What Is AS2?

AS2 (Applicability Statement 2) is a popular protocol for secure, reliable internet-based message transmissions, especially for EDI. AS2 uses digital certificates and encryption to create a secure "envelope" for data transfer. AS2 offers support for a variety of data formats, in addition to high security, cost-effectiveness and real-time status updates. However, it faces challenges like bilateral partner management, firewall configuration and certificate maintenance. SEEBURGER addresses these challenges with a B2B routing solution that efficiently handles multiple connections and streamlines certificate management, enhancing AS2's capabilities for modern business communication needs.

AS2 (Applicability Statement 2) is an HTTP-based protocol for transmitting messages, including EDI messages, securely and reliably via the internet. In the last 20 years, AS2 has become the most widely used protocol for EDI in many industries, such as the retail and consumer packaged goods industries.

To establish an AS2 connection, you need two computers—a server and a client. Both connect to the internet via a point-to-point connection. In order to transmit the desired data, AS2 creates an ‘envelope’ that enables secure transmission via the internet using digital certificates and encryption.

• One AS2 identification (GLN - Global Location Number) and one certificate per participant
• The public keys for all certificates used by your partners
• AS2-capable software

AS2 certificates enable secure data exchange and meet certain security standards. You can generate and sign your certificates using software of your choice, or use certificates issued and verified by a trusted certification authority. These AS2 certificates are exchanged in advance with the partner. It’s important to note that self-signed certificates can cause security warnings and disrupt the exchange of EDI messages over AS2.

An AS2 MDN (Message Disposition Notification) is an electronic receipt that is sent to the sender via AS2 after an electronic message has been sent. This acknowledgement of receipt confirms that the EDI message has been transmitted successfully.

The MDN checks two things:

1. Was the AS2 interchange successfully completed?
2. Was the message sent to the desired recipient without alteration?

The process of establishing an AS2 MDN connection is as follows:

1. The sender sends an encrypted EDI message with digital signature to the desired recipient.
2. The EDI message is transmitted over the internet via AS2.
3. The message is decrypted by the recipient and the digital signature of the sender is verified.
4. The recipient prepares the requested MDN and applies a digital signature. The MDN is then sent back to the sender.
5. The sender receives the MDN and verifies the recipient‘s digital signature.

A GLN (Global Location Number) is a 13-digit number that uniquely identifies a company. Mostly large companies rely on GLNs to prevent confusion between companies by avoiding duplication. GLNs are assigned by GS1, a global non-profit organization that ensures no GLN is assigned twice.

Security:

• Encryption: AS2 supports data encryption using standard encryption algorithms, such as AES and 3DES, to ensure data confidentiality.
• Digital signatures: It uses digital signatures to ensure data integrity and authenticity. The sender can sign the message, and the receiver can verify the signature to ensure the message was not tampered with.
• SSL/TLS: AS2 supports SSL and TLS protocols for securely transmitting messages over the internet.

Reliability:

• Message Disposition Notification (MDN): AS2 uses MDNs to acknowledge the receipt of messages. MDNs can confirm the successful receipt and processing of a message or indicate any errors.
• Non-repudiation: Digital signatures and MDNs provide non-repudiation of origin and receipt, which means the sender cannot deny sending the message and the receiver cannot deny its receipt.

Compression:

• AS2 supports message compression to reduce the size of transmitted data, which improves transmission speed and reduces bandwidth usage.

Data formats:

• AS2 can transmit any file type, including EDI, XML, plain text and binary files. AS2 is commonly used for EDI document exchanges but is not limited to EDI.

Interoperability:

• AS2 is an open standard that ensures interoperability between different systems and software. AS2 is widely adopted and supported by many B2B/EDI solutions.

Standardized headers:

• AS2 messages include standardized headers with metadata, including sender and receiver information, message IDs and processing instructions.

Timestamping:

• AS2 supports timestamping to ensure that messages are processed in the correct order. This also provides a reliable audit trail.

Asynchronous Communication:

• AS2 primarily supports synchronous communication, in which the sender waits for an immediate response. But AS2 also supports asynchronous communication, allowing for more flexibility in processing.

These AS2 features ensure data integrity, confidentiality and reliability in electronic transactions, which make AS2 a robust and secure protocol for B2B communications.

The following AS2 message types and their combinations ensure that AS2 communications can support a wide range of EDI requirements.

EDI data message:

• This is the main message that contains the business data or documents being exchanged. It can exist in various formats, including EDI (X12, EDIFACT), XML, plain text or binary files. The EDI data message is the core of the AS2 transaction.

MDN (Message Disposition Notification):

• MDNs are acknowledgments sent by the receiver of an AS2 message back to the sender. They serve as receipts that confirm whether the message was successfully received and processed and if there were any errors. MDNs provide non-repudiation of receipt and help ensure reliability in the message exchange.
  • Synchronous MDN: Sent immediately, in the same HTTP session, after the receiver processes the message.
  • Asynchronous MDN: Sent separately, after the initial HTTP session is closed, allowing more time to process the message.

Signed message:

• An EDI data message that is digitally signed by the sender to ensure data integrity and authenticity. The receiver can verify the signature to confirm the message has not been altered and that it was indeed sent by the purported sender.

Encrypted message:

• An EDI data message that is encrypted to ensure confidentiality during transmission. Only the intended recipient can decrypt and access the message content.

Compressed message:

• An EDI data message that is compressed to reduce the size of the transmitted data, improving transmission efficiency and reducing bandwidth usage.

Signed and encrypted message:

• A message that is both digitally signed and encrypted, providing both data integrity and confidentiality.

Receipt request:

• A request sent by the sender with the EDI data message, which asks the receiver to send an MDN as an acknowledgment of receipt. This ensures that the sender is notified once the message is successfully received and processed.

Industries and regions worldwide use AS2. Here’s a summary of how seven industries across North America, Europe and Asia-Pacific use AS2.

Industries using AS2

1. Retail: Retailers and their suppliers use AS2 to exchange purchase orders, invoices, shipping notices and inventory updates. AS2 enables seamless communication between stores, distribution centers and suppliers.
2. Logistics and Transportation: AS2 is used to share shipping instructions, delivery schedules, customs documents and status updates between shippers, carriers, freight forwarders and customs agencies.
3. Healthcare and Pharma: Healthcare organizations use AS2 to exchange patient records, insurance claims, billing information and other sensitive medical data between hospitals, clinics, insurance providers and government agencies.
4. Automotive: Automotive companies rely on AS2 for just-in-time inventory management, orders, shipment notifications and production schedules between manufacturers, suppliers and dealers.
5. Financial Services: Financial institutions use AS2 for secure transmissions of transaction data, statements, payment instructions and regulatory reports between banks, clearinghouses and regulatory bodies.
6. Consumer Packaged Goods (CPG): Companies in the consumer goods sector use AS2 to manage orders, inventory levels, shipping notices and promotional information between manufacturers, suppliers and retailers.
7. Utilities: Utility companies use AS2 for managing customer accounts, billing information, service orders and regulatory compliance reports between service providers, customers and regulatory agencies.

Regions using AS2

1. North America:
   • The United States and Canada are major users of AS2, particularly in industries such as retail, manufacturing, healthcare, and logistics. Large retail chains like Walmart and major manufacturers like General Motors have standardized on AS2 for their supply chain communications.
2. Europe:
   • AS2 has been widely adopted across Europe with significant usage in Germany, the United Kingdom, France and Italy. The automotive industry, led by companies like Volkswagen and BMW, and the retail industry, with European chains like Tesco and Carrefour, are prominent users of AS2.
3. Asia-Pacific:
   • In the Asia-Pacific region, AS2 is used extensively in Japan, China, South Korea and Australia. The manufacturing and electronics industries in these countries, including giants like Toyota, Samsung and Sony, rely on AS2 for their B2B communications.

• Bilateral partner management (point-to-point connection, exchange of keys)
• Open ports for AS2 communication on the firewall
• High maintenance effort, due to many signed certificates of Trading Partners that will expire and need to be replaced over time

SEEBURGER offers an AS2 solution to address the problem of expired certificates and the efficient handling of multiple connections. Our B2B routing is a communication service that handles the secure and encrypted delivery of all EDI messages sent over AS2.