Controlling user creation of data resources on a data processing platform

US 10,079,832 B1
Filed: 11/29/2017
Issued: 09/18/2018
Est. Priority Date: 10/18/2017
Status: Active Grant

First Claim

Patent Images

1. A method of controlling user creation of data resources on a software platform for storing and executing data resources for multiple users, wherein the method is performed using one or more processors or special-purpose computing hardware, the method comprising:

receiving from a user a user request to create a data resource on the software platform, the user request comprising, or identifying, a specification indicative of the data resource and a user identifier associated with said external user;

performing verification of said user using the user identifier to determine if said user is permitted to create or modify the data resource indicated in the specification in accordance with a predetermined set of permissions; and

responsive to verifying said user in accordance with the predetermined set of permissions;

creating a version of the data resource indicated in accordance with the specification for deployment on the software platform for subsequent access or execution by said user;

identifying one or more annotations in the data resource specification;

in response to identifying an annotation associated with a security feature, associating, to the created data resource, an executable launch function that, when executed, obtains secret information necessary for accessing or executing the data resource when deployed on the software platform, wherein the launch function, when executed, transmits a data resource identifier to a software platform controller and receives therefrom information necessary for one or more actions to be performed on or by the created data resource.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are disclosed for controlling user creation of data resources on a software platform for storing and executing data resources for multiple users. The methods and systems may be performed using one or more processors or special-purpose computing hardware, and may comprise receiving from a user a user request to create a data resource on the software platform, the user request comprising, or identifying, a specification indicative of the data resource and a user identifier associated with said external user. A further operation may comprise performing verification of said user using the user identifier to determine if said user is permitted to create or modify the data resource indicated in the specification in accordance with a predetermined set of permissions. A further operation may comprise, responsive to verifying said user in accordance with the predetermined set of permissions, creating a version the data resource indicated in accordance with the specification for deployment on the software platform for subsequent access or execution by said user.

130 Citations

18 Claims

1. A method of controlling user creation of data resources on a software platform for storing and executing data resources for multiple users, wherein the method is performed using one or more processors or special-purpose computing hardware, the method comprising:
- receiving from a user a user request to create a data resource on the software platform, the user request comprising, or identifying, a specification indicative of the data resource and a user identifier associated with said external user;
  
  performing verification of said user using the user identifier to determine if said user is permitted to create or modify the data resource indicated in the specification in accordance with a predetermined set of permissions; and
  
  responsive to verifying said user in accordance with the predetermined set of permissions;
  
  creating a version of the data resource indicated in accordance with the specification for deployment on the software platform for subsequent access or execution by said user;
  
  identifying one or more annotations in the data resource specification;
  
  in response to identifying an annotation associated with a security feature, associating, to the created data resource, an executable launch function that, when executed, obtains secret information necessary for accessing or executing the data resource when deployed on the software platform, wherein the launch function, when executed, transmits a data resource identifier to a software platform controller and receives therefrom information necessary for one or more actions to be performed on or by the created data resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising, responsive to verifying said user:
    - identifying one or more other annotations in the data resource specification;
      
      associating, to the created data resource, an executable launch function appropriate to each of the identified annotations, wherein the launch function, when executed, transmits a data resource identifier to a software platform controller and receives therefrom information necessary for one or more actions to be performed on or by the created data resource.
  - 3. The method of claim 2, wherein the software platform controller further determines that the user has been verified prior to providing the launch function with said information.
  - 4. The method of claim 2, wherein the software platform controller further determines attributes of the user and/or the data resource using the data resource identifier, and, provides said information based on said attributes.
  - 5. The method of claim 2, wherein the said information defines whether the user is permitted to create, edit and/or delete the data resource.
  - 6. The method of claim 1, wherein the secret information is received from a secure vault, external to the launch function and the software platform controller.
  - 7. The method of claim 6, wherein the secret information received from the software platform controller comprises a wrapped token, and wherein the launch function queries the secure server using the secret information to obtain the secret information.
  - 8. The method of claim 6, wherein the secret information comprises a password and/or a digital certificate.
  - 9. The method of claim 1, wherein performing verification comprises verifying that said user is permitted to create new data resources in accordance with the predefined set of permissions.
  - 10. The method of claim 1, wherein the user request comprises an indication that the data resource is required to be accessible to one or more other users, external to the software platform, via a network link, the method further comprising:
    - verifying that said user is permitted to allow access to the data resource by external users;
      
      responsive to verifying that said user is so permitted, creating one or more replicas of the data resource, and subsequently routing access requests from one or more external users to the one or more replicas.
  - 11. The method of claim 10, wherein the indication that the data resource is required to be accessible to one or more other users comprises identifying an annotation in the user request associated with said external user access, the method further comprising:
    - identifying other user access requests to the data resource by means of a corresponding annotation in the other user requests, the annotation optionally being a URL path.
  - 12. The method of claim 10, further comprising creating a plurality of replicas of the data resource and routing access requests from the one or more other users by means of a load balancing algorithm.

13. A non-transitory computer-readable storage medium storing one or more sequences of instructions which, when executed by one or more processors of a data processing apparatus, causes the data processing apparatus to perform a method of controlling user creation of data resources on a software platform for storing and executing data resources for multiple users, the method comprising:
- receiving from a user a user request to create a data resource on the software platform, the user request comprising, or identifying, a specification indicative of the data resource and a user identifier associated with said external user;
  
  performing verification of said user using the user identifier to determine if said user is permitted to create or modify the data resource indicated in the specification in accordance with a predetermined set of permissions;
  
  responsive to verifying said user in accordance with the predetermined set of permissions;
  
  creating a version of the data resource indicated in accordance with the specification for deployment on the software platform for subsequent access or execution by said user;
  
  identifying one or more annotations in the data resource specification;
  
  in response to identifying an annotation associated with a security feature, associating, to the created data resource, an executable launch function that, when executed, obtains secret information necessary for accessing or executing the data resource when deployed on the software platform, wherein the launch function, when executed, transmits a data resource identifier to a software platform controller and receives therefrom information necessary for one or more actions to be performed on or by the created data resource.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer-readable storage medium of claim 13, further comprising sequences of instructions which, when executed by the one or more processors of the data processing apparatus, causes the data processing apparatus to perform:
    - responsive to verifying said user, identifying one or more annotations in the data resource specification, associating an executable launch function appropriate to the or each identified annotation to the created data resource, wherein the launch function, when executed, transmits a data resource identifier to a software platform controller and receives therefrom information necessary for one or more actions to be performed on or by the created data resource.
  - 15. The non-transitory computer-readable storage medium of claim 14, further comprising sequences of instructions which, when executed by the one or more processors of the data processing apparatus, causes the software platform controller to determine that the user has been verified prior to providing the launch function with said information.
  - 16. The non-transitory computer-readable storage medium of claim 14, further comprising sequences of instructions which, when executed by the one or more processors of the data processing apparatus, causes the software platform controller to determine attributes of the user and/or the data resource using the data resource identifier, and, provides said information based on said attributes.
  - 17. The non-transitory computer-readable storage medium of claim 13, further comprising sequences of instructions which, when executed by the one or more processors of the data processing apparatus, causes the data processing apparatus to receive the secret information from a secure vault, external to the launch function and the software platform controller.
  - 18. The non-transitory computer-readable storage medium of claim 17, further comprising sequences of instructions which, when executed by the one or more processors of the data processing apparatus, causes the data processing apparatus to receive the secret information from the software platform controller as a wrapped token, and to cause the launch function to query the secure server using the secret information to obtain the secret information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palantir Technologies Incorporated
Original Assignee
Palantir Technologies Incorporated
Inventors
Dearment, Greg, Anderson, Adam, Bradshaw, Andrew, Moylan, Bradley, Zhao, Jason
Primary Examiner(s)
Shayanfar, Ali

Application Number

US15/826,321
Time in Patent Office

293 Days
Field of Search
US Class Current
CPC Class Codes

G06F 8/60   Software deployment

G06F 9/445   Program loading or initiati...

G06F 9/5027   the resource being a machin...

G06F 9/505   considering the load

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/168   above the transport layer

Controlling user creation of data resources on a data processing platform

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

130 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling user creation of data resources on a data processing platform

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

130 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links