US2023169200A1PendingUtilityA1
Secure data joins using a secure join key in a multiple tenant database system
Est. expiryMar 28, 2039(~12.7 yrs left)· nominal 20-yr term from priority
Inventors:Justin LangsethMatthew J. GlickmanChristian KleinermanRobert MugliaDaniel FreundelThierry CruanesAllison Waingold Lee
H04L 9/0643H04L 9/0894G06F 21/6227H04L 9/3242G06F 16/2456G06F 16/256G06F 21/6245
78
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
Systems, methods, and devices for generating a secure join of database data are disclosed. A method generates a secure user defined function (UDF) that includes a one-way hash. The method uses the secure UDF to convert datapoints of a first account and datapoints of a second account into a secure join key, which is unidentifiable to the first account and the second account based on the one-way hash. The method then determines a count value of overlapping datapoints between the first account and the second account based on the secure join key.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method comprising:
generating a secure user defined function (UDF) comprising a one-way hash; converting, by the secure UDF, datapoints of a first account and datapoints of a second account into a secure join key, wherein the secure join key is unidentifiable to the first account and the second account based on the one-way hash; and determining, by a processor, a count value of overlapping datapoints between the first account and the second account based on the secure join key.
2 . The method of claim 1 , wherein, during the generating of the secure UDF, the first account inserts an account identifier into the one-way hash that identifies the second account.
3 . The method of claim 2 , wherein the account identifier that identifies the second account prohibits the secure UDF to measure overlapping datapoints associated with a third account.
4 . The method of claim 2 , further comprising:
receiving the secure UDF at the second account from the first account; and generating the secure join key at the second account, wherein the second account is devoid of visibility into the datapoints of the first account.
5 . The method of claim 1 , wherein the secure join key is a stream of hashed data comprising hashed datapoints of the first account and hashed datapoints of the second account, the method further comprising:
salting the hashed datapoints of the second account, wherein the salting of the datapoints of the second account comprises: including, with the salted hashed datapoints, one or more additional salted hashed datapoints that do not represent real datapoints of the consumer account.
6 . The method of claim 5 , wherein the secure join key is based at least in part on the salted hashed datapoints that do not represent the real datapoints of the consumer account.
7 . The method of claim 1 , wherein the secure UDF comprises an SQL script configured to count the overlapping datapoints between the first account and the second account.
8 . A system comprising:
a memory; and a processor operatively coupled to the memory, the processor to:
generate a secure user defined function (UDF) comprising a one-way hash;
convert, by the secure UDF, datapoints of a first account and datapoints of a second account into a secure join key, wherein the secure join key is unidentifiable to the first account and the second account based on the one-way hash; and
determine a count value of overlapping datapoints between the first account and the second account based on the secure join key.
9 . The system of claim 8 , wherein the first account inserts an account identifier into the one-way hash that identifies the second account.
10 . The system of claim 9 , wherein the account identifier that identifies the second account prohibits the secure UDF to measure overlapping datapoints associated with a third account.
11 . The system of claim 9 , wherein the processor is further to:
receive the secure UDF at the second account from the first account; and generate the secure join key at the second account, wherein the second account is devoid of visibility into the datapoints of the first account.
12 . The system of claim 11 , wherein the secure join key is a stream of hashed data comprising hashed datapoints of the first account and hashed datapoints of the second account, and wherein the processor is further to:
salt the hashed datapoints of the second account and include one or more additional salted hashed datapoints, with the salted hashed datapoints, that do not represent real datapoints of the consumer account.
13 . The system of claim 12 , wherein the secure join key is based at least in part on the salted hashed datapoints that do not represent the real datapoints of the consumer account.
14 . The system of claim 8 , wherein the secure UDF comprises an SQL script configured to count the overlapping datapoints between the first account and the second account.
15 . A non-transitory computer-readable medium having instructions stored thereon which, when executed by a processor, cause the processor to:
generate a secure user defined function (UDF) comprising a one-way hash; convert, by the secure UDF, datapoints of a first account and datapoints of a second account into a secure join key, wherein the secure join key is unidentifiable to the first account and the second account based on the one-way hash; and determine a count value of overlapping datapoints between the first account and the second account based on the secure join key.
16 . The non-transitory computer-readable medium of claim 15 , wherein the first account inserts an account identifier into the one-way hash that identifies the second account.
17 . The non-transitory computer-readable medium of claim 16 , wherein the account identifier that identifies the second account prohibits the secure UDF to measure overlapping datapoints associated with a third account.
18 . The non-transitory computer-readable medium of claim 16 , wherein the processor is further to:
receive the secure UDF at the second account from the first account; and generate the secure join key at the second account, wherein the second account is devoid of visibility into the datapoints of the first account.
19 . The non-transitory computer-readable medium of claim 18 , wherein the secure join key is a stream of hashed data comprising hashed datapoints of the first account and hashed datapoints of the second account, and wherein the processor is further to:
salt the hashed datapoints of the second account and include one or more additional salted hashed datapoints, with the salted hashed datapoints, that do not represent real datapoints of the consumer account.
20 . The non-transitory computer-readable medium of claim 19 , wherein the secure join key is based at least in part on the salted hashed datapoints that do not represent the real datapoints of the consumer account.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.