AS2 EDI communication encryption

Why AS2 is the optimal EDI communication protocol

AS2 is enjoying increasing popularity and is now one of the most frequently used communication protocols for electronic data interchange (EDI): Applicability Statemenent 2, or AS2 for short. Its triumphal procession can be explained by the fact that it combines the positive aspects of all other common protocols.

Tuesday, 09. July 2019
AS2 das optimale EDI-Kommunikationsprotokoll

AS2 is a version of the protocol EDIINT (EDI over the Internet). The first major advantage over other EDI communication methods is obvious: transmission costs are close to zero. All you need is an Internet connection.

E-mail traffic, which also uses the Web for transmission, is inexpensive, too. However, there is a lack of authenticity and integrity of the information transmitted. In other words, you never know for sure whether the message has been received, whether someone has read it on the way or even rerouted it. It is true that B2B e-mail clients (such as i‑effect®) can transmit encrypted files, process them automatically or send notifications within the EDI workflow. In general, however, e-mail traffic is rather insecure and especially not suitable for large files. Even the attempts to bring more security into electronic communication with DE-mail and ePost have not been able to establish themselves on a broad scale.

The file transfer protocol (FTP) can also be used to transfer EDI data. With FTP transfer, however, older file versions are overwritten uncontrollably, logging is inadequate, and only upload and download are possible. And: As with e-mail, an acknowledgement of receipt is missing.

Safe and inexpensive - no contradiction with AS2

Classic EDI processes have a higher safety level. In return, they are considerably more expensive. Value Added Networks (VANs), such as the X.400 mailbox method, cause volume-dependent costs. These services work according to the store-and-forward system: incoming and outgoing EDI messages are stored or retrieved in a mailbox. With Telebox, Telekom's classic mailbox system, EDI messages are exchanged via BusinessMail X.400, the Telekom network based on the X.400 message protocol.

Registered mail with acknowledgement of receipt

Thats where AS2 scores, which makes it more and more popular as EDI procedure. On the one hand, sender and receiver each require only an Internet connection and a communication module, i.e. AS2 software (AS2 client & AS2 server). Depending on the software solution, there are no usage fees (e.g. i‑effect®). With the AS2 protocol, files can be sent and received via a secure connection. Security refers both to mechanisms such as encryption and signature and to the certainty that the opposite side has received, decrypted and read the messages on time - the so-called Message Disposition Notification (MDN). It contains the message ID of the data transmission that is to be confirmed. In the case of postal dispatch, the highest form of secure delivery is registered mail with acknowledgement of receipt. This is exactly what AS2 with MDN is all about.

Key Components such as security and traceability are even more important in the exchange of business data than in private e-mail traffic. For this reason, special importance was attached to this during the development of AS2 - which is reflected in its high acceptance. Last but not least, however, the sales tax law (UStG §14, Abs. 3, Satz 2) is also complied with - authenticity and integrity are guaranteed.

The "envelope" principle

AS2 works with a kind of "envelope". Electronic business documents of any format (EDIFACT, XML, CSV, X.12, etc.) are embedded in these envelopes so that they can be transmitted via the Internet (or another TCP/IP-based network) using the HTTP protocol. Each AS2 message receives an electronic signature and is transmitted to the receiving end in encrypted form.

AS2 IBM EDI AS400 keystore infographic

With AS2, encryption takes place on two levels. On the one hand, HTTPS (SSL or TLS) ensures basic encryption of all communication, i.e. the HTTP header. This makes it impossible to see who is sending data to whom with which certificates. AS2 now uses additional certificates for the actual data encryption, for which the S/MIME standard is used.

The signature ensures that the sender and recipient are the actual business partners. The received document is checked for authenticity and integrity and an MDN is automatically sent back. This guarantees that the recipient has received and decrypted the message in unchanged form.

Higher security, lower costs - important reasons speak for the triumph of AS2. The number of transmissions from which the purchase of the technical infrastructure is worthwhile is quickly reached. And then you no longer pay extra for each process - as with ISDN-based procedures or VANs - but the EDI communication runs over the normal Internet flat rate - at least if you use i‑effect®. From other providers it is rumored that volume-related costs arise.

Back to overview