公开(公告)号：US11429716B2

公开(公告)日：2022-08-30

申请号：US16696594

申请日：2019-11-26

Applicant: SAP SE

Inventor： Cedric Hebert ,  Merve Sahin ,  Anderson Santana de Oliveira

IPC: G06F21/55 ,  G06F21/53 ,  G06F21/56 ,  G06F8/65 ,  G06F21/54

Abstract: Systems, methods, and computer media for collaboratively securing software applications are provided herein. Through a collaborative approach, the described examples allow detection and management of unauthorized users across applications and application suites. By communicating details regarding cyber-attacks among applications, threats to applications can be managed pre-emptively. For example, applications can use attacks on other applications to implement new honeytokens, threat detection points, and blacklisted usernames or other identifiers to limit data access in future attacks.

公开(公告)号：US20220109692A1

公开(公告)日：2022-04-07

申请号：US17062903

申请日：2020-10-05

Applicant: SAP SE

Inventor： Cedric Hebert ,  Merve Sahin ,  Anderson Santana de Oliveira ,  Rocio Cabrera Lozoya ,  Aicha Mhedhbi

IPC: H04L29/06 ,  G06F9/54

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Using deceptive endpoints, attacks directed to API endpoints can be detected, and attackers can be monitored or blocked. Deceptive endpoints can be automatically generated by modifying valid endpoints for an application. Deceptive endpoints are not valid endpoints for the application, so if a deceptive endpoint is accessed, it is an indication of an attack. When a deceptive endpoint is deployed, accessing the deceptive endpoint can cause an alert to be generated, and an account, user, or device associated with accessing the deceptive endpoint can be blocked or monitored.

公开(公告)号：US11087025B2

公开(公告)日：2021-08-10

申请号：US16215358

申请日：2018-12-10

Applicant: SAP SE

Inventor： Anderson Santana de Oliveira ,  Lorenzo Frigerio ,  Laurent Gomez

IPC: G06F21/62 ,  H04L29/06 ,  G06N3/02 ,  G06F9/54 ,  H04L29/08

Abstract: Streaming data is received that is derived from at least one sensor (e.g., IoT sensors, etc.). At least one differential privacy algorithm is subsequently used to anonymize the received streaming data. The modified streaming data can then be provided (e.g., made available, stored, transmitted over a network, etc.) to at least one consuming computing device. Related apparatus, systems, techniques and articles are also described.

公开(公告)号：US10958685B2

公开(公告)日：2021-03-23

申请号：US16211802

申请日：2018-12-06

Applicant: SAP SE

Inventor： Cedric Hebert ,  Anderson Santana de Oliveira ,  Lorenzo Frigerio

IPC: G06F21/00 ,  H04L29/06 ,  G06N7/00

Abstract: Data is received that includes a plurality of fields. These fields are modified using at least one differential privacy algorithm to result in fake data. This fake data is subsequently used to seed and enable a honeypot so that access to such honeypot and fake data can be monitored and/or logged. Related apparatus, systems, techniques and articles are also described.

公开(公告)号：US20210067551A1

公开(公告)日：2021-03-04

申请号：US16552951

申请日：2019-08-27

Applicant: SAP SE

Inventor： Cedric Hebert ,  Merve Sahin ,  Anderson Santana de Oliveira

IPC: H04L29/06

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Through the use of an identifier such as a digital fingerprint, application sessions or session requests that use the same credentials can be distinguished, and malicious users can be detected and managed. A request to establish a session with an application can be received. Based on a digital fingerprint associated with the request, it can be determined that although a credential included in the request is valid, the request is unauthorized by comparing the digital fingerprint to known malicious fingerprints. When the fingerprint is found to be malicious, a cloned application session having at least partially fake data can be established instead of the requested application, thus limiting an attacker's access to real application data without revealing to the attacker that the attack has been detected.

公开(公告)号：US20200186567A1

公开(公告)日：2020-06-11

申请号：US16211802

申请日：2018-12-06

Applicant: SAP SE

Inventor： Cedric Hebert ,  Anderson Santana de Oliveira ,  Lorenzo Frigerio

IPC: H04L29/06 ,  G06N7/00

Abstract: Data is received that includes a plurality of fields. These fields are modified using at least one differential privacy algorithm to result in fake data. This fake data is subsequently used to seed and enable a honeypot so that access to such honeypot and fake data can be monitored and/or logged. Related apparatus, systems, techniques and articles are also described.

公开(公告)号：US10162982B2

公开(公告)日：2018-12-25

申请号：US14965194

申请日：2015-12-10

Applicant: SAP SE

Inventor： Anderson Santana de Oliveira ,  Michael Grifalconi

IPC: H04L29/06 ,  G06F21/62

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving, by an authorization manager of a cloud-platform, a request from an application, the request indicating a request to access personal user data stored in a database system of the cloud-platform, determining, by the authorization manager and based on user input from a user, that access to the personal user data is to be granted, and in response: providing, by the authorization manager, an access token to the application, receiving an access request from the application, the access request including the access token, and selectively providing the personal user data from a database container of the database system based on the access token, the database container being specific to the user.