Many businesses provide target services, such as enterprise resource planning (ERP) and customer relationship management (CRM) applications, to support employee requirements, such as tracking expenses, tracking time entries, and maintaining contact and account information. These applications often use and store confidential and proprietary company information, such as financial data, contact information, and personnel files. Businesses need to limit access to these applications and their associated information to authorized users to prevent fraudulent use and privacy violations.
When users are on-site using an enterprise computer network to access the services, a business may authenticate users who access the enterprise network by requiring sign-on credentials or other identifying information. However, when users are off-premises, it becomes more difficult to authenticate users and to provide services in a secure manner. To maintain security, users who access services via a mobile client, such as a smartphone or tablet, must be authenticated as authorized before being allowed to perform actions exposed by the services.
Client applications used to access business services need a reliable and synchronized communication link that allows users to interact with the services from a remote location. The communication link should also work across different client applications and devices. For example, users may send authenticated requests and service calls to a cloud-based ERP system and then receive business entities and ERP objects in response. In current systems, if a communication link fails, each individual client application must identify the failure, determine which packets did not reach the target system, and then resend those packets. For a temporary failure, the resent packets may go through to the service on a first retry. However, if the destination service is offline, then the client application must store the packets and continue to retry sending the packets until the service is online. This can be a problem if the packets are sent with authentication tokens that may expire or otherwise need to be generated for the retry packets.