Abstract: A first database account shares, with a second database account, a secure function configured to accept an encrypted dataset and a decryption parameter. The first database account includes a first dataset. The second database account includes a second dataset. The second database account selects one or more rows and one or more columns of the second dataset as a searchable dataset, generates an encrypted searchable dataset by encrypting the searchable dataset with a key, and calls the secure function with the encrypted searchable dataset and the key. The secure function generates results of a query by: generating a decrypted searchable dataset by decrypting the encrypted searchable dataset with the key in a secure environment, obtaining the results by executing the query against a combination of the first dataset and the decrypted dataset in the secure environment to generated query-results data, and outputting the results to the second database account.

Abstract: A system for providing access to a database management system (DBMS) to a first user of a cloud data platform, the DBMS being generated by a second user. A machine learning model for training on a training dataset is included in the DBMS. The training dataset includes a first training dataset that is encrypted in the DBMS and a second training dataset that includes non-overlapping features with the first training dataset. A request, from the second user, to train the machine learning model on the first and second training datasets is identified. A trained machine learning model is generated by training the machine learning model on a joined dataset according to the request. One or more outputs from the trained machine learning model are generated by applying the trained machine learning model on new data.

Abstract: A distributed database generates a cross reference table that cross references a first dataset from a first database account and a second dataset from a second account. The distributed database receives a query directed to a combination of the first and second datasets, and generates an interim table in the first database account by applying the query to the cross reference table and the first dataset. The distributed database generates results data in the second database account by applying the query to the interim table and the second dataset, and stores the results data in the first database account.

Abstract: Systems, methods, and devices for generating a secure join of database data are disclosed. A method generates a secure user defined function (UDF) that includes a one-way hash. The method uses the secure UDF to convert datapoints of a first account and datapoints of a second account into a secure join key, which is unidentifiable to the first account and the second account based on the one-way hash. The method then determines a count value of overlapping datapoints between the first account and the second account based on the secure join key.

Abstract: A request to share cloud data associated with a first account in a database system with an application is received. Based on the request, second-party application data and third-party data that is accessible by the first account is identified. The second-party application data comprises application data corresponding to a second application provided by a second-party application provider. The third-party data corresponds to a second account maintained by the database system. The second account corresponds to a third-party data provider. The application is enabled to access the cloud data associated with the first account based on the request. The cloud data comprises customer data associated with the first account, second-party application data, and the third-party data.

Abstract: Embodiments of the present disclosure may provide a data clean room allowing secure data analysis across multiple accounts, without the use of third parties. Each account may be associated with a different company or party. The data clean room may provide security functions to safeguard sensitive information. For example, the data clean room may restrict access to data in other accounts. The data clean room may also restrict which data may be used in the analysis and may restrict the output. The overlap data may be anonymized to prevent sensitive information from being revealed.

Abstract: Embodiments of the present disclosure may provide a data clean room architecture that dynamically restricts data included in the clean room. The data clean room architecture can implement row access policy or dynamic data masking for row and column based restrictions of data provided through the clean room. The data clean room architecture can provide a limited set of data that does not require obfuscation of data for direction matching and correlation of data in the different datasets, such as matching user identifiers or emails.

Abstract: Embodiments of the present disclosure may provide a data clean room allowing encryption based data analysis across multiple accounts, including different provider database user accounts that provide user data and a network service and a requesting user that generates one or more clean room requests. The data clean room may also restrict which data may be used in the analysis and may restrict the output.

Abstract: A method includes creating, by a first provider, a first listing referencing first shared data and comprising first access controls, wherein access to the first shared data by a second provider is filtered based on the first access controls, creating, by the second provider, a second listing referencing second shared data and the first shared data filtered based on the first access controls, and adding the second listing to a catalog in a data exchange, the catalog comprising metadata describing the second shared data.

Abstract: Embodiments of the present disclosure may provide a data sharing system implemented as a local application in a consumer database of a distributed database. The local application can include a training function and a scoring function to train a machine learning model on provider and consumer data, and generate output data by applying the trained machine learning model on input data. The input data can include data portions from a consumer database and a provider database that are joined to create a joined dataset for scoring.

Abstract: Systems and methods for managing membership in a private data exchange are provided herein. In one embodiment, the method includes generating a plurality of listings in a data exchange. A first listing of the plurality of listings may include a reference to a first version of shared data within a first database, where the first version is one of a plurality of versions of the shared data within the first database. The method further includes receiving a request from a member of the data exchange for access to the first listing and limiting, by a processing device, access for the member to the first version of the shared data of the first database referenced by the first listing.

Abstract: Disclosed herein are methods and systems for secure data comparison using data clean rooms. In an embodiment, a computer system generates a replica database based on a provider database, which stores a cross reference table that cross references a client dataset of a client database and a provider dataset of the provider database. The system receives, at the replica database, a table that is generated by the client database using the cross-reference table. The system transmits, from the replica database, the table to the provider database. The system receives, at the replica database, a results dataset that is generated by the provider database by applying a database statement to the provider database using the table generated by the client database. The system shares, from the replica database, the results dataset with the client database.

Abstract: A method of operating a data exchange includes creating a first listing referencing data of a first database of a plurality of databases, wherein the first listing comprises access controls and a data share associated with a first user, the access controls defining portions of the first database that are accessible by a second user, receiving a request from the second user for a bidirectional share between the portions of the first database that are accessible by the second user and portions of a second database controlled by the second user, and receiving an instruction from the first user to perform a database operation referencing data of the bidirectional share between the portions of the first database that are accessible by the second user and the portions of the second database controlled by the second user.

Abstract: Providing access to consumer information on a private data exchange is described. In an example, privileges are assigned to a share object, granting access to consumer information obtained from a query against data referenced by a data listing of a data exchange. The data exchange comprises one or more data listings provided by one or more data providers. In response to the share object being added to a list of consumed share objects of a data provider that provided the data listing, a database is generated that references the consumer information based on the share object. Access to the database is granted to the data provider that provided the data listing.

Abstract: Embodiments of the present disclosure may provide a data clean room architecture that restricts data included in the clean room. The data clean room architecture can implement a policy to enable data restrictions for data shared between multiple parties via a distributed database. Multiple database accounts can implement validation instances to validate queries when received from other database accounts. One or more of the database accounts can provide a query template that is congruent with the validation instance for use by the other database accounts to generate queries against the data shared in the data clean room.

Abstract: Systems, methods, and devices for generating a secure join of database data are disclosed. A method creates a secure view of datapoints of a consumer account and processes, using a secure user defined function (UDF), the datapoints of the consumer account and datapoints of a provider account to generate a secure join key. The secure UDF returns a count of matching data points between the consumer account and the provider account, and the method provides the count of matching data points to the consumer account.

Abstract: Disclosed herein are methods and systems for secure data comparison using data clean rooms. In an embodiment, a computer system generates a replica database based on a provider database, which stores a cross reference table that cross references a client dataset of a client database and a provider dataset of the provider database. The system receives, at the replica database, a table that is generated by the client database using the cross-reference table. The system transmits, from the replica database, the table to the provider database. The system receives, at the replica database, a results dataset that is generated by the provider database by applying a database statement to the provider database using the table generated by the client database. The system shares, from the replica database, the results dataset with the client database.

Abstract: Embodiments of the present disclosure may provide a data clean room allowing encryption based data analysis across multiple accounts of different database users. The data clean room may also restrict which data may be used in the analysis and may restrict the output. A requesting user's data can be encrypted using a key and a provider user can generate a shareable database function that accepts the key to decrypt the data to generate the results data without exposing each others' data.

Abstract: Embodiments of the present disclosure may provide a data clean room allowing encryption based data analysis across multiple accounts, including different provider database user accounts that provide user data and a network service and a requesting user that generates one or more clean room requests. The data clean room may also restrict which data may be used in the analysis and may restrict the output.

Abstract: Sharing data in a data exchange across multiple cloud computing platforms and/or cloud computing platform regions is described. An example method can include generating a consumer account corresponding to a first cloud entity and receiving, by the first cloud entity, a copy of a data set from a provider account corresponding to a second cloud computing entity, wherein the first cloud computing entity and the second cloud computing entity represent different regions of a cloud computing platform. The method may also include accessing, by the consumer account, the copy of the data set.