AS2 is a protocol for securely exchanging documents that encrypts messages and was created in the 1990s, later being upgraded in 2002 when Walmart adopted it. SFTP is a protocol for securely transferring files over SSH that functions similarly to FTP but has no direct relationship to it. MFT Gateway is a cloud-based managed file transfer service that uses AWS services like S3, Lambda, and DynamoDB to provide scalable AS2 document exchange over HTTP/HTTPS with integrations for notifications and access through SFTP, APIs, and webhooks.

1. AS2 vs. SFTP
for secure document exchange

2. AS2 stands for Applicability Statement 2. Originally, Applicability Statement was
created in the 1990s as AS1.
It was later upgraded when Walmart adopted and required their suppliers and
other third-party vendors to use it in 2002.
The upgrade included the encryption of messages, known as AS2 messages,
that were exchanged with trading partners, vendors, and remote systems.
What is AS2?

3. SFTP (Secure File Transfer Protocol) is built on the SSH (Secure Shell) network
security protocol.
It is designed to allow for the secure transfer of files between users (from a SFTP
client to a SFTP server, and vice versa).
Primary functionality of SFTP is generally similar to standard FTP (File Transfer
Protocol); however, there is no direct relationship between the two.
What is SFTP?

4. Why do I need AS2?

5. Once you send files over the Internet, you'll be exposing them to various
network-based threats. Malicious individuals can intercept your message and then
steal whatever sensitive information you have in there.
AS2 protocol, allows you to securely transfer your data by encrypting your
payload.
Since AS2 protocol itself make sure your data is encrypted in transit, you do not
need to depend on the TCP level security measurement.
You can safely transfer your data over even HTTP protocol without compromising
security.
In Transit Encryption

6. Digital signature is a key feature of AS2 because they help enforce authentication,
data integrity, and non-repudiation, which are essential in maintaining the integrity
of business transactions. When you apply digital signatures, you'll be able to:
● Ascertain that the trading partner who sent you a message or file is in fact the
entity it claims to be (authentication)
● Verify whether the message received by the recipient is in fact the message
sent by the sender and not altered along the way (data integrity)
● Prevent a sender from disowning/refuting a transmission sent in the past
(non-repudiation)
Digital Signature

7. Before you carry out a transaction, it's important to make sure the entity you're
about to transact with is in fact the one whom you intended to transact with.
There are some cases where cyber criminals can spoof a trading partner's host and
participate in the transactions in their stead.
AS2's certificate-based authentication can minimize this risk.
Certificate Based Authentication

8. Once you shared your data with your trading partner, there should be a
confirmation whether they received/accepted the content you send.
AS2 protocol have a option to request an electronic receipt from the recipient
confirming message delivery status.
This receipt is known as MDN (Message Disposition Notification).
Message sender can also request from the recipient to add their digital signature to
the MDN, eliminating the chance of MDN spoofing and preserving the end-to-end
integrity of the overall transaction.
Electronic Receipts (MDN)

9. Message Disposition Notification includes a Message Integrity Check (MIC)
computed by your trading partner, based on the payload they received.
When compared with the MIC computed for the initial payload at your (sender's)
end, will stand as strong proof that the content integrity was preserved.
Message Integrity Check (MIC)

10. If you wish to utilize these integrity and non-repudiation features under SFTP, you
and your partner would need to implement an additional protocol layer on top of
SFTP and explicitly adhere to it.
However, AS2 is a standardized protocol that already includes all these features,
with a strong track record from leading B2B giants like Walmart, Amazon and
Target Corporation.
Unlike SFTP which operates over the SSH port - and hence requires need to
expose that (generally administrative) port for outside access, AS2 operates over
standard HTTP/HTTPS. So it is compatible with any generic network, safer, and
more firewall-friendly.

11. Why MFT Gateway?

12. MFT Gateway is a SaaS (Software as a Service) application for Managed File
Transfer, over AS2 protocol, developed on top of Amazon Web Service
infrastructure.

13. Since MFT Gateway is implemented using cloud native architecture, we deliver high
availability and rapid scalability for our clients.
Hare are the AWS services that MFT Gateway uses for the core functionality of the
application.
● User Management: Amazon Cognito
● Database: Amazon DynamoDB
● Content Store: Dedicated Amazon S3 bucket for each client
● Processing: AWS lambda
Cloud Native Architecture

14. ● AS2/Web app traffic receive interface: API Gateway
● Internal signalling: Amazon SNS
● Email notifications: Amazon SES
● Recording message statistics: Amazon TimeStream
● Deployment aspect: CloudFormation

15. MFT Gateway allows you to automate your message flows through multiple
integrations.
● S3: S3 integration allows you to directly access your dedicated S3 bucket and
send and receive messages using it, by uploading attachments to S3 bucket.
● SFTP: You can also send and receive messages through SFTP by enabling
SFTP integration.
● Webhook: MFT Gateway allows you to configure multiple webhook endpoints
to receive notifications for incoming AS2 messages, and message send
failures.
● REST API: You can use use the REST API for sending messages and
downloading received content.
Integration Support