1. Field of the Invention
The present invention relates, in general, to secure messaging and transfer of digital data in a computer network such as a multi-tier enterprise system with one or more firewalls protecting applications and data from unauthorized access via an exposed edge (e.g., a presentation application running at an edge exposed to the Internet or other publicly-accessible network), and, more particularly, a method and corresponding system for providing messaging in a secure and efficient manner between a client tier application, such as a presentation application or service provided at the edge of the network or system, and a business tier application(s), such as a business application or business logic that manages and manipulates data (i.e., business critical or confidential data, private customer data, or other data that needs protection from unauthorized access).
2. Relevant Background
The rapid growth in networked and distributed computers and wired and wireless digital communications has led to a rapid growth in the need for accessing data and applications running on more secure computer systems and local networks. For example, an increasing number of employees work remotely from their employer's facilities including their employer's computer networks. These employees need to be able to remotely access the computer networks and the data available on such networks and applications running on the networks. Similarly, there are numerous e-commerce and Internet-based businesses that are operated such that customers need to be able to access data and applications that are protected behind firewall and other security services.
As a result, corporate enterprises need safe and secure architectures that enable deployment of applications on the edge, i.e., facing or exposed to a public network such as the Internet. The architecture and its messaging services or techniques need to be selected such that the edge application can be deployed (e.g., provided to remote employees, customers, and the like) without jeopardizing internal corporate resources including data and applications accessed via the edge application. For example, an edge application may be deployed to allow remote employees to input their time, and it is important that the employee records and time cannot be accessed by unauthorized third parties that may copy, alter, or destroy the confidential and business-critical information.
Existing messaging methods have provided secure messaging but have created many inefficiencies and complicated architectures. In many architectures, secure messaging is provided by transferring information in the form of a markup language document (e.g., an eXtensible Markup Language (XML) document) that is transmitted or “tunneled” via network protocols such as HTTP (HyperText Transfer Protocol) or HTTPS (HyperText Transfer Protocol Secure), which are standard methods of transferring information across the Internet and World Wide Web. For example, a presentation application may be developed with numerous XML documents (which may be provided as web pages by a browser) for collecting information that is then transferred through one or more firewalls to an internal business application that converts the XML to its native programming language, e.g., Java, C+, or the like. Once the application is completed with processing (such as generating a response), the business application converts its output or response into an anticipated XML document that is transferred back to the requesting client or application through the firewall or firewalls. Such architectures are undesirable because they require developers of both the edge applications and business applications to understand and implement the markup language, such as XML, instead of being able to concentrate or focus on only the presentation or business logic.
The existing enterprise architectures also create problems for organizations that wish to use an internal application in an edge environment. In many cases, applications are built initially to operate strictly on internal, secure networks where secure messaging is not a concern. If the enterprise decides that it would be desirable to allow remote access of the application and its data, significant re-engineering is required to migrate the application to an edge environment. Specifically, a developer would need to provide numerous interfaces, such as XML schemas, for each piece or set of data that is to be presented or collected at the edge or Internet access point so that the application can securely transmit or tunnel information through security services and/or firewalls.
Due to these and other limitations of existing technologies, there remains a need for an improved method and system for providing secure messaging from an edge application, such as logic or applications on a client tier, to an internal application, such as logic or applications on a business tier. Preferably, such a method and system would be compatible with existing (and yet to be developed) security services and firewall technologies including network transfer protocols.