Patents by Inventor Maarten E. Rits
Maarten E. Rits has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9021550Abstract: A computer-implemented method for executing a workflow is described, wherein the workflow comprises a set of individual activities, the method comprising the operations of deriving a global workflow access type and receiving a request to execute a workflow. Execution of access control based on the global workflow access type is performed. If access is allowable, the user is authorized to execute all activities belonging to the workflow. If access is not allowable, the user is rejected before executing the workflow.Type: GrantFiled: April 16, 2007Date of Patent: April 28, 2015Assignee: SAP SEInventor: Maarten E. Rits
-
Patent number: 8744892Abstract: A method and system to control an interaction of a plurality of participants in a workflow process. The method classifies the plurality of activities as (1) first activity of the workflow process, (2) first activity of a participant in an on-going workflow process, and (3) interaction activity. A set of access control policies is generated for each type of activity. The policies include workflow initialization policy, participation policy and interaction policies. The policies determine if a requesting participant is permitted to interact with a responding participant. In addition, the system includes a policy enforcement point for receiving a request from a requesting participant, wherein the request is for activating an activity of a responding participant. The policy enforcement point forwards the request to a policy decision point where the request is evaluated based on the set of access control policies.Type: GrantFiled: February 17, 2006Date of Patent: June 3, 2014Assignee: SAP AGInventors: Yevgen Reznichenko, Maarten E. Rits, Jochen Haller, Pascal T. C. Spadone, Cedric R. J. Hebert
-
Patent number: 8453199Abstract: There is provided a computer-implemented method, computer-program product, system and security index structure for a security enforcement strategy for a composite application. The method comprises providing a workflow for the composite application, wherein the composite application is constructed from a set of sub-applications and wherein at least a plurality of the sub-applications has a policy. A consolidated workflow policy is generated for the workflow by combining the policies of the sub-applications and by taking into account a control flow of the workflow, wherein the control flow provides an order in which the set of sub-applications are performed. The consolidated workflow policy is enforced by providing a security index structure for the consolidated workflow policy adapted for checking authorization in the workflow.Type: GrantFiled: March 19, 2008Date of Patent: May 28, 2013Assignee: SAP AGInventor: Maarten E. Rits
-
Patent number: 8001378Abstract: The present description refers to a method for protecting data of a mobile agent (MA) from a first server (A) which are intended for at least one second server (B) within a network system against an attack and an unauthorized access, wherein the first server (A) as well as the at least one second server (B) have a pair of a public key (KA, KB) and a private key (PKA, PKB) associated therewith, respectively, the method comprising, starting from the first server, at least the steps of choosing an unique number (r0) and assigning it to the mobile agent (MA), choosing a secret symmetric key (SKo) and assigning it to the data (mB) to be protected, encoding the secret key (SKo) with the public key (KB) of the second server (B), encrypting the secret key (SKo) and the public key (KA) of the first server via a cryptographic wrapping function (h), thus forming a data authentication code (h(KA, SKo)), encoding the data (mB) with the secret key (SKo), and combining the unique number (r0), the encoded data ({mB}SKo) andType: GrantFiled: May 18, 2007Date of Patent: August 16, 2011Assignee: SAP AGInventor: Maarten E. Rits
-
Patent number: 7827606Abstract: Systems and methods for reverse engineering access control include determining a set of potential access control target methods, functions and/or subroutines that may be used in software applications. A software application is then analyzed to determine if the access control targets are present in the software application. If an access control target is used by the software application, then the access control policy for the target is analyzed to determine the roles, privileges, or rights that are necessary to successfully execute the access control target. A report is then generated that provides information about the access control policy elements actually used by the software application.Type: GrantFiled: November 21, 2005Date of Patent: November 2, 2010Assignee: SAP AGInventors: Maarten E. Rits, Benjamin De Boe
-
Patent number: 7797534Abstract: There is proposed a method for executing a workflow, comprising providing the workflow comprising process level activities, at least one process level activity being able to access system resources, the access to the system resources being mediated by a plurality of backend modules. A backend module of the plurality of backend modules carries out the steps of receiving a hierarchical attribute certificate, validating the attribute certificate, checking whether the attribute certificate grants a right to execute the backend module, checking whether a predefined execution path from the process level activity to the backend module has been traversed, and if both checking steps are successful, executing the backend module. Moreover, there is proposed a respective device, computer program medium and computer program product.Type: GrantFiled: October 19, 2006Date of Patent: September 14, 2010Assignee: SAP AGInventor: Maarten E. Rits
-
Patent number: 7778931Abstract: The present description refers to a method for securing processing of an order by a mobile agent from a first server (So) within a network system with a plurality of servers (So, S1, . . . ,Sn), at least a number of which the mobile agent has to pass according to an appropriate succession, wherein each of the plurality of servers has a pair of a public key (KSo, . . . ,KSi, . . . , KSn) and a private key (PKSo, . . . ,PKSi, . . . , PKSn) associated therewith, respectively, the method comprising, starting from any one of the number of servers the mobile agent has to pass, called herein the i'th server at least the steps of receiving the mobile agent which has been prepared by the first server by choosing a unique number (r0) and assigning it to the mobile agent, encoding the chosen unique number (r0) with the private key (PKSo) of the first server (So), thus forming an agent specific initialisation number (Co) as basis for a sequence of checksums (Co, . . . ,Ci, . . .Type: GrantFiled: May 18, 2007Date of Patent: August 17, 2010Assignee: SAP AGInventor: Maarten E. Rits
-
Publication number: 20080282318Abstract: There is provided a computer-implemented method, computer-program product, system and security index structure for a security enforcement strategy for a composite application. The method comprises providing a workflow for the composite application, wherein the composite application is constructed from a set of sub-applications and wherein at least a plurality of the sub-applications has a policy. A consolidated workflow policy is generated for the workflow by combining the policies of the sub-applications and by taking into account a control flow of the workflow, wherein the control flow provides an order in which the set of sub-applications are performed. The consolidated workflow policy is enforced by providing a security index structure for the consolidated workflow policy adapted for checking authorization in the workflow.Type: ApplicationFiled: March 19, 2008Publication date: November 13, 2008Applicant: SAP AGDietmar-Hopp-AlleeInventor: Maarten E. Rits
-
Patent number: 7386785Abstract: A method for automatically filling an electronic timesheet includes extracting one or more calendar entries from an electronic calendar and matching each calendar entry of the one or more calendar entries to a corresponding project of a list of projects. An electronic timesheet is then filled based on each calendar entry matched with the corresponding project.Type: GrantFiled: August 30, 2004Date of Patent: June 10, 2008Assignee: SAP AGInventors: Cédric S. P. Ulmer, Pascal T. C. Spadone, Cédric R. J. Hébert, Laurent Y. Gomez, Maarten E. Rits
-
Publication number: 20080016554Abstract: A computer-implemented method for executing a workflow is described, wherein the workflow comprises a set of individual activities, the method comprising the operations of deriving a global workflow access type and receiving a request to execute a workflow. Execution of access control based on the global workflow access type is performed. If access is allowable, the user is authorised to execute all activities belonging to the workflow. If access is not allowable, the user is rejected before executing the workflow.Type: ApplicationFiled: April 16, 2007Publication date: January 17, 2008Inventor: Maarten E. Rits
-
Publication number: 20070286424Abstract: The present description refers to a method for securing processing of an order by a mobile agent from a first server (S0) within a network system with a plurality of servers (S0, S1, . . . ,Sn), at least a number of which the mobile agent has to pass according to an appropriate succession, wherein each of the plurality of servers has a pair of a public key (KS0, . . . ,KSi, . . . , KSn) and a private key (PKS0, . . . ,PKSi, . . . , PKSn) associated therewith, respectively, the method comprising, starting from any one of the number of servers the mobile agent has to pass, called herein the i'th server at least the steps of receiving the mobile agent which has been prepared by the first server by choosing a unique number (r0) and assigning it to the mobile agent, encoding the chosen unique number (r0) with the private key (PKS0) of the first server (S0), thus forming an agent specific initialisation number (C0) as basis for a sequence of checksums (C0, . . . ,Ci, . . .Type: ApplicationFiled: May 18, 2007Publication date: December 13, 2007Inventor: Maarten E. Rits
-
Publication number: 20070288751Abstract: The present description refers to a method for protecting data of a mobile agent (MA) from a first server (A) which are intended for at least one second server (B) within a network system against an attack and an unauthorized access, wherein the first server (A) as well as the at least one second server (B) have a pair of a public key (KA, KB) and a private key (PKA, PKB) associated therewith, respectively, the method comprising, starting from the first server, at least the steps of choosing an unique number (r0) and assigning it to the mobile agent (MA), choosing a secret symmetric key (SKo) and assigning it to the data (mB) to be protected, encoding the secret key (SKo) with the public key (KB) of the second server (B), encrypting the secret key (SKo) and the public key (KA) of the first server via a cryptographic wrapping function (h), thus forming a data authentication code (h(KA, SKo)), encoding the data (mB) with the secret key (SKo), and combining the unique number (r0), the encoded data ({mB}SKo) andType: ApplicationFiled: May 18, 2007Publication date: December 13, 2007Inventor: Maarten E. Rits