End-to-end tamper protection in presence of cloud integration
First Claim
1. A computerized method performed by one or more processors, the method comprising:
- receiving, at a receiving entity via a cloud-based integration system, a business-to-business (B2B) communication from a sending entity, wherein the B2B communication includes a set of data associated with at least one business transaction, where the received B2B communication is in a target format, and wherein the cloud-based integration system transforms an original B2B communication in a source format sent from the sending entity into the target format of the B2B communication received at the receiving entity;
after receiving the B2B communication transformed by the cloud-based integration system, receiving, at the receiving entity, a digitally-signed sender fingerprint of critical fields from the sending entity, wherein the digitally-signed sender fingerprint of critical fields is received without transformation by the cloud-based integration system, wherein the critical fields are extracted by the sending entity from the set of data associated with the at least one business transaction in the source format of the original B2B communication, wherein the critical fields represent a particular subset of fields within the set of data identified and predefined by the sending entity and the receiving entity prior to the B2B communication being sent, and wherein the set of data includes the critical fields and one or more non-critical fields;
verifying, at the receiving entity, that the received sender fingerprint was signed by the sending entity; and
in response to verifying that the received sender fingerprint was signed by the sending entity;
extracting, at the receiving entity, the critical fields from the received B2B communication in the target format based on a pre-defined algorithm;
in response to extracting the critical fields from the received B2B communication, generating, at the receiving entity, a receiver fingerprint based on the extracted critical fields from the received B2B communication; and
comparing the received sender fingerprint and the generated receiver fingerprint to determine that the received sender fingerprint and the generated receiver fingerprint are identical.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure involves systems and methods for providing end-to-end tamper protection in a cloud integration environment. One example method includes receiving, at a receiver in a cloud-based integration scenario, a B2B communication from a sender including data associated with a business transaction, the received communication in a target format. The cloud-based integration system transforms the original communication in a source format into the target format of the receiver. A digitally-signed sender fingerprint of critical fields extracted from the set of data associated with the at least one business transaction in the source format of the original B2B communication are received and verified as signed by the sender. A receiver fingerprint in the target format is generated using the critical fields from the received communication based on a pre-defined algorithm. The sender fingerprint and the generated receiver fingerprint are compared to determine if they are identical.
-
Citations
21 Claims
-
1. A computerized method performed by one or more processors, the method comprising:
-
receiving, at a receiving entity via a cloud-based integration system, a business-to-business (B2B) communication from a sending entity, wherein the B2B communication includes a set of data associated with at least one business transaction, where the received B2B communication is in a target format, and wherein the cloud-based integration system transforms an original B2B communication in a source format sent from the sending entity into the target format of the B2B communication received at the receiving entity; after receiving the B2B communication transformed by the cloud-based integration system, receiving, at the receiving entity, a digitally-signed sender fingerprint of critical fields from the sending entity, wherein the digitally-signed sender fingerprint of critical fields is received without transformation by the cloud-based integration system, wherein the critical fields are extracted by the sending entity from the set of data associated with the at least one business transaction in the source format of the original B2B communication, wherein the critical fields represent a particular subset of fields within the set of data identified and predefined by the sending entity and the receiving entity prior to the B2B communication being sent, and wherein the set of data includes the critical fields and one or more non-critical fields; verifying, at the receiving entity, that the received sender fingerprint was signed by the sending entity; and in response to verifying that the received sender fingerprint was signed by the sending entity; extracting, at the receiving entity, the critical fields from the received B2B communication in the target format based on a pre-defined algorithm; in response to extracting the critical fields from the received B2B communication, generating, at the receiving entity, a receiver fingerprint based on the extracted critical fields from the received B2B communication; and comparing the received sender fingerprint and the generated receiver fingerprint to determine that the received sender fingerprint and the generated receiver fingerprint are identical. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computing system, comprising a memory, one or more processors, and instructions stored on the memory and operable when executed by the one or more processors to cause the computing system to perform operations comprising:
-
receiving, at a receiving entity via a cloud-based integration system, a business-to-business (B2B) communication from a sending entity, wherein the B2B communication includes a set of data associated with at least one business transaction, where the received B2B communication is in a target format, and wherein the cloud-based integration system transforms an original B2B communication in a source format sent from the sending entity into the target format of the B2B communication received at the receiving entity; after receiving the B2B communication transformed by the cloud-based integration system, receiving, at the receiving entity, a digitally-signed sender fingerprint of critical fields from the sending entity, wherein the digitally-signed sender fingerprint of critical fields is received without transformation by the cloud-based integration system, wherein the critical fields are extracted by the sending entity from the set of data associated with the at least one business transaction in the source format of the original B2B communication, wherein the critical fields represent a particular subset of fields within the set of data identified and predefined by the sending entity and the receiving entity prior to the B2B communication being sent, and wherein the set of data includes the critical fields and one or more non-critical fields; verifying, at the receiving entity, that the received sender fingerprint was signed by the sending entity; and in response to verifying that the received sender fingerprint was signed by the sending entity; extracting, at the receiving entity, the critical fields from the received B2B communication in the target format based on a pre-defined algorithm; in response to extracting the critical fields from the received B2B communication, generating, at the receiving entity, a receiver fingerprint based on the extracted critical fields from the received B2B communication; and comparing the received sender fingerprint and the generated receiver fingerprint to determine that the received sender fingerprint and the generated receiver fingerprint are identical. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A computer program product encoded on a non-transitory storage medium, the product comprising non-transitory, computer readable instructions for causing one or more processors to perform operations comprising:
-
receiving, at a receiving entity via a cloud-based integration system, a business-to-business (B2B) communication from a sending entity, wherein the B2B communication includes a set of data associated with at least one business transaction, where the received B2B communication is in a target format, and wherein the cloud-based integration system transforms an original B2B communication in a source format sent from the sending entity into the target format of the B2B communication received at the receiving entity; after receiving the B2B communication transformed by the cloud-based integration system, receiving, at the receiving entity, a digitally-signed sender fingerprint of critical fields from the sending entity, wherein the digitally-signed sender fingerprint of critical fields is received without transformation by the cloud-based integration system, wherein the critical fields are extracted by the sending entity from the set of data associated with the at least one business transaction in the source format of the original B2B communication, wherein the critical fields represent a particular subset of fields within the set of data identified and predefined by the sending entity and the receiving entity prior to the B2B communication being sent, and wherein the set of data includes the critical fields and one or more non-critical fields; verifying, at the receiving entity, that the received sender fingerprint was signed by the sending entity; and in response to verifying that the received sender fingerprint was signed by the sending entity; extracting, at the receiving entity, the critical fields from the received B2B communication in the target format based on a pre-defined algorithm; in response to extracting the critical fields from the received B2B communication, generating, at the receiving entity, a receiver fingerprint based on the extracted critical fields from the received B2B communication; and comparing the received sender fingerprint and the generated receiver fingerprint to determine that the received sender fingerprint and the generated receiver fingerprint are identical. - View Dependent Claims (21)
-
Specification