AS2 (Applicability Statement 2) & AS4 (Applicability Statement 4) GATEWAY

1. What is AS2?

AS2 (stands for Applicability Statement 2) is a version of the protocol EDIINT (EDI over the Internet). It is capable to send EDI data (X12, EDIFACT format) or other data, such as XML or plain text documents, over the Internet using the well-established HTTP and HTTPS standards.

AS2 is a point-over-internet connection that provides a connection between the client and the server to ensure secure, reliable and efficient transmission of EDI data.

The AS2 protocol is designed based on combining and using a number of security technologies that are widely used today including HTTP, HTTPS, X509 Certificates, S/MIME, file hashes, and MDN (Message Disposition Notification) to make feature identification easy.

AS2 supports the encryption and compression of messages (also known as AS2 messages) that are then exchanged with trading partners and vendors via HTTP/HTTPS. These messages are built using the S/MIME standard.

2. How is the AS2 Gateway used?

AS2 Gateway is Trading Platform for Electronic B2B Trading:
AS2 protocol with a simple but fully intuitive user interface, is an important tool provided for business-to-business (B2B) trading platform.

AS2 is a completely secure and accurate protocol for exchanging business information transactions over the internet:
AS2 Gateway always ensures the security of data transacted online through encryption, digital signature authentication and document integrity. Data security is also further enhanced using the latest SSL / TSL channel technologies under additional security standards.

Our AS2 handler is backward compatible and supports also deprecated SHA1(Secure Hash Algorithm One) and MD5 MIC algorithms. This is might be often demanded to use by your Trading partner. However, beside that we also support of course the more secure RipeMD, SHA2, SHA3, SHA5 Algorithms. In Terms of encryption, we support TDES(Triple Data Encryption Algorithm), RC4, Blowfish, and the now state of the art AES (Advanced Encryption Standard) in CBC and GCM mode. For asymmetric encryption, we support RSA (but soon also ECC, even this is not used at this moment but might be important in the future).

AS2 interoperable with all major solutions AXWAY, ArcESB, …

1. What is AS4?

AS4 is a SOAP-based web API layered over HTTP and can be used for exchanging EDI documents. AS4 is a web services-based messaging protocol for the secure exchange of documents between businesses and business partners (B2B).

2. Main Features of AS4

• Interoperability has been proven through MIME, SOAP and WS-Security
• High security: full feature set for one-way push / pull requests DSig Security, Username Security, Reception Recognition, Playback Protection
• Can load all types of payload
• Great reliability
• Supports all types of documents
• Provides, supports compression and large file transfers
• Assists recipients to locate with past or future messages
• Resend the message when there is an issue such as: network interruption.
• Automatically remove duplicate messages
• Create errors, report errors to message recipients
• Can interact with all major solutions AXWAY, ArcESB, ...

3. AS4 Status and Popularity

Due to the increasing demand for information exchange among businesses around the world today, AS4 is the solution of choice for the first time because of its high security.

4. AS4 Security

The security of AS4 allows businesses to exchange documents while maintaining the integrity of the document message as well as the confidentiality of sensitive data.

The AS4 protocol is operated according to the process:
• Security authentication through: password, digital signature and encryption
• Achieve data and information transmission protection through transport layer security (TLS)
• Verify the authenticity of the sender and ensure throughout the process of sending messages without interruption when forwarding
• Provide a no-denial feature for both recipients and recipients of the message when using XML digital signatures and MDN receipts
• Supports full encoding range
• Supports a whole range of encrypting, including XML encryption
• Uses security token: X.509 and username / password

Related Titles