Identifier-based application security

Assignee

• SAP SE · DE

Inventors

• Cedric Hebert · Mouans-Sartoux, FR
• Merve Sahin · Antibes, FR
• Anderson Santana de Oliveira · Antibes, FR

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/146
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Systems, methods, and computer media for securing software applications are provided herein. Through the use of an identifier such as a digital fingerprint, application sessions or session requests that use the same credentials can be distinguished, and malicious users can be detected and managed. A request to establish a session with an application can be received. Based on a digital fingerprint associated with the request, it can be determined that although a credential included in the request is valid, the request is unauthorized by comparing the digital fingerprint to known malicious fingerprints. When the fingerprint is found to be malicious, a cloned application session having at least partially fake data can be established instead of the requested application, thus limiting an attacker's access to real application data without revealing to the attacker that the attack has been detected.