公开(公告)号：US12244724B2

公开(公告)日：2025-03-04

申请号：US17317610

申请日：2021-05-11

Applicant: SAP SE

Inventor： Rajib Saha ,  Sateesh Babu Chilamakuri ,  Laurent Pelecq

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

Abstract: In an example, a framework is provided that provides a secure mechanism to limit misuse of licensed applications. Specifically, a mutual handshake is established, using existing properties of a requesting application, and wraps objects with dynamic parameters, such as a current timestamp, to perform masking, hashing, and encryption for the handshake.

公开(公告)号：US11853176B1

公开(公告)日：2023-12-26

申请号：US17836334

申请日：2022-06-09

Applicant: SAP SE

Inventor： Sateesh Babu Chilamakuri ,  Sathya G ,  Ramya Nandakumaran

IPC: G06F11/20 ,  G06F11/30 ,  G06F11/34 ,  G06F11/07 ,  G06F11/14

CPC classification number: G06F11/2025 ,  G06F11/0709 ,  G06F11/0793 ,  G06F11/1438 ,  G06F11/1484 ,  G06F11/2048 ,  G06F11/3006 ,  G06F11/3055 ,  G06F11/3442 ,  G06F11/3495 ,  G06F2201/85

Abstract: In an example embodiment, a solution is provided to build a generic service failover framework that can be packaged as a library and implemented by many different microservices, whether on-premises or in the cloud. Each application can implement/add/hook this service to obtain the benefits of handling failover gracefully, as well as coming with some customizable options to provide a complete failover framework.

公开(公告)号：US20230164131A1

公开(公告)日：2023-05-25

申请号：US17533315

申请日：2021-11-23

Applicant: SAP SE

Inventor： Sathya G ,  Sateesh Babu Chilamakuri

IPC: H04L9/40

CPC classification number: H04L63/0815 ,  H04L63/105 ,  H04L63/0876 ,  H04L63/083 ,  H04L63/102 ,  H04L63/1483

Abstract: Disclosed herein are system, method, and computer-readable medium embodiments for securely accessing cloud data providers with user-impersonation. An embodiment operates by receiving an initial logon request for a cloud data provider. The embodiment authenticates the request using a cluster unique identifier (CUID) of the cloud data provider. The embodiment then authorizes the request by exchanging an authorization code for an identifier token and a refresh token issued by the cloud data provider. The embodiment then validates the tokens, and stores the refresh token for subsequent user-impersonation logons. Subsequently, the embodiment receives a user-impersonation logon request for the cloud data provider. The embodiment exchanges the refresh token for an access token issued by the cloud data provider, and uses the access token to gain access to the cloud data provider without a user directly having to complete authentication and authorization processes.

公开(公告)号：US20220311620A1

公开(公告)日：2022-09-29

申请号：US17317610

申请日：2021-05-11

Applicant: SAP SE

Inventor： Rajib Kumar Saha ,  Sateesh Babu Chilamakuri ,  Laurent Pelecq

IPC: H04L9/32 ,  H04L9/08

Abstract: In an example embodiment, a framework is provided that provides a secure mechanism to limit misuse of licensed applications. Specifically, a mutual handshake is established, using existing properties of a requesting application, and wraps objects with dynamic parameters, such as a current timestamp, to perform masking, hashing, and encryption for the handshake.

公开(公告)号：US12107843B2

公开(公告)日：2024-10-01

申请号：US17533315

申请日：2021-11-23

Applicant: SAP SE

Inventor： Sathya G ,  Sateesh Babu Chilamakuri

IPC: H04L9/40

CPC classification number: H04L63/0815 ,  H04L63/083 ,  H04L63/0876 ,  H04L63/102 ,  H04L63/105 ,  H04L63/1483

Abstract: Disclosed herein are system, method, and computer-readable medium embodiments for securely accessing cloud data providers with user-impersonation. An embodiment operates by receiving an initial logon request for a cloud data provider. The embodiment authenticates the request using a cluster unique identifier (CUID) of the cloud data provider. The embodiment then authorizes the request by exchanging an authorization code for an identifier token and a refresh token issued by the cloud data provider. The embodiment then validates the tokens, and stores the refresh token for subsequent user-impersonation logons. Subsequently, the embodiment receives a user-impersonation logon request for the cloud data provider. The embodiment exchanges the refresh token for an access token issued by the cloud data provider, and uses the access token to gain access to the cloud data provider without a user directly having to complete authentication and authorization processes.

公开(公告)号：US20240135037A1

公开(公告)日：2024-04-25

申请号：US17970898

申请日：2022-10-20

Applicant: SAP SE

Inventor： Ramachandra Mahapatra ,  Sateesh Babu Chilamakuri

IPC: G06F21/62 ,  G06F21/60

CPC classification number: G06F21/6272 ,  G06F21/602

Abstract: Embodiments integrate with an authorization service (e.g., OAUTH) to implement document protection. In response to a document scheduling request, a protection engine reads a protection policy including a sensitivity label, from the authorization service. The protection engine encrypts content of the document, and stores the document including the encrypted content and a header, in a non-transitory computer readable storage medium (e.g., a database). At a conclusion of the document scheduling phase, the protection engine may send a status (e.g., successful; failed) of the document scheduling. Next, in response to receiving a subsequent document view request, the protection engine references the header to communicate with the authorization service. The protection engine decrypts the content based upon information received from the authorization service, and provides the document including decrypted content for viewing.

公开(公告)号：US20220350692A1

公开(公告)日：2022-11-03

申请号：US17244689

申请日：2021-04-29

Applicant: SAP SE

Inventor： Sateesh Babu Chilamakuri ,  Sathya G

IPC: G06F11/07 ,  G06F11/30

Abstract: A computer-implemented method includes feeding exception log entries from a plurality of exception logs associated with respective heterogenous computing components into an aggregated exception log comprising aggregated exception log entries, mapping an aggregated exception log entry in the aggregated exception log to a corresponding exception identifier, identifying a descriptor describing an exception condition based on the exception identifier, determining one or more destinations corresponding to the aggregated exception log entry, and routing a notification comprising the descriptor to the one or more destinations.

公开(公告)号：US20230401129A1

公开(公告)日：2023-12-14

申请号：US17836334

申请日：2022-06-09

Applicant: SAP SE

Inventor： Sateesh Babu Chilamakuri ,  Sathya G ,  Ramya Nandakumaran

IPC: G06F11/20

CPC classification number: G06F11/2025 ,  G06F2201/85

Abstract: In an example embodiment, a solution is provided to build a generic service failover framework that can be packaged as a library and implemented by many different microservices, whether on-premises or in the cloud. Each application can implement/add/hook this service to obtain the benefits of handling failover gracefully, as well as coming with some customizable options to provide a complete failover framework.

公开(公告)号：US20230179599A1

公开(公告)日：2023-06-08

申请号：US17589776

申请日：2022-01-31

Applicant: SAP SE

Inventor： Anita Kumari Swain ,  Sateesh Babu Chilamakuri

IPC: H04L9/40

CPC classification number: H04L63/10 ,  H04L63/0815

Abstract: Systems and processes for managing authorizations for multiple vendors at an enterprise service are provided. Responsive to a request to onboard an authorization for access to data resources of a targeted vendor, a central management server may receive, from an authorization server for the targeted vendor, authorization information. The authorization information may be received indirectly, via a security token service. An authorization reference object may be generated to store the authorization information, and the authorization reference object may be stored in a database. Subsequent requests for access to the data resources of the targeted vendor may be serviced using the authorization reference object stored in the database.

公开(公告)号：US11645137B2

公开(公告)日：2023-05-09

申请号：US17244689

申请日：2021-04-29

Applicant: SAP SE

Inventor： Sateesh Babu Chilamakuri ,  Sathya G

IPC: G06F11/00 ,  G06F11/07 ,  G06F11/30

CPC classification number: G06F11/0772 ,  G06F11/0784 ,  G06F11/0787 ,  G06F11/3082

Abstract: A computer-implemented method includes feeding exception log entries from a plurality of exception logs associated with respective heterogenous computing components into an aggregated exception log comprising aggregated exception log entries, mapping an aggregated exception log entry in the aggregated exception log to a corresponding exception identifier, identifying a descriptor describing an exception condition based on the exception identifier, determining one or more destinations corresponding to the aggregated exception log entry, and routing a notification comprising the descriptor to the one or more destinations.