公开(公告)号：US20220201001A1

公开(公告)日：2022-06-23

申请号：US17693780

申请日：2022-03-14

Applicant: Palantir Technologies Inc.

Inventor： Lili Yang ,  Mark Elliot ,  Lam Tran ,  Robert Kruszewski ,  Divyanshu Arora

IPC: H04L9/40

Abstract: A system and method for authenticating users of a data processing platform stores a mapping of a unique user platform identifier to multiple user identity provider identifiers associated with multiple realms for a same user. In some examples, the method includes receiving a request from a client device to establish an access session to perform one or more actions on data of the data processing platform and receiving, from at least one of the first external identity provider of the first realm or the second external identity provider of the second realm, a user identity provider identifier associated with the request. In certain examples, the method includes granting permission to perform the one or more actions on the data of the data processing platform based at least in part on the received user identity provider identifier.

公开(公告)号：US11330076B2

公开(公告)日：2022-05-10

申请号：US17097389

申请日：2020-11-13

Applicant: Palantir Technologies Inc.

Inventor： Greg DeArment ,  Divyanshu Arora ,  Jason Hoch ,  Mark Elliot ,  Matthew Williamson ,  Robert Kruszewski ,  Steven Austin

IPC: H04L29/08 ,  H04L67/60 ,  G06F9/48 ,  H04L67/10

Abstract: Systems and methods for isolating applications associated with multiple tenants within a computing platform receive a request from a client associated with a tenant for running an application on a computing platform. Hosts connected to the platform are associated with a network address and configured to run applications associated with multiple tenants. A host is identified based at least in part on the request. One or more broadcast domain(s) including the identified hosts are generated. The broadcast domains are isolated in the network at a data link layer. A unique tenant identification number corresponding to the tenant is assigned to the broadcast domains. In response to launching the application on the host: the unique tenant identification number is assigned to the launched application and is added to the network address of the host; and the network address of the host is sent to the client associated with the tenant.

公开(公告)号：US20210103649A1

公开(公告)日：2021-04-08

申请号：US16784225

申请日：2020-02-06

Applicant: Palantir Technologies Inc.

Inventor： Hannah Korus ,  Brian Schimpf ,  Lam Tran ,  Mark Elliot ,  Robert Kruszewski

IPC: G06F21/33 ,  G06F21/62 ,  G06F21/60 ,  G06F9/48

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media for data security protection are provided. One of the methods includes: receiving a job associated with a project, wherein the project is associated with one or more data sources; identifying a plurality of inputs and a plurality of outputs associated with the job; determining a plurality of required permissions associated with the job, wherein each of the required permissions comprises an operation on a required data source, the operation corresponding to at least one of the inputs or the outputs; verifying that the one or more data sources associated with the project comprise the required data source associated with each of the required permissions; and generating a token associated with the job, the token encoding the required permissions associated with the job, wherein the token is required for execution of the job.

公开(公告)号：US20240333717A1

公开(公告)日：2024-10-03

申请号：US18438095

申请日：2024-02-09

Applicant: Palantir Technologies Inc.

Inventor： Lili Yang ,  Mark Elliot ,  Lam Tran ,  Robert Kruszewski ,  Divyanshu Arora

IPC: H04L9/40

CPC classification number: H04L63/102 ,  H04L63/0815 ,  H04L63/0876 ,  H04L63/0884 ,  H04L63/108

Abstract: A system and method for authenticating users of a data processing platform stores a mapping of a unique user platform identifier to multiple user identity provider identifiers associated with multiple realms for a same user. In some examples, the method includes receiving a request from a client device to establish an access session to perform one or more actions on data of the data processing platform and receiving, from at least one of the first external identity provider of the first realm or the second external identity provider of the second realm, a user identity provider identifier associated with the request. In certain examples, the method includes granting permission to perform the one or more actions on the data of the data processing platform based at least in part on the received user identity provider identifier.

公开(公告)号：US20220165009A1

公开(公告)日：2022-05-26

申请号：US17671168

申请日：2022-02-14

Applicant: Palantir Technologies Inc.

Inventor： Salar Al Khafaji ,  James Thompson ,  Joseph Hashim ,  Joseph Rafidi ,  Parvathy Menon ,  Patrick Szmucer ,  Robert Kruszewski ,  Slawomir Mucha ,  Tyler Uhlenkamp ,  Vilmos Ioo

IPC: G06T11/20 ,  G06T3/40

Abstract: In some embodiments, a method comprises obtaining a pipeline of operations, the pipeline of operations including a plurality of functions providing any of one or more modification operations or visualization operations for a plurality of datasets. A first dynamic visualization of the pipeline of operations at a first level of granularity is generated. A second dynamic visualization of the pipeline of operations at a second level of granularity is generated in response to user input.

公开(公告)号：US20210067603A1

公开(公告)日：2021-03-04

申请号：US17097389

申请日：2020-11-13

Applicant: Palantir Technologies Inc.

Inventor： Greg DeArment ,  Divyanshu Arora ,  Jason Hoch ,  Mark Elliot ,  Matthew Williamson ,  Robert Kruszewski ,  Steven Austin

IPC: H04L29/08 ,  G06F9/48

Abstract: Systems and methods for isolating applications associated with multiple tenants within a computing platform receive a request from a client associated with a tenant for running an application on a computing platform. Hosts connected to the platform are associated with a network address and configured to run applications associated with multiple tenants. A host is identified based at least in part on the request. One or more broadcast domain(s) including the identified hosts are generated. The broadcast domains are isolated in the network at a data link layer. A unique tenant identification number corresponding to the tenant is assigned to the broadcast domains. In response to launching the application on the host: the unique tenant identification number is assigned to the launched application and is added to the network address of the host; and the network address of the host is sent to the client associated with the tenant.

公开(公告)号：US10754872B2

公开(公告)日：2020-08-25

申请号：US15845879

申请日：2017-12-18

Applicant: Palantir Technologies Inc.

Inventor： Asaf Zarum ,  Robert Kruszewski

IPC: G06F7/00 ,  G06F16/25 ,  G06F16/83 ,  G06F16/84 ,  G06F16/215 ,  G06F16/28

Abstract: A computer-implemented system or process is programmed or configured to use a configuration file to specify one or more tasks to apply to raw ingested data. A task may be a sequence of instructions programmed or configured to format raw ingested data into a dataset in a CSV format. Examples of tasks may include: a parser to parse Cobol data into a CSV, a parser to parse XML into a CSV, a parser to parse text using fixed-width fields to a CSV, a parser to parse files in a zip archive into a CSV, a regular expression search/replace function, or formatting logic to remove lines or blank lines from raw ingested data. In one embodiment, the configuration file may specify a schema definition for a task to use for generating a dataset. In one embodiment, the configuration file may also include one or more access control list (ACL) definitions for the generated dataset. In one embodiment, the building of datasets using the configuration file is automated, for example, on a nightly basis.

公开(公告)号：US12001307B2

公开(公告)日：2024-06-04

申请号：US17848708

申请日：2022-06-24

Applicant: Palantir Technologies Inc.

Inventor： Andres Felipe Orozco ,  Robert Kruszewski ,  Thomas Petracca

IPC: G06F11/30 ,  G06F8/70 ,  G06F11/34

CPC classification number: G06F11/302 ,  G06F8/70 ,  G06F11/3447

Abstract: A computer-implemented method for generating a monitor for at least one software service from a monitor template, includes, in at least some aspects: providing a monitor template. Further, in certain instances, the method includes determining one or more endpoints included in code for a first software service of the at least one software service. In addition, in some aspects, the method includes generating a first monitor for the first software service code using the monitor template based at least upon a first endpoint of the one or more endpoints included in the first software service code.

公开(公告)号：US11620280B2

公开(公告)日：2023-04-04

申请号：US17444715

申请日：2021-08-09

Applicant: Palantir Technologies Inc.

Inventor： Benjamin Duffield ,  Joshua Casale ,  Mark Elliot ,  Matthew Sills ,  Robert Kruszewski ,  Rahij Ramsharan

IPC: G06F16/23 ,  G06F16/27 ,  G06F16/2455 ,  G06F16/248

Abstract: A database system comprised of a decoupled compute layer and storage layer is implemented to store, build, and maintain a canonical dataset, a temporary buffer, and projection datasets. The canonical dataset is a set of batch updated data. The data is appended in chunks to the canonical dataset such that the canonical dataset becomes a historical dataset over time. The buffer is a write ahead log that contains the most recent chunks of data and provides atomicity and durability for the database system. The projection datasets are indexes of the canonical dataset and/or the buffer that may have single or multiple column sort-orders and/or particular data formats. The writes to the canonical dataset, projection datasets, and buffer may be asynchronous and therefore the database system is advantageously less resource constrained.

公开(公告)号：US11580206B2

公开(公告)日：2023-02-14

申请号：US16784225

申请日：2020-02-06

Applicant: Palantir Technologies Inc.

Inventor： Hannah Korus ,  Brian Schimpf ,  Lam Tran ,  Mark Elliot ,  Robert Kruszewski

IPC: G06F21/33 ,  G06F9/48 ,  G06F21/60 ,  G06F21/62

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media for data security protection are provided. One of the methods includes: receiving a job associated with a project, wherein the project is associated with one or more data sources; identifying a plurality of inputs and a plurality of outputs associated with the job; determining a plurality of required permissions associated with the job, wherein each of the required permissions comprises an operation on a required data source, the operation corresponding to at least one of the inputs or the outputs; verifying that the one or more data sources associated with the project comprise the required data source associated with each of the required permissions; and generating a token associated with the job, the token encoding the required permissions associated with the job, wherein the token is required for execution of the job.