F21/604

Abstract: Methods and systems for creating and extending a row-level security (RLS) policy are provided. In one embodiment, a method is provided that includes creating an RLS policy for a primary object and searching a relationship database for one or more child relationships of the primary object. The method may further include filtering the one or more child relationships to identify a valid child relationship of the primary object. A child object of the primary object may then be identified based on the valid child relationship. The method may further include receiving a request to extend the RLS policy to the child object, and extending the RLS policy to the child object.

公开(公告)号：US12118102B1

公开(公告)日：2024-10-15

申请号：US18239714

申请日：2023-08-29

Applicant: Styra, Inc.

Inventor： Torin Sandall ,  Timothy L. Hinrichs ,  Teemu Koponen

IPC: G06F21/60

CPC classification number: G06F21/604

Abstract: Some embodiments provide a method for evaluating a policy for authorizing an API (Application Programming Interface) call to an application. Based on a first set of parameters available before receiving the API call, the method evaluates only a portion of the policy to produce a partially evaluated policy. The method stores the partially evaluated policy in a cache. The method then receives an API call to authorize, and determines whether the API call should be authorized by fully evaluating the policy, using the partially evaluated policy retrieved from the cache first storage, and a second set of parameters associated with the API call. The method responds to the API call with a policy decision based on the fully evaluated authorization policy.

公开(公告)号：US12118100B2

公开(公告)日：2024-10-15

申请号：US17853431

申请日：2022-06-29

Applicant: Hitachi, Ltd.

Inventor： Mitsuhiro Kitani ,  Syafril Bandara

IPC: G06F21/00 ,  G06F21/60 ,  G06F21/62

CPC classification number: G06F21/604 ,  G06F21/6245

Abstract: An object of the invention is to enable usage of data based on terms concluded with a user, and achieves both promotion of usage of personal data and privacy protection related to the personal data. A data distribution intermediary device acquires personal data metadata and generates service usage data metadata based on terms of service related to distribution and usage of the personal data. Then, the data distribution intermediary device detects a difference between the personal data metadata and the service usage data metadata, determines a necessity of conversion processing of the personal data based on the difference between the metadata, and converts the personal data to corresponding service usage data based on the service usage data metadata when the personal data is determined to be necessary to be converted.

公开(公告)号：US20240330487A1

公开(公告)日：2024-10-03

申请号：US18731514

申请日：2024-06-03

Applicant: BlockFrame, Inc.

Inventor： Christopher Paul Gorog

IPC: G06F21/60 ,  G06F16/23 ,  G06F21/62 ,  G06Q10/0835 ,  G06Q10/087 ,  G06Q20/38 ,  G06Q20/40 ,  H04L9/08 ,  H04L9/40

CPC classification number: G06F21/602 ,  G06F16/2379 ,  G06F21/604 ,  G06F21/6209 ,  G06Q10/0835 ,  G06Q10/087 ,  G06Q20/389 ,  G06Q20/401 ,  H04L9/0827 ,  H04L9/085 ,  H04L9/0861 ,  H04L9/0877 ,  H04L63/0442 ,  H04L63/0823 ,  H04L63/0838

Abstract: A system includes a memory, and at least one processor, operatively coupled to the memory, to receive an encrypted version of a first set of secrets data corresponding to a target supply chain state of a device, receive a permission to cause a transition to the target supply chain state, and in response to receiving the permission to cause the transition to the target supply chain state, cause the transition to the target supply chain state. To cause the transition to the target supply chain state, the at least one processor is to cause the first set of secrets data to be stored in a protected memory.

公开(公告)号：US12105833B2

公开(公告)日：2024-10-01

申请号：US16855924

申请日：2020-04-22

Applicant: T-Mobile USA, Inc.

Inventor： Darren Kress ,  Ahmad Arash Obaidi

IPC: G06F21/62 ,  G06F21/60 ,  G06F21/64 ,  G06Q20/12 ,  H04L9/00 ,  H04L9/06

CPC classification number: G06F21/6245 ,  G06F21/604 ,  G06F21/645 ,  G06Q20/1235 ,  H04L9/50 ,  H04L9/0637 ,  H04L9/0643 ,  H04L2209/56

Abstract: A data broker platform may store one or more data sharing preference settings of a subscriber for the subscriber data of the subscriber in a corresponding subscriber preference record of a subscriber preference blockchain ledger. The platform may further store one more access policy settings with respect to the subscriber data in a corresponding access configuration record of an access configuration blockchain ledger. The platform may receive a data request from a computing device of a third-party entity to access a set of subscriber data of the subscriber. Accordingly, the platform may provide the computing device of the third-party entity with access to the set of subscriber data when the platform determines using records in the subscriber preference blockchain ledger and the access configuration blockchain ledger that the third-party entity is permitted to access the set of subscriber data.