What is AS2?

AS2 stands for Applicability Statement 2 and is one of the most popular EDI (Electronic Data Interchange) transmission standards. The reason for its widespread use in business is that AS2 uses the Internet as a means of communication. Thus, the protocol is not dependent on the use of a proprietary network. AS2 uses both HTTP and HTTPS protocols for transmission over the Internet.

AS2 standardization therefore enables a cost-effective and secure exchange of messages. The function of the transmission standard is simple: messages are digitally packaged, encrypted and signed. The recipient then confirms the timely delivery of the message to the sender with a receipt. This receipt is also called MDN or Message Disposition Notification. The message format is irrelevant for the standard. All data can be transported securely and reliably using the AS2 protocol.

The AS2 protocol is published by the Internet Engineering Task Force – IETF. This is a working group of network specialists working on the further development of the Internet. In addition to AS2, AS1 and AS3 also exist, but they are not popular.

Contact us

How can I implement AS2 in my company?

For the implementation of the AS2 protocol, a suitable software must first be evaluated. This is then integrated into the IT landscape. The next step is to obtain digital certificates and keys. The keys and certificates must of course be exchanged with the business partner or business partners. In addition, the message types should be coordinated.

The systems must be thoroughly tested and organized in pilot operation before they can finally be put into productive operation. Depending on the prerequisites and the initial situation, the implementation effort can vary greatly. However, the effort is relativized by the number of connected business partners and the runtime. The connection of further business partners will only require a fraction of the initial effort from this point on.

Benefits for your company:

Once the system is up and running, costs are low. All you have to do is ensure continuous Internet access and the renewal of certificates and licenses.

How does the AS2 protocol work?

Key

If the message to be transmitted is ready at the sender, the private key is initially used to calculate a hash value. The hash value is then used to create a signature. The message and signature are then packed in a digital EDI envelope, also known as an envelope. The envelope is encrypted with the recipient’s public key. The encrypted envelope is now sent to the recipient’s endpoint via an HTTP or HTTPS connection. The addressing is carried out as usual in the Internet via a URL.

At the beginning the encryption has to be removed. The recipient uses his private key for this purpose. Now the sent hash value must also be checked. The hash value is decrypted using the sender’s public key. The two hash values are checked below. If both values match, the recipient can assume that the message is correct and has not been tampered with. In this case, the recipient acknowledges the correct, undeniable receipt of the message with an encrypted MDN message. The MDN can be sent synchronously, i.e. simultaneously, or asynchronously, at a later point in time. If the hash values do not match, a negative MDN is sent – this is also called NDN.

What are the advantages of AS2 over X.400?

In contrast to X.400, AS2 uses the Internet as a communication channel and thus does without its own proprietary network. This results in considerable savings potential. If the protocol itself is operated, no external service providers are required to transmit the messages.
X.400, on the other hand, is considered to be particularly secure. As proof of the high data security and revision security of the standard, it is often cited that X.400, unlike most other standards, uses its own closed network. Only known participants can act in this network.
However, this does not mean that AS2 is necessarily riskier. A similarly secure connection between business partners can be established via the Internet. This process is similar in logic to the use of an online banking website. Digital certificates and signatures guarantee encryption and thus a high degree of data security. With the MDN, the recipient acknowledges the timely receipt of the message to the sender. This saves the time-consuming searching of log files.

Thanks to the direct connection, the message is immediately transmitted to the business partner. This is not the case with X.400 and priority transmission is often only possible for an extra charge. This also explains why so many companies have recently switched from X.400 to AS2.
For companies that have not yet used EDI standards, AS2 is usually the more cost-effective and better long-term option. The same applies, of course, to companies that integrate new partners into their environment. Of course, this only applies if the supplier is not forced to use the X.400 network.

Whichever transmission standards you use, we will be happy to support you in all aspects of data exchange. Simply send us your questions via the contact form.