Systems, methods, and devices for multi-stage provisioning and multi-tenant operation for a security credential management system
US-2022038296-A1 · Feb 3, 2022 · US
Native application integration in data system
US12562898B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12562898-B2 |
| Application number | US-202318508865-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 14, 2023 |
| Priority date | Nov 14, 2023 |
| Publication date | Feb 24, 2026 |
| Grant date | Feb 24, 2026 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques for sharing application packages in a multi-tenant database system are described. A provider account can create and share an application package with provider key information. A consumer application can be installed in a consumer account based on the application package and consumer account can be registered using an onboard service user and the provider key information. A unique consumer service user can be registered in the provider account corresponding to the consumer account.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method comprising: providing, from a provider account in a multi-tenant database system, an application package to a consumer account, the application package including provider key information; installing, by at least one hardware processor, a consumer application in the consumer account based on the application package; registering the consumer account in the provider account using an onboard service user and the provider key information; registering a unique consumer service user corresponding to the consumer account in the application package stored in the provider account; generating, by the consumer application, a consumer-specific private key and a consumer-specific public key: encrypting, by the consumer application, the execution request using the consumer-specific private key and a username for the unique consumer service user; transmitting, from the consumer application, to the provider account an the execution request using a direct application programming interface (API); and executing the execution request in the provider account using the unique consumer service user. 2 . The method of claim 1 , further comprising: transmitting, by the consumer application, to the provider account the consumer-specific public key; and registering the unique consumer service user with the consumer-specific public key. 3 . The method of claim 1 , further comprising: authenticating, by the provider account, the unique consumer service user based on the consumer-specific public key. 4 . The method of claim 3 , wherein the consumer-specific private key is inaccessible to the consumer account outside of the consumer application. 5 . The method of claim 4 , wherein the consumer-specific private key is inaccessible to the provider account. 6 . The method of claim 4 , wherein the consumer-specific private key is stored in a local storage associated with the consumer account. 7 . A machine-storage medium embodying instructions that, when executed by a machine, cause the machine to perform operations comprising: providing, from a provider account in a multi-tenant database system, an application package to a consumer account, the application package including provider key information; installing a consumer application in the consumer account based on the application package; registering the consumer account in the provider account using an onboard service user and the provider key information; registering a unique consumer service user corresponding to the consumer account in the application package stored in the provider account; generating, by the consumer application, a consumer-specific private key and a consumer-specific public key; encrypting, by the consumer application, the execution request using the consumer-specific private key and a username for the unique consumer service user; transmitting, from the consumer application, to the provider account an the execution request using a direct application programming interface (API); and executing the execution request in the provider account using the unique consumer service user. 8 . The machine-storage medium of claim 7 , further comprising: transmitting, by the consumer application, to the provider account the consumer-specific public key; and registering the unique consumer service user with the consumer-specific public key. 9 . The machine-storage medium of claim 7 , further comprising: authenticating, by the provider account, the unique consumer service user based on the consumer-specific public key. 10 . The machine-storage medium of claim 9 , wherein the consumer-specific private key is inaccessible to the consumer account outside of the consumer application. 11 . The machine-storage medium of claim 10 , wherein the consumer-specific private key is inaccessible to the provider account. 12 . The machine-storage medium of claim 10 , wherein the consumer-specific private key is stored in a local storage associated with the consumer account. 13 . A system comprising: at least one hardware processor; and at least one memory storing instructions that, when executed by the at least one hardware processor, cause the at least one hardware processor to perform operations comprising: providing, from a provider account in a multi-tenant database system, an application package to a consumer account, the application package including provider key information; installing a consumer application in the consumer account based on the application package; registering the consumer account in the provider account using an onboard service user and the provider key information; registering a unique consumer service user corresponding to the consumer account in the application package stored in the provider account; generating, by the consumer application, a consumer-specific private key and a consumer-specific public key; encrypting, by the consumer application, the execution request using the consumer-specific private key and a username for the unique consumer service user; transmitting, from the consumer application, to the provider account an the execution request using a direct application programming interface (API); and executing the execution request in the provider account using the unique consumer service user. 14 . The system of claim 13 , the operations further comprising: transmitting, by the consumer application, to the provider account the consumer-specific public key; and registering the unique consumer service user with the consumer-specific public key. 15 . The system of claim 13 , the operations further comprising: authenticating, by the provider account, the unique consumer service user based on the consumer-specific public key. 16 . The system of claim 15 , wherein the consumer-specific private key is inaccessible to the consumer account outside of the consumer application. 17 . The system of claim 16 , wherein the consumer-specific private key is inaccessible to the provider account. 18 . The system of claim 16 , wherein the consumer-specific private key is stored in a local storage associated with the consumer account.
Assignees
Inventors
Classifications
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title
Installation · CPC title
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
- H04L9/088Primary
Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms (network architectures or network communication protocols for using time-dependent keys in a packet data network H04L63/068) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12562898B2 cover?
- Techniques for sharing application packages in a multi-tenant database system are described. A provider account can create and share an application package with provider key information. A consumer application can be installed in a consumer account based on the application package and consumer account can be registered using an onboard service user and the provider key information. A unique con…
- Who is the assignee on this patent?
- Snowflake Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/088. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 24 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).