AS2

AS2 (Applicability Statement 2) is a specification of communication protocols developed by the Internet Engineering Task Force (IETF) for the secure exchange of business documents and business-to-business (B2B) transactions over the Internet.

It has been widely recognised by the business community worldwide that the Internet presents an ideal opportunity for the exchange of data both quickly and cheaply. The problem so far has always been that of security, since the Internet is an easily accessible public network.

For this reason, AS2 has been developed in order to exploit the advantages of the Internet and to make B2B transactions over the Internet as secure as possible.

The transport protocol used by AS2 is HTTP (hypertext transmission protocol) which, together with MIME (Multipurpose Internet Mail Extensions), provides a secure solution for the exchange of data over the Internet.

AS2 in effect provides an envelope for your data, allowing transactions to be sent and received securely and directly over the Internet, avoiding the expense of traditional direct connections and the delays inherent in a VAN service.

AS2 is not concerned with the content or validity of the data being sent. It is concerned only with the means of connection and the exchange of data securely and reliably.

Any type of data can be exchanged using AS2, including traditional EDI messages, XML, flat files, spreadsheets and CAD/CAM data.

AS2 is widely used in the retail industry and is rapidly becoming a favoured communications protocol.

Technologies

  • HTTP\1.1 – uses the POST request to send data to the partner
  • SSL – Secure Socket Layer (HTTPS)
  • MIME – Multipurpose Internet Email Extensions (MIME allows for the embedding of documents/files into standard internet emails)
  • S/MIME – Secure MIME (secures data with authentication, message integrity, non-repudiation, and privacy features and is the primary means of transporting most Internet email)
  • PKCS #7 / CMS – standards for securing a message through signing / encryption

The implementation requires characteristics of both client and server. The 'client' part pushes data to a trading partner. The 'server' part, required to be always-on, receives data. The receiving application then pushes an acknowledgement back to the sender (if required).

  • AS2 provides an ‘envelope’ for the data, which is then sent over the Internet using the HTTP protocol.
  • Data is transmitted using the HTTP POST request.
  • Data transmission is over TCP/IP, with or without SSL (Secure Socket Layer), to a static IP address.
  • Data can be transmitted secured and/or encrypted; the possible combinations are therefore:
  • Unsecured data – not encrypted, not signed
  • Signed data – not encrypted
  • Encrypted data – not signed
  • Signed and encrypted data
  • Data security, through signing and/or encryption, is achieved using S/MIME (Secured Multi Purpose Internet Mail Extensions).

    • AS2 uses the MDN (Message Disposition Notification) for message receipt, this can be sent synchronously or asynchronously.

    Advantages

    AS2 provides the means to transfer data directly between networks in a way that is fast, practically instantaneous and always available.

    Using AS2 can save money in network costs (no VAN fees or long-distance dial-up costs to pay) and increased flexibility and control over the data.

    Advantages of using AS2 include:

    • 24 x 7 availability
    • fast and reliable connectivity
    • security features
    • faster turnaround time for business processes, giving improved supply-chain efficiency
    • non-repudiation of receipt confirms that the intended party received the data

    Security Features

    AS2 makes use of several optional security features

    • Data Encryption
    • Digital signatures
    • Transmission encryption (HTTPS)

    Data encryption and signatures ensure that:

    • Only the intended receiver can view and understand the data
    • The document is authenticated with digital signatures
    • The document has not been altered during transmission

    You can send encrypted data via HTTP and be confident that it will arrive at its intended destination without being intercepted or altered. However, for added security you can use HTTPS, which provides an extra level of security for the means of communication by encrypting the transmission itself.

    Requirements

    There are just two requirements for exchanging data using AS2:

    • A dedicated Internet connection with 24 x 7 availability
    • A web server

    Using ODEX as your AS2 software means that you do not need a separate web server, since ODEX performs all the functionality of a web server that is required by AS2.

    Data Transmission Steps

    The following steps are usually involved in AS2 transmissions, whether they are sent by you to your trading partners or by your trading partners to you.

    • Encryption – data to be transmitted is picked up and encrypted
    • Signing – after encryption, a digital signature is generated and attached to the transmission
    • Transmission – the data is transmitted from one trading partner to another using HTTP or HTTPS
    • Signature Verification – on receipt, the signature attached to the transmission is verified to ensure it was sent from an accepted sender and the integrity of the data is checked to ensure there have been no alterations since it left the sender
    • Decryption – the data is decrypted by the recipient
    • File storage – the decrypted file is delivered to the recipient’s system for processing
    • Return of MDN – a Message Disposition Notification (MDN) is generated and returned to the sender to acknowledge successful receipt of the data by the receiver (if the MDN is signed, this provides non-repudiation of receipt)
    • Verification of MDN signature – the data sender verifies the MDN signature to ensure that the data was received by the expected recipient

    Implementation

    Although the use of encryption provides the necessary security during the transmission of data, AS2’s use of the Internet has implications for the security of data once it arrives at the recipient’s internal network infrastructure. The use of a Demilitarized Zone (DMZ), achieved using two firewalls, can be a solution to this problem.

    Locate the AS2 server inside a DMZ

    This approach has the advantage that a new port will not need to be opened up for every trading partner, as access is restricted through each of the firewalls to a single port.

    AS2 support in DI products

    The following products provide AS2 support:

    • ODEX Enterprise

    ODEX Enterprise provides a complete AS2 solution as well as supporting other communication protocols.

    Offering back office integration, data translation and event management functionality, ODEX Enterprise provides the means to trade with your AS2-committed customers and integrate their data easily into your own systems.

    With the additional option of integration with our DARWIN e-commerce solution, ODEX Enterprise also allows you to exchange orders, invoices, despatch advice notes and other business documents.