An important aspect of EDI is the security of messages during the exchange. It should be ensured that the interchange of messages is reliable.
Further aspects of security are:
-
Controls in the EDI standards:-
EDI standards include controls designed to protect against errors in the message and the corruption of message during the interchange.
-
Controls in the transmission protocol:-
Transmission protocols include protection such as longitudinal control totals in order to detect any corruption that occurs during transmission. When the corruption of the message is detected, the network system starts retransmission without the need for outside intervention.
-
Protection against tampering:-
When there is a concern that the transmission might be intercepted and modified, it can be protected by a digital signature. The digital signature is designed to ensure that the message received is exactly the same as the message sent. It also ensures that the source of a message is an authorized trading partner and the message was not altered during the transmission.
-
Privacy of message:-
In case, when the contents of the message are considered sensitive, the privacy of the message can be protected during transmission by encrypting the data. Encryption is the process of encoding messages or information in such a way that only authorized party i.e. the trading partner can read it.
-
Non-repudiation:-
One potential problem is that the recipient of the message might deny having received it. Non-repudiation means to ensure that a transferred message has been sent and received by the parties claiming to have sent and received the message. It is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message. Non-repudiation can be obtained through the use of digital signatures, confirmation services, and timestamps.
The figure shows the overall facilities for EDI security and privacy:
Another aspect of security provided for by the EDI standard is the receipt of the acknowledgment message. This is a transaction specific message sent out by the receiving system to acknowledge each message, order etc.
Trading partners that use receipt acknowledgment message need to be clear about the level of security implied by the recipient of the acknowledgment. The EDI acknowledgment message can be:
- Automatically generated by the EDI Software (physical acknowledgment). It informs the sender that the message has arrived but there is no guarantee that it is passed to the application for processing or that it is a valid transaction within the application.
- Coded into the application to confirm that it is in the system for processing.
- Produced by the application once the message is processed to confirm that the message was valid and possibly to give additional information such as stock allocation and expected delivery date (logical acknowledgment).