1 / 21

Taking the Mystery Out of AS2

AS2. SMIME/MIME. Encryption. Certificates. Signing. MDNs. Taking the Mystery Out of AS2. Kim Zajehowski Aurora Technologies, Inc. What is AS2?.

joben
Télécharger la présentation

Taking the Mystery Out of AS2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AS2 SMIME/MIME Encryption Certificates Signing MDNs Taking the Mystery Out of AS2 Kim Zajehowski Aurora Technologies, Inc.

  2. What is AS2? • More secure way of exchanging EDI data directly with your trading partners using certificates, encryption, and signing of documents over the Internet. • Stands for Applicability Statement 2 draft standard from the Internet Engineering Task Force for securely exchanging business documents over the Internet as noted on www.networkworld.com. • Can be a communication method that can replace VAN communications with your trading partner. • Uses digital certificates to secure EDI packets of data. • Sometimes referred to as HTTP Reverse Proxy by some AS2 solutions.

  3. AS2Continued • Direct communications to your trading partner through the Internet. • Can also be via a VAN to your trading partner as AS2. Utilizes extended VAN services that provide the conversion for you. • Provides a reliable method in that you receive an MDN (Message Disposition Notification) telling you that your trading partner received the EDI packet. Note that this doesn’t replace your Functional Acknowledgements • The AS2 standard uses some of the most robust encryption and signature algorithms. • Operates only over networks running the TCP/IP protocol

  4. Envelopes • AS2 data is placed in an envelope containing AS2 identifiers for each party in the exchange of data. • Along with the envelope is a digital certificates within the data packet. • The AS2 envelope usually contains another envelope within it (ISA) with EDI data and ISA qualifiers and IDs.

  5. AS2 Flowchart

  6. Terminology • MIME/S-MIME • Encryption • Signing • MDNs • AS2 Identification • Firewall Considerations • Certificates • Pros • Cons • AS2 solution selection • Sample AS2 profiles • Helpful websites

  7. MIME • MIME – as defined on Wikipedia - Multi-purpose internet mail extensions - defines mechanisms for sending other kinds of information in e-mail. • MIME is also a fundamental component of communication protocols such as HTTP, which requires that data be transmitted in the context of e-mail-like messages even though the data might not (and usually doesn't) actually have anything to do with e-mail

  8. S-MIME • S/MIMEas taken from Wikipedia (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. • Through the use of public key certificates, packets of information can be secure through this type of data packet.

  9. Encryption • A way of making a packet of data unusable without certificate keys by encrypting the data using one of several encrypting algorithm • Advanced Encryption Standard (AES) • AES 256 • AES 192 • AES 128 • Data Encryption Standard (DES) • DES 56 • DES3 168 (Recommended) • CAST5 128 • RC2 40 • RC2 64 • RC2 128

  10. Signing • Way of further securing AS2 data packets is to sign the packets using one of several algorithms: • Secure Hash Algorithm • SHA1 160 (Recommended) • Message Digest Algorithm • MD5 128 • Race Integrity Primitives Evaluation Digest • RIPEMD 160

  11. MDN • Message Disposition Notification • Communication packet used to tell parties of successful receipt of data packets (positive MDN) into partner’s AS2 solution. • Does not replace functional acknowledgement • No control numbers used • Type of MDN is usually dictated by trading partner

  12. Types of MDN Scenarios • Asynchronous • Allows for AS2 MDNs to be returned to the message sender over a different HTTP connection. • Usually used for larger files • Synchronous • Allows for AS2 MDNs to be returned over the same HTTP connection as the send of original message • There may be timeouts with low bandwidth situations • E-mail • Rarely used but available where the AS2 MDN is returned to a an e-mail address • No MDN

  13. AS2 Identification • Each trading partner involved in AS2 communications is assigned an AS2 ID. • ID is company self generated. • It can be a company name with AS2 on the end of it or a company’s ISA qualifier concatenated to the ISA ID as the AS2 ID. • The ID is used on the outer envelope of the AS2 packet of data to be communicated.

  14. Firewall Considerations • Since this type of communications is over the Internet, you must secure your AS2 solution by limiting incoming communication traffic by port or by IP address and also allowing outbound traffic. • This can be the most challenging area as you are dealing with your own internal networks as well as your trading partners to successful communicate via AS2.

  15. Digital Certificates • A digital certificate (*.cer) is required for both parties exchanging AS2 data via the Internet. • X.509 – standard • There are other certificates that might be used as well (*.pfx). • Each party much share each others certificate as this further secures the packet of data to be communicated. Along with encryption, data is also transmitted with the valid digital certificates for the sending party and receiving party. • Note that when exchanging AS2 digital certificates that they do not have to be signed or generated by a signing authority (ie. Verisign). It can be a self signed certificate through your AS2 solution if they offer that option. • Note when exchanging certificates via e-mail, you must change the extension on the file from *.cer to *.txt or zip it to send to your trading partner. Many e-mail servers will strip the *.cert attachments when being e-mailed.

  16. AS2 Solution Selection • Know your potential AS2 trading partners. • Some may require you to utilize a Drummond certified solution (i.e. Target) • Some may be more relaxed with the Drummond requirement . • Evaluate what your future communication needs as you may be able to find a solution that can support multiple communication protocols (FTP, AS1, AS2, etc.) • You may want to evaluate whether it is cost feasible to add a service to your existing VAN for AS2 customers. Many VANs offer a service to take your EDI transactions and transform them into AS2 to your trading partner.

  17. Pros • Direct communications with trading partners no VAN charges • Faster communications and more timely • Control is in your hands and your trading partner’s hands

  18. Cons • May be required to only utilize Drummond certified solutions if your AS2 trading partner community pushes it • The responsibility is on you and your trading partners to ensure reliable communications at all times. Monitoring software on a daily basis. • Must monitor for all digital certificates for company side as well as trading partner side to ensure you have loaded the most current and they do not expire.

  19. Sample AS2 Customer Sheet

  20. Sample AS2 Customer Sheet

  21. Helpful Websites AS2 Drummond Certified Software http://www.drummondgroup.com/html-v2/as2-companies.html Open Source AS2 Providers http://sourceforge.net/search/?type_of_search=soft&words=as2 AS2 Basics http://www.as2basics.co.uk AS2 Secures Documents Using the Web http://www.networkworld.com/news/tech/2002/1209techupdate.html

More Related