Thursday, March 27, 2014

File Transmission Protocol : AS2 basics

Applicability Standard 2 Defined:

AS2 (Applicability Standard 2) is an EDI specification intended to ensure the proper level of security for data transmitted over the Internet. Although it was developed specifically for EDI, it can be applied to virtually any type of file, including XML.

Benefits of AS2:

The internet is one of the more common methods of exchanging EDI and other data because it is easy and relatively inexpensive. But the Internet can also present some challenges for security. AS2 is intended to address these challenges by providing a common set of conventions for security, verification, message integrity and privacy.
Due to the security standards, many organizations require that their partners utilize AS2 for all EDI or other B2B communications. AS2 also addresses many of the requirements of HIPAA for those working in healthcare.

A second benefit of AS2 is that it allows for immediate transmission of files, directly between trading partners. That is, it eliminates the need for a VAN (Value Added Network) to handle the exchange of data. Any organization with constant access to the Internet is capable of handling AS2 communications.

How AS2 Works:
AS2 addresses security for data transmitted via the HTTP (Hypertext Transfer Protocol) transport protocol (or its more secure version, HTTPS) over the Internet or over any TCP/IP network. It does this through the use of encryption and digital signatures, using a format called S/MIME (Secure Multi-Purpose Internet Mail Extension), and the use of receipts called MDNs (Message Disposition Notifications).
MDNs contain information about the delivery status of the message. In this way, MDNs allow for a particular benefit called "no repudiation," which means the recipient of a message cannot deny having received it.
AS2 vs. AS1 and AS3
AS1, AS2 and AS3 are all standards from EDIINT (EDI over the Internet) for the secure transfer of data over the Internet. All include the same conventions for encryption and digital signatures. Where they differ is in the communications protocol they each address. While AS2 is specific to HTTP (or HTTPs), AS1 refers to data transmitted via email, using SMTP (Simple Mail Transfer Protocol). AS3 applies to files exchanged via FTP (including sFTP or FTPs).
Communicating Via AS2:
Although exchanging data via AS2 is typically handled automatically by AS2 software, it is important to understand the process and what you need to get going. Here are the key elements:

  • Secure Certificates and Keys - AS2 utilizes a very common method called public-key cryptography for securing AS2 messages. Certificates are created that contain keys for encrypting and decrypting your data. One key, called the "Private" key, is used for both decryption and signing messages and should always be protected. A "Public" key, which is used for encryption and verifying the sender's signature, is intended to be shared with your trading partners so they can "encode" messages for you.
  • AS2 ID - essentially the name that identifies you as the source of your messages, an AS2 ID is for verification through the use of digital signatures.
  •  AS2 URL - to send and receive information over the Internet, you need a unique AS2 web address. This is typically set up as as2.yourdomain.com.

No comments:

Post a Comment

Generate your trusted CRT , PEM and P12 security certificates for signing and encryption functionality for HTTP or HTTPS Communication

Self-Signed Certificate and Keystore Generator Certificate and Keystore Generator ...