Automated software compliance analysis

US 10,318,402 B2
Filed: 11/29/2016
Issued: 06/11/2019
Est. Priority Date: 11/29/2016
Status: Active Grant

First Claim

Patent Images

1. One or more non-transitory computer-readable storage media storing computer-executable instructions for causing a computing system to perform processing to analyze whether a software program may create a compliance issue, the processing comprising:

automatically determining, with a compliance tool specified by the computer-executable instructions, a plurality of data source identifiers corresponding to data sources accessed by the software program, the automatically determining comprising;

analyzing a configuration file of a software program for data binding information, the data binding information indicating data source identifiers associated with respective data sources;

determining a plurality of user interface controls associated with the software program; and

determining data source identifiers for data sources bound to at least one of the plurality of user interface controls;

automatically associating at least a portion of the plurality of data source identifiers with one or more formalized compliance terms using the compliance tool, the automatically associating comprising;

comparing the at least a portion of the data source identifiers with a collection of data source identifiers;

determining whether one or more of the plurality of data sources identifiers correspond to critical data sources based on comparing respective data source identifiers of the plurality of data sources identifiers with the collection; and

analyzing the at least a portion of the data source identifiers with the compliance tool using at least one formalized compliance norm comprising at least one of the one or more formalized compliance terms to provide compliance results; and

outputting to a user the compliance results.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A plurality of data sources accessed by a software program are automatically determined by a compliance tool. At least a portion of the data sources are automatically associated with one or more formalized compliance terms using the compliance tool. At least a portion of the data sources is analyzed by the compliance tool using at least one formalized compliance norm that include at least one of the one or more formalized compliance terms to provide compliance results. The compliance results are output to a user.

26 Citations

View as Search Results

20 Claims

1. One or more non-transitory computer-readable storage media storing computer-executable instructions for causing a computing system to perform processing to analyze whether a software program may create a compliance issue, the processing comprising:
- automatically determining, with a compliance tool specified by the computer-executable instructions, a plurality of data source identifiers corresponding to data sources accessed by the software program, the automatically determining comprising;
  
  analyzing a configuration file of a software program for data binding information, the data binding information indicating data source identifiers associated with respective data sources;
  
  determining a plurality of user interface controls associated with the software program; and
  
  determining data source identifiers for data sources bound to at least one of the plurality of user interface controls;
  
  automatically associating at least a portion of the plurality of data source identifiers with one or more formalized compliance terms using the compliance tool, the automatically associating comprising;
  
  comparing the at least a portion of the data source identifiers with a collection of data source identifiers;
  
  determining whether one or more of the plurality of data sources identifiers correspond to critical data sources based on comparing respective data source identifiers of the plurality of data sources identifiers with the collection; and
  
  analyzing the at least a portion of the data source identifiers with the compliance tool using at least one formalized compliance norm comprising at least one of the one or more formalized compliance terms to provide compliance results; and
  
  outputting to a user the compliance results.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The one or more non-transitory computer-readable storage media of claim 1, wherein determining a plurality of user interface controls comprises calling a method of a software program authoring tool.
  - 3. The one or more non-transitory computer-readable storage media of claim 2, wherein determining data source identifiers for data sources bound to at least one of the plurality of user interface controls comprises calling methods associated with the data sources, the method returning identifiers for data sources bound to the respective user interface controls.
  - 4. The one or more non-transitory computer-readable storage media of claim 1, wherein a data source identifier of the plurality of data source identifiers is associated with a data source selected from a data object, a collection of data objects, or a database query.
  - 5. The one or more non-transitory computer-readable storage media of claim 1, wherein the configuration file comprises a XML file.
  - 6. The one or more non-transitory computer-readable storage media of claim 1, wherein the collection of data source identifiers correspond to a collection of non-critical data sources and wherein determining whether the one or more of the plurality of data source identifiers correspond to critical data sources comprises;
    - identifying a data source identifier of the at least portion of the data source identifiers as associated with a critical data source if the respective data source identifier is not in the collection of data source identifiers.
  - 7. The one or more non-transitory computer-readable storage media of claim 6 wherein the collection of non-critical data sources comprises internal resources.
  - 8. The one or more non-transitory computer-readable storage media of claim 6, wherein a critical resource comprises a data source that may contain protected personal information.
  - 9. The one or more non-transitory computer-readable storage media of claim 1, wherein associating at least a portion of the data source identifiers with one or more formalized compliance terms comprises:
    - determining data manipulation actions performed on data retrieved from the data sources associated with the at least a portion of the data source identifiers.
  - 10. The one or more non-transitory computer-readable storage media of claim 1, wherein analyzing the at least a portion of the data source identifiers using at least one formalized compliance norm comprises:
    - determining data manipulation actions performed on data retrieved from the data sources associated with the at least a portion of the data source identifiers.
  - 11. The one or more non-transitory computer-readable storage media of claim 1, wherein analyzing the at least a portion of the data source identifiers using at least one formalized compliance norm comprises:
    - determining output operations associated with data retrieved from the data sources associated with the at least a portion of the data source identifiers.
  - 12. The one or more non-transitory computer-readable storage media of claim 1, wherein associating at least a portion of the data source identifiers with one or more formalized compliance terms comprises:
    - determining output operations associated with data retrieved from the data sources associated with the at least a portion of the data source identifiers.
  - 13. The one or more non-transitory computer-readable storage media of claim 1, wherein the formalized compliance norm is associated with a law, a regulation, or a policy.
  - 14. The one or more non-transitory computer-readable storage media of claim 1, wherein outputting to the user the compliance results comprises displaying to the user a representation of formalized compliance terms associated with the formalized compliance norm, wherein formalized compliance terms potentially associated with a compliance issue are visually indicated to a user.
  - 15. The one or more non-transitory computer-readable storage media of claim 14, the processing further comprising:
    - receiving user input selecting a displayed formalized compliance term; and
      
      providing the user with text of the formalized compliance norm associated with the formalized compliance term.

16. A computing system that implements a compliance tool, the computing system comprising:
- one or more memories;
  
  one or more processing units coupled to the one or more memories; and
  
  one or more non-transitory computer readable storage media storing instructions that, when loaded into the memories, cause the one or more processing units to perform operations for;
  
  analyzing a configuration file of a software application for data binding information, the data binding information indicating a plurality of data source identifiers associated with respective data sources;
  
  calling a method of a software application authoring tool to determine user interface controls associated with the software application;
  
  calling methods associated with the user interface controls to determine data source identifiers of data sources associated with the user interface controls;
  
  determining whether the data source identifiers associated with the user interface controls and the configuration file are associated with critical or non-critical data sources;
  
  associating at least a portion of the data source identifiers associated with the user interface controls and the configuration file with one or more formalized compliance terms, the associating based at least in part on whether a respective data source identifier of the at least a portion of the data source identifiers is associated with a critical or non-critical data source;
  
  analyzing the at least a portion of the data source identifiers using at least one formalized compliance norm comprising at least one of the formalized compliance terms; and
  
  outputting for display a visual representation of the formalized compliance norm and associated formalized compliance terms, wherein the visual representation indicates formalized compliance terms that may be associated with a potential compliance issue.
- View Dependent Claims (17)
- - 17. The computing system of claim 16, wherein the configuration file comprises a XML file.

18. In a computing system comprising a memory and one or more processors, a method of evaluating a potential compliance issue associated with at least one formalized compliance norm, the method comprising:
- analyzing a configuration file of a software application for data binding information, the data binding information indicating a plurality of data source identifiers associated with respective data sources accessed by the software application;
  
  determining a plurality of user interface controls associated with the software application;
  
  determining data source identifiers for data sources bound to at least one of the plurality of user interface controls; and
  
  adding the data source identifiers for the data sources bound to at least one of the plurality of user interface controls to the plurality of data source identifiers determined from the configuration file;
  
  determining whether at least a portion of the data source identifiers determined from the configuration file and the user interface controls are associated with critical or non-critical data source;
  
  associating the at least a portion of the data source identifiers with one or more formalized compliance terms at least in part based on whether a respective data source identifier is associated with a critical or non-critical data source;
  
  analyzing the at least a portion of the data source identifiers using at least one formalized compliance norm comprising at least one of the one or more formalized compliance terms; and
  
  outputting for display a visual representation of the formalized compliance norm and associated formalized compliance terms, wherein the visual representation indicates formalized compliance terms that may be associated with a potential compliance issue.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein the configuration file comprises a XML file.
  - 20. The method of claim 18, wherein analyzing the at least a portion of the data source identifiers using at least one formalized compliance norm comprises:
    - determining data manipulation actions performed on data retrieved from the data sources associated with the at least a portion of the data source identifiers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Oberle, Daniel
Primary Examiner(s)
Jeon, Jae U

Application Number

US15/364,216
Publication Number

US 20180150377A1
Time in Patent Office

924 Days
Field of Search

717126-128
US Class Current
CPC Class Codes

G06F 11/3604 Software analysis for verif...

G06F 11/3608 using formal methods, e.g. ...

Automated software compliance analysis

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Automated software compliance analysis

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links