Overview: What Is AS2 Protocol?
AS2 (Applicability Statement 2) is a file transfer protocol (FTP) that supports fully automated, server-to-server file transfers. It's suitable for two or more parties who often transact with each other and require paper-free transfers that ensure message integrity, security and reliability.
Although capable of transmitting almost any type of data over the Internet, AS2 is mostly associated with the transmission of EDI messages. To give you a good understanding of AS2, we need to start with Electronic Data Interchange (or EDI) first.
What Is Electronic Data Interchange (EDI)?
EDI is an efficient method for exchanging electronic documents used in support of interorganizational and intraorganizational transactions. EDI was first used by the transportation industry in the 1960s and was eventually picked up by retailers, grocers and more.
When two organizations or two departments (in the case of intra-company transfers) transact or engage in a business process, they normally exchange supporting documents, often in paper form. For instance, a company and its supplier may exchange requests for quotations (RFQs), purchase orders, purchase order acknowledgements, shipping notices, invoices and many others.
To expedite these processes, many businesses eliminate the use of paper and transmit electronic documents instead. Some companies manually encode the supporting document and then send it to the other party via email. Others use EDI.
EDI is mostly carried out automatically between computer systems. In other words, it rarely involves human intervention (aside from exceptional cases like maintenance, troubleshoots or audits). More importantly, the contents of an EDI document or message are structured in a certain way and are based on a family of standards.
Because EDI data is standardized, it is possible to automatically generate its contents using data from business applications (e.g. inventory, accounting, sales, purchasing, delivery, etc.) or an ERP system. Correspondingly, it is also possible to extract data from an EDI message and make it available to business applications — again, without human intervention.
As the illustration below suggests, an EDI mapping/translation software can be used to convert application data to EDI or the other way around, i.e., EDI to application data.
There are several benefits when you exchange business documents in this manner. You can:
- Speed up and automate business processes
- Do away with manual entries and significantly reduce the risk of human error
- Enable fast and seamless data exchange between two organizations even if they employ entirely different IT systems and document/data formats
- Eliminate the use of paper as well as the costs associated with it (e.g. costs of sorting, searching, mailing, collecting and distributing documents)
- Simplify storage of pertinent information
- Expedite audits and streamline corporate governance initiatives
The first implementers of electronic data interchange came from the automotive industry, where it was introduced alongside Just-In-Time and Lean Manufacturing processes. EDI made it possible for the geographically dispersed and heterogeneous systems of different suppliers to connect and transact quickly, seamlessly and efficiently. Today, EDI is implemented in various industries, including finance, insurance, transportation, supply chain and many others.
In the U.S. healthcare industry, EDI is one of the key provisions in the Health Insurance Portability and Accountability Act (HIPAA), whose main objectives include the standardization of health care transactions.
But where does AS2 fit into all this?
See that orange bi-directional arrow in the figure above, the one connecting those two companies? AS2 plays a crucial role in that area. Let's talk about it now.
The Role Of AS2 In EDI
In EDI terminology, two parties who exchange information using EDI are called trading partners. Obviously, geographically separated trading partners must share a common method for transmitting/receiving messages over a WAN. The traditional way of exchanging EDI messages is through what is known as a Value-Added Network or VAN.
VANs are third-parties that operate like post offices, i.e., they receive EDI messages from a sending trading partner and forward it to the intended recipient. Trading partners must subscribe to the same VAN (or at least to VANs that are interconnected) in order to successfully engage in EDI.
Today, however, more and more organizations are avoiding VANs and are instead exchanging their EDI messages over the Internet through commonly used protocols. This option is more affordable to small trading partners who have limited budgets. And because most organizations are already connected to the Internet, this method also allows businesses to quickly onboard new trading partners.
Of course, there's one major problem when you send data over the Internet. Your data will be exposed to numerous threats. So if the EDI messages you send contain sensitive or confidential information, they have to be secured. AS2 can provide the needed security.
AS2 possesses attributes designed to ensure secure file transfers. These include:
- SSL/TLS encryption - Prevents eavesdroppers from viewing the contents of the EDI message by providing private keys and public keys for encryption
- Digital signature (affixed by sender) - Allows the receiving party to verify that the EDI message came from a legitimate trading partner and not an impostor
- Digital signature (affixed by receiver) - Used by the sending party to verify that the recipient received the message and is used to enforce non-repudiation and resolve disputes
AS2 is normally delivered over HTTP/S (HTTP or HTTPS). As a result, you likely won't have to make additional configurations on your firewall to allow those EDI messages through.
Now let's trace the flow of a typical AS2 data transfer.
How An AS2 Secure File Transfer Is Carried Out
To protect your EDI messages with data-in-motion encryption, your AS2 file transfer has to be sent over HTTPS. HTTPS encrypts data using SSL. In addition, it allows your server to affix a digital signature that will enable the receiving trading partner to verify whether the message came from an identified source. An AS2 transmission done over HTTPS basically looks like this:
Note: The server in the figure below corresponds to the machine marked "Communications" in the previous figure.
Here's what happens at each step:
- An EDI message is forwarded to the server.
- The server encrypts the message and affixes a digital signature.
- The encrypted message is sent through the Internet over AS2.
- The receiving party decrypts the message using a decryption key. The receiving party also validates the sender by inspecting the digital signature. Note: Before two parties can transact using AS2, they would have to exchange keys (a.k.a. digital certificates). This is characteristic of SSL and other cryptographic protocols that use public key encryption. To learn more about public key encryption, read the article "Roles of Server and Client Keys in Secure File Transfers."
- The server makes the EDI message available to business applications.
AS2 also provides trading partners with a means to issue electronic return receipts known as MDNs. An MDN or Message Disposition Notification serves as a confirmation that the transmission went through successfully. Basically, upon arrival of the EDI message, the receiving server automatically issues an MDN, affixes its digital signature to it, and then sends it back to the message sender.
This is how the AS2 transmission would look like when MDN is applied.
How To Use AS2
The best way to transmit AS2 is through a managed file transfer server. When delivered through an MFT server, AS2's built-in security can be augmented by other secure features like logging, access control, DLP, strong authentication and many others. Read more about the essential attributes of a secure file transfer.
DLP or data loss prevention, in particular, can help you detect sensitive data in your EDI messages - a must for companies operating in industries covered by regulations like PCI-DSS, HIPAA, SOX, and GLBA.
Another key advantage of transmitting AS2 using a managed file transfer server is that the same MFT server can be used to accomplish a full range of other file transfer tasks.
Lastly, a managed file transfer server like JSCAPE MFT Server supports triggers. Triggers are used in automating business processes and are essential in implementing EDI. To learn more about triggers, view these videos:
or read these posts:
Benefits Of AS2 EDI
EDI transactions are under more scrutiny as data security becomes a primary focus of both business and IT leaders. AS2 provides additional benefits for businesses looking to share point-to-point payloads over the internet, including:
- Reduced costs: The cost of running a transaction over AS2 is usually less than using VANs or other types of EDI.
- Expanded use cases: AS2 is an internet standard so you can theoretically trade with any business or organization that has internet connectivity.
- Fewer manual tasks: AS2 solutions often offer automation capabilities that help save time, reduce manual errors and provide reliability for real-time messaging.
- Any document type: AS2 can deliver any document payload including EDI X12, EDIFACT and XML.
Get Your Free Trial
Would you like to try this yourself? JSCAPE MFT Server is platform-agnostic and can be installed on Microsoft Windows, Linux, Mac OS X and Solaris, and can handle any file transfer protocol as well as multiple protocols from a single server. Additionally, JSCAPE enables you to handle any file type, including batch files and XML. Download your free 7-day trial of JSCAPE MFT Server now.