公开(公告)号：US20240275780A1

公开(公告)日：2024-08-15

申请号：US18637239

申请日：2024-04-16

Applicant: SAP SE

Inventor： Cedric Hebert ,  Anderson Santana de Oliveira ,  Merve Sahin

IPC: H04L9/40

CPC classification number: H04L63/0853 ,  H04L63/0281 ,  H04L63/083 ,  H04L63/1416

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Through an enhanced authentication token, an application session request can be deceptively authenticated. When a malicious session request is detected, an enhanced authentication token can be generated that appears to successfully authenticate the session but contains information indicating that the session is malicious. The attacker believes that the session has been authenticated, but the information in the token indicating that the session is malicious causes an application clone session to be established instead of an actual application session. The clone session appears to be an actual application session but protects the valid user's account by including fake data instead of the user's actual data.

公开(公告)号：US20210160277A1

公开(公告)日：2021-05-27

申请号：US16696588

申请日：2019-11-26

Applicant: SAP SE

Inventor： Cedric Hebert ,  Andrea Palmieri ,  Merve Sahin ,  Anderson Santana de Oliveira

IPC: H04L29/06

Abstract: Systems, methods, and computer media for securing software applications are provided herein. The multi-factor fingerprints allow attackers to be distinguished from authorized users and allow different types of attacks to be distinguished. The multi-factor fingerprint can include, for example, a session identifier component, a software information component, and a hardware information component. The different components can be separately compared to components of stored fingerprints to determine whether an application session request is malicious, and if so, what type of attack, such as session cookie theft or a spoofing attack, is occurring.

公开(公告)号：US20170169249A1

公开(公告)日：2017-06-15

申请号：US14965194

申请日：2015-12-10

Applicant: SAP SE

Inventor： Anderson Santana de Oliveira ,  Michael Grifalconi

IPC: G06F21/62 ,  H04L29/06

CPC classification number: G06F21/6245 ,  H04L63/10 ,  H04L63/102 ,  H04L67/10

Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving, by an authorization manager of a cloud-platform, a request from an application, the request indicating a request to access personal user data stored in a database system of the cloud-platform, determining, by the authorization manager and based on user input from a user, that access to the personal user data is to be granted, and in response: providing, by the authorization manager, an access token to the application, receiving an access request from the application, the access request including the access token, and selectively providing the personal user data from a database container of the database system based on the access token, the database container being specific to the user.

公开(公告)号：US11979395B2

公开(公告)日：2024-05-07

申请号：US17034487

申请日：2020-09-28

Applicant: SAP SE

Inventor： Cedric Hebert ,  Anderson Santana de Oliveira ,  Merve Sahin

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/0853 ,  H04L63/0281 ,  H04L63/083 ,  H04L63/1416

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Through an enhanced authentication token, an application session request can be deceptively authenticated. When a malicious session request is detected, an enhanced authentication token can be generated that appears to successfully authenticate the session but contains information indicating that the session is malicious. The attacker believes that the session has been authenticated, but the information in the token indicating that the session is malicious causes an application clone session to be established instead of an actual application session. The clone session appears to be an actual application session but protects the valid user's account by including fake data instead of the user's actual data.

公开(公告)号：US11539742B2

公开(公告)日：2022-12-27

申请号：US16696588

申请日：2019-11-26

Applicant: SAP SE

Inventor： Cedric Hebert ,  Andrea Palmieri ,  Merve Sahin ,  Anderson Santana de Oliveira

IPC: H04L29/06 ,  H04L9/40

Abstract: Systems, methods, and computer media for securing software applications are provided herein. The multi-factor fingerprints allow attackers to be distinguished from authorized users and allow different types of attacks to be distinguished. The multi-factor fingerprint can include, for example, a session identifier component, a software information component, and a hardware information component. The different components can be separately compared to components of stored fingerprints to determine whether an application session request is malicious, and if so, what type of attack, such as session cookie theft or a spoofing attack, is occurring.

公开(公告)号：US11425166B2

公开(公告)日：2022-08-23

申请号：US16552951

申请日：2019-08-27

Applicant: SAP SE

Inventor： Cedric Hebert ,  Merve Sahin ,  Anderson Santana de Oliveira

IPC: H04L9/40 ,  H04L67/146 ,  H04L29/06

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Through the use of an identifier such as a digital fingerprint, application sessions or session requests that use the same credentials can be distinguished, and malicious users can be detected and managed. A request to establish a session with an application can be received. Based on a digital fingerprint associated with the request, it can be determined that although a credential included in the request is valid, the request is unauthorized by comparing the digital fingerprint to known malicious fingerprints. When the fingerprint is found to be malicious, a cloned application session having at least partially fake data can be established instead of the requested application, thus limiting an attacker's access to real application data without revealing to the attacker that the attack has been detected.

公开(公告)号：US20220103545A1

公开(公告)日：2022-03-31

申请号：US17034487

申请日：2020-09-28

Applicant: SAP SE

Inventor： Cedric Hebert ,  Anderson Santana de Oliveira ,  Merve Sahin

IPC: H04L29/06

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Through an enhanced authentication token, an application session request can be deceptively authenticated. When a malicious session request is detected, an enhanced authentication token can be generated that appears to successfully authenticate the session but contains information indicating that the session is malicious. The attacker believes that the session has been authenticated, but the information in the token indicating that the session is malicious causes an application clone session to be established instead of an actual application session. The clone session appears to be an actual application session but protects the valid user's account by including fake data instead of the user's actual data.

公开(公告)号：US11729213B2

公开(公告)日：2023-08-15

申请号：US17062903

申请日：2020-10-05

Applicant: SAP SE

Inventor： Cedric Hebert ,  Merve Sahin ,  Anderson Santana de Oliveira ,  Rocio Cabrera Lozoya ,  Aicha Mhedhbi

IPC: H04L9/40 ,  G06F9/54 ,  H04L67/133

CPC classification number: H04L63/1491 ,  G06F9/547 ,  H04L63/1416 ,  H04L67/133

Abstract: Systems, methods, and computer media for securing software applications are provided herein. Using deceptive endpoints, attacks directed to API endpoints can be detected, and attackers can be monitored or blocked. Deceptive endpoints can be automatically generated by modifying valid endpoints for an application. Deceptive endpoints are not valid endpoints for the application, so if a deceptive endpoint is accessed, it is an indication of an attack. When a deceptive endpoint is deployed, accessing the deceptive endpoint can cause an alert to be generated, and an account, user, or device associated with accessing the deceptive endpoint can be blocked or monitored.

公开(公告)号：US20210157917A1

公开(公告)日：2021-05-27

申请号：US16696594

申请日：2019-11-26

Applicant: SAP SE

Inventor： Cedric Hebert ,  Merve Sahin ,  Anderson Santana de Oliveira

IPC: G06F21/56 ,  G06F21/55 ,  G06F21/54 ,  G06F8/65

Abstract: Systems, methods, and computer media for collaboratively securing software applications are provided herein. Through a collaborative approach, the described examples allow detection and management of unauthorized users across applications and application suites. By communicating details regarding cyber-attacks among applications, threats to applications can be managed pre-emptively. For example, applications can use attacks on other applications to implement new honeytokens, threat detection points, and blacklisted usernames or other identifiers to limit data access in future attacks.

公开(公告)号：US20200184106A1

公开(公告)日：2020-06-11

申请号：US16215358

申请日：2018-12-10

Applicant: SAP SE

Inventor： Anderson Santana de Oliveira ,  Lorenzo Frigerio ,  Laurent Gomez

IPC: G06F21/62 ,  H04L29/06 ,  G06N3/02 ,  G06F9/54

Abstract: Streaming data is received that is derived from at least one sensor (e.g., IoT sensors, etc.). At least one differential privacy algorithm is subsequently used to anonymize the received streaming data. The modified streaming data can then be provided (e.g., made available, stored, transmitted over a network, etc.) to at least one consuming computing device. Related apparatus, systems, techniques and articles are also described.