Improved AS2


Like VANs, AS2 gets complex if there are more than a couple of nodes involved. It is an excellent protocol with strong encryption and digital signatures, positive sender identification and proof of receipt. It is the implementation that can be weak, not the application.

AS2 (Applicability Statement 2) is a specification for Electronic Data Interchange (EDI) between businesses using the Internet’s Web page protocol, the Hypertext Transfer Protocol (HTTP). The AS2 standard provides Secure Multi-Purpose Internet Mail Extensions (S/MIME) and uses HTTP or its more secure version, HTTPS, to transmit data over the Internet. Security, authentication, message integrity, and privacy are assured by the use of encryption and digital signatures.

Another important feature, nonrepudiation, makes it impossible for the intended recipient of a message to deny having received it. A Web server, an EDI transfer engine, and digital certificates are all that are required for data exchange using AS2.

All this sounds very well developed, but AS2 has no “directory” function. What would e-mail be like if it had no directory function? E-Mail has its DNS & MX records which automatically make the rounds of other e-mail systems.

Much of the management of AS2 is still manual. That means it is time to automate! URLs and Public Certificates change. Most every AS2 package allows you to generate and sign your own certificate. The process will generate both a private and public key for a length of time selected by you. The private key will automatically be securely stored where the AS2 software can access it, and the public certificate will be placed in a location where you can send copies to your trading partners.