Patents by Inventor Martijn De Boer
Martijn De Boer has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11693945Abstract: A security configuration file is received from a first application, the security configuration file including information of an authority. The first application assigns the authority to a second application to enable the second application to trigger jobs at the first application, and the second application provides shared services to a plurality of applications including the first application. A query is received from the second application and in response the authority is sent to the second application. A request for a token is received from the second application, the request including the authority. A token including the authority is sent to the second application. The second application sends the token to the first application when the second application triggers jobs at the first application.Type: GrantFiled: November 18, 2016Date of Patent: July 4, 2023Assignee: SAP SEInventors: Michael Engler, Martijn de Boer, Wolfgang Janzen, Peter Eberlein
-
Patent number: 10764276Abstract: A system includes terminating, at a reverse proxy, a mutual authentication handshake with a client computing system, the handshake including reception by the reverse proxy of a public key certificate associated with the client computing system, generating, by the reverse proxy, of an authentication token based on the public key certificate, receiving, at the reverse proxy, a request to access an application from the client computing system, forwarding the request and the authentication token from the reverse proxy to the application, receiving the request and the authentication token at the application, requesting, by the application, of an authorization token from an OAuth server based on the authentication token, receiving the authorization token from the OAuth server, storing the authorization token in association with a session identifier associated with the request received from the client computing system, and transmitting a response to the client computing system based on the authorization token and thType: GrantFiled: August 31, 2018Date of Patent: September 1, 2020Assignee: SAP SEInventor: Martijn de Boer
-
Publication number: 20200076794Abstract: A system includes terminating, at a reverse proxy, a mutual authentication handshake with a client computing system, the handshake including reception by the reverse proxy of a public key certificate associated with the client computing system, generating, by the reverse proxy, of an authentication token based on the public key certificate, receiving, at the reverse proxy, a request to access an application from the client computing system, forwarding the request and the authentication token from the reverse proxy to the application, receiving the request and the authentication token at the application, requesting, by the application, of an authorization token from an OAuth server based on the authentication token, receiving the authorization token from the OAuth server, storing the authorization token in association with a session identifier associated with the request received from the client computing system, and transmitting a response to the client computing system based on the authorization token and thType: ApplicationFiled: August 31, 2018Publication date: March 5, 2020Inventor: Martijn de Boer
-
Patent number: 10536461Abstract: A request from a User for a Service is received by an Application. An Open Authorization (OAUTH) Client of the Service is requested from a Service Instance of the Service. A copy OAUTH Client of the Service specific to the User is provided based on a clone OAUTH Client associated with the Service Instance. A Token is obtained to access the Service by providing the copy OAUTH Client to a User Account and Authorization (UAA) entity. Access to the Service is obtained by providing the Token.Type: GrantFiled: December 19, 2017Date of Patent: January 14, 2020Assignee: SAP SEInventors: Martijn de Boer, Peter Eberlein, Florian Tack, Heiko Ettelbrueck
-
Publication number: 20190190912Abstract: A request from a User for a Service is received by an Application. An Open Authorization (OAUTH) Client of the Service is requested from a Service Instance of the Service. A copy OAUTH Client of the Service specific to the User is provided based on a clone OAUTH Client associated with the Service Instance. A Token is obtained to access the Service by providing the copy OAUTH Client to a User Account and Authorization (UAA) entity. Access to the Service is obtained by providing the Token.Type: ApplicationFiled: December 19, 2017Publication date: June 20, 2019Inventors: Martijn de Boer, Peter Eberlein, Florian Tack, Heiko Ettelbrueck
-
Patent number: 10298591Abstract: An Open Authorization (OAuth) Client Secret of an application associated with a Multi-Tenant Application (MTA) deployed in a cloud-computing environment if read with a Fiori Launchpad (FLP) Deployer. The FLP Deployer writes, as content to a FLP Repository, the OAuth Client Secret and FLP Config data for the application read from a FLP Config data store. An App Router/shared FLP (App Router/FLP) accesses the FLP Repository to read content and OAuth Client Secrets for the application that has deployed to the App Router/FLP. A User Account and Authentication (UAA) service associated with the App Router/FLP is accessed to fetch an authorization token for a user after receiving a user connection to the App Router/FLP. An original user authorization token obtained for the user is exchanged with an application-specific authorization token. User interface elements displayed in the FLP are filtered based on scopes read from the exchanged application-specific authorization token.Type: GrantFiled: April 28, 2017Date of Patent: May 21, 2019Assignee: SAP SEInventors: Peter Eberlein, Martijn de Boer
-
Publication number: 20180316685Abstract: An Open Authorization (OAuth) Client Secret of an application associated with a Multi-Tenant Application (MTA) deployed in a cloud-computing environment if read with a Fiori Launchpad (FLP) Deployer. The FLP Deployer writes, as content to a FLP Repository, the OAuth Client Secret and FLP Config data for the application read from a FLP Config data store. An App Router/shared FLP (App Router/FLP) accesses the FLP Repository to read content and OAuth Client Secrets for the application that has deployed to the App Router/FLP. A User Account and Authentication (UAA) service associated with the App Router/FLP is accessed to fetch an authorization token for a user after receiving a user connection to the App Router/FLP. An original user authorization token obtained for the user is exchanged with an application-specific authorization token. User interface elements displayed in the FLP are filtered based on scopes read from the exchanged application-specific authorization token.Type: ApplicationFiled: April 28, 2017Publication date: November 1, 2018Inventors: Peter Eberlein, Martijn de Boer
-
Publication number: 20180144117Abstract: A security configuration file is received from a first application, the security configuration file including information of an authority. The first application assigns the authority to a second application to enable the second application to trigger jobs at the first application, and the second application provides shared services to a plurality of applications including the first application. A query is received from the second application and in response the authority is sent to the second application. A request for a token is received from the second application, the request including the authority. A token including the authority is sent to the second application. The second application sends the token to the first application when the second application triggers jobs at the first application.Type: ApplicationFiled: November 18, 2016Publication date: May 24, 2018Inventors: Michael Engler, Martijn de Boer, Wolfgang Janzen, Peter Eberlein
-
Patent number: 8762731Abstract: In accordance with aspects of the disclosure, a system and methods are provided for managing multi-system security integration by performing state change calls to one or more backend systems by combining a multi-system protection token with a message component for transporting from a user agent to the one or more backend systems for validation by generating an authentication code for proving authenticity of a combined data structure generated by combining a secret cryptographic data key with a portion of the message component and generating a hash code of the combined data structure, generating an arbitrary random number to bind the multi-system protection token to the user agent, and generating the multi-system protection token by combining the authentication code and the arbitrary random number with the message component for transporting from the user agent to the one or more backend systems for validation.Type: GrantFiled: September 14, 2012Date of Patent: June 24, 2014Assignee: SAP AGInventors: Michael Engler, Martijn De Boer, Wolfgang Janzen
-
Publication number: 20140082366Abstract: In accordance with aspects of the disclosure, a system and methods are provided for managing multi-system security integration by performing state change calls to one or more backend systems by combining a multi-system protection token with a message component for transporting from a user agent to the one or more backend systems for validation by generating an authentication code for proving authenticity of a combined data structure generated by combining a secret cryptographic data key with a portion of the message component and generating a hash code of the combined data structure, generating an arbitrary random number to bind the multi-system protection token to the user agent, and generating the multi-system protection token by combining the authentication code and the arbitrary random number with the message component for transporting from the user agent to the one or more backend systems for validation.Type: ApplicationFiled: September 14, 2012Publication date: March 20, 2014Applicant: SAP AGInventors: Michael Engler, Martijn De Boer, Wolfgang Janzen
-
Patent number: 8543994Abstract: The subject matter disclosed herein provides methods and apparatus, including computer program products, for developing components, such as Java server components, without restarting the application server hosting those components. In one aspect, there is provided a computer-implemented method. The method may include providing a component comprising an implementation class and an interface class. At the application server, access to the implementation class may be inhibited to enable the application to execute the component without restarting the application. Related apparatus, systems, methods, and articles are also described.Type: GrantFiled: December 7, 2007Date of Patent: September 24, 2013Assignee: SAP AGInventors: Martijn de Boer, Mathias Essenpreis
-
Patent number: 8321678Abstract: A system may include a sender computing system to transmit first authentication data in association with a message, the first authentication data conforming to a first authentication mechanism, and to transmit second authentication data in association with the message, the second authentication data conforming to a second authentication mechanism. The system may also include a component to receive the first authentication data in association with the message from the sender computing system, and to receive the second authentication data in association with the message from the sender computing system.Type: GrantFiled: October 17, 2006Date of Patent: November 27, 2012Assignee: SAP AGInventors: Christoph H. Hofmann, Martijn De Boer
-
Patent number: 8316422Abstract: A system may include a sender computing system, an intermediary component, and a receiver computing system. The sender computing system may transmit first authentication data and second authentication data, and the intermediary component may receive the first authentication data and second authentication data from the sender computing system, perform an authentication action based on the second authentication data, and transmit the first authentication data. The receiver computing system may receive the first authentication data.Type: GrantFiled: October 17, 2006Date of Patent: November 20, 2012Assignee: SAP AGInventors: Christoph H. Hofmann, Martijn De Boer
-
Patent number: 8302160Abstract: A system may include a sender computing system, an intermediary service component, and a receiver computing system. The sender computing system may transmit a message and authentication data, and the intermediary service component may receive the message and the authentication data from the sender computing system, process the message, and transmit the authentication data and the processed message. The receiver computing system may receive the authentication data and the processed message.Type: GrantFiled: October 17, 2006Date of Patent: October 30, 2012Assignee: SAP AGInventors: Christoph H. Hofmann, Martijn De Boer
-
Publication number: 20090150851Abstract: The subject matter disclosed herein provides methods and apparatus, including computer program products, for developing components, such as Java server components, without restarting the application server hosting those components. In one aspect, there is provided a computer-implemented method. The method may include providing a component comprising an implementation class and an interface class. At the application server, access to the implementation class may be inhibited to enable the application to execute the component without restarting the application. Related apparatus, systems, methods, and articles are also described.Type: ApplicationFiled: December 7, 2007Publication date: June 11, 2009Inventors: Martijn de Boer, Mathias Essenpreis
-
Publication number: 20080091948Abstract: A system may include a sender computing system, an intermediary component, and a receiver computing system. The sender computing system may transmit first authentication data and second authentication data, and the intermediary component may receive the first authentication data and second authentication data from the sender computing system, perform an authentication action based on the second authentication data, and transmit the first authentication data. The receiver computing system may receive the first authentication data.Type: ApplicationFiled: October 17, 2006Publication date: April 17, 2008Inventors: Christoph H. Hofmann, Martijn De Boer
-
Publication number: 20080091950Abstract: A system may include a sender computing system to transmit first authentication data in association with a message, the first authentication data conforming to a first authentication mechanism, and to transmit second authentication data in association with the message, the second authentication data conforming to a second authentication mechanism. The system may also include a component to receive the first authentication data in association with the message from the sender computing system, and to receive the second authentication data in association with the message from the sender computing system.Type: ApplicationFiled: October 17, 2006Publication date: April 17, 2008Inventors: Christoph H. Hofmann, Martijn De Boer
-
Publication number: 20080091949Abstract: A system may include a sender computing system, an intermediary service component, and a receiver computing system. The sender computing system may transmit a message and authentication data, and the intermediary service component may receive the message and the authentication data from the sender computing system, process the message, and transmit the authentication data and the processed message. The receiver computing system may receive the authentication data and the processed message.Type: ApplicationFiled: October 17, 2006Publication date: April 17, 2008Inventors: Christoph H. Hofmann, Martijn De Boer