1. Field of the Invention
The present invention relates generally to the field of telecommunications and more specifically to a method, system and computer program product for managing transmission of electronic data between two network entities. The present invention relates more specifically to a method, system and computer program product for managing transmission of electronic data between network entities of trading partners using Transmission Control Protocol/Internet Protocol ("TCP/IP") and Secure Sockets Layer, Version 3 ("SSL3"). More specifically, the present invention relates to a method, system and computer program product for managing transmission of data formatted compatible with Electronic Data Interchange ("EDI") in transactions using TCP/IP and SSL3 between network entities.
2. Discussion of the Background
Without limiting the invention, its background is described in connection with transmission of Electronic Data Interchange ("EDI") data between network entities of trading partners in the telecommunications industry. Normally, the trading partners are a Competitive Local Exchange Company ("CLEC") and an Incumbent Local Exchange Company ("ILEC").
The Telecommunications Industry Forum ("TCIF") primarily develops technology specific implementation guidelines for use within the telecommunications industry to realize a variety of intercommunication services, for example, A TCIF Guideline for Electronic Data Interchange, and TCIF-98-009, Generic Implementation Guidelines for Connectivity, which are incorporated herein by reference.
The International Telecommunication Union ("ITU") is a treaty based organization operating under the auspices of UNICEF (a branch of the United Nations). The ITU's primary mission is to study, promote, initiate and design global telecommunication services and technology to improve the quality of life for all of the world's inhabitants. During the World Telecommunication Service Conference ("WTSC") of 1991, it was reorganized into three sectors: the Technology sector ("ITU-T"), Radio sector ("ITU-R") and the Telecom Service Bureau sector ("ITU-TSB") to handle administrative and publication matters. In the context of this GIG, technology specified n the following ITU and International Organization for Standardization ("ISO")IEC common text publications are incorporated herein by reference:
Rec. X.509 (1993).vertline.ISO/IEC 9495-8:1995, Information Technology-Open Systems Interconnection-The Directory: Authentication framework (for Digital Certificates and Signatures and the requirement to use Distinguished Encoding Rules);
Rec. X.680 (1994).vertline.ISO/IEC 8824-1:1995, Information Technology-Abstract Syntax Notation One (ASN.1): Information object specification (for ASN.1 grammar used in the IA specification); and PA1 Rec. X.690 (1994).vertline.ISO/IEC 8825-1:1995, Information Technology-ASN.1 encoding rules: Specification of basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER).
RSA Laboratories, a division of RSA Data Security, Inc. has published PKCS #7, Public-Key Cryptography Standards #7--Cryptographic Message Syntax, which is incorporated herein by reference.
Historically, network entities have communicated with each other in a variety of settings. FIG. 1 is a block diagram of a point-to-point network configuration. A network node A 10 is directly connected to a network node B 16, which is directly connected to a network node C 12 and a network node D 14. Generally, messages from node A 10 to node C 12 are transmitted from node A 10 to node B 16 and are then transmitted to node C 12. A point-to-point configuration is a communications link in which dedicated links exist between individual origins and destinations, as opposed to a point-to-multipoint, in which the same signal goes to many destinations (such as a cable TV system), or a switched configuration, in which the signal moves from the original to a switch that routes the signal to one of several possible destinations.
FIG. 2 is a block diagram of a Value Added Network ("VAN") 28, having network node A 20, network node B 22, network node C 24 and network node D 26 connected to the network. Generally, in order for network node A 20 to transmit a message to network node B 22, node A 20 sends a message to the VAN 28 which encodes the message in a standard format for transmission to a server which communicates the message in a proper format for receipt by network node B 22. A VAN is a communications network that offers additional services, such as message routing, resource management, and conversion facilities, for computers communicating at different speeds or using different protocols.
In the past, in order to transmit American Standard Code for Information Interchange ("ASCII") data over a point-to-point network as illustrated in FIG. 1 described above, a connection (e.g., a modem-to-modem connection) has been established, the data has been transmitted, and the connection has been terminated (e.g., via a modem-to-modem disconnect) in order to communicate the end of transmission of the message.
Connecting via a dial-up modem involves a connection similar to a user dialing a telephone. For example, after dial-up by a sender modem, a telephone company sends a ring signal. A modem detects the ring signal and starts transmitting a signal to establish a connection by setting up a carrier frequency and modulation. The recipient modem signals a computer, through a wire lead connecting the modem to the computer, that the modem has detected a ring signal. The computer has software routines which accept this information and issue commands to turn on a terminal ready lead. The connection is then established for transmission of data.
Receiving modems "listen" for carrier signals on predetermined frequencies. When a receiving modem detects a carrier, which is a transmitted voltage, the receiving modem sends a carrier detect signal to its attached computer, software routines in the computer recognize that a connection has been established. A receiving modem translates a received stream of data from a modulated frequency signal into a stream of digital bits to be transmitted to the attached computer. The computer then typically stores received bits one by one in a register until, for example, eight bits, or a byte, have been received. The byte thus received is then processed as a received byte of information. The process continues until a disconnect signal is received.
Telephone carriers have voice channels devoted to voice data and signaling channels for data which is not voice grade. Telephony standards establish a path over which these types of data are transmitted to a receiver, giving a user a "physical connection," or an established path over telephone lines, which is used to transmit a stream of data in this setting to an intended recipient. When a sender has completed transmission of a message, the sender disconnects, very similarly to hanging up a telephone. The sender turns off the data terminal lead, dropping the carrier signal. The recipient then detects the lack of carrier signal being received and issues a signal such as "carrier lost" to disconnect from the telephone line. Each modem may then reset for its next connection.
In this environment, a recipient has had no way to know how much data was being transmitted until the connection was terminated. Therefore, once a sender initiated a connection and began transmission of a message, the receiver simply accepted transmission until a disconnect was received. The receiver could then interpret the stream as received to be the entire message. If a sender desired to transmit secure data by means of encryption, the sender and receiver typically had to agree to an encryption technique. The sender could then encrypt the sensitive portion of the message to be transmitted, and send it as an attachment to a non-secure message. Again, the receiver only recognized that the complete message had been received by recognizing the end of transmission of the message.
In contrast to point-to point connections, wherein a "physical path" between a sender and a receiver is established by telephone companies for the duration of a transmission session, communications of messages over a network using TCP/IP are accomplished by transmission of the messages in the format of packets. A sender network entity and receiver network entity each have a distinct address on the network. A message to be transmitted from the sender network entity to the receiver network entity is partitioned into a plurality of packets, each of which includes a network destination address of the receiver network entity. The packets are then transmitted individually, to be received and pieced together back into the original message by the receiving network entity. The packets are routed through multiple network nodes, each of which examine the packets to determine whether the network node is the intended receiver network entity, or a host of the intended receiver network entity. Therefore, the transmitted data is insecure unless some form of encryption has been used to encrypt the data in the packet before transmission.
EDI data has conventionally been transmitted only in its pure form. A sender has conventionally established a connection with a receiver, transmitted the EDI message, and then terminated the connection. Termination of the connection has been accomplished by a disconnect (e.g., a modem-to-modem disconnect). The receiver of EDI data has heretofore had no way of knowing the length of the message being transmitted, since the end of the message has been identified by the termination of the connection. However, the receiver of EDI data has heretofore had no need to know the length of the message being transmitted. However, users of conventional EDI data transmission have been unable to utilize public telecommunications vehicles such as, for example, the Internet and/or Internet protocols for transmission at least because the communication connections are continuous and because data is transmitted in packets which are passed from node to node in a network, raising security issues.
Moreover, EDI data protocol does not inherently support encryption. Therefore, EDI data transmitted over a non-secure line, such as the Internet, is insecure because (1) a third party may be able to intercept data during transmission and (2) a third party may be able to alter the data being transmitted.
Many security measures have been implemented to ensure "tamperproof" transmission of data. For example, a digital signature is a personal authentication method based on encryption and secret authorization codes used for "signing" electronic documents. Encryption techniques generally have been utilized for secure transmission of many types of data As another example, Rivest-Shamir-Adleman ("RSA") encryption is a public key encryption algorithm which is well known in the art of data transmission. The RSA technique is disclosed in U.S. Pat. No. 4,405,829, the teachings of which are hereby incorporated by reference in their entirety.
Also, Secure Hash Algorithm ("SHA") is a technique that computes a 160-bit condensed representation of a message or data file called a message digest. The SHA is used by a sender and receiver of a message in computing and verifying a digital signature for security of transmission. A method and system for providing secure EDI over an open network by using an RSA type cryptographic system is disclosed in U.S. Pat. No. 5,812,669. The method and system uses an EDI AUTACK, or EDI acknowledgment message, as a document to provide the digital signature in a public/private key system in which the AUTACK is signed by an encrypted hash code which has been encrypted with the sender's private key.
A problem with using an encryption technique such as SSL3 is that the receiver typically must know the length of an encrypted message which is being transmitted in order to recognize when the encrypted message ends and thereby terminate the decryption. EDI users have felt a need to transmit only EDI data. Therefore, the EDI community has resisted the inclusion of any header or trailer data. In fact, proposals to add header and/or trailer data to EDI formatted data have been rejected by members of the EDI community.
The present inventor has identified at least two problems that have prevented secure transmission of EDI formatted data between two network entities over public lines using TCP/IP and SSL3,namely (1) a need for destination address information and (2) a need for length information to be included in a transmitted message. Thus, the present inventor has identified a need for a method and system of managing transmission of electronic data in EDI format between network entities over dedicated circuits or Wide Area Networks ("WANs"). In view of the EDI community's resistance to transmission of "impure" EDI data, the conventional art teaches away from methods and systems for managing secure transmission of electronic data in EDI format between network entities over dedicated circuits or WANs.