公开(公告)号：US12242641B2

公开(公告)日：2025-03-04

申请号：US18588839

申请日：2024-02-27

Applicant: SNOWFLAKE INC.

Inventor： Yimeng Li ,  Carl Yates Perry ,  Raghavendran Ramakrishnan ,  Frantisek Rolinek ,  Yunqiao Zhang

IPC: G06F21/62 ,  G06F16/28

Abstract: The present disclosure describes systems, methods, and computer program products for redacting sensitive data within a database. An example method can include sending, to a database, a data query accessing a column of the database, a masking policy identifying a first category of sensitive data and a second category of sensitive data, and in response to the data query, receiving redacted data, wherein the first category of sensitive data is redacted from a first location of the column by a first redaction operation and the second category of sensitive data is redacted from a second location of the column by a second redaction operation.

公开(公告)号：US11783078B1

公开(公告)日：2023-10-10

申请号：US18304063

申请日：2023-04-20

Applicant: SNOWFLAKE INC.

Inventor： Yimeng Li ,  Carl Yates Perry ,  Raghavendran Ramakrishnan ,  Frantisek Rolinek ,  Yunqiao Zhang

IPC: G06F21/62 ,  G06F16/28

CPC classification number: G06F21/6227 ,  G06F16/285 ,  G06F21/6254

Abstract: Embodiments of the present disclosure describe systems, methods, and computer program products for redacting sensitive data within a database. An example method can include examining a first column of a plurality of columns of a database to identify a first category of sensitive data in a first location of the first column and a second category of sensitive data in a second location of the first column, receiving a masking policy for the first column, the masking policy identifying the first category of sensitive data, and, in response to a data query accessing the first column, executing a redaction operation to redact the first category of sensitive data from the first location of the first column to generate redacted data for a response to the data query.

公开(公告)号：US11954224B1

公开(公告)日：2024-04-09

申请号：US18239527

申请日：2023-08-29

Applicant: SNOWFLAKE INC.

Inventor： Yimeng Li ,  Carl Yates Perry ,  Raghavendran Ramakrishnan ,  Frantisek Rolinek ,  Yunqiao Zhang

IPC: G06F21/62 ,  G06F16/28

CPC classification number: G06F21/6227 ,  G06F16/285 ,  G06F21/6254

Abstract: Embodiments of the present disclosure describe systems, methods, and computer program products for redacting sensitive data within a database. An example method can include receiving a masking policy for a column of a database, the masking policy identifying a category of sensitive data, examining a column of a database to identify a category of sensitive data in a first location of the column, and, in response to a data query accessing the column, the first location of the column exceeding a threshold probability of comprising sensitive data, executing a redaction operation to redact the category of sensitive data from the first location of the column to generate redacted data for a response to the data query.

公开(公告)号：US20240303373A1

公开(公告)日：2024-09-12

申请号：US18345971

申请日：2023-06-30

Applicant: Snowflake Inc.

Inventor： Khalid Zaman Bijon ,  Bowei Chen ,  Thierry Cruanes ,  Simon Holm Jensen ,  Allison Waingold Lee ,  Valentin K. Kuznetsov ,  Jun Li ,  Subramanian Muralidhar ,  Carl Yates Perry ,  David Schultz ,  Zixi Zhang

IPC: G06F21/62 ,  G06F16/242

CPC classification number: G06F21/6245 ,  G06F16/244 ,  G06F2221/2113

Abstract: The cloud data platform receives a first query directed towards a shared dataset, the first query identifying a first operation. The platform accesses a first set of data from the shared dataset to perform the first operation, the first set of data including data accessed from a first table of the shared dataset. The cloud data platform determines that an aggregation constraint policy is attached to the first table, the aggregation constraint policy restricts output of data values stored in the first table and enforces the aggregation constraint policy on the first query based on a context of the first query. The cloud data platform generates an output to the first query based on the first set of data and the first operation, based on enforcing the aggregation constraint policy on the first query.