End-to-end tamper protection in presence of cloud integration

US 9,906,367 B2
Filed: 08/05/2014
Issued: 02/27/2018
Est. Priority Date: 08/05/2014
Status: Active Grant

First Claim

Patent Images

1. A computerized method performed by one or more processors, the method comprising:

receiving, at a receiving entity via a cloud-based integration system, a business-to-business (B2B) communication from a sending entity, wherein the B2B communication includes a set of data associated with at least one business transaction, where the received B2B communication is in a target format, and wherein the cloud-based integration system transforms an original B2B communication in a source format sent from the sending entity into the target format of the B2B communication received at the receiving entity;

after receiving the B2B communication transformed by the cloud-based integration system, receiving, at the receiving entity, a digitally-signed sender fingerprint of critical fields from the sending entity, wherein the digitally-signed sender fingerprint of critical fields is received without transformation by the cloud-based integration system, wherein the critical fields are extracted by the sending entity from the set of data associated with the at least one business transaction in the source format of the original B2B communication, wherein the critical fields represent a particular subset of fields within the set of data identified and predefined by the sending entity and the receiving entity prior to the B2B communication being sent, and wherein the set of data includes the critical fields and one or more non-critical fields;

verifying, at the receiving entity, that the received sender fingerprint was signed by the sending entity; and

in response to verifying that the received sender fingerprint was signed by the sending entity;

extracting, at the receiving entity, the critical fields from the received B2B communication in the target format based on a pre-defined algorithm;

in response to extracting the critical fields from the received B2B communication, generating, at the receiving entity, a receiver fingerprint based on the extracted critical fields from the received B2B communication; and

comparing the received sender fingerprint and the generated receiver fingerprint to determine that the received sender fingerprint and the generated receiver fingerprint are identical.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure involves systems and methods for providing end-to-end tamper protection in a cloud integration environment. One example method includes receiving, at a receiver in a cloud-based integration scenario, a B2B communication from a sender including data associated with a business transaction, the received communication in a target format. The cloud-based integration system transforms the original communication in a source format into the target format of the receiver. A digitally-signed sender fingerprint of critical fields extracted from the set of data associated with the at least one business transaction in the source format of the original B2B communication are received and verified as signed by the sender. A receiver fingerprint in the target format is generated using the critical fields from the received communication based on a pre-defined algorithm. The sender fingerprint and the generated receiver fingerprint are compared to determine if they are identical.

Citations

21 Claims

1. A computerized method performed by one or more processors, the method comprising:
- receiving, at a receiving entity via a cloud-based integration system, a business-to-business (B2B) communication from a sending entity, wherein the B2B communication includes a set of data associated with at least one business transaction, where the received B2B communication is in a target format, and wherein the cloud-based integration system transforms an original B2B communication in a source format sent from the sending entity into the target format of the B2B communication received at the receiving entity;
  
  after receiving the B2B communication transformed by the cloud-based integration system, receiving, at the receiving entity, a digitally-signed sender fingerprint of critical fields from the sending entity, wherein the digitally-signed sender fingerprint of critical fields is received without transformation by the cloud-based integration system, wherein the critical fields are extracted by the sending entity from the set of data associated with the at least one business transaction in the source format of the original B2B communication, wherein the critical fields represent a particular subset of fields within the set of data identified and predefined by the sending entity and the receiving entity prior to the B2B communication being sent, and wherein the set of data includes the critical fields and one or more non-critical fields;
  
  verifying, at the receiving entity, that the received sender fingerprint was signed by the sending entity; and
  
  in response to verifying that the received sender fingerprint was signed by the sending entity;
  
  extracting, at the receiving entity, the critical fields from the received B2B communication in the target format based on a pre-defined algorithm;
  
  in response to extracting the critical fields from the received B2B communication, generating, at the receiving entity, a receiver fingerprint based on the extracted critical fields from the received B2B communication; and
  
  comparing the received sender fingerprint and the generated receiver fingerprint to determine that the received sender fingerprint and the generated receiver fingerprint are identical.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the sender fingerprint is received via the cloud-based integration system.
  - 3. The method of claim 2, wherein the sender fingerprint is included within the B2B communication.
  - 4. The method of claim 1, wherein the sender fingerprint is received via a channel other than the cloud-based integration system.
  - 5. The method of claim 1, wherein transformation of the original B2B communication from the source format to the target format is based on predefined rules.
  - 6. The method of claim 1, wherein signing the fingerprints creates hash values calculated by applying the digital signatures.
  - 7. The method of claim 1, wherein generating the receiver fingerprint of the received B2B communication in the target format based on the critical fields includes:
    - extracting a set of critical fields from the received B2B communication; and
      
      de-normalizing the structure of the extracted set of critical fields based on a set of predefined normalization rules.
  - 8. The method of claim 7, where generating the receiver fingerprint of the received B2B communication in the target format based on the critical fields further includes normalizing at least one value associated with at least one critical field based on the set of predefined normalization rules.
  - 9. The method of claim 1, wherein the pre-defined algorithm is used by the sending entity to generate the verified sender fingerprint received by the receiving entity.
  - 10. The method of claim 1 further comprising, in response to determining that the verified sender fingerprint and the generated receiver fingerprint are identical, processing the received B2B communication at the receiving entity.
  - 11. The method of claim 1 further comprising, in response to determining that the verified sender fingerprint and the generated receiver fingerprint are not identical, not processing the B2B communication at the receiving entity and notifying the cloud-based integration system.
  - 12. The method of claim 1, wherein determining that the verified sender fingerprint and the generated receiver fingerprint are identical indicates that the sender fingerprint was unchanged after signing by the sending entity.
  - 13. The method of claim 1, wherein the critical fields represent key message semantics for verification.

14. A computing system, comprising a memory, one or more processors, and instructions stored on the memory and operable when executed by the one or more processors to cause the computing system to perform operations comprising:
- receiving, at a receiving entity via a cloud-based integration system, a business-to-business (B2B) communication from a sending entity, wherein the B2B communication includes a set of data associated with at least one business transaction, where the received B2B communication is in a target format, and wherein the cloud-based integration system transforms an original B2B communication in a source format sent from the sending entity into the target format of the B2B communication received at the receiving entity;
  
  after receiving the B2B communication transformed by the cloud-based integration system, receiving, at the receiving entity, a digitally-signed sender fingerprint of critical fields from the sending entity, wherein the digitally-signed sender fingerprint of critical fields is received without transformation by the cloud-based integration system, wherein the critical fields are extracted by the sending entity from the set of data associated with the at least one business transaction in the source format of the original B2B communication, wherein the critical fields represent a particular subset of fields within the set of data identified and predefined by the sending entity and the receiving entity prior to the B2B communication being sent, and wherein the set of data includes the critical fields and one or more non-critical fields;
  
  verifying, at the receiving entity, that the received sender fingerprint was signed by the sending entity; and
  
  in response to verifying that the received sender fingerprint was signed by the sending entity;
  
  extracting, at the receiving entity, the critical fields from the received B2B communication in the target format based on a pre-defined algorithm;
  
  in response to extracting the critical fields from the received B2B communication, generating, at the receiving entity, a receiver fingerprint based on the extracted critical fields from the received B2B communication; and
  
  comparing the received sender fingerprint and the generated receiver fingerprint to determine that the received sender fingerprint and the generated receiver fingerprint are identical.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The system of claim 14, wherein the pre-defined algorithm is used by the sending entity to generate the verified sender fingerprint received by the receiving entity.
  - 16. The system of claim 14, wherein the signing the fingerprints creates hash values calculated by applying the digital signatures.
  - 17. The system of claim 14, wherein generating the receiver fingerprint of the received B2B communication in the target format based on the critical fields includes:
    - extracting a set of critical fields from the received B2B communication; and
      
      de-normalizing the structure of the extracted set of critical fields based on a set of predefined normalization rules.
  - 18. The system of claim 17, wherein generating the receiver fingerprint of the received B2B communication in the target format based on the critical fields further includes normalizing at least one value associated with at least one critical field based on the set of predefined normalization rules.
  - 19. The system of claim 14, wherein the operations further comprise, in response to determining that the verified sender fingerprint and the generated receiver fingerprint are identical, processing the received B2B communication at the receiving entity.

20. A computer program product encoded on a non-transitory storage medium, the product comprising non-transitory, computer readable instructions for causing one or more processors to perform operations comprising:
- receiving, at a receiving entity via a cloud-based integration system, a business-to-business (B2B) communication from a sending entity, wherein the B2B communication includes a set of data associated with at least one business transaction, where the received B2B communication is in a target format, and wherein the cloud-based integration system transforms an original B2B communication in a source format sent from the sending entity into the target format of the B2B communication received at the receiving entity;
  
  after receiving the B2B communication transformed by the cloud-based integration system, receiving, at the receiving entity, a digitally-signed sender fingerprint of critical fields from the sending entity, wherein the digitally-signed sender fingerprint of critical fields is received without transformation by the cloud-based integration system, wherein the critical fields are extracted by the sending entity from the set of data associated with the at least one business transaction in the source format of the original B2B communication, wherein the critical fields represent a particular subset of fields within the set of data identified and predefined by the sending entity and the receiving entity prior to the B2B communication being sent, and wherein the set of data includes the critical fields and one or more non-critical fields;
  
  verifying, at the receiving entity, that the received sender fingerprint was signed by the sending entity; and
  
  in response to verifying that the received sender fingerprint was signed by the sending entity;
  
  extracting, at the receiving entity, the critical fields from the received B2B communication in the target format based on a pre-defined algorithm;
  
  in response to extracting the critical fields from the received B2B communication, generating, at the receiving entity, a receiver fingerprint based on the extracted critical fields from the received B2B communication; and
  
  comparing the received sender fingerprint and the generated receiver fingerprint to determine that the received sender fingerprint and the generated receiver fingerprint are identical.
- View Dependent Claims (21)
- - 21. The computer program product of claim 20, wherein generating the receiver fingerprint of the received B2B communication in the target format based on the critical fields includes:
    - extracting a set of critical fields from the received B2B communication;
      
      de-normalizing the structure of the extracted set of critical fields based on a set of predefined normalization rules; and
      
      normalizing at least one value associated with at least one critical field based on the set of predefined normalization rules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Hoffmann, Frank Oliver, Becker, Christian
Primary Examiner(s)
SIMITOSKI, MICHAEL J

Application Number

US14/451,645
Publication Number

US 20160043868A1
Time in Patent Office

1,302 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/027   involving a payment switch ...

G06Q 20/0855   involving a third party

G06Q 20/10   specially adapted for elect...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04L 63/12   Applying verification of th...

H04L 63/123   received data contents, e.g...

H04L 67/56   Provisioning of proxy servi...

H04L 9/3247   involving digital signatures

End-to-end tamper protection in presence of cloud integration

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

End-to-end tamper protection in presence of cloud integration

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links