公开(公告)号：US20250124151A1

公开(公告)日：2025-04-17

申请号：US18487283

申请日：2023-10-16

Applicant: SAP SE

Inventor： Matthias Vogel ,  Benny Rolle

IPC: G06F21/62

Abstract: The present disclosure involves systems, software, and computer implemented methods for data privacy. One example method includes receiving, from responder applications that participate in but do not initiate a data privacy integration protocol, end-of-purpose information for at least one object. The responders respond to protocol commands for executions of the protocol requested by a requester application. Identifying information for objects can be provided to each requester application in a message to the requester application that requests the requester application to determine whether the requester application currently stores the objects. At least one orphaned object can be identified from information in the responses received from the requester applications. An orphaned object is an object for which a responder application has provided end-of-purpose information but for which no requester application currently stores the object. Execution of the data privacy integration protocol can be triggered for each orphaned object.

公开(公告)号：US20250123854A1

公开(公告)日：2025-04-17

申请号：US18487365

申请日：2023-10-16

Applicant: SAP SE

Inventor： Benny Rolle ,  Matthias Vogel

IPC: G06F9/445

Abstract: The present disclosure involves systems, software, and computer implemented methods for data privacy. One example method includes receiving, from multiple systems in a multi-system landscape, data stocktaking data regarding objects in respective systems. The data stocktaking data comprises, for each respective system, a list of objects under processing in the respective system and a list of objects not under processing in the respective system. The data stocktaking data is evaluated at a central monitoring system to determine at least one misconfiguration of a data privacy integration component that manages data privacy integration in the multi-system landscape. For each identified misconfiguration, a reconfiguration of the data privacy integration component is identified. The identified reconfiguration of the data privacy integration component is applied to correct the misconfiguration.

公开(公告)号：US20250117245A1

公开(公告)日：2025-04-10

申请号：US18983618

申请日：2024-12-17

Applicant: SAP SE

Inventor： Benny Rolle ,  Ufuoma Ighoroje ,  Matthias Vogel

IPC: G06F9/46 ,  G06F9/448 ,  G06F11/07 ,  G06F16/28

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes receiving a request to initiate an aligned purpose disassociation protocol for a purpose for an object instance. A determination is made as to whether a timestamp is stored for the purpose and the object instance that indicates an earliest time that the purpose can be disassociated from the object instance. The request is accepted in response to determining that no timestamp is stored for the purpose and the object instance that is greater than the current time. A status request is sent to applications that requests a status response that indicates whether an application can disassociate the purpose from the object instance. Status responses are received from at least some of the applications. A disassociation decision for the purpose and the object instance is determined based on the received status responses.

公开(公告)号：US20250013778A1

公开(公告)日：2025-01-09

申请号：US18347029

申请日：2023-07-05

Applicant: SAP SE

Inventor： Benny Rolle ,  Stefan Hesse ,  Matthias Vogel ,  Carsten Pluder

IPC: G06F21/62

Abstract: The present disclosure involves systems, software, and computer implemented methods for data privacy protocols. One example method includes receiving information defining a purpose for processing personal data of a data category stored in an object. A first mapping is received of a processing action to the purpose. Input data to be obtained for the processing action is identified. A determination is made as to whether the input data is of the data category that has been mapped to the purpose. The processing action is executed using the input data as purpose-based processing of the input data, in response to determining that the input data can be used during execution of the processing action for the purpose. Processing of the input data by the processing action is prevented, in response to determining that the input data cannot be used during execution of the processing action for the purpose.

公开(公告)号：US11481513B2

公开(公告)日：2022-10-25

申请号：US16994191

申请日：2020-08-14

Applicant: SAP SE

Inventor： Benny Rolle

IPC: G06F21/62 ,  G06F7/04 ,  H04N7/16

Abstract: Systems and processes for managing personal data are provided herein. Personal data associated with a data subject may be received or derived in association with a virtual identity of the data subject. The personal data may be stored, and identifying information that is linked to the personal data may be stored, where the identifying information is included in shadow data associated with the personal data. The identifying information may include a virtual identity identifier of the virtual identity, and, in some examples, a creation timestamp of the personal data. When a request to retrieve personal data for a data subject, shadow data storage may be searched to locate identifying information provided in the request, and personal data items linked to the located identifying information may be returned as a result of the request.

公开(公告)号：US20220277023A1

公开(公告)日：2022-09-01

申请号：US17186934

申请日：2021-02-26

Applicant: SAP SE

Inventor： Benny Rolle ,  Matthias Vogel ,  Carsten Pluder ,  Ufuoma Ighoroje ,  Carlo Fuerst ,  Iwona Luther

IPC: G06F16/27

Abstract: The present disclosure involves systems, software, and computer implemented methods for aligned purpose disassociation in a multi-system landscape. One example method includes receiving, from multiple systems, a can-disassociate status for a purpose for an object instance. The status from a respective system can be an affirmative status that indicates that the system can disassociate the purpose from the instance or a negative status that indicates that the system cannot disassociate the purpose from the instance. The received statuses are evaluated to determine a central disassociate purpose decision for the purpose for the instance. The central disassociate purpose decision can be to disassociate the purpose from the instance when no system has the negative status and to not disassociate the purpose from the instance when at least one system has the negative status. The central disassociate purpose decision is provided to at least some of the multiple systems.

公开(公告)号：US20250124051A1

公开(公告)日：2025-04-17

申请号：US18487347

申请日：2023-10-16

Applicant: SAP SE

Inventor： Benny Rolle ,  Matthias Vogel

IPC: G06F16/27

Abstract: The present disclosure involves systems, software, and computer implemented methods for data privacy. One example method includes providing an end-of-purpose query to applications in a landscape that requests an application to determine whether the application is able to block an object. Votes are received from applications that are either a can-block vote that indicates that the application can block the object or a veto vote that indicates that the application cannot block the object. At least one relevant-application veto model is identified that models which applications can raise a relevant veto vote with respect to another application. Received end-of-purpose votes and the relevant-application veto models are evaluated to determine whether any applications should be block instruction recipients. If any block instructions recipients have been identified, a block instruction for the object is set to each block instruction recipient.

公开(公告)号：US12189813B2

公开(公告)日：2025-01-07

申请号：US18073164

申请日：2022-12-01

Applicant: SAP SE

Inventor： Benny Rolle ,  Matthias Vogel

IPC: G06F21/62

Abstract: The present disclosure involves systems, software, and computer implemented methods for using multiple synonymous identifiers in data privacy integration protocols. One example method includes identifying a request to initiate a protocol in a multiple-application landscape for an object with an identifier. A determination is made that at least one context-using application participant of the protocol relies on a context-providing application participant of the protocol for resolving the identifier to a local identifier local to a context of the context-providing application participant. A resolution request is sent to context-providing application participants that can provide resolution for an identifier for at least one context-using application. A local identifier corresponding to the identifier that is local to the context of the context-providing application participant is received from each context-providing application participant. A protocol work package that includes a resolved local identifier to is sent to each context-using application participant.

公开(公告)号：US12147567B2

公开(公告)日：2024-11-19

申请号：US17718770

申请日：2022-04-12

Applicant: SAP SE

Inventor： Benny Rolle ,  Matthias Vogel ,  Iwona Luthor ,  Girish Sainath

IPC: G06F21/62 ,  G06F16/23 ,  G06F21/64

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes providing ticket details for a data privacy integration protocol to each application in a multiple-application landscape. Each application has a relevant object type list and is included in a particular voting responder group for providing votes for the data privacy integration protocol. A first voting work package is created that includes a first subset of object identifiers included in the ticket. A work package object list is generated for each application based on the first subset of object identifiers. Object identifiers are removed from the work package object list for an application that have an associated object type that is not included in the relevant object type list for the application. Votes for the protocol are received from the first set of applications for a second subset of object identifiers.

公开(公告)号：US12086279B2

公开(公告)日：2024-09-10

申请号：US17457824

申请日：2021-12-06

Applicant: SAP SE

Inventor： Matthias Vogel ,  Benny Rolle ,  Ufuoma Ighoroje

IPC: G06F21/62 ,  G06F16/2453

CPC classification number: G06F21/6218

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes receiving a request to initiate an aligned purpose disassociation protocol for a purpose for an object instance. Aligned purpose disassociation applications are identified that are each configured to indicate whether the application can disassociate the purpose from the object instance. Other applications are identified that area each configured to indicate whether the application can block the object instance. A can-disassociate query is sent to each of the aligned purpose disassociation applications. A can-block query is sent to each of the other applications. Can-disassociate responses are received from the aligned purpose disassociation applications. Can-block responses are received from the other applications. An aligned purpose disassociation decision is determined based on the can-disassociate responses and the can-block responses.