Presentation is loading. Please wait.

Presentation is loading. Please wait.

Taking the Mystery Out of AS2 Kim Zajehowski Aurora Technologies, Inc. AS2 Certificates SMIME/MIME MDNs Encryption Signing.

Published byBarry McDaniel Modified over 9 years ago

Similar presentations

Presentation on theme: "Taking the Mystery Out of AS2 Kim Zajehowski Aurora Technologies, Inc. AS2 Certificates SMIME/MIME MDNs Encryption Signing."— Presentation transcript:

1 Taking the Mystery Out of AS2 Kim Zajehowski Aurora Technologies, Inc. AS2 Certificates SMIME/MIME MDNs Encryption Signing

2 What is AS2? More secure way of exchanging EDI data directly with your trading partners using certificates, encryption, and signing of documents over the Internet. Stands for Applicability Statement 2 draft standard from the Internet Engineering Task Force for securely exchanging business documents over the Internet as noted on www.networkworld.com.www.networkworld.com Can be a communication method that can replace VAN communications with your trading partner. Uses digital certificates to secure EDI packets of data. Sometimes referred to as HTTP Reverse Proxy by some AS2 solutions.

3 Direct communications to your trading partner through the Internet. Can also be via a VAN to your trading partner as AS2. Utilizes extended VAN services that provide the conversion for you. Provides a reliable method in that you receive an MDN (Message Disposition Notification) telling you that your trading partner received the EDI packet. Note that this doesn’t replace your Functional Acknowledgements The AS2 standard uses some of the most robust encryption and signature algorithms. Operates only over networks running the TCP/IP protocol AS2 Continued

4 Envelopes AS2 data is placed in an envelope containing AS2 identifiers for each party in the exchange of data. Along with the envelope is a digital certificates within the data packet. The AS2 envelope usually contains another envelope within it (ISA) with EDI data and ISA qualifiers and IDs.

5 AS2 Flowchart

6 Terminology MIME/S-MIME Encryption Signing MDNs AS2 Identification Firewall Considerations Certificates Pros Cons AS2 solution selection Sample AS2 profiles Helpful websites

7 MIME MIME – as defined on Wikipedia - Multi-purpose internet mail extensions - defines mechanisms for sending other kinds of information in e-mail. MIME is also a fundamental component of communication protocols such as HTTP, which requires that data be transmitted in the context of e-mail- like messages even though the data might not (and usually doesn't) actually have anything to do with e-mail

8 S-MIME S/MIME as taken from Wikipedia (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. Through the use of public key certificates, packets of information can be secure through this type of data packet.

9 Encryption A way of making a packet of data unusable without certificate keys by encrypting the data using one of several encrypting algorithm Advanced Encryption Standard (AES) – AES 256 – AES 192 – AES 128 Data Encryption Standard (DES) – DES 56 – DES3 168 (Recommended) CAST5 128 RC2 40 RC2 64 RC2 128

10 Signing Way of further securing AS2 data packets is to sign the packets using one of several algorithms: Secure Hash Algorithm – SHA1 160 (Recommended) Message Digest Algorithm – MD5 128 Race Integrity Primitives Evaluation Digest – RIPEMD 160

11 MDN Message Disposition Notification Communication packet used to tell parties of successful receipt of data packets (positive MDN) into partner’s AS2 solution. Does not replace functional acknowledgement No control numbers used Type of MDN is usually dictated by trading partner

12 Types of MDN Scenarios Asynchronous – Allows for AS2 MDNs to be returned to the message sender over a different HTTP connection. – Usually used for larger files Synchronous – Allows for AS2 MDNs to be returned over the same HTTP connection as the send of original message – There may be timeouts with low bandwidth situations E-mail – Rarely used but available where the AS2 MDN is returned to a an e- mail address No MDN

13 AS2 Identification Each trading partner involved in AS2 communications is assigned an AS2 ID. ID is company self generated. It can be a company name with AS2 on the end of it or a company’s ISA qualifier concatenated to the ISA ID as the AS2 ID. The ID is used on the outer envelope of the AS2 packet of data to be communicated.

14 Firewall Considerations Since this type of communications is over the Internet, you must secure your AS2 solution by limiting incoming communication traffic by port or by IP address and also allowing outbound traffic. This can be the most challenging area as you are dealing with your own internal networks as well as your trading partners to successful communicate via AS2.

15 Digital Certificates A digital certificate (*.cer) is required for both parties exchanging AS2 data via the Internet. X.509 – standard There are other certificates that might be used as well (*.pfx). Each party much share each others certificate as this further secures the packet of data to be communicated. Along with encryption, data is also transmitted with the valid digital certificates for the sending party and receiving party. Note that when exchanging AS2 digital certificates that they do not have to be signed or generated by a signing authority (ie. Verisign). It can be a self signed certificate through your AS2 solution if they offer that option. Note when exchanging certificates via e-mail, you must change the extension on the file from *.cer to *.txt or zip it to send to your trading partner. Many e-mail servers will strip the *.cert attachments when being e-mailed.

16 AS2 Solution Selection Know your potential AS2 trading partners. Some may require you to utilize a Drummond certified solution (i.e. Target) Some may be more relaxed with the Drummond requirement. Evaluate what your future communication needs as you may be able to find a solution that can support multiple communication protocols (FTP, AS1, AS2, etc.) You may want to evaluate whether it is cost feasible to add a service to your existing VAN for AS2 customers. Many VANs offer a service to take your EDI transactions and transform them into AS2 to your trading partner.

17 Pros Direct communications with trading partners no VAN charges Faster communications and more timely Control is in your hands and your trading partner’s hands

18 Cons May be required to only utilize Drummond certified solutions if your AS2 trading partner community pushes it The responsibility is on you and your trading partners to ensure reliable communications at all times. Monitoring software on a daily basis. Must monitor for all digital certificates for company side as well as trading partner side to ensure you have loaded the most current and they do not expire.

19 Sample AS2 Customer Sheet Customer AS2 Information Customer Contact Name: Phone: Email: AS2 Name If your company already uses an AS2 Name provide it here, otherwise you can choose to use your QUAL/ID as AS2 NAME such as 129498381009. AS2 URL or IP Such as http://as2.companyname.com/as2 or http://666.32.32.32:9080/msgsrv/as2http://as2.companyname.com/as2 http://666.32.32.32:9080/msgsrv/as2 Message Format Type How do you want the message to be sent Signed/Encrypted/Plain text (Mime)? MIME S/MIME Encrypted S/MIME Signed S/MIME Signed/Encrypted (Recommended) Encryption Algorithm If you have selected Encrypted, what Encryption format do you prefer? RC2 40 RC2 64 RC2 128 AES 128 AES 192 AES 256 DES 56 DES3 168 (Recommended) CAST5 128 Signing Algorithm If you have selected Signed, what Signing format do you prefer? SHA1 160 (Recommended) MD5 128 RIPEMD 160 Receipt Type Does your company require an MDN notification to be sent back upon receiving the AS2 message from you? Signed (Recommended) Unsigned None List your Test Ids: List your sender/receiver ID’s/Qual’s you intend to use for testing. List your Production Ids: List your sender/receiver Ids (not your trading partners) used for production.

20 Sample AS2 Customer Sheet AS2 Profile InformationAS2 Profile Information Trading Partner Information Date 10/31/2010 Company Name: ACME COMPANY Contact Name: Jane Smith Title: EDI Coordinator Phone: 401-555-5555 FAX: Email: jsmith@acme.com EDI Qualifier/ID: ZZ/401555555 AS2 Identifier: ACMEAS2 AS2 URL: http://as2.acme.com:1234/as2 Backup AS2 URL (optional): Encryption Algorithm: DES3 168 WITH SHA1 AS2 Authentication Name/Password (optional): Outbound IP Address: ABC AS2 Information Production URL: http://www.as2edi.abc.com:8080/as2 AS2 Identifier: ABCAS2 (Case sensitive) Public Encryption Key Location: Attached Synchronous Signed MDNs Encryption Algorithm: AES128 (Preferred) 3DES (Alternate) Signing Algorithm: SHA-1 Compression: All Data Retry policy ABC Company has improved hardware, software and procedures to ensure a high level of AS2 availability. However, ABC Company can not guarantee that every AS2 connection attempt will succeed. Therefore, ABC highly recommends that you automatically retry AS2 connections at least three times with at least one minute between retries. This will be beneficial to users due to not having to manually retransmit when a connection does not succeed the first time.

21 Helpful Websites AS2 Drummond Certified Software http://www.drummondgroup.com/html-v2/as2- companies.html Open Source AS2 Providers http://sourceforge.net/search/?type_of_search=soft&words= as2 AS2 Basics http://www.as2basics.co.uk AS2 Secures Documents Using the Web http://www.networkworld.com/news/tech/2002/1209techup date.html

Download ppt "Taking the Mystery Out of AS2 Kim Zajehowski Aurora Technologies, Inc. AS2 Certificates SMIME/MIME MDNs Encryption Signing."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
(4.4) Internet Protocols Layered approach to Internet Software 1.

(4.4) Internet Protocols Layered approach to Internet Software 1.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Web services security I

Web services security I
Guide to Operating System Security Chapter 10 E-mail Security.

Guide to Operating System Security Chapter 10 Security.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Similar presentations

Ads by Google