Organizational units such as companies, organization, financial institutes, and public authorities run joined business processes between their application systems. These systems are located in the local information technology (IT) landscapes and are connected via an integration middleware. This integration middleware may be local to the IT landscapes, and manages the data exchange for the related business-to-business (B2B) communication. For receivers of such communication, the integrity of the data must be ensured for tamper protection, while a legally binding signature of the sender must be attached for non-repudiation. A legally binding signature in this context may represent an electronic signature, which can be accepted as evidence by a court in legal proceedings.
Existing systems provide both tamper protection and non-repudiation using asymmetric security protocols. In those instances, the sender creates the B2B data as the receiver expects it. When sending the data, the sender's integration middleware transform the data into a format suitable for the receiver. The sender can then digitally sign the B2B data and send the signed data to the receiver. The receiver then verifies the signature using the asymmetric security to verify the received data.
Due to the introduction of cloud-based integration systems, current local integration middleware has become obsolete. In cloud-based integration systems, the sender and receiver application systems are connected directly to a cloud integration system, which takes over the data transformation from the sender to receiver format.
B2B data is exchanged in very deep nested hierarchal and complex data structures, and may combine multiple records and transactions in a single message or correspondence. Many B2B standards exist, for example, AS2 (Applicability Standard 2), EDIFACT (Electronic Data Interchange For Administration, Commerce and Transport), RNIF (RosettaNet Implementation Framework), ISO20022 (ISO payment exchange), and others.