19-01-2011, 04:53 PM
EDI-INT AS1, AS2, AS3
Kevin Grant
Goals of this Presentation
Understanding Security Mechanisms
Understanding Applicability Statements
MDNs
Secure Transmission Loop
AS1, AS2, AS3
Product Certification
AS1/AS2/AS3 Standards
Applicability Statements 1 (AS1), 2 (AS2), & 3 (AS3) are the current specifications developed by EDI-INT for transporting data via the Internet.
AS Standards specify how to exchange data, not how to process data.
AS1 defines how to perform secure file transfers via SMTP
AS2 defines how to perform secure file transfers via HTTP
AS3 defines how to perform secure file transfers via FTP
Specify Security Services over a Specific Communication protocol with the introduction of Message Disposition Notifications (MDNs) to complete the Secure Transmission Loop
AS1/AS2/AS3 Options
Encrypted or not encrypted
Signed or unsigned
Receipt or no receipt
Receipt signed, or not signed
Security Mechanisms
Three basic building blocks are used:
Encryption is used to provide confidentiality, can provide authentication and integrity protection
Hash algorithms are used to provide integrity protection, can provide authentication
Digital signatures are used to provide authentication, integrity protection, and non-repudiation
One or more security mechanisms are combined to provide a security service
Hash Functions
Hashing is the transformation of a string of characters into a shorter fixed-length value or key that represents the original string.
It is used to index and retrieve items in a database because it is faster to find the item using the shorter hashed key than to find it using the original value.
For more