The present invention generally pertains to systems and methods for enhancing the security of communication over a public network. More specifically, the present invention deals with implementation of security measures for software applications communicating with remote service providers, as well as within peer-to-peer networks.
Given advancements in computer networking technology, the functionality of a given software application can be extended through remotely provided services offered through a public network such as the Internet. Communication between the application and the provider of services should be effectively secured so as to protect the interests of both the host of the application and the sponsor of the services.
Retail management systems are an area where the challenge of securing remote service communication has presented itself. In order to achieve some degree of automation, retail businesses often implement a specialized software application. Many of these applications are point-of-sale solutions that enable at least partial automation of any of a number of processes such as customer tracking and inventory management. One example of such an application is the Microsoft Retail Management System (MRMS) provided by Microsoft Corporation of Redmond, Wash.
It is common for retail management software applications to be installed on multiple computers connected by a Local Access Network (LAN) that works in conjunction with a central database. In some instances, extended functionality is available to the local network applications in the form of web services delivered by a service provider through the Internet. Such extended functionality may include, by way of example, payment card processing, integration with e-commerce web hosting, or merchandising services. These and other services may be provided for free or based on a payment scheme involving subscription or per access based charges.
Data and communication security are important areas of consideration for the described and other remote service systems. For example, communication between an application and a provider of services should be protected from hacking, spoofing and other forms of unauthorized tampering. Further, it is important that business data exchanged between an application and provider of services be transported in a secure manner.
The authentication and authorization of application users are additional factors to consider in the context of remote service systems. Within such systems, it becomes desirable for an application host to distribute access rights (e.g., rights to access remotely provided services and/or perform administrative tasks) to users in some customized manner (e.g., different employees or employee roles are assigned different access rights). One possible way to implement a customized distribution of access rights is to replicate a list of user accounts on both peers. Under these circumstances, the web service provider possesses user identification information and thus is in a position to perform user authentication and authorization. However, this method requires a continuous synchronization of multiple copies of user access lists.
The security challenges confronting remote communication with software applications are not reserved to the described remote service environments. Another way to extend the functionality of an application is through peer-to-peer communication between multiple networked applications connected to one another, for example, by a public network such as the Internet. In order for multiple applications to securely intercommunicate within such an environment, inter-application communication should be effectively secured so as to protect the interests of the application hosts.
The challenge of securing peer-to-peer communication is also practically relevant in the context of retail management systems. For example, it is common for a business owner to have multiple stores operating software applications that require periodic communication with one another for any of a variety of reasons, such as to exchange product information, transfer business documents, or send sales data for consolidated reporting. In some cases, the inter-store communication will occur automatically, or at least semi-automatically, with little or no user interaction. Especially when this type of peer-to-peer communication is to occur over a public network, communication security should be carefully considered and accounted for.
In another example of a practical peer-to-peer scenario, owners of different stores are occasionally interested in some kind of intercommunication involving limited access to business data. For example, owners of retail stores sometimes allow certain partners to browse portions of their current inventory to check item availability. This creates a demand for support of small peer partner networks. Within such networks, communication security becomes important to enable secure exchanges of data between trusted partners. Also, similar to the access customization features described in the web services context, it becomes desirable to define security policies that can prescribe different data access restrictions for different partners, and to apply those policies to incoming requests from trusted sources.
Generally speaking, security is a key challenge in the implementation of a remote communications model for software applications. Despite well established basic technologies in this area, such as SOAP Web Services, GXA and Web Service Enhancements, there is an absence of a generic end-to-end security prescriptive architecture ready for software applications to adopt. There is a need for a solution that can dynamically extend software application functionality through secure connection to subscription based web services, and/or to compatible applications in peer-to-peer networks. Within this context, there is also a need for a system that will enable control over rights to access application resources and accounts.