Patents by Inventor Paul El Khoury
Paul El Khoury has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10887317Abstract: Authentication data for providing access to a resource to a user is received from a requester. The authentication data encapsulates data required by both a first authentication solution and a second authentication procedure both for providing access to a resource. The first and second authentication solutions can differ in authentication modality with the second authentication solution utilizing at least one machine learning model. Thereafter, using the received authentication data, both of the first and second authentication solutions are initiated. Authentication results are received from both of the first and second authentication solutions. The requester is provided with access to the resource if the both of the received authentication results indicate that authentication of the user was successful. Related apparatus, systems, techniques and articles are also described.Type: GrantFiled: November 28, 2018Date of Patent: January 5, 2021Assignee: SAP SEInventors: Paul el Khoury, Chang Liu, Li Dong, Nicolas Rousseau, Chu Yunxiao Zhong
-
Publication number: 20200169561Abstract: Authentication data for providing access to a resource to a user is received from a requester. The authentication data encapsulates data required by both a first authentication solution and a second authentication procedure both for providing access to a resource. The first and second authentication solutions can differ in authentication modality with the second authentication solution utilizing at least one machine learning model. Thereafter, using the received authentication data, both of the first and second authentication solutions are initiated. Authentication results are received from both of the first and second authentication solutions. The requester is provided with access to the resource if the both of the received authentication results indicate that authentication of the user was successful. Related apparatus, systems, techniques and articles are also described.Type: ApplicationFiled: November 28, 2018Publication date: May 28, 2020Inventors: Paul el Khoury, Chang Liu, Li Dong, Nicolas Rousseau, Chu Yunxiao Zhong
-
Patent number: 10523695Abstract: Data is received that characterizes a software system. Thereafter, a threat model is generated, using at least one machine learning model, that optimally characterizes cybersecurity threats associated with the software system and provides security measures to counter such threats. The at least one machine learning model is trained using a plurality of historically generated threat models for a plurality of differing software systems. Subsequently, data can be provided that includes or otherwise characterizes the generated threat model.Type: GrantFiled: July 24, 2017Date of Patent: December 31, 2019Assignee: SAP SEInventors: Peter Fach, Paul El Khoury
-
Publication number: 20190028498Abstract: Data is received that characterizes a software system. Thereafter, a threat model is generated, using at least one machine learning model, that optimally characterizes cybersecurity threats associated with the software system and provides security measures to counter such threats. The at least one machine learning model is trained using a plurality of historically generated threat models for a plurality of differing software systems. Subsequently, data can be provided that includes or otherwise characterizes the generated threat model.Type: ApplicationFiled: July 24, 2017Publication date: January 24, 2019Inventors: Peter Fach, Paul El Khoury
-
Patent number: 10055558Abstract: The disclosure relates to a telecommunication method for authenticating a user with respect to a computer system, the computer system comprising an authentication system including a user interface and an interface for connecting the computer system to a digital, cellular telecommunication network, the authentication being carried out by way of a mobile telecommunication terminal, the mobile telecommunication terminal comprising an interface for the communication network, the computer system comprising a memory in which a communication address for the telecommunication terminal is stored, comprises: the user identifies himself or herself with respect to the authentication system of the computer system by entering login information via the user interface; after successful identification of the user on the authentication system, the authentication system accesses the communication address stored in the memory and transmits an activation request via the communication network to the mobile telecommunication terminType: GrantFiled: February 5, 2016Date of Patent: August 21, 2018Assignee: SAP SEInventors: Paul El Khoury, Robert Lorch
-
Patent number: 10044722Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving a support request from a requester, and obtaining a policy for evaluating administrative privileges required for fulfilling the request where the policy is based on a history of actions of the requester. Receiving a system access request for access to digital content, where the system access request is associated with the support request, and providing an access control decision based on the policy.Type: GrantFiled: April 2, 2015Date of Patent: August 7, 2018Assignee: SAP SEInventors: Paul El Khoury, Oliver Kling
-
Patent number: 9985945Abstract: A protocol controller may execute a spoofing protection protocol for verifying a message received over a network from a network-connected thing, in the presence of a spoofed message transmitted from a spoofed thing illicitly representing the network-connected thing. The protocol controller may include a message handler configured to implement the spoofing protection protocol, including receiving a message identified as originating from the network-connected thing, executing a verification of a transmission characteristic of the message against an expected transmission characteristic previously stored with respect to the network-connected thing within a transmission characteristic repository, and determining whether the message originated from the network-connected thing, based on the verification.Type: GrantFiled: October 22, 2015Date of Patent: May 29, 2018Assignee: SAP SEInventors: Paul El Khoury, Oliver Kling
-
Patent number: 9760710Abstract: An encryption manager may encrypt mobile data associated with a mobile application executing on a mobile device, where the mobile application is configured to interact with a remote application executing on a remote server, and the mobile data is encrypted using a mobile password. A mobile password recovery manager may encrypt the mobile password, using a remote password used to access the remote application executing on the remote server, and may recover the mobile data, in case of loss of the mobile password, including decrypting the encrypted mobile password using the remote password.Type: GrantFiled: February 28, 2014Date of Patent: September 12, 2017Assignee: SAP SEInventors: Paul El Khoury, Robert Lorch
-
Publication number: 20170118187Abstract: A protocol controller may execute a spoofing protection protocol for verifying a message received over a network from a network-connected thing, in the presence of a spoofed message transmitted from a spoofed thing illicitly representing the network-connected thing. The protocol controller may include a message handler configured to implement the spoofing protection protocol, including receiving a message identified as originating from the network-connected thing, executing a verification of a transmission characteristic of the message against an expected transmission characteristic previously stored with respect to the network-connected thing within a transmission characteristic repository, and determining whether the message originated from the network-connected thing, based on the verification.Type: ApplicationFiled: October 22, 2015Publication date: April 27, 2017Inventors: Paul EL KHOURY, Oliver KLING
-
Publication number: 20160294840Abstract: Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving a support request from a requester, and obtaining a policy for evaluating administrative privileges required for fulfilling the request where the policy is based on a history of actions of the requester. Receiving a system access request for access to digital content, where the system access request is associated with the support request, and providing an access control decision based on the policy.Type: ApplicationFiled: April 2, 2015Publication date: October 6, 2016Inventors: Paul El Khoury, Oliver Kling
-
Publication number: 20160239648Abstract: The disclosure relates to a telecommunication method for authenticating a user with respect to a computer system, the computer system comprising an authentication system including a user interface and an interface for connecting the computer system to a digital, cellular telecommunication network, the authentication being carried out by way of a mobile telecommunication terminal, the mobile telecommunication terminal comprising an interface for the communication network, the computer system comprising a memory in which a communication address for the telecommunication terminal is stored, comprises: the user identifies himself or herself with respect to the authentication system of the computer system by entering login information via the user interface; after successful identification of the user on the authentication system, the authentication system accesses the communication address stored in the memory and transmits an activation request via the communication network to the mobile telecommunication terminType: ApplicationFiled: February 5, 2016Publication date: August 18, 2016Applicant: SAP SEInventors: Paul EL KHOURY, Robert LORCH
-
Patent number: 9331995Abstract: Secure configuration of a mobile application (“app”) includes sending the required configuration data for the app to the user's mobile computing device in a communication, for example an email with an attachment. A verification value is included in the attachment to protect the authenticity and integrity of the configuration data. A challenge code is issued to the user (or group of users). The challenge code is used to verify the configuration data.Type: GrantFiled: April 22, 2014Date of Patent: May 3, 2016Assignee: SAP SEInventors: Juergen Schneider, Paul El Khoury, Sami Lechner
-
Patent number: 9317715Abstract: The disclosure generally describes computer-implemented methods, software, and systems for modeling and deploying decision services. One computer-implemented method includes encrypting, by operation of a computer, personally-identifiable information (PII) data using a first cryptographic key, wherein the PII data is associated with non-encrypted associated data, encrypting the encrypted first cryptographic key with a second cryptographic key, determining that the occurrence of a PII data disassociation event associated with the second cryptographic key has occurred, and rendering the PII data inaccessible by disassociating the second cryptographic key from the encrypted first cryptographic key.Type: GrantFiled: August 24, 2012Date of Patent: April 19, 2016Assignee: SAP SEInventors: Mark T. Schuette, Juergen Schneider, Paul El Khoury
-
Publication number: 20150248552Abstract: An encryption manager may encrypt mobile data associated with a mobile application executing on a mobile device, where the mobile application is configured to interact with a remote application executing on a remote server, and the mobile data is encrypted using a mobile password. A mobile password recovery manager may encrypt the mobile password, using a remote password used to access the remote application executing on the remote server, and may recover the mobile data, in case of loss of the mobile password, including decrypting the encrypted mobile password using the remote password.Type: ApplicationFiled: February 28, 2014Publication date: September 3, 2015Inventors: Paul El Khoury, Robert Lorch
-
Patent number: 9075978Abstract: Secure configuration of a mobile application (“app”) includes sending the required configuration data for the app to the user's mobile computing device in a communication, for example an email with an attachment. A verification value is included in the attachment to protect the authenticity and integrity of the configuration data. A challenge code is issued to the user (or group of users). The challenge code is used to verify the configuration data.Type: GrantFiled: April 23, 2012Date of Patent: July 7, 2015Assignee: SAP SEInventors: Juergen Schneider, Paul El Khoury, Sami Lechner
-
Patent number: 8935538Abstract: Methods, computer-readable media, and systems for enhancing useability of mobile devices that securely store data. An input to transfer a computer software application executing on a mobile device from a foreground state of the mobile device to a background state of the mobile device is received. In response, noise data based on application data associated with the application is generated. Both the application data and the noise data are encrypted using the same encryption mechanism, but using different keys. When another input to transfer the application from the background state to the foreground state is received, then the encryption mechanism is executed on the application data and the noise data using a key requested in response to the other input. The application is transferred to the foreground state if the received key matches the key with which the application data was previously encrypted. Other items of data are discarded.Type: GrantFiled: September 18, 2013Date of Patent: January 13, 2015Assignee: SAP SEInventor: Paul El Khoury
-
Publication number: 20140230031Abstract: Secure configuration of a mobile application (“app”) includes sending the required configuration data for the app to the user's mobile computing device in a communication, for example an email with an attachment. A verification value is included in the attachment to protect the authenticity and integrity of the configuration data. A challenge code is issued to the user (or group of users). The challenge code is used to verify the configuration data.Type: ApplicationFiled: April 22, 2014Publication date: August 14, 2014Applicant: SAP AGInventors: Juergen Schneider, Paul El Khoury, Sami Lechner
-
Publication number: 20140173292Abstract: Methods, computer-readable media, and systems for enhancing useability of mobile devices that securely store data. An input to transfer a computer software application executing on a mobile device from a foreground state of the mobile device to a background state of the mobile device is received. In response, noise data based on application data associated with the application is generated. Both the application data and the noise data are encrypted using the same encryption mechanism, but using different keys. When another input to transfer the application from the background state to the foreground state is received, then the encryption mechanism is executed on the application data and the noise data using a key requested in response to the other input. The application is transferred to the foreground state if the received key matches the key with which the application data was previously encrypted. Other items of data are discarded.Type: ApplicationFiled: September 18, 2013Publication date: June 19, 2014Inventor: Paul El Khoury
-
Publication number: 20140059355Abstract: The disclosure generally describes computer-implemented methods, software, and systems for modeling and deploying decision services. One computer-implemented method includes encrypting, by operation of a computer, personally-identifiable information (PII) data using a first cryptographic key, wherein the PII data is associated with non-encrypted associated data, encrypting the encrypted first cryptographic key with a second cryptographic key, determining that the occurrence of a PII data disassociation event associated with the second cryptographic key has occurred, and rendering the PII data inaccessible by disassociating the second cryptographic key from the encrypted first cryptographic key.Type: ApplicationFiled: August 24, 2012Publication date: February 27, 2014Applicant: SAP AGInventors: Mark T. Schuette, Juergen Schneider, Paul El Khoury
-
Patent number: 8640208Abstract: The present description refers in particular to a computer-implemented method, a computer system, and a computer program product. The method may comprise providing authentication enforcement at resource level by specifying at design time at least one authentication key for at least one data storage unit of a resource. A request may be received at a server from a requester through a client to access the resource. Authentication of the requester may be enforced through the at least one authentication key at the at least one data storage unit of the resource.Type: GrantFiled: November 28, 2007Date of Patent: January 28, 2014Assignee: SAP AGInventors: Azzedine Benameur, Paul El Khoury, Cedric S. P. Ulmer