AS2 & AS3 Protocols

What is AS2? AS2 stands for Applicability Statement 2 and is an EDI (Electronic Data Interchange) specification for exchanging peer-to-peer communication documents between business partners using the Internet. AS2 is based upon the Secure HTTP (Hyper Text Transport Protocol). AS2 offers distinct advantages over standard HTTP, including increased verification and security achieved through the use of receipts and digital signatures. Another edge for AS2 over secure HTTP: its transactions and acknowledgements occur in real-time, increasing the efficiency of document exchanges.

Other Information Covering AS2

AS2 is a standard for the exchange of business documents. It is concerned with the encryption and exchange of documents, not the format of the data in the documents themselves.

AS2 is designed to be a real-time exchange system. When a business entity has data ready to send to a trading partner, the data is immediately pushed to the trading partner. In older systems, the data would be held in a queue somewhere until the trading partner picked up the data.

AS2 data exchanges are secure. Multiple encryption schemes are used to confirm the identity of the sender and receiver, that unauthorized third parties cannot read the data, and that the data has not been corrupted in transit.

AS2 can be thought of as a layered protocol. Each layer uses the service provided by the layer beneath it to add a level of functionality to the transmission. As a layer adds its contribution, it forwards the resulting package to the layer beneath it.

Finally the Transport layer forwards the package to the remote system using the http protocols over the web. After the remote system receives the data package the process is reversed. The data package is decrypted, the headers are checked and removed and the result is passed to the Session layer.

In the example above, a document is presented to the interface layer of the sending system. The interface layer determines the address (the IP address and socket number) of the receiver. The document data (the payload) and the address information are passed to the Session layer.

The Session layer uses the services of the Security Layer to send the data to the remote system and then waits for the remote system to acknowledge that it has received the package without errors. The Session layer maintains a list of all outstanding transmissions. When the receipt is received the Session layer informs the Interface of the successful delivery of the data.

The AS2 standard specifically states that Session layer receipts are not a substitute for 997 (EDI oriented) functional acknowledgments. Session later receipts acknowledge the delivery of the data. 997 functional acknowledgments indicate that the data in the document has been successfully processed.

The Security layer encrypts the data using either the PGP/MIME or the S/MIME standard. It is up to the trading partners to decide which standard to use. Both standards support the exchange of digitally signed encrypted data. Brief descriptions of the differences between the standards can be found at

The Security layer then uses the services of the Transport layer to send the message to the remote system. The basic difference between AS1 and AS2 is found in the Transport layer. AS1 uses email to send data to remote system, while AS2 uses http over the Internet.

AS2 is a push-only protocol (whereas AS3 is a push/pull protocol discussed below). With AS2, companies receive AS2 data by having a computer waiting for incoming http requests. A company that wants to receive AS2 data informs its trading partners of the IP address and socket number it will be monitoring. Berkley sockets are a method used by computers to allow applications to communicate directly with one another over a network. A description of Berkley sockets and the programming issues involved when using them is beyond the scope of this document. Obviously the socket used for receiving AS2 data must be unique on a given system.