公开(公告)号：US20220329413A1

公开(公告)日：2022-10-13

申请号：US17228986

申请日：2021-04-13

Applicant: SAP SE

Inventor： Martin Schindewolf ,  Meinolf Block ,  Christoph Hohner ,  Sascha Zorn

IPC: H04L9/08 ,  H04L9/14 ,  G06F21/62

Abstract: The present disclosure involves systems, software, and computer implemented methods for database integration with an external key management system. One example method includes receiving, by a database system, a key encryption key from an external key management system external to the database system that is used to encrypt a data encryption key used to encrypt database data. The data encryption key is obtained, by the database system, using the key encryption key. Encrypted database data is decrypted, by the database system and using the data encryption key, to obtain decrypted database data before performing an operation on the decrypted database data. The database system determines that the external key management system has performed an operation on the key encryption key. In response to determining that the external key management system has performed the operation on the key encryption key, the database system modifies operation of the database system.

公开(公告)号：US20210099289A1

公开(公告)日：2021-04-01

申请号：US16590047

申请日：2019-10-01

Applicant: SAP SE

Inventor： Christoph Hohner ,  Sascha Zorn ,  Meinolf Block ,  Martin Schindewolf

IPC: H04L9/08 ,  H04L9/14

Abstract: A method, a system, and a computer program product for performing key management configurations. One or more encryption keys for encrypting one or more data payloads for accessing one or more databases are received. The received encryption keys are compared to a plurality of encryption keys associated with the databases. Based on the comparison, a configuration of at least one database is changed using the received encryption keys. The changed configuration is stored.

公开(公告)号：US10235531B2

公开(公告)日：2019-03-19

申请号：US15202498

申请日：2016-07-05

Applicant: SAP SE

Inventor： Meinolf Block ,  Christoph Hohner ,  Martin Schindewolf ,  Sascha Zorn

IPC: G06F17/30 ,  G06F7/00 ,  G06F21/60 ,  G06F21/62 ,  G06F21/00

Abstract: Methods, systems, and apparatus, including computer program products, are provided for configuring access controls to a database. In one aspect there is provided a method. The method may include receiving, from a first user, a table declaration for creating a database table in a database; generating, based on the table declaration, the database table; receiving, from the first user, a specification of one or more access mechanisms that have a privilege to access the database table; receiving a designation of at least one column in the database table as a protected column and one or more users who have a privilege to access the content of the protected column; and providing control over access to the content of the protected column based at least in part on the specification of the one or more access mechanisms and the designation of the at least one column and the second user.

公开(公告)号：US20180131517A1

公开(公告)日：2018-05-10

申请号：US15347431

申请日：2016-11-09

Applicant: SAP SE

Inventor： Meinolf Block ,  Christoph Hohner ,  Martin Schindewolf ,  Sascha Zorn

IPC: H04L9/32 ,  H04L9/08 ,  H04L9/14 ,  G06F17/30

CPC classification number: H04L9/0894 ,  G06F21/6227 ,  H04L9/0891 ,  H04L9/3226 ,  H04L9/3236

Abstract: Embodiments manage access to cryptography keys for database data, within a secure key store of a local key server owned by a new (security) operating system (OS) user separate from an original default OS user. Existing principles governing distinct OS user access privileges engrained within the OS itself, are leveraged to preclude the default OS user from accessing files of the new security OS user. Embodiments thus segregate the right to read secure cryptography keys of a secure key store, from the right to administer database installation on the OS level. While the original default OS user retains access to the encrypted data, the new security OS user now owns the cryptography key necessary to decrypt that database data. Thus, the default OS user is denied enough information to unlock the database data, enhancing its security. Embodiments are particularly useful for promoting data security in cloud setups and multi-tenant databases.

公开(公告)号：US20170277762A1

公开(公告)日：2017-09-28

申请号：US15619309

申请日：2017-06-09

Applicant: SAP SE

Inventor： Meinolf Block ,  Martin Strenge ,  Christian Mohr ,  Boris Gruschko ,  Franz Faerber

IPC: G06F17/30 ,  G06F9/455 ,  H04L29/08

CPC classification number: G06F16/258 ,  G06F9/45558 ,  G06F16/116 ,  G06F16/211 ,  G06F16/2438 ,  G06F16/245 ,  G06F16/84 ,  G06F16/95 ,  G06F2009/45595 ,  H04L67/10

Abstract: In one embodiment, the present invention includes a computer-implemented method comprising storing data in an application using an application custom data type and application custom data structure. The data is stored in a database using the application custom data type and the application custom data structure. In one embodiment, a request is sent to access the data from the application to the database. The data is retrieved from the database in response to the request in the application custom data type and the application custom data structure. In one embodiment, the data is sent from the database to a shared memory in the application custom data type and the application custom data structure and the data is retrieved by the application from the shared memory in the application custom data type and the application custom data structure.

公开(公告)号：US09710531B2

公开(公告)日：2017-07-18

申请号：US15173260

申请日：2016-06-03

Applicant: SAP SE

Inventor： Meinolf Block ,  Martin Strenge ,  Christian Mohr ,  Boris Gruschko ,  Franz Faerber

IPC: G06F17/30 ,  H04L29/08 ,  G06F9/455

CPC classification number: G06F17/30569 ,  G06F9/45558 ,  G06F17/30076 ,  G06F17/30292 ,  G06F17/3041 ,  G06F17/30424 ,  G06F17/30861 ,  G06F17/30914 ,  G06F2009/45595 ,  H04L67/10

Abstract: In one embodiment, the present invention includes a computer-implemented method comprising storing data in an application using an application custom data type and application custom data structure. The data is stored in a database using the application custom data type and the application custom data structure. In one embodiment, a request is sent to access the data from the application to the database. The data is retrieved from the database in response to the request in the application custom data type and the application custom data structure. In one embodiment, the data is sent from the database to a shared memory in the application custom data type and the application custom data structure and the data is retrieved by the application from the shared memory in the application custom data type and the application custom data structure.

公开(公告)号：US20170147311A1

公开(公告)日：2017-05-25

申请号：US14949256

申请日：2015-11-23

Applicant: SAP SE

Inventor： Jonathan Bregler ,  Alexander Bunte ,  Arne Harren ,  Andreas Kellner ,  Daniel Kuntze ,  Vladislav Leonkev ,  Simon Lueders ,  Volker Sauermann ,  Michael Schnaubelt ,  Le-Huan Stefan Tran ,  Michael Wintergerst ,  Cornelia Kinder ,  Christopher Schildt ,  Andreas Thumfart ,  Ralph Debusmann ,  Andre Hildebrandt ,  Stefan Baeuerle ,  Meinolf Block ,  Klaus Kopecz ,  Anil K. Goel ,  Roger Killian-Kehr

IPC: G06F9/445 ,  G06F9/44 ,  G06F17/30

CPC classification number: G06F8/60 ,  G06F8/30 ,  G06F8/70 ,  G06F17/30294 ,  G06F17/30557

Abstract: A system, a method, and a computer program product for deployment of objects are disclosed. Using a deployment infrastructure of a database system, a deployment container for deployment of at least one object at runtime of an application is generated. The container includes at least one artifact for the object and a container schema indicative of at least one dependency associated with the object. At least one deployment privilege is associated based on the container schema with the artifact for the object. The artifact of the deployment container is deployed based on the associated deployment schema during runtime of the application. The container can be an isolated container and an access privilege to an object can be requested based on a synonym for deployment purposes.

公开(公告)号：US20160004758A1

公开(公告)日：2016-01-07

申请号：US14855040

申请日：2015-09-15

Applicant: SAP SE

Inventor： Meinolf Block ,  Martin Strenge ,  Christian Mohr ,  Boris Gruschko ,  Franz Faerber

IPC: G06F17/30 ,  G06F9/455

CPC classification number: G06F17/30569 ,  G06F9/45558 ,  G06F17/30076 ,  G06F17/30292 ,  G06F17/3041 ,  G06F17/30424 ,  G06F17/30861 ,  G06F17/30914 ,  G06F2009/45595 ,  H04L67/10

Abstract: In one embodiment, the present invention includes a computer-implemented method comprising storing data in an application using an application custom data type and application custom data structure. The data is stored in a database using the application custom data type and the application custom data structure. In one embodiment, a request is sent to access the data from the application to the database. The data is retrieved from the database in response to the request in the application custom data type and the application custom data structure. In one embodiment, the data is sent from the database to a shared memory in the application custom data type and the application custom data structure and the data is retrieved by the application from the shared memory in the application custom data type and the application custom data structure.

公开(公告)号：US11849026B2

公开(公告)日：2023-12-19

申请号：US17228986

申请日：2021-04-13

Applicant: SAP SE

Inventor： Martin Schindewolf ,  Meinolf Block ,  Christoph Hohner ,  Sascha Zorn

IPC: H04L9/08 ,  G06F21/62 ,  H04L9/14

CPC classification number: H04L9/0822 ,  G06F21/6218 ,  H04L9/14

Abstract: The present disclosure involves systems, software, and computer implemented methods for database integration with an external key management system. One example method includes receiving, by a database system, a key encryption key from an external key management system external to the database system that is used to encrypt a data encryption key used to encrypt database data. The data encryption key is obtained, by the database system, using the key encryption key. Encrypted database data is decrypted, by the database system and using the data encryption key, to obtain decrypted database data before performing an operation on the decrypted database data. The database system determines that the external key management system has performed an operation on the key encryption key. In response to determining that the external key management system has performed the operation on the key encryption key, the database system modifies operation of the database system.

公开(公告)号：US11822569B2

公开(公告)日：2023-11-21

申请号：US17967660

申请日：2022-10-17

Applicant: SAP SE

Inventor： Meinolf Block ,  Martin Strenge ,  Christian Mohr ,  Boris Gruschko ,  Franz Faerber

IPC: G06F16/25 ,  G06F16/95 ,  G06F16/11 ,  G06F16/21 ,  G06F16/245 ,  G06F16/242 ,  H04L67/10 ,  G06F9/455 ,  G06F16/84

CPC classification number: G06F16/258 ,  G06F9/45558 ,  G06F16/116 ,  G06F16/211 ,  G06F16/245 ,  G06F16/2438 ,  G06F16/95 ,  H04L67/10 ,  G06F16/84 ,  G06F2009/45595

Abstract: In one embodiment, the present invention includes a computer-implemented method comprising storing data in an application using an application custom data type and application custom data structure. The data is stored in a database using the application custom data type and the application custom data structure. In one embodiment, a request is sent to access the data from the application to the database. The data is retrieved from the database in response to the request in the application custom data type and the application custom data structure. In one embodiment, the data is sent from the database to a shared memory in the application custom data type and the application custom data structure and the data is retrieved by the application from the shared memory in the application custom data type and the application custom data structure.