公开(公告)号：US12210897B2

公开(公告)日：2025-01-28

申请号：US17457802

申请日：2021-12-06

Applicant: SAP SE

Inventor： Benny Rolle ,  Ufuoma Ighoroje ,  Matthias Vogel

IPC: G06F9/46 ,  G06F9/448 ,  G06F11/07 ,  G06F16/28

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes receiving a request to initiate an aligned purpose disassociation protocol for a purpose for an object instance. A determination is made as to whether a timestamp is stored for the purpose and the object instance that indicates an earliest time that the purpose can be disassociated from the object instance. The request is accepted in response to determining that no timestamp is stored for the purpose and the object instance that is greater than the current time. A status request is sent to applications that requests a status response that indicates whether an application can disassociate the purpose from the object instance. Status responses are received from at least some of the applications. A disassociation decision for the purpose and the object instance is determined based on the received status responses.

公开(公告)号：US20250013602A1

公开(公告)日：2025-01-09

申请号：US18347065

申请日：2023-07-05

Applicant: SAP SE

Inventor： Stefan Hesse ,  Matthias Vogel ,  Benny Rolle ,  Carsten Pluder ,  Volker Lehnert ,  Diane Schmidt ,  Martina Knoedler

IPC: G06F16/11 ,  G06F16/182

Abstract: The present disclosure involves systems, software, and computer implemented methods for data privacy. One example method includes performing a processing action for a data subject for a purpose using a set of data categories that are associated with the purpose. The purpose has a retention period and is a parent purpose in a purpose hierarchy with at least one dependent purpose as a child purpose of the purpose. Dependent purpose retention periods and dependent purpose data categories are determined for each dependent purposes as respective subsets of the set of data categories. In response to an end of purpose for the purpose, data of the set of data categories is blocked. Data in the set of data categories that are not dependent purpose data categories is retained according to the retention period and data of each dependent purpose data category is retained according to a corresponding dependent retention period.

公开(公告)号：US12182284B2

公开(公告)日：2024-12-31

申请号：US17680759

申请日：2022-02-25

Applicant: SAP SE

Inventor： Benny Rolle ,  Matthias Vogel

IPC: G06F21/62

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes determining, by a data privacy integration service, a condition that has occurred from performing a data privacy integration protocol that indicates that a first object is to be redistributed to applications in a multiple-application landscape. Application responder group configurations are identified that group the applications into multiple redistribution responder groups for performing redistribution operations for an object type of the first object in response to redistribution requests. A redistribution command to redistribute the first object is sent to each application in a first redistribution responder group. If all redistribution statuses received from applications in the first redistribution responder group indicate successful redistribution of the first object, the redistribution command is sent to each application in a second redistribution responder group.

公开(公告)号：US20240370582A1

公开(公告)日：2024-11-07

申请号：US18772470

申请日：2024-07-15

Applicant: SAP SE

Inventor： Benny Rolle ,  Ufuoma Ighoroje ,  Matthias Vogel

IPC: G06F21/62 ,  G06F16/903

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes determining to initiate an integrated end of purpose protocol for an object. An end-of-purpose query is provided to multiple applications that requests each application to determine whether the application is able to block the object. End-of-purpose statuses are received, in response to the end-of-purpose query, that each indicate whether a respective application is able to block the object. The end-of-purpose statuses are evaluated to determine whether an aligned end of purpose has been reached for the object. In response to determining that the aligned end of purpose has been reached for the object, a block command is provided to each application that instructs the application to locally block the object in the application.

公开(公告)号：US12067139B2

公开(公告)日：2024-08-20

申请号：US17702013

申请日：2022-03-23

Applicant: SAP SE

Inventor： Benny Rolle ,  Ufuoma Ighoroje ,  Matthias Vogel

IPC: G06F21/62 ,  G06F16/903

CPC classification number: G06F21/6218 ,  G06F16/90335

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes determining to initiate an integrated end of purpose protocol for an object. An end-of-purpose query is provided to multiple applications that requests each application to determine whether the application is able to block the object. End-of-purpose statuses are received, in response to the end-of-purpose query, that each indicate whether a respective application is able to block the object. The end-of-purpose statuses are evaluated to determine whether an aligned end of purpose has been reached for the object. In response to determining that the aligned end of purpose has been reached for the object, a block command is provided to each application that instructs the application to locally block the object in the application.

公开(公告)号：US20240184895A1

公开(公告)日：2024-06-06

申请号：US18074745

申请日：2022-12-05

Applicant: SAP SE

Inventor： Matthias Vogel ,  Benny Rolle

IPC: G06F21/60 ,  H04L67/10

CPC classification number: G06F21/60 ,  H04L67/10

Abstract: The present disclosure involves systems, software, and computer implemented methods for using asynchronous ping messages for determining capability of systems for executing asynchronous protocols. One example method includes sending a work package to at least one application in a multiple-application landscape to determine capabilities of each application for participating in a data privacy integration protocol. Application responses to the sending of the work package are evaluated to determine capabilities of each application for participating in the protocol. A determination is made regarding whether each application is capable of participating in the protocol. In response to determining that at least one application is not capable of participating in the protocol, at least one corrective action regarding the protocol is performed. In response to determining that each application is capable of participating in the protocol, at least one protocol action is performed for the protocol.

公开(公告)号：US20230385449A1

公开(公告)日：2023-11-30

申请号：US17867642

申请日：2022-07-18

Applicant: SAP SE

Inventor： Carsten Pluder ,  Diane Schmidt ,  Volker Lehnert ,  Martina Knoedler ,  Thorsten Bruckmeier ,  Philipp Alexander Zikesch ,  Bernhard Drittler ,  Matthias Vogel ,  Katrin Ludwig ,  Naved Ahmed ,  Saritha Palli ,  Shweta Sureshchandra Gupta ,  Arun Kumar Gowd ,  Dev Karan Ahuja ,  Shwetha H S

IPC: G06F21/62 ,  G06F21/78

CPC classification number: G06F21/6254 ,  G06F21/6209 ,  G06F21/78

Abstract: Systems and processes for managing access to personal data based on a purpose for storing the personal data are provided. In a method for managing personal data access, personal data for a data subject corresponding to a first data category is received, and an operation is executed in a purpose agent to associate one or more purposes to the personal data, where the one or more purposes are assigned to the first data category and include at least a first purpose. The personal data may be stored in a data storage system, and the stored personal data may be designated as being associated with the one or more purposes. Access to the personal data may be controlled based on the one or more purposes.

公开(公告)号：US11714828B2

公开(公告)日：2023-08-01

申请号：US17186934

申请日：2021-02-26

Applicant: SAP SE

Inventor： Benny Rolle ,  Matthias Vogel ,  Carsten Pluder ,  Ufuoma Ighoroje ,  Carlo Fuerst ,  Iwona Luther

IPC: G06F16/00 ,  G06F16/27

CPC classification number: G06F16/273

Abstract: The present disclosure involves systems, software, and computer implemented methods for aligned purpose disassociation in a multi-system landscape. One example method includes receiving, from multiple systems, a can-disassociate status for a purpose for an object instance. The status from a respective system can be an affirmative status that indicates that the system can disassociate the purpose from the instance or a negative status that indicates that the system cannot disassociate the purpose from the instance. The received statuses are evaluated to determine a central disassociate purpose decision for the purpose for the instance. The central disassociate purpose decision can be to disassociate the purpose from the instance when no system has the negative status and to not disassociate the purpose from the instance when at least one system has the negative status. The central disassociate purpose decision is provided to at least some of the multiple systems.

公开(公告)号：US20230179602A1

公开(公告)日：2023-06-08

申请号：US17680741

申请日：2022-02-25

Applicant: SAP SE

Inventor： Benny Rolle ,  Matthias Vogel

IPC: H04L9/40

CPC classification number: H04L63/102 ,  H04L63/105 ,  H04L63/205

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes receiving a request to initiate a data privacy integration protocol for applications in a multiple-application landscape. Voting responder group configurations are identified that group the applications into multiple voting responder groups for performing voting for the protocol. A voting request for the protocol is sent to applications in a first voting responder group. Data privacy integration protocol votes are received from the applications in the first voting responder group and a determination is made as to whether any application in the first voting responder group provided a veto vote for the protocol. If at least one application in the first voting responder group provided a veto vote for an object, the protocol is ended for the object without sending a voting request to applications in a second voting responder group.

公开(公告)号：US20230177206A1

公开(公告)日：2023-06-08

申请号：US17718770

申请日：2022-04-12

Applicant: SAP SE

Inventor： Benny Rolle ,  Matthias Vogel ,  Iwona Luthor ,  Girish Sainath

IPC: G06F21/62 ,  G06F21/64 ,  G06F16/23

CPC classification number: G06F21/6245 ,  G06F21/64 ,  G06F16/2365 ,  G06F16/2358

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes providing ticket details for a data privacy integration protocol to each application in a multiple-application landscape. Each application has a relevant object type list and is included in a particular voting responder group for providing votes for the data privacy integration protocol. A first voting work package is created that includes a first subset of object identifiers included in the ticket. A work package object list is generated for each application based on the first subset of object identifiers. Object identifiers are removed from the work package object list for an application that have an associated object type that is not included in the relevant object type list for the application. Votes for the protocol are received from the first set of applications for a second subset of object identifiers.