公开(公告)号：US11580206B2

公开(公告)日：2023-02-14

申请号：US16784225

申请日：2020-02-06

Applicant: Palantir Technologies Inc.

Inventor： Hannah Korus ,  Brian Schimpf ,  Lam Tran ,  Mark Elliot ,  Robert Kruszewski

IPC: G06F21/33 ,  G06F9/48 ,  G06F21/60 ,  G06F21/62

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media for data security protection are provided. One of the methods includes: receiving a job associated with a project, wherein the project is associated with one or more data sources; identifying a plurality of inputs and a plurality of outputs associated with the job; determining a plurality of required permissions associated with the job, wherein each of the required permissions comprises an operation on a required data source, the operation corresponding to at least one of the inputs or the outputs; verifying that the one or more data sources associated with the project comprise the required data source associated with each of the required permissions; and generating a token associated with the job, the token encoding the required permissions associated with the job, wherein the token is required for execution of the job.

公开(公告)号：US20210112065A1

公开(公告)日：2021-04-15

申请号：US16662466

申请日：2019-10-24

Applicant: Palantir Technologies Inc.

Inventor： Lili Yang ,  Mark Elliot ,  Lam Tran ,  Robert Kruszewski ,  Divyanshu Arora

IPC: H04L29/06

Abstract: A system and method for authenticating users of a data processing platform stores a mapping of a unique user platform identifier to multiple user identity provider identifiers associated with multiple realms for a same user. In some examples, the method includes receiving a request from a client device to establish an access session to perform one or more actions on data of the data processing platform and receiving, from at least one of the first external identity provider of the first realm or the second external identity provider of the second realm, a user identity provider identifier associated with the request. In certain examples, the method includes granting permission to perform the one or more actions on the data of the data processing platform based at least in part on the received user identity provider identifier.

公开(公告)号：US11930015B2

公开(公告)日：2024-03-12

申请号：US17693780

申请日：2022-03-14

Applicant: Palantir Technologies Inc.

Inventor： Lili Yang ,  Mark Elliot ,  Lam Tran ,  Robert Kruszewski ,  Divyanshu Arora

IPC: H04L9/40

CPC classification number: H04L63/102 ,  H04L63/0815 ,  H04L63/0876 ,  H04L63/0884 ,  H04L63/108

Abstract: A system and method for authenticating users of a data processing platform stores a mapping of a unique user platform identifier to multiple user identity provider identifiers associated with multiple realms for a same user. In some examples, the method includes receiving a request from a client device to establish an access session to perform one or more actions on data of the data processing platform and receiving, from at least one of the first external identity provider of the first realm or the second external identity provider of the second realm, a user identity provider identifier associated with the request. In certain examples, the method includes granting permission to perform the one or more actions on the data of the data processing platform based at least in part on the received user identity provider identifier.

公开(公告)号：US11303644B2

公开(公告)日：2022-04-12

申请号：US16662466

申请日：2019-10-24

Applicant: Palantir Technologies Inc.

Inventor： Lili Yang ,  Mark Elliot ,  Lam Tran ,  Robert Kruszewski ,  Divyanshu Arora

IPC: G06F21/30 ,  G06F21/62 ,  H04W12/06 ,  H04L29/06 ,  H04L29/08 ,  G06F15/16

Abstract: A system and method for authenticating users of a data processing platform stores a mapping of a unique user platform identifier to multiple user identity provider identifiers associated with multiple realms for a same user. In some examples, the method includes receiving a request from a client device to establish an access session to perform one or more actions on data of the data processing platform and receiving, from at least one of the first external identity provider of the first realm or the second external identity provider of the second realm, a user identity provider identifier associated with the request. In certain examples, the method includes granting permission to perform the one or more actions on the data of the data processing platform based at least in part on the received user identity provider identifier.

公开(公告)号：US20220414239A1

公开(公告)日：2022-12-29

申请号：US17849291

申请日：2022-06-24

Applicant: Palantir Technologies Inc.

Inventor： Christopher Yu ,  Hannah Korus ,  Katherine Carras ,  Kevin Lowe ,  Lam Tran ,  Patrick Koenig ,  Sebastian Brueckner ,  Thomas Playford ,  Yin Lin

IPC: G06F21/62

Abstract: Computing systems and methods are provided for defining, within a data platform, a segment having constraints at a level of the segment, implementing the constraints or the classification rules within the segment while insulating resources within the segment from inheriting the constraints, and controlling an ingestion of an external resource into the segment based on the constraints.

公开(公告)号：US20220201001A1

公开(公告)日：2022-06-23

申请号：US17693780

申请日：2022-03-14

Applicant: Palantir Technologies Inc.

Inventor： Lili Yang ,  Mark Elliot ,  Lam Tran ,  Robert Kruszewski ,  Divyanshu Arora

IPC: H04L9/40

Abstract: A system and method for authenticating users of a data processing platform stores a mapping of a unique user platform identifier to multiple user identity provider identifiers associated with multiple realms for a same user. In some examples, the method includes receiving a request from a client device to establish an access session to perform one or more actions on data of the data processing platform and receiving, from at least one of the first external identity provider of the first realm or the second external identity provider of the second realm, a user identity provider identifier associated with the request. In certain examples, the method includes granting permission to perform the one or more actions on the data of the data processing platform based at least in part on the received user identity provider identifier.

公开(公告)号：US11263336B2

公开(公告)日：2022-03-01

申请号：US16733415

申请日：2020-01-03

Applicant: Palantir Technologies Inc.

Inventor： Lam Tran ,  James Baker ,  Lili Yang

IPC: G06F21/62 ,  G06F21/60 ,  H04L9/06 ,  H04L41/22 ,  H04L29/06

Abstract: Systems and methods generate a first security node hash identifier by performing a first hash operation, such as a one-way hash, on a first data resource identifier associated with a first data resource, such as a data set, produced by a data resource platform. The systems and methods generate a dependent second security node hash identifier by performing a second hash operation on a second data resource identifier associated with a dependent second data resource produced by the data resource platform and on the first security node hash identifier, receive an access request for access to the dependent second data resource; and in response to the access request, grant permission to access the dependent second data resource to a user associated with the access request based on the dependent second security node hash identifier.

公开(公告)号：US20210103649A1

公开(公告)日：2021-04-08

申请号：US16784225

申请日：2020-02-06

Applicant: Palantir Technologies Inc.

Inventor： Hannah Korus ,  Brian Schimpf ,  Lam Tran ,  Mark Elliot ,  Robert Kruszewski

IPC: G06F21/33 ,  G06F21/62 ,  G06F21/60 ,  G06F9/48

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media for data security protection are provided. One of the methods includes: receiving a job associated with a project, wherein the project is associated with one or more data sources; identifying a plurality of inputs and a plurality of outputs associated with the job; determining a plurality of required permissions associated with the job, wherein each of the required permissions comprises an operation on a required data source, the operation corresponding to at least one of the inputs or the outputs; verifying that the one or more data sources associated with the project comprise the required data source associated with each of the required permissions; and generating a token associated with the job, the token encoding the required permissions associated with the job, wherein the token is required for execution of the job.

公开(公告)号：US20240037264A1

公开(公告)日：2024-02-01

申请号：US18380512

申请日：2023-10-16

Applicant: Palantir Technologies Inc.

Inventor： Lam Tran ,  James Baker ,  Lili Yang

IPC: G06F21/62 ,  G06F21/60 ,  H04L9/06 ,  H04L41/22 ,  H04L9/40

CPC classification number: G06F21/6218 ,  G06F21/602 ,  H04L9/0643 ,  H04L41/22 ,  H04L63/20

Abstract: Systems and methods generate a first security node hash identifier by performing a first hash operation, such as a one-way hash, on a first data resource identifier associated with a first data resource, such as a data set, produced by a data resource platform. The systems and methods generate a dependent second security node hash identifier by performing a second hash operation on a second data resource identifier associated with a dependent second data resource produced by the data resource platform and on the first security node hash identifier, receive an access request for access to the dependent second data resource; and in response to the access request, grant permission to access the dependent second data resource to a user associated with the access request based on the dependent second security node hash identifier.

公开(公告)号：US20220147643A1

公开(公告)日：2022-05-12

申请号：US17582139

申请日：2022-01-24

Applicant: Palantir Technologies Inc.

Inventor： Lam Tran ,  James Baker ,  Lili Yang

IPC: G06F21/62 ,  G06F21/60 ,  H04L9/06 ,  H04L41/22

Abstract: Systems and methods generate a first security node hash identifier by performing a first hash operation, such as a one-way hash, on a first data resource identifier associated with a first data resource, such as a data set, produced by a data resource platform. The systems and methods generate a dependent second security node hash identifier by performing a second hash operation on a second data resource identifier associated with a dependent second data resource produced by the data resource platform and on the first security node hash identifier, receive an access request for access to the dependent second data resource; and in response to the access request, grant permission to access the dependent second data resource to a user associated with the access request based on the dependent second security node hash identifier.