The Keys to AS2
The AS2, Applicability Standard 2 for EDI, is quickly becoming one of the most secure, reliable and popular methods for sending and receiving data over the internet. The concept for AS2 is rather simple and basically involves sending data between two points via the web within a container or envelope created by the AS2, the created certificate and public and private keys keep the information secure. Only a few components are necessary for an organization to utilize AS2: two computers to connect – typically a computer and a server; internet access; and the data to be sent and received. The AS2 wraps or envelopes the data, using digital encryption and certificates, which allows the data to be transmitted securely over the internet. To clarify the role of the certificate, public and private keys within AS2 transactions let’s review these brief definitions:
The Public Key: is used to encrypt and verify digital signatures
The Private Key: is used to decrypt, digitally sign and is always kept private and protected.
The Certificate: much like a driver’s license, is used for identification purposes, identifying the issuer of the certificate, show expiry and give a unique number assigned to the certificate called a serial number. Every certificate will have its own unique serial number
This is an informative albeit simplistic explanation of the AS2 cert/public/private key relationship and how the AS2 is used to send and receive EDI. When an AS2 certificate is created two keys are generated which are linked together by an algorithm, one is a Private Key and one is a Public Key. The Private Key is stored in a repository, for this example in ECS, while the cert along with the attached Public Key is sent to the receiver normally via email but it may be uploaded depending on the receiver’s protocols and standards. The keys are then used to access the data contained within the AS2 envelope. The following is an example of a typical AS2 exchange between DataTrans and Wal-Mart:
AS2 Example – Typical AS2 Process between DataTrans and Wal-Mart
- EDI payload is encrypted using the Wal-Mart cert/public key (on DataTrans AS2 server)
- EDI payload is signed using the DataTrans (Sender) private key (on DataTrans AS2 server)
- AS2 connection is made to the Wal-Mart AS2 server wal-mart.com:5080 (on DataTrans AS2 server)
- Payload contains a request to return an MDN, either sync or async (on DataTrans AS2 server)
- AS2 IDs/Names are used to identify the AS2 relationship (on Wal-Mart AS2 server)
- EDI payload is decrypted using the Wal-Mart private key (on Wal-Mart AS2 server)
- EDI payload has its digital signature verified using the DataTrans cert/public key (on Wal-Mart AS2 server)
- MDN is returned with a “processed” or “Decryption failure” or “Authentication, unable to verify signature…” status (on Wal-Mart AS2 server)
To effectively utilize AS2 for EDI the receiving parties’ server must be set to openly listen for messages being sent, much like an answering machine, if a call comes in and the answer machine does not answer the call and the message will not be received, which is why a reliable infrastructure is a vital component to AS2 EDI. Assuming the server has a reliable up-time and is properly set to listen for and accept the message than utilizing AS2 to send EDI is highly effective.
To ensure proper server settings and reliability most organizations will turn to an EDI network provider, such as DataTrans Solutions, to address and handle their AS2 EDI needs. There are numerous benefits to utilizing DataTrans for your organization’s AS2 EDI needs, such as:
- The ability to comply with AS2 mandates without the usual barriers to entry and adoption, for example: AS2 software; the internal infrastructure costs of hardware; security protocols such as firewalls; and the ongoing personnel expense of qualified, expert developers
- Handling the exchange of AS2 setup information
- Completing all required AS2 testing for your organization and your partners
- Knowing all documents are exchanged in real-time
- Benefit from DataTrans’ industry leading reliability, infrastructure, skills, security and expertise
I would like to mention and thank Kenrick Roberts for his contributions to this blog and the AS2 information herein. We look forward to hearing from you and introducing your organization to the cost savings and logistical benefits of the next generation of AS2 EDI. If you have any questions please feel free to reach us at any time.