Now more than ever, security is a top priority for businesses. This holds true especially when it comes to EDI, as the data exchanged between trading partners typically includes sensitive information. That’s where communication protocols, also known as EDI messaging protocolsor file transfer protocols, come into play, ensuring that critical data is sent and received through a secure communication channel.
But what exactly is an AS2 communication protocol and why is it so popular?
What is AS2?
AS2 (Applicability Statement 2) is a communication protocol designed to transmit data securely from one system to another over the internet.
EDI via AS2 was introduced for the first time in 2002 as a direct extension of its predecessor AS1 (Applicability Statement 1), which was created in the early 1990s. The main difference between the two protocols lies in the transportation methods they use. While AS1 transfers data via email using the Simple Mail Transport Protocol (SMTP), EDI AS2 style uses HTTP/S (Hypertext Transport Protocol Secure), enabling real-time communication.
Back in the 2000s, the AS2 EDI standard gained immediate popularity in the retail sector, mainly because Walmart, followed by other major industry leaders, mandated its adoption to all suppliers. In other words, if you were a supplier and wanted to send an order to Walmart, it needed to be via AS2. The AS2 protocol soon became one of the most popular standards in industries outside of retail due to the fact that it combines the best aspects of all other communication protocols with the addition of some unique security features.
Key Features of AS2
Some of the features that make AS2 stand out when compared to other protocols include:
Encryption – By using public and private certificates, the sender encrypts the message to make sure the data is transmitted securely and that only the intended recipient will be able to decrypt the file.
Digital Signatures – Typically used for authentication, message integrity, and non-repudiation, digital signatures ensure that both the sender and the receiver verify their identity before they can access the sensitive content of the file.
Non-Repudiation – Receipts like the Message Disposition Notification (MDN) are used to indicate that a message was successfully received, decrypted, and verified by the intended recipient.
How does AS2 work?
First things first. In order to establish an AS2 connection, the sender and the receiver both need an internet connection and a communication software (AS2 EDI software). Only then can the file be transferred from one system to the other (the client and the server). Here is an (over)simplified version of what the typical process looks like:
The sender prepares the document. The document may be compressed to reduce the size of the file that needs to be transported.
The sender signs the file with its private key and encrypts it using a public SSL (Secure Sockets Layer) certificate. The encrypted document also contains a request for the receipt that the receiver will need to send back.
The file is sent through an HTTP/S connection and delivered to the intended recipient.
The receiver decrypts the file using his private key and verifies the signature of the sender using the sender's public SSL certificate. If the document was compressed, it will be decompressed.
The receiver creates a Message Disposition Notification (MDN) delivery receipt and signs it with his private key. The receipt also contains a cryptographic hash of the received file to prove that the recipient validated and decrypted the file and that it hasn’t been altered.
The receiver sends the MDN to the sender. The receipt can be sent either using the same HTTP/S, using a new HTTP/S connection, or via email.
The sender verifies the MDN signature against the receiver’s private key and cryptographic hash.
One thing to note is that AS2 can be used to transport any type of document, but EDI X12, EDIFACT, and XML are most common.
AS2 vs. AS4
New iterations of the AS2 protocol—AS3 (Applicability Standard 3) and AS4 (Applicability Standard 4)—emerged later, introducing some new features and benefits not available to AS2 users. AS2 and AS4 share some common characteristics like file compression, encryption, and non-repudiation, but AS4 is based on web services and, unlike AS2, it doesn’t always require online status. Instead, AS4 has the ability to pull messages by the recipient even if their system if offline because it is always active.
In short, AS4 is basically a better, improved version of AS2. So the question is, why do companies still tend to use AS2 over AS4? Well, that’s because some might not have an option—for example, Walmart suppliers. For those who can choose, however, the decision to stick with AS2 is simply dictated by AS2’s widespread adoption across all industries.
EDI VAN vs. AS2
Companies often question whether they should choose EDI via AS2 versus a Value-Added Network (VAN). The short answer is, it depends. Both methods provide a secure way of transferring data, but while EDI AS2 is a direct point-to-point connection, a VAN acts as a sort of postal service that can reach multiple recipients at once. At first glance, AS2 seems like the cheaper option, but it all depends on how big your trading partner community is, as each partner needs to be set up one by one. Plus, with direct, point-to-point EDI via AS2, you’ll have to support your own environment. In contrast, a VAN comes with a set of services and benefits. For those companies in search of peace of mind, AS2 via VAN is probably the right answer.
This blog was written by Chiara Carnevali, Marketing Manager, North America
Want to read more posts like this one? Sign up for the TIE Kinetix monthly blog updates!