Within an organization, documents are often moved manually. A mail or delivery service is often employed when documents are required to be transmitted between organizations.
Techniques for electronically transmitting documents within an organization and between organizations are well known. The rapid growth of electronic mail systems, electronic transfer systems and the like have served to automate certain business transactions and eliminate some of the manual document transfers that are in most instances unnecessary.
One prior art methodology for automatically transferring information between users (for example, within an organization) utilizes a so-called "electronic forms" methodology. This "electronic form" methodology presents data to a user, solicits the user's input via a conventional display, verifies that the input data has been correctly entered, and thereafter transmits such data to another user.
The electronic form methodology is very limited in many respects. For example, if the data represents any value, then there is always the potential danger that data could be manipulated or altered, or simply created bogusly. Attempts to address this danger have involved flagging certain critical fields which are to be digitally signed. This allows a certain limited amount of authentication for specific input fields, exactly as they were entered.
However, it does not permit complex data structures to be assembled and then digitally signed. The present invention allows for the travelling program to compute, according to any algorithm whatsoever, the digital material which is to be signed, and also, as needed, the digital material which is to be verified.
Thus, for example, the present invention allows the actual data which is signed to be different than any field data itself. In fact, it is possible that the signed material contains none of the actual data as presented by the user.
An example, of one way this is especially useful is when the travelling program of the present invention creates an EDI (electronic data interchange) transaction based on aspects of the entered data. The program has the ability to sign the EDI transaction. Such EDI transactions may well be composed of complex digital information which was looked-up, based on internal tables within the program, from other tabular files, or from the supervisor or interpreter which drives the travelling program. Thus, input fields which may have been simply entered as "X"s which selected from some table, the actual digital material which is signed is entirely different.
It is anticipated that the type of digital signature described above may be applied to data construction which will have a long life--and perhaps be verified by different entities over a period of time. In the case of EDI, for example, the signatures can be bound to the EDI transaction itself, and may be verified by any future recipients of that transaction, even outside the context of the travelling program. This type of digital signature is analogous to a hand-written signature which appears at the bottom of a paper purchase order or contract.
In addition to being able to sign arbitrary data, the present invention also allows the program to conditionally decide, based on any known criteria, which users should participate in the signature process.
For example, with the present invention, the travelling program can make logical determinations, within the program, as to what co-signature requirements may exist for particular data, user, or some combination. This can include information contained in a user's X.500 certificate, or enhanced digital certificate (e.g., as according to the inventor's U.S. Pat. No. 4,868,877 or 5,005,200). Because complete programmatic flexibility exists, such extracted information can even be used to regulate the future transmission route for the travelling program.
In addition to using digital signatures for simple authentication, the present invention also allows authority requirements and uses to be included and verified as well. This draws upon, for example, the teachings of U.S. Pat. Nos. 4,868,877 and 5,005,200 to control authority proof and delegation.
On the other hand, the present invention also allows uses digital signatures to allow the travelling program to provide other types of valuable authentication. For example, as a security convenience the present invention allows for the digital signature authentication of the entire transmission from one user to another. This includes the travelling program itself, its variables, and any ancillary data or files.
This second type of digital authentication differs from the data-oriented authentication described above, in part, in that it carries long-term significance--since the variables and other data which are transmitted will be changed once the receiving user has taken any action at all. This second type of authentication is therefore primarily seen as a protection against tampering, and can also be used forensically as a backward audit to detect unauthorized tampering even by one of the actual users of the form.
In addition, the present invention also provides a third type of authentication, whereby the travelling program itself may be signed, authenticated and authorized by some trusted issuing authority (e.g., perhaps the author), to insure that no bugs or "viruses" have been introduced. (This even protects against infection by a user which has valid possession of the program along the route).
The present invention provides a unique mechanism for automating data collection among a group of users. The travelling program may be sent to one user, attach (or detach) relevant data files and move on to the next user. Data or files, collected from one or more users can be deposited with another user, or accumulated for batched processing as desired. This methodology eliminates the need for individual users to be counted on to transmit all the required data in the required format.
The present invention also efficiently performs electronic document interchange (EDI) in the context of a travelling program which sends itself from user to to the next within an organization, collecting, editing and approving data. At the appropriate point, as determined by the program's logic, it is then able to programmatically generate a standard EDI transaction (e.g., such as the X12 850 Purchase Order Transaction set) for transmission to another organization. The travelling program is able to digitally sign the finished transaction set. Accordingly, any receiving organization which can process the standardized EDI, and the standardized signature will be able to authenticate and process the incoming material, even if the receiving organization does not have all the powerful techniques available which are taught by the present invention.
Conversely, the present invention allows a travelling program to receive ordinary EDI transaction, possibly signed, and allows them to be parsed and incorporated into its variables. The travelling program then has the capability of validating the input and incorporating them into displays, and to move them among various recipients as necessary.