John Edward Radkowski

US Patent:

20130085800, Apr 4, 2013

Filed:

Oct 3, 2011

Appl. No.:

13/252036

Inventors:

John Christopher Radkowski - Los Altos Hills CA, US
Sarma Adithe Venkata Ram - Cupertino CA, US

Assignee:

SAP AG - Walldorf

International Classification:

G06Q 10/00

US Classification:

705 728

Abstract:

A system and method of authorizing access in a computer system. The method includes receiving a request to use the computer system, reading authorization data associated with the user, and denying the request according to the authorization data. The method further includes determining a business process risk associated with the request and comparing a characteristic of the request and the business process risk. The method further includes authorizing the request to use the computer system by the user when the business process risk exceeds the characteristic. In this manner, the delay involved in performing the normal access provisioning process is avoided for situations in which the business risk exceeds the cost of the delay.

US Patent:

20130159049, Jun 20, 2013

Filed:

Dec 15, 2011

Appl. No.:

13/326473

Inventors:

SAYEKUMAR ARUMUGAM - FOSTER CITY CA, US
RAVIKANTH ERUKULLA - MILPITAS CA, US
JOHN CHRISTOPHER RADKOWSKI - LOS ALTOS HILLS CA, US

International Classification:

G06Q 10/00

US Classification:

705 728

Abstract:

Various embodiments of systems and methods for automatic calibration a risk level of a role are described herein. Automatically and periodically a risk level of a role is evaluated based on various risk factors associated with the role. Risk factors' values are determined by respective risk factor aggregators. Risk factors are assigned weights to determine their influence degree on the risk level of the role. The risk level of the role is computed by a risk calibration engine based on the determined risk factors' values and assigned weights, respectively.

US Patent:

20130212711, Aug 15, 2013

Filed:

Feb 15, 2012

Appl. No.:

13/397336

Inventors:

John C. Radkowski - Los Altos Hills CA, US
Swetta Singh - Saratoga CA, US

Assignee:

SAP AG - Walldorf

International Classification:

G06F 21/24

US Classification:

726 30

Abstract:

Extracting data from a source system includes generating an authorization model of the data protection controls applied to the extracted data by the source system. The authorization model is used to map the data protection control applied to the extracted data to generate corresponding data protection controls provided in target system. The extracted data is imported to the target system including implementing the corresponding data protection controls.

US Patent:

20130298186, Nov 7, 2013

Filed:

May 3, 2012

Appl. No.:

13/463160

Inventors:

John Christopher Radkowski - Los Altos Hills CA, US
Swetta Singh - Saratoga CA, US

Assignee:

SAP AG - Walldorf

International Classification:

G06F 21/00
G06F 17/00

US Classification:

726 1

Abstract:

Embodiments dynamically manage privileged access to a computer system according to policies enforced by rule engine. User input to the rule engine may determine an extent of system access, as well as other features such as intensity of user activity logging (including logging supplemental to a system activity log). Certain embodiments may provide access based upon user selection of a pre-configured ID at a dashboard, while other embodiments may rely upon direct user input to the rule engine to generate an ID at a policy enforcement point. Embodiments of methods and apparatuses may be particularly useful in granting and/or logging broad temporary access rights allowed based upon emergency conditions.

US Patent:

20150074014, Mar 12, 2015

Filed:

Sep 12, 2013

Appl. No.:

14/025046

Inventors:

John Christopher Radkowski - Los Altos Hills CA, US
Saye Arumugam - Foster City CA, US

Assignee:

SAP AG - WALLDORF

International Classification:

G06Q 10/06

US Classification:

705342

Abstract:

In an example embodiment, roles within a job based security model are refactored to roles within a task oriented security model. The task oriented security model comprises task roles, which allow access to functionality and data, and enabler roles, which provide limits on the scope of the task roles. Data such as user assignment data, role to functionality mapping, functionality authorization objects, user identity and organizational data may be combined and normalized to create a mapping of users to functionality and organizational data. A refactoring engine may then examine the map to identify new candidate roles using contiguous regions of the map. Tuning parameters and constraints allow tuning of the candidate roles, and statistical metrics allow evaluation of the candidate roles. Candidate roles may be tested and applied in the new system.

US Patent:

20150033367, Jan 29, 2015

Filed:

Oct 10, 2014

Appl. No.:

14/512052

Inventors:

John C. Radkowski - Los Altos Hills CA, US
Swetta Singh - Saratoga CA, US

International Classification:

G06F 21/62

US Classification:

726 30

Abstract:

Extracting data from a source system includes generating an authorization model of the data protection controls applied to the extracted data by the source system. The authorization model is used to map the data protection control applied to the extracted data to generate corresponding data protection controls provided in target system. The extracted data is imported to the target system including implementing the corresponding data protection controls.