<img height="1" width="1" src="https://www.facebook.com/tr?id=1046809342117480&amp;ev=PageView &amp;noscript=1">

VSEC Blog: IT Security Channel News brought to you by Infinigate UK

Share the Infinigate UK Blog on LinkedIn Share the Infinigate UK Blog on Twitter Share the Infinigate UK Blog on Facebook Share the Infinigate UK Blog on Google+ Share the Infinigate UK Blog via Email

What are AS4 File Transfers and Why are they so Important?

Topics: Secure File Transfer, File Sharing, AS4

Posted: 06 December 2019


Every so often there is a seismic change in the IT security industry that creates a new benchmark upon which everything is measured. One such case of late, is an area that has remained unchanged for the large part of two decades – B2B file transfer.

Today, most organisations will use automated SFTP based file transfers or may have even delved into Applicability Statement (ASx) transfers - mostly AS2. But even those popular standards are nearing twenty years of age.

[You may also be interested to read "Data Breaches and the GDPR - 1 Year Later"]

Machine-to-Machine File Transfer for the Modern Age


In recent months, I have noticed an increase in conversations regarding the use of AS4 for machine-to-machine transfers. In other words, automated transfers of data and files between two processing systems, without human intervention.

A reason for this is the European Union (EU) has been promoting its use for cross-border communications. In particular, success with its eSENs project which was completed in 2017, which involved AS4 data transfers between over 100 public and private actors from 22 countries, as spurred it on.

As a result, cross-border data transfer between various government agencies and private companies is now becoming a standard and has since been fully implemented at:

  • IATA - International Air Transport Association;
  • EESSI - Electronic Exchange of Social Security Information;
  • ENTSOG - European Network of Transmission System Operators for Gas;
  • Superstream – Australian Pensions; and
  • JEITA - Japanese Association of Electronics and Information Technology Industries.


What is AS4?


So, what is the fuss with AS4 all about?

AS4 is not a complete newcomer, having three predecessors in AS1, AS2 and AS3 - of which, AS1 and AS2 have enjoyed relatively widespread use for some time. Despite this, the old guard is slowly being unseated because of a number of advantages which AS4 has above its rivals. These include:

  • It is an OASIS standard; and works with other common standards such as MIME, SOAP and WS-Security.
  • It ensures the confidentiality of data transmitted using a subset of WS-Security.
  • Guaranteed file delivery using a receipt system which is cryptographically tied to the AS4 message that has been sent. Making it undisputable.
  • Payloads support a number of formats including EDI, XML, JSON, binary and more.

In short, AS4 provides a more modern, secure, auditable and versatile file or message exchange solution than previous ASx standards.

Crucially, AS4 also allows for push, as well as pull. This means that applications that are not always online; do not have a permanent IP address; or that are behind a firewall can occasionally connect and pull available messages.


How does AS4 work?


AS4 requires the creation of a Message Services Handler (MSH) at both the sender and recipient locations.

There are two types of messages: user messages which contain the payload to be transferred; and signal message which can communicate the outcome of a transfer (receipt or error) or request a user message pull.

The case of a push, the sending MSH connects to the webservice of the receiving MSH and sends a user message with payload. In the case of a pull, the receiving MSH sends a pull request signal message to the sending MSH, initiating the workflow described previously.

When a user message has been successfully received, the receiving MSH creates a digital signature based on the content of the user message and returns it along with a signal message. This signature is cryptographically tied to the user message and is considered a non-repudiable receipt.


Why is AS4 Becoming so Important?


AS4 is quickly becoming the standard for secure and versatile file transfer where automated machine-to-machine transfers are required because of its unmatched security standards and options for messaging and file transfers.

The AS4 standard is seen as providing greater flexibility and higher levels of security than its predecessors could.

The result of this is that some central government departments and private industries sectors are now moving toward AS4 being their standard for file and message transfers. Those who do not adopt these standards as sure to be left out of key systems, which could affect their operations, competitiveness and credibility.

In recent years, this shift toward AS4 supporting technologies has been recognised by the worlds file transfer vendors, who as a result have integrated the standard into their offerings and solutions portfolios.

[You may also like "UK's Top 4 Regulations Overlap"]


Data Protection for Life GDPR Data Processing

Infinigate UK
Posted by: Infinigate UK
Share via:

Subscribe to VSEC Blog Updates

Terms and Conditions:
  • When completing this form, you are indicating your consent for this processing activity. By doing this you are providing Infinigate UK with lawful consent to process your submitted personal data for one or both of the marketing purposes below:
    • We will use your details to send you blog updates.
    • We will match your answers to areas of interest which believe you have and may send you additional marketing materials related to those areas.
  • We will keep your personal data for nine months, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it. You are free to withdraw your consent at any time by contacting our marketing department or using one of our unsubscribe links in our communications.
  • In some cases where you indicate consent for supplying you with additional promotional marketing material, we will share your personal data with one of our reseller partners, should your areas of interest match a solution or service they provide. We instruct all our reseller partners to communicate this data transfer with data subject affected.
  • Your personal data is stored in a marketing automation solution database, access to this is limited to authorised users and all necessary steps to ensure data security is maintained.

For further information about this form, your rights under the General Data Protection Regulation or how to exercise them, please contact Infinigate's marketing department here.

Popular Posts