公开(公告)号：US11354419B2

公开(公告)日：2022-06-07

申请号：US15223962

申请日：2016-07-29

Applicant: SAP SE

Inventor： Vipul Gupta

IPC: G06F21/60 ,  G06F9/46 ,  G06F21/62

Abstract: Techniques are provided for identifying and encrypting fields of an application object at an application layer in a multi-tenant cloud architecture, using an object metadata structure of the application object. Accordingly, transparent, per-tenant encryption capabilities are provided, while enabling transfer of encrypted object data between the application layer and a storage layer.

公开(公告)号：US20180239920A1

公开(公告)日：2018-08-23

申请号：US15439368

申请日：2017-02-22

Applicant: SAP SE

Inventor： Vipul Gupta

IPC: G06F21/62 ,  H04L9/06

CPC classification number: G06F21/6218 ,  G06F21/6272 ,  H04L9/0894

Abstract: Cloud-based data is securely retrieved by obfuscating access patterns. A cloud storage system receives a request for data from a remote client that specifies a key. Thereafter, the cloud storage system iterates through an index to identify all locations corresponding to the specified key. Such index is generated by applying a series of j hash functions to each key resulting in a j different tables forming part of the index. Using the index, the cloud storage system returns data from the identified locations to the client. As each write operation works by using non-deterministic encryption, the write operation changes the records stored in this data structure, and when the record is not changed, the algorithm simply rewrites the data which is stored in the data structure by rewriting the same value back again. However since, a nondeterministic encryption is utilized, it makes it indistinguishable as to when new data was written and when existing data is rewritten.

公开(公告)号：US09898347B1

公开(公告)日：2018-02-20

申请号：US15459473

申请日：2017-03-15

Applicant: SAP SE

Inventor： Vipul Gupta

IPC: G06F9/46 ,  G06F9/50 ,  G06F9/48

CPC classification number: G06F9/5083 ,  G06F9/4881 ,  G06F9/5005 ,  G06F9/5027 ,  G06F9/5044 ,  G06F9/505 ,  G06F9/5072 ,  H04L67/1004 ,  H04L67/1008 ,  H04L67/20

Abstract: Systems and methods are provided for receiving a request for an allocation of a task in a cluster comprising a plurality of client nodes, determining a node type for the task, based on mapping the task to a list of categories, wherein at least two of categories in the list of categories overlap in range. The systems and methods further providing for searching for available client nodes based on the node type for the task to select a client node to allocate the task, determining a zone of the selected client node, wherein the zone is mapped to the list of categories, determining a wait algorithm associated with the zone of the selected node, and contacting the selected client node and passing the task and the wait algorithm to the selected client node.

公开(公告)号：US09891930B2

公开(公告)日：2018-02-13

申请号：US15147143

申请日：2016-05-05

Applicant: SAP SE

Inventor： Vipul Gupta ,  Rick Banerjee

IPC: G06F9/44 ,  G06F9/45 ,  G06F7/00 ,  G06F17/30

CPC classification number: G06F9/4488 ,  G06F8/24 ,  G06F9/449 ,  G06F17/30321 ,  G06F17/30377 ,  G06F17/30433 ,  G06F17/30525 ,  G06F17/30867

Abstract: The present disclosure involves systems, software, and computer implemented methods for identifying traits of an object. In one example, a set of traits is identified in an object-oriented system. A set of trait rules is identified. A trait data structure is generated. A set of classes in the object-oriented system is identified. For each class in the set of classes, a metadata structure is constructed. For each trait in the trait data structure, a trait rule in the trait computation rules structure is identified. The trait rule is applied to the particular metadata structure to generate a trait rule result. Whether the particular class has the particular trait is determined based on the trait rule result. In response to a determination that the particular class has the particular trait, the trait data structure is updated. The updated trait data structure indicates that the particular class has the particular trait.

公开(公告)号：US20180032550A1

公开(公告)日：2018-02-01

申请号：US15223974

申请日：2016-07-29

Applicant: SAP SE

Inventor： Vipul Gupta

IPC: G06F17/30 ,  G06F21/78

CPC classification number: G06F16/212 ,  G06F16/213 ,  G06F16/2282 ,  G06F21/6218 ,  G06F21/72 ,  G06F21/78

Abstract: In one aspect, systems and techniques for modifying a storage structure with newly encryptable fields is described. A delta encryption system loads a current database schema and an object model for a new database schema to a memory. The current database schema includes meta information identifying multiple fields and field information for a current application build. The object model includes meta information identifying multiple fields and field information for a new application build. The fields identified by the object model meta information include one or more encryptable fields. The delta encryption system calculates a field size information for the encryptable fields and compares the meta information from the current database schema with the meta information from the object model. In response to the comparison, the delta encryption system identifies which of the encryptable fields are newly encryptable fields and modifies a database based on the calculated field size information.

公开(公告)号：US10756892B2

公开(公告)日：2020-08-25

申请号：US15428954

申请日：2017-02-09

Applicant: SAP SE

Inventor： Vipul Gupta

IPC: H04L29/06 ,  H04L9/08 ,  G06F21/00 ,  G06F21/62

Abstract: Methods and apparatus, including computer program products, are provided for securing data in a multi-tenant cloud-based system. In some implementations, there is provided a method. The method may include requesting access to at least one encrypted data element; obtaining, in response to the requesting, a long bit stream assigned to a client associated with the requested access; generating a key to decrypt the at least one data element, the key generated by selecting, based on a permutation, portions of the long bit stream; and decrypting, based on the generated key, the at least one data element. Related systems, methods, and articles of manufacture are also disclosed.

公开(公告)号：US20180227122A1

公开(公告)日：2018-08-09

申请号：US15428954

申请日：2017-02-09

Applicant: SAP SE

Inventor： Vipul Gupta

IPC: H04L9/08 ,  G06F12/14

Abstract: Methods and apparatus, including computer program products, are provided for securing data in a multi-tenant cloud-based system. In some implementations, there is provided a method. The method may include requesting access to at least one encrypted data element; obtaining, in response to the requesting, a long bit stream assigned to a client associated with the requested access; generating a key to decrypt the at least one data element, the key generated by selecting, based on a permutation, portions of the long bit stream; and decrypting, based on the generated key, the at least one data element. Related systems, methods, and articles of manufacture are also disclosed.

公开(公告)号：US20180034792A1

公开(公告)日：2018-02-01

申请号：US15223954

申请日：2016-07-29

Applicant: SAP SE

Inventor： Vipul Gupta

IPC: H04L29/06

CPC classification number: G06F21/6218 ,  G06F21/602

Abstract: When storing encrypted data within a database, a key identifier may be appended to the encrypted data as a prefix. Then, when decrypting the encrypted data, the key identifier may then be used to identify an encryption key used to encrypt the data, even when multiple encryption keys have been used in encrypting and storing the encrypted data as a whole.

公开(公告)号：US10360397B2

公开(公告)日：2019-07-23

申请号：US15439368

申请日：2017-02-22

Applicant: SAP SE

Inventor： Vipul Gupta

IPC: G06F21/00 ,  G06F21/62 ,  H04L9/08

Abstract: Cloud-based data is securely retrieved by obfuscating access patterns. A cloud storage system receives a request for data from a remote client that specifies a key. Thereafter, the cloud storage system iterates through an index to identify all locations corresponding to the specified key. Such index is generated by applying a series of j hash functions to each key resulting in a j different tables forming part of the index. Using the index, the cloud storage system returns data from the identified locations to the client. As each write operation works by using non-deterministic encryption, the write operation changes the records stored in this data structure, and when the record is not changed, the algorithm simply rewrites the data which is stored in the data structure by rewriting the same value back again. However since, a nondeterministic encryption is utilized, it makes it indistinguishable as to when new data was written and when existing data is rewritten.

公开(公告)号：US10067912B2

公开(公告)日：2018-09-04

申请号：US15272655

申请日：2016-09-22

Applicant: SAP SE

Inventor： Vipul Gupta

IPC: G06F17/18

Abstract: Systems and methods include determination of a first data analysis period, determination of a first plurality of sets of parameter values, each of the first plurality of sets of parameter values being associated with a respective time period within the first data analysis period and describing a statistical distribution of data points associated with the respective time period, determination of a statistical distribution associated with the first data analysis period based on the first plurality of sets of parameter values, determination of a system condition based on the statistical distribution associated with the first data analysis period, and initiation of an action based on the determined system condition.