公开(公告)号：US20250013778A1

公开(公告)日：2025-01-09

申请号：US18347029

申请日：2023-07-05

Applicant: SAP SE

Inventor： Benny Rolle ,  Stefan Hesse ,  Matthias Vogel ,  Carsten Pluder

IPC: G06F21/62

Abstract: The present disclosure involves systems, software, and computer implemented methods for data privacy protocols. One example method includes receiving information defining a purpose for processing personal data of a data category stored in an object. A first mapping is received of a processing action to the purpose. Input data to be obtained for the processing action is identified. A determination is made as to whether the input data is of the data category that has been mapped to the purpose. The processing action is executed using the input data as purpose-based processing of the input data, in response to determining that the input data can be used during execution of the processing action for the purpose. Processing of the input data by the processing action is prevented, in response to determining that the input data cannot be used during execution of the processing action for the purpose.

公开(公告)号：US20240241911A9

公开(公告)日：2024-07-18

申请号：US18049063

申请日：2022-10-24

Applicant: SAP SE

Inventor： Stefan Hesse ,  Matthias Vogel

IPC: G06F16/93 ,  G06F21/33

CPC classification number: G06F16/93 ,  G06F21/33

Abstract: In an implementation, a request for one or more attachments stored in an application document store is received from a requestor and by an application agent associated with an application. For each attachment identified in the request, the application agent: 1) requests the attachment from a data privacy integration (DPI) kernel service; 2) receives a download link to an attachment in the application document store; 3) downloads, using the download link, the attachment from the application document store; 4) informs the DPI kernel service that a download of the attachment is complete; and 5) receives a message from the DPI kernel service that the download link has been deactivated. The application agent returns the one or more attachments to the requestor.

公开(公告)号：US20220277023A1

公开(公告)日：2022-09-01

申请号：US17186934

申请日：2021-02-26

Applicant: SAP SE

Inventor： Benny Rolle ,  Matthias Vogel ,  Carsten Pluder ,  Ufuoma Ighoroje ,  Carlo Fuerst ,  Iwona Luther

IPC: G06F16/27

Abstract: The present disclosure involves systems, software, and computer implemented methods for aligned purpose disassociation in a multi-system landscape. One example method includes receiving, from multiple systems, a can-disassociate status for a purpose for an object instance. The status from a respective system can be an affirmative status that indicates that the system can disassociate the purpose from the instance or a negative status that indicates that the system cannot disassociate the purpose from the instance. The received statuses are evaluated to determine a central disassociate purpose decision for the purpose for the instance. The central disassociate purpose decision can be to disassociate the purpose from the instance when no system has the negative status and to not disassociate the purpose from the instance when at least one system has the negative status. The central disassociate purpose decision is provided to at least some of the multiple systems.

公开(公告)号：US20200184087A1

公开(公告)日：2020-06-11

申请号：US16216400

申请日：2018-12-11

Applicant: SAP SE

Inventor： Kathrin Nos ,  Michael Engler ,  Matthias Vogel

IPC: G06F21/60 ,  G06F21/62 ,  H04L29/06 ,  G06F16/907

Abstract: Metadata describing access control capabilities of a database technology resource is received from an access control system. Access restrictions for accessing data of the database resource by users of an application that have a role are received from an application developer. A role maintenance user interface is generated, using the metadata, for assigning the role to users of the application. Attribute values for creating an instance of the role for a user are received, using the role maintenance user interface. The instance of the role is created for the user based on the received attribute values and the access restrictions. A request from the application for the user to access the database resource is received by the access control system when the user is logged into the application. The access restrictions are applied by the access control system in the database resource when the database resource is accessed.

公开(公告)号：US20190156053A1

公开(公告)日：2019-05-23

申请号：US15818695

申请日：2017-11-20

Applicant: SAP SE

Inventor： Matthias Vogel ,  Thorsten Bruckmeier ,  Francesco Di Cerbo

IPC: G06F21/62

Abstract: A system for protecting personal data is disclosed. The system includes a general data privacy regulator module having a dataflow controller configured to monitor data communicated to and from one or more business applications, and having a retention engine configured to retain personal information from the data communicated to and from the business application according to at least one data privacy regulation. The system further includes a data privacy compliance module connected with the general data privacy regulator module, and configured with the data privacy regulation to monitor the dataflow controller and report to a client computer. The system further includes a data subject privacy request module connected with the general data privacy regulator module and the data privacy compliance module, and configured to receive one or more requests from the cloud computing platform about a data subject stored by the business application and generate an action based on the one or more requests.

公开(公告)号：US12189813B2

公开(公告)日：2025-01-07

申请号：US18073164

申请日：2022-12-01

Applicant: SAP SE

Inventor： Benny Rolle ,  Matthias Vogel

IPC: G06F21/62

Abstract: The present disclosure involves systems, software, and computer implemented methods for using multiple synonymous identifiers in data privacy integration protocols. One example method includes identifying a request to initiate a protocol in a multiple-application landscape for an object with an identifier. A determination is made that at least one context-using application participant of the protocol relies on a context-providing application participant of the protocol for resolving the identifier to a local identifier local to a context of the context-providing application participant. A resolution request is sent to context-providing application participants that can provide resolution for an identifier for at least one context-using application. A local identifier corresponding to the identifier that is local to the context of the context-providing application participant is received from each context-providing application participant. A protocol work package that includes a resolved local identifier to is sent to each context-using application participant.

公开(公告)号：US12147567B2

公开(公告)日：2024-11-19

申请号：US17718770

申请日：2022-04-12

Applicant: SAP SE

Inventor： Benny Rolle ,  Matthias Vogel ,  Iwona Luthor ,  Girish Sainath

IPC: G06F21/62 ,  G06F16/23 ,  G06F21/64

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes providing ticket details for a data privacy integration protocol to each application in a multiple-application landscape. Each application has a relevant object type list and is included in a particular voting responder group for providing votes for the data privacy integration protocol. A first voting work package is created that includes a first subset of object identifiers included in the ticket. A work package object list is generated for each application based on the first subset of object identifiers. Object identifiers are removed from the work package object list for an application that have an associated object type that is not included in the relevant object type list for the application. Votes for the protocol are received from the first set of applications for a second subset of object identifiers.

公开(公告)号：US12086279B2

公开(公告)日：2024-09-10

申请号：US17457824

申请日：2021-12-06

Applicant: SAP SE

Inventor： Matthias Vogel ,  Benny Rolle ,  Ufuoma Ighoroje

IPC: G06F21/62 ,  G06F16/2453

CPC classification number: G06F21/6218

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrated data privacy services. An example method includes receiving a request to initiate an aligned purpose disassociation protocol for a purpose for an object instance. Aligned purpose disassociation applications are identified that are each configured to indicate whether the application can disassociate the purpose from the object instance. Other applications are identified that area each configured to indicate whether the application can block the object instance. A can-disassociate query is sent to each of the aligned purpose disassociation applications. A can-block query is sent to each of the other applications. Can-disassociate responses are received from the aligned purpose disassociation applications. Can-block responses are received from the other applications. An aligned purpose disassociation decision is determined based on the can-disassociate responses and the can-block responses.

公开(公告)号：US20240193298A1

公开(公告)日：2024-06-13

申请号：US18077493

申请日：2022-12-08

Applicant: SAP SE

Inventor： Benny Rolle ,  Matthias Vogel

IPC: G06F21/62 ,  G06F9/54

CPC classification number: G06F21/6236 ,  G06F9/546

Abstract: The present disclosure involves systems, software, and computer implemented methods for integrating data privacy integration protocols across system landscapes. One example method includes receiving, at a first tenant of a kernel service, a message from a first application in a first landscape. Data from the message is provided to a core component of the kernel service that communicates with multiple tenants of the kernel service. The core component stores data from the message in a core storage area accessible by multiple tenants of the kernel service. The first tenant performs, in the first landscape, a first processing of the message using data in the core storage area for which the first tenant is authorized. The core component initiates a second processing of the message by a second tenant of the kernel service in a second landscape using data in the core storage area for which the second tenant is authorized.

公开(公告)号：US20240134917A1

公开(公告)日：2024-04-25

申请号：US18049063

申请日：2022-10-23

Applicant: SAP SE

Inventor： Stefan Hesse ,  Matthias Vogel

IPC: G06F16/93 ,  G06F21/33

CPC classification number: G06F16/93 ,  G06F21/33

Abstract: In an implementation, a request for one or more attachments stored in an application document store is received from a requestor and by an application agent associated with an application. For each attachment identified in the request, the application agent: 1) requests the attachment from a data privacy integration (DPI) kernel service; 2) receives a download link to an attachment in the application document store; 3) downloads, using the download link, the attachment from the application document store; 4) informs the DPI kernel service that a download of the attachment is complete; and 5) receives a message from the DPI kernel service that the download link has been deactivated. The application agent returns the one or more attachments to the requestor.