AS2 (Applicability Statement 2) is a protocol used to securely and reliably transmit data over the internet, particularly for EDI (Electronic Data Interchange). Here's a detailed explanation of how AS2 works:
Key Components
1. AS2 Software: Applications that manage the sending and receiving of AS2 messages.
2. Certificates: Digital certificates used for encryption and signing.
3. HTTP/HTTPS: The transport protocol used to send and receive messages.
4. AS2 IDs: Unique identifiers for each trading partner.
Step-by-Step Process
Step 1: Prepare the EDI Document
- Sender's System: The sender generates an EDI document (e.g., purchase order, invoice) in a standardized format (e.g., EDIFACT, ANSI X12).
Step 2: Convert EDI Document to AS2 Message
- Wrap EDI Document: The EDI document is wrapped into an AS2 message format.
- Add Headers: The AS2 message includes headers with metadata such as the AS2 ID of the sender and recipient, content type, and other necessary information.
Step 3: Sign and Encrypt the AS2 Message
- Digital Signature: The AS2 software signs the message using the sender's private key. This ensures the authenticity of the sender and the integrity of the message.
- Encryption: The signed message is then encrypted using the recipient's public key. This ensures that only the intended recipient can decrypt and read the message.
Step 4: Transmit the AS2 Message
- HTTP/HTTPS: The AS2 message is sent over the internet using HTTP or HTTPS. The URL for sending the message is configured in the AS2 software.
Step 5: Receive and Decrypt the AS2 Message
- Recipient's System: The recipient's AS2 software receives the message.
- Decrypt Message: The recipient decrypts the message using their private key.
- Verify Signature: The recipient verifies the digital signature using the sender's public key to ensure the message's integrity and authenticity.
Step 6: Extract and Process the EDI Document
- Extract EDI Document: The AS2 software extracts the EDI document from the AS2 message.
- Process Document: The recipient's EDI system processes the EDI document according to their business rules (e.g., updating inventory, generating invoices).
Step 7: Send MDN (Message Disposition Notification)
- Generate MDN: The recipient's AS2 software generates an MDN, which is a receipt acknowledgment indicating whether the message was successfully received and processed.
- Sign and Send MDN: The MDN is signed by the recipient and sent back to the sender using HTTP or HTTPS.
Step 8: Receive and Verify MDN
- Receive MDN: The sender's AS2 software receives the MDN.
- Verify MDN: The sender verifies the digital signature on the MDN to confirm it was sent by the recipient and checks the status of the original message.
Key Features of AS2
- Security: Uses digital certificates for signing and encryption to ensure message integrity, authenticity, and confidentiality.
- Reliability: MDNs provide reliable acknowledgment of message receipt and processing.
- Standards Compliance: Supports standardized EDI formats and is widely used in industries such as retail, automotive, and healthcare.
Example Scenario
1. Sender (Company A):
- Creates an EDI purchase order.
- Wraps the EDI document into an AS2 message.
- Signs and encrypts the AS2 message.
- Sends the message to the recipient's AS2 URL via HTTP/HTTPS.
2. Recipient (Company B):
- Receives the AS2 message.
- Decrypts the message.
- Verifies the signature.
- Extracts and processes the EDI purchase order.
- Generates and sends an MDN back to the sender.
3. Sender (Company A):
- Receives the MDN.
- Verifies the MDN.
- Confirms the message status.
This process ensures secure and reliable data transmission between trading partners, making AS2 a widely adopted protocol for B2B communications.
AS2 (Applicability Statement 2) is a protocol used for the secure and reliable transmission of EDI (Electronic Data Interchange) documents over the internet. Here's a detailed, step-by-step explanation of how AS2 works in the context of EDI:
Step 1: Prepare EDI Document
The process begins with the creation of an EDI document, which is a standardized format for electronic business transactions, such as purchase orders, invoices, or shipping notices.
1. Create EDI Document:
- The sender (often an ERP system) generates an EDI document in the required format (e.g., EDIFACT, ANSI X12).
Step 2: Convert EDI Document to AS2 Message
Once the EDI document is prepared, it needs to be packaged into an AS2 message.
2. Wrap EDI Document:
- The EDI document is converted into an AS2 message.
- This involves adding AS2-specific headers and metadata to the EDI payload.
Step 3: Sign and Encrypt the AS2 Message
To ensure the security and integrity of the data, the AS2 message is signed and encrypted.
3. Digital Signature:
- The AS2 software digitally signs the message using the sender's private key. This ensures the authenticity of the sender and the integrity of the message.
4. Encryption:
- The signed message is encrypted using the recipient's public key. This ensures that only the intended recipient can decrypt and read the message.
Step 4: Transmit the AS2 Message
The encrypted and signed AS2 message is transmitted over the internet to the recipient.
5. Send Message:
- The sender's AS2 software sends the message to the recipient's AS2 URL using HTTP or HTTPS.
Step 5: Receive and Decrypt the AS2 Message
The recipient receives the AS2 message and proceeds to decrypt and verify it.
6. Receive Message:
- The recipient's AS2 software receives the message and acknowledges receipt.
7. Decrypt Message:
- The recipient decrypts the message using their private key.
8. Verify Signature:
- The recipient verifies the digital signature using the sender's public key to ensure the message integrity and authenticity.
Step 6: Extract EDI Document
After verifying and decrypting the AS2 message, the EDI document is extracted.
9. Extract EDI Payload:
- The AS2 software extracts the EDI document from the AS2 message.
Step 7: Process the EDI Document
The recipient processes the received EDI document as per their business logic.
10. Process Document:
- The EDI document is processed by the recipient's EDI system, which might involve updating inventory, generating invoices, or other business operations.
Step 8: Send MDN (Message Disposition Notification)
To confirm the successful receipt and processing of the AS2 message, the recipient sends an MDN back to the sender.
11. Generate MDN:
- The recipient's AS2 software generates an MDN, which is a receipt acknowledgment indicating whether the message was successfully received and processed.
12. Sign and Send MDN:
- The MDN is signed by the recipient and sent back to the sender over HTTP or HTTPS.
Step 9: Receive and Verify MDN
The sender receives and verifies the MDN to ensure the message was received and processed correctly by the recipient.
13. Receive MDN:
- The sender's AS2 software receives the MDN.
14. Verify MDN:
- The sender verifies the digital signature on the MDN to confirm it was sent by the recipient and acknowledges the status of the original message.
Summary of the Process Flow
1. Sender: Creates EDI document → Converts to AS2 message → Signs and encrypts → Sends message.
2. Recipient: Receives message → Decrypts and verifies → Extracts EDI document → Processes document → Generates MDN → Signs and sends MDN.
3. Sender: Receives MDN → Verifies MDN → Confirms message status.
This process ensures secure, reliable, and authenticated EDI communications between trading partners over the internet.
On the sender’s side…
1) The message integrity check (MIC) is completed using a secure hash function.
2) The sender then digitally signs the message content with their private key and the file content (including the signature) is placed in a MIME message.
3) The MIME message, which includes the file content and the digital signature, is encrypted using the receiver’s public key (certificate).
4) Before the data is transmitted via HTTP, specific AS2 EDI headers are added, e.g. AS2-FROM and AS2-TO. Additionally, a request for the return of a signed receipt is requested.
On the receiver’s side…
5) The message AS2 headers are checked to verify if sender and receiver are correct.
6) The receiver then decrypts the message with their private key.
7) To verify the sending partner (and that the payload wasn’t changed), the signature is verified with the sender’s public key (certificate). If both steps are successful, the integrity of the data and authenticity of the sender can be guaranteed.
8) The receiver returns the signed receipt as confirmation (MDN). This receipt contains the hash value of the message (MIC). Therefore, the sender has confirmation of the proper authentication and decryption of the receiver. The MDN is also transmitted via HTTP, either synchronously during the same session or asynchronously within a different session than the sender’s original session.
Back on the sender’s side…
9) The signature of the MDN is verified with the receiving partners certificate, confirming that the MDN was digitally signed.
10) The MDN is stored for non-repudiation or troubleshooting purposes.
How Does AS2 Work?
The steps for completing a transfer of a file between sender and recipient using AS2 is as follows:
1. Encrypt a file using a recipient's public SSL certificate and sign the file using the sender's private SSL certificate.
2. Specify the type and manner of MDN or receipt that the recipient should return.
3. Deliver the file to a recipient.
4. Decrypt a file using a recipient's private SSL certificate and confirm the signature of the sender using the sender's public SSL certificate
5. Create an MDN delivery receipt signed with the recipient's private SSL certificate and containing a cryptographic hash of the file contents in order to prove that the recipient got the unaltered file
6. Return the MDN to the sender
7. Verify the MDN (against the recipient's public SSL certificate and the cryptographic hash) to absolutely prove that the recipient received the file.
AS2 Communication Process
Sending Partner
File Creation:
External systems generate the file that needs to be sent.
Digest Calculation:
The file's content is hashed to create a Message Integrity Check (MIC). This ensures the file's content remains unchanged during transmission.
Sign:
The sender's private key is used to digitally sign the file. This step ensures the authenticity and integrity of the file.
Encrypt:
The signed file is encrypted using the recipient's public key. This step ensures that only the intended recipient can decrypt and read the file.
Add AS2 Headers:
AS2-specific headers are added to the encrypted file to prepare it for transmission over the internet.
Send via Internet:
The AS2 message (file with headers) is sent over the internet to the receiving partner.
Receiving Partner
Read AS2 Headers:
The AS2 headers are read to identify and process the message correctly.
Decrypt:
The recipient uses their private key to decrypt the file, ensuring that they are the only ones who can read its content.
Verify:
The sender's public key is used to verify the digital signature. This step confirms the file's authenticity and integrity.
Digest Calculation:
The file's content is hashed again to create a new MIC.
MIC Comparison:
The new MIC is compared with the MIC sent by the sender. If they match, it confirms that the file was not altered during transmission.
Generate MDN:
A Message Disposition Notification (MDN) is generated, which includes the MIC and indicates whether the message was received successfully.
Send MDN:
The MDN is sent back to the sender over the internet.
Persist MDN:
The sender receives the MDN and checks the MIC. If it matches, the sender knows that the message was received and processed correctly.
No comments:
Post a Comment