公开(公告)号：US20230247034A1

公开(公告)日：2023-08-03

申请号：US17590145

申请日：2022-02-01

Applicant: SAP SE

Inventor： Matthias Vogel ,  Nathalie Stephanie Bergstroem

IPC: H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/0435 ,  H04L63/062

Abstract: Applications create log entries comprising data regarding operations performed by the applications. The log entries are provided to an audit-log service to allow auditing of the log entries. An audit-log sidecar for each application is used to send log entries to the audit-log service. The audit-log service may experience downtime. If the audit-log service is unavailable, the log entries are sent to one or more other audit-log sidecars for storage. When the audit-log service again becomes available, all audit-log sidecars send their stored log entries to the audit-log service. In this way, the audit-log service is enabled to determine if there is a discrepancy between log entries reported by an application and log entries reported for the application by other audit-log sidecars. As a result, an attack on an application will not go undetected, even if the attack occurs while the audit-log service is unavailable.

公开(公告)号：US20230177194A1

公开(公告)日：2023-06-08

申请号：US17702013

申请日：2022-03-23

Applicant: SAP SE

Inventor： Benny Rolle ,  Ufuoma Ighoroje ,  Matthias Vogel

IPC: G06F21/62 ,  G06F16/903

CPC classification number: G06F21/6218 ,  G06F16/90335

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes determining to initiate an integrated end of purpose protocol for an object. An end-of-purpose query is provided to multiple applications that requests each application to determine whether the application is able to block the object. End-of-purpose statuses are received, in response to the end-of-purpose query, that each indicate whether a respective application is able to block the object. The end-of-purpose statuses are evaluated to determine whether an aligned end of purpose has been reached for the object. In response to determining that the aligned end of purpose has been reached for the object, a block command is provided to each application that instructs the application to locally block the object in the application.

公开(公告)号：US11042654B2

公开(公告)日：2021-06-22

申请号：US16216400

申请日：2018-12-11

Applicant: SAP SE

Inventor： Kathrin Nos ,  Michael Engler ,  Matthias Vogel

IPC: G06F21/60 ,  G06F21/62 ,  H04L29/06 ,  G06F16/907

Abstract: Metadata describing access control capabilities of a database technology resource is received from an access control system. Access restrictions for accessing data of the database resource by users of an application that have a role are received from an application developer. A role maintenance user interface is generated, using the metadata, for assigning the role to users of the application. Attribute values for creating an instance of the role for a user are received, using the role maintenance user interface. The instance of the role is created for the user based on the received attribute values and the access restrictions. A request from the application for the user to access the database resource is received by the access control system when the user is logged into the application. The access restrictions are applied by the access control system in the database resource when the database resource is accessed.

公开(公告)号：US12216716B2

公开(公告)日：2025-02-04

申请号：US18049063

申请日：2022-10-24

Applicant: SAP SE

Inventor： Stefan Hesse ,  Matthias Vogel

IPC: G06F16/93 ,  G06F21/33

Abstract: In an implementation, a request for one or more attachments stored in an application document store is received from a requestor and by an application agent associated with an application. For each attachment identified in the request, the application agent: 1) requests the attachment from a data privacy integration (DPI) kernel service; 2) receives a download link to an attachment in the application document store; 3) downloads, using the download link, the attachment from the application document store; 4) informs the DPI kernel service that a download of the attachment is complete; and 5) receives a message from the DPI kernel service that the download link has been deactivated. The application agent returns the one or more attachments to the requestor.

公开(公告)号：US20240346167A1

公开(公告)日：2024-10-17

申请号：US18751559

申请日：2024-06-24

Applicant: SAP SE

Inventor： Matthias Vogel ,  Benny Rolle ,  Ufuoma Ighoroje

IPC: G06F21/62 ,  G06F21/31 ,  G06F21/55

CPC classification number: G06F21/6218 ,  G06F21/31 ,  G06F21/554

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes determining to initiate an integrated end of purpose protocol for an object of an object type. Target applications are determined that are allowed to process objects of the object type for at least one purpose, based on identified purpose information. An end-of-purpose query is provided to the target applications and an end-of-purpose status is received from each target application that indicates whether the application is able to block the object. The received statuses are evaluated to determine whether an aligned end of purpose has been reached for the object. In response to determining that the aligned end of purpose has been reached for the object, a block command is provided to each of the multiple applications that instructs a respective application to locally block the object.

公开(公告)号：US12072993B2

公开(公告)日：2024-08-27

申请号：US17457797

申请日：2021-12-06

Applicant: SAP SE

Inventor： Ufuoma Ighoroje ,  Benny Rolle ,  Matthias Vogel ,  Carsten Pluder

IPC: G06F21/62 ,  G06F16/903

CPC classification number: G06F21/6218 ,  G06F16/90335 ,  G06F21/629

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes determining to initiate an integrated end of purpose protocol for an object. An end-of-purpose query is provided to multiple applications that requests each application to determine whether the application is able to block the object. End-of-purpose statuses are received, in response to the end-of-purpose query, that each indicate whether a respective application is able to block the object. The end-of-purpose statuses are evaluated to determine whether an aligned end of purpose has been reached for the object. In response to determining that the aligned end of purpose has been reached for the object, a block command is provided to each application that instructs the application to locally block the object in the application.

公开(公告)号：US20240184914A1

公开(公告)日：2024-06-06

申请号：US18073164

申请日：2022-12-01

Applicant: SAP SE

Inventor： Benny Rolle ,  Matthias Vogel

IPC: G06F21/62

CPC classification number: G06F21/6245

Abstract: The present disclosure involves systems, software, and computer implemented methods for using multiple synonymous identifiers in data privacy integration protocols. One example method includes identifying a request to initiate a protocol in a multiple-application landscape for an object with an identifier. A determination is made that at least one context-using application participant of the protocol relies on a context-providing application participant of the protocol for resolving the identifier to a local identifier local to a context of the context-providing application participant. A resolution request is sent to context-providing application participants that can provide resolution for an identifier for at least one context-using application. A local identifier corresponding to the identifier that is local to the context of the context-providing application participant is received from each context-providing application participant. A protocol work package that includes a resolved local identifier to is sent to each context-using application participant.

公开(公告)号：US20230177213A1

公开(公告)日：2023-06-08

申请号：US17457811

申请日：2021-12-06

Applicant: SAP SE

Inventor： Benny Rolle ,  Ufuoma Ighoroje ,  Matthias Vogel ,  Geetha Gopalakrishnan ,  Tobias Schmidt ,  Antsa Andriamboavonjy ,  Dharshan A ,  Carsten Pluder

IPC: G06F21/62 ,  G06F16/11 ,  H04L67/566

CPC classification number: G06F21/629 ,  G06F16/125 ,  G06F16/113 ,  H04L67/2833

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes receiving, from a requesting application in a landscape that includes a set of multiple applications, a data subject information request for a data subject. A set of target applications is determined from the set of multiple applications. The data subject information request is provided to each target application in the set of target applications. A data subject information response is received from each of the target applications. Each data subject information response includes application data for the data subject that was retrieved by a respective target application in response to the data subject information request. The received data subject information responses are aggregated to generate an aggregated data subject information response. The aggregated data subject information response is provided to the requesting application in response to the data subject information request.

公开(公告)号：US20230177189A1

公开(公告)日：2023-06-08

申请号：US17457827

申请日：2021-12-06

Applicant: SAP SE

Inventor： Ufuoma Ighoroje ,  Benny Rolle ,  Matthias Vogel ,  Carsten Pluder ,  Karl Tillmann Rendel

IPC: G06F21/62 ,  G06F16/903

CPC classification number: G06F21/6218 ,  G06F16/90335

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes sending a block command for an object to each application in a multiple-application landscape that includes a master data distribution application. A blocking status is received from each application that indicates whether the application successfully blocked the object in response to the block command. An overall blocking status is determined based on the received blocking statuses. In response to determining that at least one application failed to block the object, an unblock command is sent to each application. An unblocking status is received from each application and an overall unblocking status is determined. In response to determining that at least one application failed to unblock the object, a redistribution request is sent to the master data distribution application to redistribute the object to applications that failed to unblock the object.

公开(公告)号：US20230177187A1

公开(公告)日：2023-06-08

申请号：US17457816

申请日：2021-12-06

Applicant: SAP SE

Inventor： Matthias Vogel ,  Benny Rolle ,  Ufuoma Ighoroje

IPC: G06F21/62 ,  G06F21/55 ,  G06F21/31

CPC classification number: G06F21/6218 ,  G06F21/554 ,  G06F21/31

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes determining to initiate an integrated end of purpose protocol for an object of an object type. Target applications are determined that are allowed to process objects of the object type for at least one purpose, based on identified purpose information. An end-of-purpose query is provided to the target applications and an end-of-purpose status is received from each target application that indicates whether the application is able to block the object. The received statuses are evaluated to determine whether an aligned end of purpose has been reached for the object. In response to determining that the aligned end of purpose has been reached for the object, a block command is provided to each of the multiple applications that instructs a respective application to locally block the object.