As technology advances in today's society, many tasks that were traditionally performed manually can now be performed automatedly via the use of computers. An example is electronic commerce or “e-commerce” that allows consumers to purchase goods and services via the Internet. With e-commerce, consumers and merchants rely on the secure exchange of accurate electronic data.
Other examples of exchanges of electronic data include business-to-business relationships where one business contracts with another business to manage a particular component of its operation. For instance, a business may outsource with a third-party organization to manage its payroll and benefits. In such an affiliation, the business typically provides the third-party organization with remote access to its confidential electronic information (e.g., data stored in databases and file systems, as well as applications to manipulate such data) to allow the third-party organization to process the information.
Yet other examples where electronic data can be exchanged are with systems that try to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPM compliance mandates a national Electronic Data Interchange (EDI) framework that standardizes private electronic health information so it can be securely shared in a largely automated manner between health care providers, employers, insurers, patients, and other authorized parties. Thus, an insurer can access patient records at a hospital in order to verify treatment and coverage for a particular patient, for instance.
Virtual private networks (VPNs) have been used as one technique to securely exchange data between remote systems (where the term “systems” herein includes data exchanges between computer to computer, computer to human, human to human, or any variation thereof). With a VPN, a secure network overlays an insecure public network, such as the Internet. A VPN is created by encrypting all data streams between selected nodes on the larger public network, such that no other nodes on the same public network can access the confidential data.
These examples of VPN data exchange systems suffer from a number of drawbacks. First, many of them can only understand, analyze, and act according to external data stream information and not the actual contents of the data stream. For example, traditional VPNs monitor incoming and outgoing packets, block incoming packets based upon source or destination, and require some authentication information in order to establish a secure connections to authorized data. However, once a secure connection is established the VPN is largely ignorant of the content of the data being exchanged. The most such systems can do is blindly record the data exchanged without the ability to intelligently act upon it in real time.
Another disadvantage of these VPN data exchange systems is that data will often need to be exchanged between machines (such as between computer systems, client terminals, application software, servers, web browsers, and the like) that communicate via different or incompatible data formats and protocols. In the payroll and benefits scenario described above, and individual in the business may need to re-format the data to a format (e.g., to a compatible software application file, database layout, intermediate file format, and so on) before the data is sent to the third-party organization, so that the third-party organization can read and process the data. A web browser generally only understands the webbased protocols, such as hypertext transfer protocol (HTTP) and hypertext transfer protocol secure (HTTPS), and thus cannot exchange data with an email server that communicates via the other protocols, such as SMTP, POP, and/or IMAP protocols. This translation between data formats and protocols may need to be done differently and manually on a case-by-case basis for each data exchange link, thereby adding to the complexity and inefficiency of the process.
Yet another problem with these VPN data exchange systems is that erroneous data can be cumbersome to detect or correct. Correction of incorrect data, if such incorrect data is even located to begin with, typically involves having to track down specific static database or file system entries where the original error occurs. This can be difficult in situations where there are multiple databases having different formats. In addition, data that is exchanged often needs to be logged in terms of source, destination, date and time, or other transactional tracking information. This transactional information is also generally stored statically in databases, file systems, or other storage locations (e.g., “data at rest”), and can easily become outdated or erroneous if the original data had errors. Erroneous data can result in severe consequences, particularly in the health care field where a wrong prescription number for a medicine may cause great harm to a patient. If left uncorrected, erroneous data can propagate and proliferate through various systems and databases as the data is exchanged.
Specific software packages and general application server platforms have been developed to address some of the more sophisticated problems of data analysis, integration, and exchange. This software approach to data exchange usually provides some advanced programming environment whereby functionality can be customized to analyze, manipulate, and audit data according to the unique business flow and data architecture of each customer.
These examples of software data exchange systems suffer from a number of drawbacks. First, security at all levels is usually a prerequisite for data exchange but generally only exists at the application layer in such software systems, such as in the form of login username and passwords. Because encryption is so computationally costly and poorly done in software alone, these systems are either inefficient or unable to secure significant data exchanges at the lower packet level. Often, security must be addressed separately at the application, operating system, network level, and overall integration levels.
In addition, software is just one component of an overall working data exchange system. Hardware must be independently researched, purchased, configured, and managed along with the software package. Both the hardware (including the operating system) and software must be integrated for security, performance, automation, etc., which represents a significant continual effort. Moreover, such software data exchange systems are usually tied to a back-end local data store operating on data at rest. Once data is initially extracted, it can be copied and exchanged many times independent of such systems, thereby undermining core functionality such as comprehensive auditing and privacy filtering.
Accordingly, improvements are needed in data exchange techniques.