1. Field of the Invention
The invention generally relates to a communications system and, in particular, to providing transaction-level security in the communications system.
2. Description of the Related Art
Computer systems and related technology affect many aspects of society. Computer systems now commonly perform a host of tasks (e.g., word processing, scheduling, and database management) that prior to the advent of the computer system were performed manually. More recently, computer systems have been coupled to one another to form computer networks over which the computer systems can communicate electronically to share data. As a result, many of the tasks performed at a computer system (e.g., accessing electronic mail and web browsing) include electronic communication with one or more other computer systems via a computer network (e.g., the Internet).
Communicating electronically via a computer network typically includes transferring electronic messages between computer systems to cause the computer systems to operate in a desired manner. To transfer an electronic message, the sending computer system typically transmits the electronic message in corresponding data packets over one or more communication links to a receiving computer system (often referred to as transferring data packets “over-the-wire”). The receiving computer system then uses the data packets to reconstruct the message. In some cases, data packets may be transferred over a communication link that directly couples one computer system to another computer system (i.e., a one-to-one relationship). However, more frequently, a communication link is utilized by a number of computer systems in a many-to-many relationship. For example, a number of clients connected to an Internet Service Provider (“ISP”) may each be able to electronically communicate with the various other clients connected to the ISP (as well as users connected to other ISPs).
Due at least in part to the ease and efficiency of electronic communication, the number and diversity of entities that use electronic communication is quite large. As electronic communications has become a popular form of communications, there has been a greater emphasis placed on the level of security that is provided for electronic communications. Whether the electronic communications involve a bank transaction or a supplier order request, each transaction requires some level of security and integrity.
A variety of prior-art techniques have been proposed to provide security for electronic communications. For example, in the context of Internet-based transactions, one technique for making Web-based transactions more secure is Web Services-Security (WS-S), which is directed to providing quality of protection through message integrity, message confidentiality, and single message authentication. WS-S can be used to accommodate a wide variety of security models and encryption technologies. Generally, WS-S describes security characteristics of Web Services interactions, where the security characteristics are statically defined through a Web Services Descriptive Language (WSDL) definition and supported by header information stored in an object.
Prior art techniques, including Web Services-Security, provide a connection-level (or transport-level) security, rather than a transaction-level security. That is, business transactions performed over a given secure connection are accorded the same protection, even though some transactions may require a different level of security than others. For example, transactions involving transmission of credit card numbers may require a higher level of security than transactions involving transmission of invoices. Current security techniques, however, do not provide transaction-level security.
Prior art security techniques also suffer from at least another shortcoming in that these techniques do not maintain a consistent level of security for business transactions that span across multiple network connections or networked machines. For example, consider a business transaction that has at least a certain level of security associated therewith, and that the business transaction has to traverse multiple, independently-managed network connections before it can be completed. In such a case, the prior art security techniques do not provide a mechanism for maintaining the desired level of security as the business transaction traverses from one computer system to another or from one network connection to another. This shortcoming makes the business transaction more susceptible to attacks, thereby giving rise to security concerns.
The present invention is directed to addressing the effects of, one or more of the problems set forth above.