CN117176569A - AS2 protocol-based direct connection EDI solution method - Google Patents
AS2 protocol-based direct connection EDI solution method Download PDFInfo
- Publication number
- CN117176569A CN117176569A CN202311253811.8A CN202311253811A CN117176569A CN 117176569 A CN117176569 A CN 117176569A CN 202311253811 A CN202311253811 A CN 202311253811A CN 117176569 A CN117176569 A CN 117176569A
- Authority
- CN
- China
- Prior art keywords
- digital certificate
- client
- edi
- ssl
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000004891 communication Methods 0.000 claims abstract description 26
- 238000012423 maintenance Methods 0.000 claims abstract description 6
- 230000005540 biological transmission Effects 0.000 claims description 34
- 238000012545 processing Methods 0.000 claims description 10
- 230000003993 interaction Effects 0.000 claims description 5
- VBMOHECZZWVLFJ-GXTUVTBFSA-N (2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexan Chemical compound NC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCN VBMOHECZZWVLFJ-GXTUVTBFSA-N 0.000 claims description 3
- 230000005856 abnormality Effects 0.000 claims description 3
- 238000012790 confirmation Methods 0.000 claims description 3
- 108010068904 lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginine Proteins 0.000 claims description 3
- 239000000725 suspension Substances 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012946 outsourcing Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000013479 data entry Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Abstract
The invention relates to the technical field of EDI systems, in particular to a direct-connection EDI solution method based on an AS2 protocol, which comprises the following steps of; s101, respectively configuring AS2 protocol parameters by an EDI system of a user side and an EDI system of a client side; s102, the EDI systems of the user side and the client side respectively carry out AS2 transaction partner parameter configuration; s103, the user configures private keys of the encrypted digital certificate A1 and the SSL digital certificate A2 at the AS2 transaction partner; the client configures private keys of an encryption digital certificate B1 and an SSL digital certificate B2 at an AS2 transaction partner; the user gives the public keys of the encrypted digital certificate A1 and the SSL digital certificate A2 to the client, and the client configures the public keys of the encrypted digital certificate A1 and the SSL digital certificate A2 in AS2 transaction partner parameters. The EDI system applying the direct-connection EDI solution based on AS2 protocol has an efficient maintenance process, and a user can have complete control right because the direct-connection EDI system can enable the user to change, operate and configure data layer logic and communication layer logic by himself.
Description
Technical Field
The invention relates to the technical field of EDI systems, in particular to a direct-connection EDI solution method based on an AS2 protocol.
Background
EDI is called paperless trade, and manual operation is replaced by systematic operation to the greatest extent. It can be said that automation in the EDI system truly achieves automatic receiving, sending and analyzing of service data, and does not need to manually check file sending conditions from time to time, because even if unknown anomalies occur, the EDI system can automatically send mails to mailboxes of corresponding service pairs to prompt the corresponding service pairs to check and process problems in time. EDI is also one of the most secure data transmission modes, which is an important factor for its wide application in various industries. All data transaction records of the EDI system are clear and can be searched, and the system can also design a visual interface to display business data to and from, so that great help is brought to data tracking and archiving.
The EDI working process is as follows: the sender prepares a file to be sent, and the file is usually a flat file, and can also be a picture, PDF and the like; converting the plane file into a standard EDI message, and directly transmitting the picture and PDF to a receiver without format conversion; the sender sends the standard EDI message to an EDI system of the receiver; receiving the EDI message by the EDI system of the receiver; the receiving party takes out the received EDI message and translates the EDI message into a plane file; the receiver inputs the translated data into the service system for processing.
Aiming at the characteristics of the current similar products, the following defects exist:
1) EDI business relies on outsourcing network suppliers, making enterprises inconvenient to exchange business documents with business partners;
2) The initial cost of the system is lower, however, as the transaction amount increases, the operation and maintenance cost of the system also increases significantly;
3) The user needs to manually input a large amount of business data from the UI provided by the outsourcing provider, and the user is passively governed by the provider at the use level, so that the flexibility of the operation is lacking; the data validity feedback of the partner cannot be received in time, so that the enterprise operation management makes wrong data decisions.
Disclosure of Invention
The invention aims to solve the problems in the background art and provides a direct-connection EDI solution based on an AS2 protocol.
The technical scheme of the invention is as follows: a direct connection EDI solution method based on AS2 protocol includes the following steps; s101, respectively configuring AS2 protocol parameters by an EDI system of a user side and an EDI system of a client side;
s102, the EDI systems of the user side and the client side respectively carry out AS2 transaction partner parameter configuration;
s103, the user configures private keys of the encrypted digital certificate A1 and the SSL digital certificate A2 at the AS2 transaction partner; the client configures private keys of an encryption digital certificate B1 and an SSL digital certificate B2 at an AS2 transaction partner; the user gives the public keys of the encrypted digital certificate A1 and the SSL digital certificate A2 to the client, and the client configures the public keys of the encrypted digital certificate A1 and the SSL digital certificate A2 in AS2 transaction partner parameters; the client gives public keys of the encrypted digital certificate B1 and the SSL digital certificate B2 to the user, and the user configures the public keys of the encrypted digital certificate B1 and the SSL digital certificate B2 at an AS2 transaction partner;
s104, the client acquires the public key of the SSL digital certificate A2 of the user through an SSL client authentication mode; the client compares and verifies the obtained public key of the SSL digital certificate A2 with the information of AS2 transaction partner parameter configuration of the EDI system of the client, and establishes connection after determining the information of the client;
s105, during data transmission, an EDI system of a user terminal processes an EDI service data file into a standard EDI format message;
s106, the EDI system at the user end sends a prepared EDI format message to the client through the information configured by the AS2 transaction partner parameters, packages and compresses the message, signs the private key of the encrypted digital certificate A1, encrypts the EDI format message through the public key of the encrypted digital certificate B1 of the client, and obtains an EDI format encrypted message;
s107, information transmission is carried out through HTTP/HTTPS protocol connection encrypted by the public key of the SSL digital certificate A2;
s108, the client verifies communication through the public key of the SSL digital certificate A2 and receives an EDI format encrypted message, decrypts through the private key of the encrypted digital certificate B1 of the AS2 protocol parameter of the client, verifies the signature through the public key information of the encrypted digital certificate A1 configured by the AS2 transaction partner parameter of the client, unpacks and decompresses to obtain an EDI format message;
s109, after unpacking, the client analyzes the EDI service data file in the EDI format message and adds other data processing logic;
s110, the client determines whether to correctly receive the EDI format message after confirming the EDI format message, generates a success or failure message and sends a message confirmation receipt MDN to the client;
s111, the user side verifies the MDN signature, carries out integrity check MIC on the returned content message and compares the returned content message with the initially calculated content, and confirms whether the EDI format message is effectively sent;
the user side mainly refers to a sender of the information; the client side mainly refers to a receiver of the information;
the encryption digital certificate and the SSL digital certificate are respectively used for data encryption and secure communication;
the EDI format message comprises ANSI X12 and EDIFACT;
wherein the other data processing logic includes importing data to the ERP system.
Preferably, the SSL server authentication method includes the following steps;
s201, a user side sends a communication request to a client side, and the request is used for obtaining the public key of the SSL digital certificate B2 of the client side;
s202, the client replies communication and sends the public key of the SSL digital certificate B2;
s203, the user side sets a random number H, encrypts the random number H through the public key of the SSL digital certificate B2 to obtain a ciphertext H, and sends the ciphertext H to the client side;
s204, the client decrypts the ciphertext H through the private key of the SSL digital certificate B2 to obtain a random number H0, and sends the random number H0 to the client;
s205, the client verifies whether the public key of the SSL digital certificate B2 is correct by comparing the random number H with the random number H0.
Preferably, the SSL client authentication method includes the following steps;
s301, a client sends a communication request to a user side, requests to acquire a public key of an SSL digital certificate A2 of the user side, and sends a public key of an SSL digital certificate B2 of the client side;
s302, the user side replies communication, and verifies the client side information by comparing with the public key information of the SSL digital certificate B2 in the AS2 transaction partner parameter configuration of the user side;
s303, the user side sets a random number I, encrypts the random number I through the public key of the SSL digital certificate B2 and the public key of the SSL digital certificate A2 of the user side to obtain a ciphertext I, and sends the ciphertext I to the client side;
s304, the client decrypts the ciphertext I through the private key of the SSL digital certificate B2 to obtain a random number I0 and the public key of the SSL digital certificate A2 of the user;
s305, the client sets a random number J, encrypts the random number J through the public key of the SSL digital certificate A2 to obtain a ciphertext J, and sends the random number I0 and the ciphertext J to the client;
s306, the user side receives the random number I0 and the ciphertext J, decrypts the ciphertext J through the private key of the SSL digital certificate A2 to obtain the random number J0, sends the random number J0 to the client side, compares the random number I0 with the random number I, and verifies the public key of the SSL digital certificate B2;
s307, the client receives the random number J0, compares the random number J0 with the random number J, verifies the public key of the SSL digital certificate A2, and completes the digital certificate verification of the two parties.
Preferably, the configuration content of the AS2 protocol parameter includes an AS2 ID, a private key certificate of an encrypted digital certificate, a private key certificate of an SSL digital certificate, and a data receiving URL address;
the AS2 ID is used AS an identity identifier of the user in the data transmission process based on an AS2 protocol;
the private key certificate of the SSL digital certificate is used for guaranteeing the safety and reliability of the data transmission process; when a user sends data to a transaction partner, the system signs the sent file by using a private key certificate of the user; conversely, when the user receives the file sent by the transaction partner, the system decrypts the received file by using the private key certificate of the user; the private key certificate of the encrypted digital certificate and the private key certificate password of the user are set in the process of creating the certificate, and the user needs to pay attention to confidentiality;
the data receiving URL address is used for receiving the URL address of the data in the AS2 transmission process, and is similar to a mailbox address in email communication, and both communication parties need to provide the URL address for own transaction partners;
the AS2 protocol parameter port supports a private key certificate file of PKCS#12 standard, and the suffix name of the private key certificate file is. Pfx or. P12.
Preferably, the AS2 transaction partner parameter configuration content includes a port ID, a transaction partner AS2 ID, a transaction partner URL, a transaction partner certificate, and an automation setting;
wherein the port ID is connected with the name of the AS2 port of the transaction partner;
the transaction partner AS2 ID, the transaction partner AS2 identifier;
the transaction partner URL receives a URL address from data of the transaction partner;
the transaction partner certificate, the encrypted digital certificate of the transaction partner and the public key information of the SSL digital certificate;
and the automatic setting is used for setting system parameters capable of automatically processing data transmission.
Preferably, the system parameter content set by automation comprises retry interval time, maximum retry times, retransmission intervals and maximum retransmission attempt times;
the retry interval time is used for retrying the file transmission according to the set time length when the file transmission fails;
the maximum retry number is the maximum number of file retransmission attempts;
the retransmission interval is used for setting the interval duration of the asynchronous MDN receipt timeout of the receiving transaction partner, and once the asynchronous MDN suspension time is overtime, the file is immediately retransmitted;
and the maximum retransmission attempt times, the receiving transaction partner MDN receipt overtime, the file retransmission to the maximum attempt times, and the system sending the alarm mail exceeding the maximum attempt times.
The scheme also discloses an EDI system applying the direct connection EDI solution based on the AS2 protocol, wherein the system comprises an AS2 protocol configuration module, an AS2 transaction partner parameter configuration module, a log tracing module and an alarm configuration module;
the AS2 protocol configuration module is used for defining AS2 information of a user end, and is used AS a unique identity in the AS2 transmission process to distinguish different transmission individuals in the AS2 transmission process;
the AS2 transaction partner parameter configuration module is used for defining an AS2 port connected with the transaction partner EDI system;
the log tracing module can inquire the state of EDI data interaction;
the alarm configuration module can enable system operation and maintenance personnel to timely check and process system operation abnormality.
Compared with the prior art, the invention has the following beneficial technical effects:
the EDI system applying the direct-connection EDI solution based on AS2 protocol has an efficient maintenance process, and the user can have complete control right by using the direct-connection EDI, because the direct-connection EDI system can enable the user to change, operate and configure data layer logic and communication layer logic by himself. In general, the EDI direct connection scheme is selected to establish a complete EDI solution within days or weeks, so as to realize the interface with the business data channel of the partner.
The system is highly automated, and the AS2 direct EDI solution allows enterprises to integrate with backend systems (e.g., ERP, CRM, etc.). After the system functions are integrated, enterprises can automatically access data between the EDI system and the application program, so that inaccurate service data caused by manual data entry is eliminated.
Drawings
Fig. 1 is a conceptual diagram of a direct-connect EDI solution based on the AS2 protocol;
fig. 2 is a diagram of an SSL server authentication procedure of a direct-connection EDI solution based on an AS2 protocol;
fig. 3 is a diagram of an SSL client authentication procedure of the direct EDI solution based on the AS2 protocol.
Detailed Description
The technical scheme of the invention is further described below with reference to the attached drawings and specific embodiments.
Examples
AS2 is a B2B messaging protocol for transferring files from one enterprise to another.
AS2 is a generic EDI transport protocol that transfers data for millions of businesses throughout. AS2 is commonly used in retailers such AS amazon and walmar. AS2 specifies how data is securely transferred over the Internet using HTTP/S (secure hypertext transfer protocol).
AS shown in fig. 1, the present invention provides a direct connection EDI solution based on an AS2 protocol, which includes the following steps;
s101, respectively configuring AS2 protocol parameters by an EDI system of a user side and an EDI system of a client side;
s102, the EDI systems of the user side and the client side respectively carry out AS2 transaction partner parameter configuration;
s103, the user configures private keys of the encrypted digital certificate A1 and the SSL digital certificate A2 at the AS2 transaction partner; the client configures private keys of an encryption digital certificate B1 and an SSL digital certificate B2 at an AS2 transaction partner; the user gives the public keys of the encrypted digital certificate A1 and the SSL digital certificate A2 to the client, and the client configures the public keys of the encrypted digital certificate A1 and the SSL digital certificate A2 in AS2 transaction partner parameters; the client gives public keys of the encrypted digital certificate B1 and the SSL digital certificate B2 to the user, and the user configures the public keys of the encrypted digital certificate B1 and the SSL digital certificate B2 at an AS2 transaction partner;
s104, the client acquires the public key of the SSL digital certificate A2 of the user through an SSL client authentication mode; the client compares and verifies the obtained public key of the SSL digital certificate A2 with the information of AS2 transaction partner parameter configuration of the EDI system of the client, and establishes connection after determining the information of the client;
s105, during data transmission, an EDI system of a user terminal processes an EDI service data file into a standard EDI format message;
s106, the EDI system at the user end sends a prepared EDI format message to the client through the information configured by the AS2 transaction partner parameters, packages and compresses the message, signs the private key of the encrypted digital certificate A1, encrypts the EDI format message through the public key of the encrypted digital certificate B1 of the client, and obtains an EDI format encrypted message;
s107, information transmission is carried out through HTTP/HTTPS protocol connection encrypted by the public key of the SSL digital certificate A2;
s108, the client verifies communication through the public key of the SSL digital certificate A2 and receives an EDI format encrypted message, decrypts through the private key of the encrypted digital certificate B1 of the AS2 protocol parameter of the client, verifies the signature through the public key information of the encrypted digital certificate A1 configured by the AS2 transaction partner parameter of the client, unpacks and decompresses to obtain an EDI format message;
s109, after unpacking, the client analyzes the EDI service data file in the EDI format message and adds other data processing logic;
s110, the client determines whether to correctly receive the EDI format message after confirming the EDI format message, generates a success or failure message and sends a message confirmation receipt MDN to the client;
s111, the user side verifies the MDN signature, carries out integrity check MIC on the returned content message and compares the returned content message with the initially calculated content, and confirms whether the EDI format message is effectively sent;
the user side mainly refers to a sender of the information; the client side mainly refers to a receiver of the information;
the encryption digital certificate and the SSL digital certificate are respectively used for data encryption and secure communication;
the EDI format message comprises ANSI X12 and EDIFACT;
wherein the other data processing logic includes importing data to the ERP system.
Preferably, the SSL server authentication method includes the following steps;
s201, a user side sends a communication request to a client side, and the request is used for obtaining the public key of the SSL digital certificate B2 of the client side;
s202, the client replies communication and sends the public key of the SSL digital certificate B2;
s203, the user side sets a random number H, encrypts the random number H through the public key of the SSL digital certificate B2 to obtain a ciphertext H, and sends the ciphertext H to the client side;
s204, the client decrypts the ciphertext H through the private key of the SSL digital certificate B2 to obtain a random number H0, and sends the random number H0 to the client;
s205, the client verifies whether the public key of the SSL digital certificate B2 is correct by comparing the random number H with the random number H0.
As shown in fig. 2, the SSL server authentication procedure: in the process of establishing connection, the client sends the public key of the SSL digital certificate B2 to the client, so when the AS2 protocol parameter page of the client is configured AS any, the client is connected with the client no matter what certificate the client uses to establish connection with the client, but if the client is in the AS2 protocol parameter of the SSL digital certificate A2 of the client, the client can be verified whether the public key is used by the client, and the authentication of the client by the client is completed;
preferably, the SSL client authentication method includes the following steps;
s301, a client sends a communication request to a user side, requests to acquire a public key of an SSL digital certificate A2 of the user side, and sends a public key of an SSL digital certificate B2 of the client side;
s302, the user side replies communication, and verifies the client side information by comparing with the public key information of the SSL digital certificate B2 in the AS2 transaction partner parameter configuration of the user side;
s303, the user side sets a random number I, encrypts the random number I through the public key of the SSL digital certificate B2 and the public key of the SSL digital certificate A2 of the user side to obtain a ciphertext I, and sends the ciphertext I to the client side;
s304, the client decrypts the ciphertext I through the private key of the SSL digital certificate B2 to obtain a random number I0 and the public key of the SSL digital certificate A2 of the user;
s305, the client sets a random number J, encrypts the random number J through the public key of the SSL digital certificate A2 to obtain a ciphertext J, and sends the random number I0 and the ciphertext J to the client;
s306, the user side receives the random number I0 and the ciphertext J, decrypts the ciphertext J through the private key of the SSL digital certificate A2 to obtain the random number J0, sends the random number J0 to the client side, compares the random number I0 with the random number I, and verifies the public key of the SSL digital certificate B2;
s307, the client receives the random number J0, compares the random number J0 with the random number J, verifies the public key of the SSL digital certificate A2, and completes the digital certificate verification of the two parties.
As shown in fig. 3, the SSL client authentication procedure: in the process of establishing connection, the client side sends the public key of the SSL digital certificate B2 to the user side and requests the public key of the SSL digital certificate A2 of the user side; the user must configure the public key of the SSL digital certificate B2 of the client in the AS2 transaction partner parameter configuration, respond to and send the public key of the SSL digital certificate A2 of the user; the client must configure the public key of the SSL digital certificate A2 of the user in the AS2 transaction partner parameter configuration of its own EDI system, and verify whether the public key sent by the user is correct, and if so, the two parties mutually authenticate each other to successfully establish a connection.
Preferably, the configuration content of the AS2 protocol parameter includes an AS2 ID, a private key certificate of an encrypted digital certificate, a private key certificate of an SSL digital certificate, and a data receiving URL address;
the AS2 ID is used AS an identity identifier of the user in the data transmission process based on an AS2 protocol;
the private key certificate of the SSL digital certificate is used for guaranteeing the safety and reliability of the data transmission process; when a user sends data to a transaction partner, the system signs the sent file by using a private key certificate of the user; conversely, when the user receives the file sent by the transaction partner, the system decrypts the received file by using the private key certificate of the user; the private key certificate of the encrypted digital certificate and the private key certificate password of the user are set in the process of creating the certificate, and the user needs to pay attention to confidentiality;
the data receiving URL address is used for receiving the URL address of the data in the AS2 transmission process, and is similar to a mailbox address in email communication, and both communication parties need to provide the URL address for own transaction partners;
the AS2 protocol parameter port supports a private key certificate file of PKCS#12 standard, and the suffix name of the private key certificate file is. Pfx or. P12.
Preferably, the AS2 transaction partner parameter configuration content includes a port ID, a transaction partner AS2 ID, a transaction partner URL, a transaction partner certificate, and an automation setting;
wherein the port ID is connected with the name of the AS2 port of the transaction partner;
the transaction partner AS2 ID, the transaction partner AS2 identifier;
the transaction partner URL receives a URL address from data of the transaction partner;
the transaction partner certificate, the encrypted digital certificate of the transaction partner and the public key information of the SSL digital certificate;
and the automatic setting is used for setting system parameters capable of automatically processing data transmission.
Preferably, the system parameter content set by automation comprises retry interval time, maximum retry times, retransmission intervals and maximum retransmission attempt times;
the retry interval time is used for retrying the file transmission according to the set time length when the file transmission fails;
the maximum retry number is the maximum number of file retransmission attempts;
the retransmission interval is used for setting the interval duration of the asynchronous MDN receipt timeout of the receiving transaction partner, and once the asynchronous MDN suspension time is overtime, the file is immediately retransmitted;
and the maximum retransmission attempt times, the receiving transaction partner MDN receipt overtime, the file retransmission to the maximum attempt times, and the system sending the alarm mail exceeding the maximum attempt times.
The invention also discloses an EDI system applying the direct connection EDI solution based on the AS2 protocol, which comprises an AS2 protocol configuration module, an AS2 transaction partner parameter configuration module, a log tracing module and an alarm configuration module;
the AS2 protocol configuration module is used for defining AS2 information of a user end, and is used AS a unique identity in the AS2 transmission process to distinguish different transmission individuals in the AS2 transmission process;
the AS2 transaction partner parameter configuration module is used for defining an AS2 port connected with the transaction partner EDI system;
the log tracing module can inquire the state of EDI data interaction;
the alarm configuration module can enable system operation and maintenance personnel to timely check and process system operation abnormality.
The EDI system developed based on AS protocol, HTTPS and S/MIME signature and encryption technology are widely used and regularly maintained in the technical level, and can be used for transmitting any type of file; supporting bidirectional information security authentication at a user side and a client side by using SSL; the operation level is concise and easy to operate, various parameters of visual configuration are concise and easy to operate, generation of seamless connection transaction messages of a unified specification data warehouse can be built for different enterprises, an information interaction process is not controlled by manual operation without additional manpower, data interaction safety accidents caused by manual operation are avoided, and performance based evaluation of brands to manufacturers is greatly improved.
Claims (7)
1. A direct connection EDI solving method based on AS2 protocol is characterized in that: comprises the following steps of;
s101, respectively configuring AS2 protocol parameters by an EDI system of a user side and an EDI system of a client side;
s102, the EDI systems of the user side and the client side respectively carry out AS2 transaction partner parameter configuration;
s103, the user configures private keys of the encrypted digital certificate A1 and the SSL digital certificate A2 at the AS2 transaction partner; the client configures private keys of an encryption digital certificate B1 and an SSL digital certificate B2 at an AS2 transaction partner; the user gives the public keys of the encrypted digital certificate A1 and the SSL digital certificate A2 to the client, and the client configures the public keys of the encrypted digital certificate A1 and the SSL digital certificate A2 in AS2 transaction partner parameters; the client gives public keys of the encrypted digital certificate B1 and the SSL digital certificate B2 to the user, and the user configures the public keys of the encrypted digital certificate B1 and the SSL digital certificate B2 at an AS2 transaction partner;
s104, the client acquires the public key of the SSL digital certificate A2 of the user through an SSL client authentication mode; the client compares and verifies the obtained public key of the SSL digital certificate A2 with the information of AS2 transaction partner parameter configuration of the EDI system of the client, and establishes connection after determining the information of the client;
s105, during data transmission, an EDI system of a user terminal processes an EDI service data file into a standard EDI format message;
s106, the EDI system at the user end sends a prepared EDI format message to the client through the information configured by the AS2 transaction partner parameters, packages and compresses the message, signs the private key of the encrypted digital certificate A1, encrypts the EDI format message through the public key of the encrypted digital certificate B1 of the client, and obtains an EDI format encrypted message;
s107, information transmission is carried out through HTTP/HTTPS protocol connection encrypted by the public key of the SSL digital certificate A2;
s108, the client verifies communication through the public key of the SSL digital certificate A2 and receives an EDI format encrypted message, decrypts through the private key of the encrypted digital certificate B1 of the AS2 protocol parameter of the client, verifies the signature through the public key information of the encrypted digital certificate A1 configured by the AS2 transaction partner parameter of the client, unpacks and decompresses to obtain an EDI format message;
s109, after unpacking, the client analyzes the EDI service data file in the EDI format message and adds other data processing logic;
s110, the client determines whether to correctly receive the EDI format message after confirming the EDI format message, generates a success or failure message and sends a message confirmation receipt MDN to the client;
s111, the user side verifies the MDN signature, carries out integrity check MIC on the returned content message and compares the returned content message with the initially calculated content, and confirms whether the EDI format message is effectively sent;
the user side mainly refers to a sender of the information; the client side mainly refers to a receiver of the information;
the encryption digital certificate and the SSL digital certificate are respectively used for data encryption and secure communication;
the EDI format message comprises ANSI X12 and EDIFACT;
wherein the other data processing logic includes importing data to the ERP system.
2. The direct-connect EDI solution based on the AS2 protocol AS claimed in claim 1, wherein: the SSL server authentication mode comprises the following steps of;
s201, a user side sends a communication request to a client side, and the request is used for obtaining the public key of the SSL digital certificate B2 of the client side;
s202, the client replies communication and sends the public key of the SSL digital certificate B2;
s203, the user side sets a random number H, encrypts the random number H through the public key of the SSL digital certificate B2 to obtain a ciphertext H, and sends the ciphertext H to the client side;
s204, the client decrypts the ciphertext H through the private key of the SSL digital certificate B2 to obtain a random number H0, and sends the random number H0 to the client;
s205, the client verifies whether the public key of the SSL digital certificate B2 is correct by comparing the random number H with the random number H0.
3. The direct-connect EDI solution based on the AS2 protocol AS claimed in claim 1, wherein: the SSL client authentication mode comprises the following steps of;
s301, a client sends a communication request to a user side, requests to acquire a public key of an SSL digital certificate A2 of the user side, and sends a public key of an SSL digital certificate B2 of the client side;
s302, the user side replies communication, and verifies the client side information by comparing with the public key information of the SSL digital certificate B2 in the AS2 transaction partner parameter configuration of the user side;
s303, the user side sets a random number I, encrypts the random number I through the public key of the SSL digital certificate B2 and the public key of the SSL digital certificate A2 of the user side to obtain a ciphertext I, and sends the ciphertext I to the client side;
s304, the client decrypts the ciphertext I through the private key of the SSL digital certificate B2 to obtain a random number I0 and the public key of the SSL digital certificate A2 of the user;
s305, the client sets a random number J, encrypts the random number J through the public key of the SSL digital certificate A2 to obtain a ciphertext J, and sends the random number I0 and the ciphertext J to the client;
s306, the user side receives the random number I0 and the ciphertext J, decrypts the ciphertext J through the private key of the SSL digital certificate A2 to obtain the random number J0, sends the random number J0 to the client side, compares the random number I0 with the random number I, and verifies the public key of the SSL digital certificate B2;
s307, the client receives the random number J0, compares the random number J0 with the random number J, verifies the public key of the SSL digital certificate A2, and completes the digital certificate verification of the two parties.
4. The direct-connect EDI solution based on the AS2 protocol AS claimed in claim 1, wherein: the configuration content of the AS2 protocol parameter comprises an AS2 ID, a private key certificate of an encrypted digital certificate, a private key certificate of an SSL digital certificate and a data receiving URL address;
the AS2 ID is used AS an identity identifier of the user in the data transmission process based on an AS2 protocol;
the private key certificate of the SSL digital certificate is used for guaranteeing the safety and reliability of the data transmission process; when a user sends data to a transaction partner, the system signs the sent file by using a private key certificate of the user; conversely, when the user receives the file sent by the transaction partner, the system decrypts the received file by using the private key certificate of the user; the private key certificate of the encrypted digital certificate and the private key certificate password of the user are set in the process of creating the certificate, and the user needs to pay attention to confidentiality;
the data receiving URL address is used for receiving the URL address of the data in the AS2 transmission process, and is similar to a mailbox address in email communication, and both communication parties need to provide the URL address for own transaction partners;
the AS2 protocol parameter port supports a private key certificate file of PKCS#12 standard, and the suffix name of the private key certificate file is. Pfx or. P12.
5. The direct-connect EDI solution based on the AS2 protocol AS claimed in claim 1, wherein: the AS2 transaction partner parameter configuration content comprises a port ID, a transaction partner AS2 ID, a transaction partner URL, a transaction partner certificate and automatic setting;
wherein the port ID is connected with the name of the AS2 port of the transaction partner;
the transaction partner AS2 ID, the transaction partner AS2 identifier;
the transaction partner URL receives a URL address from data of the transaction partner;
the transaction partner certificate, the encrypted digital certificate of the transaction partner and the public key information of the SSL digital certificate; and the automatic setting is used for setting system parameters capable of automatically processing data transmission.
6. The direct-connect EDI solution based on the AS2 protocol AS claimed in claim 1, wherein: the system parameter content set by automation comprises retry interval time, maximum retry times, retransmission intervals and maximum retransmission attempt times;
the retry interval time is used for retrying the file transmission according to the set time length when the file transmission fails; the maximum retry number is the maximum number of file retransmission attempts;
the retransmission interval is used for setting the interval duration of the asynchronous MDN receipt timeout of the receiving transaction partner, and once the asynchronous MDN suspension time is overtime, the file is immediately retransmitted;
and the maximum retransmission attempt times, the receiving transaction partner MDN receipt overtime, the file retransmission to the maximum attempt times, and the system sending the alarm mail exceeding the maximum attempt times.
7. An EDI system applying the AS2 protocol-based direct EDI solution according to claim 1, wherein: the system comprises an AS2 protocol configuration module, an AS2 transaction partner parameter configuration module, a log tracing module and an alarm configuration module;
the AS2 protocol configuration module is used for defining AS2 information of a user end, and is used AS a unique identity in the AS2 transmission process to distinguish different transmission individuals in the AS2 transmission process;
the AS2 transaction partner parameter configuration module is used for defining an AS2 port connected with the transaction partner EDI system;
the log tracing module can inquire the state of EDI data interaction;
the alarm configuration module can enable system operation and maintenance personnel to timely check and process system operation abnormality.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311253811.8A CN117176569A (en) | 2023-09-26 | 2023-09-26 | AS2 protocol-based direct connection EDI solution method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311253811.8A CN117176569A (en) | 2023-09-26 | 2023-09-26 | AS2 protocol-based direct connection EDI solution method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN117176569A true CN117176569A (en) | 2023-12-05 |
Family
ID=88935432
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311253811.8A Pending CN117176569A (en) | 2023-09-26 | 2023-09-26 | AS2 protocol-based direct connection EDI solution method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117176569A (en) |
-
2023
- 2023-09-26 CN CN202311253811.8A patent/CN117176569A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10805307B1 (en) | Multiple data store authentication | |
KR20120005364A (en) | Electronic address, and eletronic document distribution system | |
US20100293371A1 (en) | Generating pki email accounts on a web-based email system | |
TWI813586B (en) | Platform and method of certification of an electronic contract for electronic identification and trust services (eidas) | |
US20070083749A1 (en) | Systems and methods for automated exchange of electronic mail encryption certificates | |
EP1076298A2 (en) | Information transmitting apparatus, information saving apparatus, information receiving apparatus, method for using the same, and recording medium thereof | |
JP2008500755A (en) | Method for encrypting and transporting data between sender and receiver using a network | |
KR20100117066A (en) | Signature method and device | |
US8774760B2 (en) | Method and system for providing real-time alert notification | |
CN111431896A (en) | Data sharing method and system | |
KR101589160B1 (en) | A communication device | |
CN117176569A (en) | AS2 protocol-based direct connection EDI solution method | |
KR101157876B1 (en) | Electronic apparatus for making electronic contract | |
CA2390817A1 (en) | Method for the moderately secure transmission of electronic mail | |
WO2000046952A1 (en) | Method for sending secure email via standard browser | |
CN103986724A (en) | Real-name authentication method and system for e-mail | |
JP6548904B2 (en) | Method of generating certified electronic contract by telecommunications company customer | |
US9525653B2 (en) | Enhanced wireless short message service | |
KR20100050926A (en) | System and method for security email service based on certificates | |
WO2019154966A1 (en) | Method and devices for keyless secure data communication | |
CN112884437B (en) | Asset management method and device | |
CN110493241B (en) | Application system data support processing method | |
KR20100132674A (en) | Electronic tax bill issue system and method using enterprise resource management | |
KR101709197B1 (en) | Method and application for transceiving a confirmation of receivables based on application | |
KR101223674B1 (en) | E-mail client daemon system for # mail and method of sending # mail using the system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |