Applicability Standard 2 Defined
AS2 (Applicability Standard 2) is an EDI
specification intended to ensure the proper level of security for data transmitted over the Internet. Although it was developed specifically for EDI, it can be applied to virtually any type of file, including XML.
Benefits of AS2
The internet is one of the more common methods of exchanging EDI and other data because it is easy and relatively inexpensive. But the Internet can also present some challenges for security. AS2 is intended to address these challenges by providing a common set of conventions for security, verification, message integrity and privacy.
Due to the security standards, many organizations require that their partners utilize AS2 for all EDI or other B2B communications. AS2 also addresses many of the requirements of HIPAA for those working in healthcare.
A second benefit of AS2 is that it allows for immediate transmission of files, directly between trading partners. That is, it eliminates the need for a VAN (Value Added Network) to handle the exchange of data. Any organization with constant access to the Internet is capable of handling AS2 communications.
How AS2 Works
AS2 addresses security for data transmitted via the HTTP (Hypertext Transfer Protocol) transport protocol (or its more secure version, HTTPS) over the Internet or over any TCP/IP network. It does this through the use of encryption and digital signatures, using a format called S/MIME (Secure Multi-Purpose Internet Mail Extension), and the use of receipts called MDNs (Message Disposition Notifications).
MDNs contain information about the delivery status of the message. In this way, MDNs allow for a particular benefit called “nonrepudiation,” which means the recipient of a message cannot deny having received it.
AS2 vs. AS1 and AS3
AS1, AS2 and AS3 are all standards from EDIINT (EDI over the INTernet) for the secure transfer of data over the Internet. All include the same conventions for encryption and digital signatures. Where they differ is in the communications protocol they each address. While AS2 is specific to HTTP (or HTTPs), AS1 refers to data transmitted via email, using SMTP (Simple Mail Transfer Protocol). AS3 applies to files exchanged via FTP (including sFTP or FTPs).
Communicating Via AS2
Although exchanging data via AS2 is typically handled automatically by AS2 software, it is important to understand the process and what you need to get going. Here are the key elements:
Secure Certificates and Keys - AS2 utilizes a very common method called public-key cryptography for securing AS2 messages. Certificates are created that contain keys for encrypting and decrypting your data. One key, called the “Private” key, is used for both decryption and signing messages and should always be protected. A “Public” key, which is used for encryption and verifying the sender's signature, is intended to be shared with your trading partners so they can “encode” messages for you.
AS2 ID – essentially the name that identifies you as the source of your messages, an AS2 ID is for verification through the use of digital signatures.
AS2 URL – to send and receive information over the Internet, you need a unique AS2 web address. This is typically set up as as2.yourdomain.com.
Communications Port – in order to connect with your trading partners, you need to open a communications port in your system. Port 4080 is a commonly utilized port.
To begin exchanging data via AS2 with a trading partner
, you will need to exchange public keys, AS2 IDs, AS2 URLs and port information. If you are running AS2 software, you will need to enter this information, then specify what the software should do with new inbound messages and where to find new outbound messages. The software will “listen” for new inbound messages, and send new outbound messages automatically.
Prior to sending you a message, your trading partner will first encrypt it using the public key you provided, and use their private key to sign it. When the message arrives, your AS2 software will verify the signature using the trading partner’s public key associated with the AS2 ID on the message.
The message will be decrypted using your private key, and an MDN will be generated and transmitted, acknowledging receipt. The MDN will be signed with your private key, and encrypted with the trading partner’s public key.
For those who prefer to manage AS2 themselves, such as those currently hosting installed EDI software
, AS2 can seamlessly integrate into your existing system infrastructure. AS2 Complete
is our simple, powerful AS2 solution, and can be installed to work together with your EDI solution, or independently.
Alternatively, you can outsource your AS2 communications
needs with a service provider. 1EDISource
can provide one secure AS2 connection to all of your trading partners, and all of the hardware, software and personnel needed to make it happen.
Either way, you get a reliable and effective AS2 solution. You also get the same world-class support and service you expect from 1EDISource , including a dedicated expert Consultant focused on you and your business.