公开(公告)号：US12235992B2

公开(公告)日：2025-02-25

申请号：US18060504

申请日：2022-11-30

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Thierry Cruanes ,  Monica J. Holboke ,  Allison Waingold Lee ,  Subramanian Muralidhar ,  David Schultz

IPC: G06F21/62 ,  G06F9/54 ,  G06F16/2455 ,  G06F21/53

Abstract: In an embodiment, an application is created on a data-provider platform. The application includes one or more application programming interfaces (APIs) corresponding to one or more underlying code blocks. Provider data is shared with the application on the data-provider platform. An application instance of the application is installed in a trusted execution environment (TEE). The application instance includes one or more APIs corresponding to the one or more APIs in the application on the data-provider platform. Consumer data is shared with the application instance from a data-consumer platform. One or more of the APIs of the application instance are invoked to execute, on the TEE, respective associated underlying code blocks that are not visible on the TEE. The output of the one or more respective associated underlying code blocks is saved to the data-consumer platform.

公开(公告)号：US12210492B2

公开(公告)日：2025-01-28

申请号：US18456644

申请日：2023-08-28

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Benoit Dageville ,  Subramanian Muralidhar ,  Eric Robinson ,  Sahaj Saini ,  David Schultz

IPC: G06F16/21 ,  G06F16/28 ,  G06F21/62

Abstract: Techniques for creating, sharing, and using bundles (also referred to as packages) in a multi-tenant database are described herein. A bundle is a schema object with associated hidden schemas. A bundle can be created by a provider user and can be shared with a plurality of consumer users. The bundle can be used to enable code sharing and distribution without losing control while maintaining security protocols.

公开(公告)号：US20250013776A1

公开(公告)日：2025-01-09

申请号：US18894162

申请日：2024-09-24

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Khalid Zaman Bijon ,  Zheng Mi ,  Subramanian Muralidhar ,  David Schultz ,  Jian Xu

IPC: G06F21/62 ,  G06F16/22 ,  G06F21/60

Abstract: Row-level security (RLS) may provide fine-grained access control based on flexible, user-defined access policies to databases, tables, objects, and other data structures. A RLS policy may be an entity or object that defines rules for row access. A RLS policy may be decoupled or independent from any specific table. This allows more robust and flexible control. A RLS policy may then be attached to one or more tables. The RLS policy may include a Boolean-valued expression.

公开(公告)号：US20240176822A1

公开(公告)日：2024-05-30

申请号：US18428694

申请日：2024-01-31

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Thierry Cruanes ,  Simon Holm Jensen ,  Allison Waingold Lee ,  Daniel N. Meredith ,  Subramanian Muralidhar ,  David Schultz ,  Zixi Zhang

IPC: G06F16/903

CPC classification number: G06F16/90335

Abstract: A database system facilitates secure data sharing by implementing projection constraints within a query processing framework. Upon receiving a query directed to a shared dataset, the system, utilizing hardware processors, identifies a subset of data within the dataset that is subject to a projection constraint policy. The applicability of the projection constraint is determined based on the context of the query, which is derived from a data sharing agreement. The system processes the query by selectively restricting the projection of data values from constrained columns, while allowing specific operations to be performed on the data. The output generated in response to the query is compliant with the projection constraint policy, providing derived data based on the allowed operations without revealing the actual data values. This ensures the confidentiality of sensitive information while enabling collaborative data analysis and sharing among various users of the database system.

公开(公告)号：US20230401333A1

公开(公告)日：2023-12-14

申请号：US18060504

申请日：2022-11-30

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Thierry Cruanes ,  Monica J. Holboke ,  Allison Waingold Lee ,  Subramanian Muralidhar ,  David Schultz

IPC: G06F21/62 ,  G06F21/53

CPC classification number: G06F21/6245 ,  G06F21/53 ,  G06F2221/032

Abstract: In an embodiment, an application is created on a data-provider platform. The application includes one or more application programming interfaces (APIs) corresponding to one or more underlying code blocks. Provider data is shared with the application on the data-provider platform. An application instance of the application is installed in a trusted execution environment (TEE). The application instance includes one or more APIs corresponding to the one or more APIs in the application on the data-provider platform. Consumer data is shared with the application instance from a data-consumer platform. One or more of the APIs of the application instance are invoked to execute, on the TEE, respective associated underlying code blocks that are not visible on the TEE. The output of the one or more respective associated underlying code blocks is saved to the data-consumer platform.

公开(公告)号：US11763029B2

公开(公告)日：2023-09-19

申请号：US18162506

申请日：2023-01-31

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Thierry Cruanes ,  Monica J. Holboke ,  Allison Waingold Lee ,  Subramanian Muralidhar ,  David Schultz

IPC: H04L29/06 ,  G06F21/62 ,  G06F21/53

CPC classification number: G06F21/6245 ,  G06F21/53 ,  G06F2221/032

Abstract: A data platform creates an application in a data-provider account, where the application includes one or more application programming interfaces (APIs) corresponding to one or more underlying code blocks. The data platform shares homomorphically encrypted provider data with the application in the data-provider account. The data platform installs, in a data-consumer account, an application instance of the application. The data platform shares homomorphically encrypted consumer data with the application instance in the data-consumer account. The data platform invokes one or more of the APIs of the application instance to execute respective associated underlying code blocks, which are not visible to the data-consumer account, and which operate on the shared homomorphically encrypted provider data and the shared homomorphically encrypted consumer data. The data platform saves homomorphically encrypted output of the one or more respective associated underlying code blocks locally within the data-consumer account.

公开(公告)号：US20230032281A1

公开(公告)日：2023-02-02

申请号：US17659797

申请日：2022-04-19

Applicant: Snowflake Inc.

Inventor： Raja Suresh Krishna Balakrishnan ,  Khalid Zaman Bijon ,  Subramanian Muralidhar ,  David Schultz ,  Jian Xu

IPC: G06F16/242 ,  G06F16/23 ,  G06F16/22 ,  G06F16/21 ,  G06F16/2453

Abstract: Aspects of the present disclosure address systems, methods, and devices for tracking object dependencies in a cloud database system. An object dependency created between a referencing object and a referenced object is detected. Based on detecting the object dependency, a dependency record is generated. The dependency record includes dependency information describing the object dependency between the reference object and the referenced object. The dependency record is stored in a database of dependency records.

公开(公告)号：US12210650B2

公开(公告)日：2025-01-28

申请号：US18462044

申请日：2023-09-06

Applicant: Snowflake Inc.

Inventor： Artin Avanes ,  Thierry Cruanes ,  Monica J. Holboke ,  Allison Waingold Lee ,  Subramanian Muralidhar ,  David Schultz

IPC: G06F21/62 ,  G06F9/54 ,  G06F16/2455 ,  G06F21/53

Abstract: In an embodiment, a data platform creates an application in a data-provider account. The application includes one or more APIs corresponding to one or more underlying code blocks. The data platform shares provider data with the application in the data-provider account, and also installs, in a data-consumer account, an application instance of the application. The application instance includes one or more APIs corresponding to the one or more APIs in the application in the data-provider account. The data platform shares consumer data with the application instance in the data-consumer account, and invokes one or more of the APIs of the application instance to execute respective associated underlying code blocks, which are not visible to the data-consumer account. The data platform also saves output of the one or more respective associated underlying code blocks locally within the data-consumer account.

公开(公告)号：US20240362355A1

公开(公告)日：2024-10-31

申请号：US18647728

申请日：2024-04-26

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Monica J. Holboke ,  Stephen Joe Jonany ,  David Schultz

IPC: G06F21/62 ,  G06F16/2455

CPC classification number: G06F21/6227 ,  G06F16/24556 ,  G06F16/24565

Abstract: A noisy aggregation constraint system receives a query for a shared dataset, where the query identifies an operation. The noisy aggregation constraint system accesses a set of data from the shared dataset to perform the operation, the set of data comprises data accessed from a table of the shared dataset. The system determines that an aggregation constraint policy is attached to the table, the policy restricts output of data values stored in the table. Based on the context of the query, the system determines that the aggregation constraint policy should be enforced in relation to the query. The system assigns a specified noise level to the shared dataset and generates an output based on the set of data and the operation; the output comprises data values added to the table based on the specified noise level.

公开(公告)号：US20240273071A1

公开(公告)日：2024-08-15

申请号：US18456644

申请日：2023-08-28

Applicant: Snowflake Inc.

Inventor： Damien Carru ,  Benoit Dageville ,  Subramanian Muralidhar ,  Eric Robinson ,  Sahaj Saini ,  David Schultz

IPC: G06F16/21 ,  G06F16/28 ,  G06F21/62

CPC classification number: G06F16/212 ,  G06F16/285 ,  G06F21/6245

Abstract: Techniques for creating, sharing, and using bundles (also referred to as packages) in a multi-tenant database are described herein. A bundle is a schema object with associated hidden schemas. A bundle can be created by a provider user and can be shared with a plurality of consumer users. The bundle can be used to enable code sharing and distribution without losing control while maintaining security protocols.