AMMX TECHNOLOGY

The Future of Global World Trade and Ultra Secure File Transfer

AMMX is a low cost, fast to deploy technology for the ultra-secure transfer of electronic business messages/data files between trading partners over public and private networks as well as between internal business applications. AMMX is a global networked technology utilising the Secure Auditable File Exchange (SAFE) Protocol unique to AdvanceFirst. AMMX builds on the foundation of the concept of Managed File Transfer to provide a best of breed, comprehensive, unique communication standard. AMMX is a fully secure, fully audited (from application to application), easy to implement technology for the exchange of secure business critical information which has the power to transform the way the world does business.

“Safe Protocol sets the standards for Ultra Secure File Transfer”

Key Features of AMMX Enhance Message Tracking

• Full application to application audit, provides status points not only for the delivery of the message between applications, but also provides for extended audit reporting by the receiving application to track progress through the supply chain back to the initiator. – Complete message tracking visibility Stronger and more robust Encryption Standard
• AMMX uses more robust and stronger encryption standards than other current message exchange standards. (AES 256 standards) – Uses latest encryption technology Unique Transport Protocol
• Uses encryption, digital certificates, signatures and full data integrity checking over a new lightweight simple transport protocol SAFE (Secure Auditable File Exchange) Protocol unique to AFT, designed specifically for the purpose of exploiting the current widespread availability of high speed broadband connections. o Easy to implement client/server technology
• AMMX Windows/Java clients downloadable, easily installed and operated Advanced Communications Capability
• Enables point to point, store and collect as well as store and forward
• Network Flexibility

Highly Secure

• Uses X.509 certificate exchange between client and server to provide authentication during SSL connection. User Authentication at Application Level
• X.509 Certificates are used to provide authentication at application level. Non-Repudiation
• Uses digital signatures for non repudiation. Incorporates the best features of existing standards
• Addresses the perceived weaknesses in other message/file exchange standards. AS/2 for example is complex to implement, only provides audit from server to server and requires an inbound firewall connection.

Cascading Global Servers

• Any AMMX clients linked to any AMMX server anywhere is the world have the capability to exchange secure files to one another through numerous servers if required. The audit trail, application to application remains complete and secure at all times.

Freely Available AMMX Client API’s

• A rich stream of application programming interfaces are made freely available with each client to allow for ease of back integration into internal systems. Tracking/Status points are then able to be sent from an internal system through the secure AMMX route to an external system. For example tracking an object from one ERP through to another ERP system. – Windows client and API’s available Feb 2008 – Java client and API’s for all other platforms available late Q1 2008

Public Keys changed simply and securely at no cost

• One single change to your public Key on the AMMX Directory is all that is required as every AMMX client transmission checks for the exchange partner’s latest public key and inserts it into the message address. Public Keys can therefore be changed across communities as often as required for no cost.

Alternative Protocols

• FTP – is not a robust or secure protocol for the exchange of business documents.
• S/FTP and FTP/S – do provide a robust and secure way to exchange documents, but are limited only to the transfer of data. They do not provide for the non-repudiation of data with the use of digital signatures. Nor do they provide any audit facilities other than for file delivery.
• AS/2 – currently the main contender for Managed File Transfer.

Disadvantages of AS2

• Exclusive use of available standards such as MIME encapsulation, some of which were created over 10 years ago has resulted in a standard with too many implementation options which have caused implementation issues.
• AS/2 is more of a compilation of standards than the development of a standard architecture designed specifically for the exchange of business documents.
• Use of Http protocol requires that both trading partners must setup and configure complex web servers and firewalls to allow the exchange of trading documents.
• AS2 requires an inbound session through a firewall increasing security risk.
• The use of MIME encapsulation with nested body parts requires complex application logic to extract a payload.
• Expensive interoperability certification process has not been able to eliminate implementation and setup problems.
• AS2 is also very costly and time consuming to implement.

Lowering the barriers of entry to Electronic Trading, Systems Integration and Managed File Transfer

• Rapid easy deployment across trading communities – (SME’s/SMB’s)
• Web downloadable, easily installed and operated AMMX client
• No complex communications requirements
• Low cost solution
• No complex training requirement. Easy to adopt
• Has the capability to replace all traditional VAN based services
• Easy back end integration through publicly available AMMX client API’s
• If as planned AMMX clients (Windows and Java) are offered as a free website download, their spread could easily become viral
• Easy change of Public Key – One change is made to public key on the AMMX client directory and for each AMMX client transmission the latest public key is taken from the directory automatically.
• Simple EDI VAN replacement – Easy to implement across trading communities, low cost/no cost. Just re-direct existing EDI files through to trading partner AMMX mailbox. No monthly fees, no envelope charges or transmission charges. More secure, more auditability, better performance.

Microsoft Technology incorporated into AMMX solution

• Multi Threaded
• IO Completion Ports
• SSPI
• CRYPTOAPI
• WIN 32
• XML

Java and Windows AMMX Clients

• Clients suitable for all hardware platforms
• Easily installed via AMMX website
• Simple user interface
• Install AMMX clients and exchange documents and data files with total security and auditability within hours via AFT AMMX host

Compliance

AMMX technology more than fulfils all the requirements for security and auditability of file exchange required by any known governing bodies. For example SOX compliance: –

SOX Compliance

AMMX Technology gives complete Sarbanes Oxley Compliance What is required for SOX compliance from a data communications perspective? : –

1. That all data is transferred using a secure and auditable transfer protocol
2. That a user authentication system is in place
3. That data is tracked from application to application even on separate systems
4. That any data file is tracked, date and time sent and received from source to destination
5. That the data is fully secure at every stage of the process (encryption, digital signatures etc)
6. That the full tracking/audit data on all the above is logged securely
7. That any solution is easy to implement and maintain
8. That the required solution is easily cost justifiable

All the above functionality is built into the AMMX solution as standard functionality Vision for the future of AMMX

• A technology with a new protocol designed specifically for the efficient and secure exchange of business messages with extended audit tracking capabilities to allow the progress of documents and files to be tracked through the complete communication (supply) chain.
• E.g. – For a purchase order this could be from issue to fulfilment, with audit updates being relayed from the supplier back in to the customer’s internal application.
• E.g. – For ERP systems, this means the ability to implement end to end, ERP to ERP file status tracking.
• * A High Performance Managed Message Transport Solution
• Incorporating all the attributes of the SAFE Protocol (high levels of security/auditability)
• Including a powerful, multi threaded server – Java and Windows AMMX clients (web downloadable) application to enable the rapid implementation of business solutions across trading communities.
• API’s to be made freely available to enable tight integration with business applications. Provides an ability to pass tracking data (tracking files or objects) from one companies internal system/applications, securely through to the internal systems of a trading partner/client.

Expanded (but short term) vision

• A community of AMMX servers and associated AMMX/SAFE clients, able to exchange business documents in ‘real time’ as part of a corporate infrastructure, as part of a trade organisation or as part of global networked community.
• Hosted Service (by AFT/ERP vendors/Network providers, ASV’s, Communities, Corporates) The hosted server, providing a viable low cost/no cost alternative to existing VANs, or where additional services and software applications need to be made available across communities by Network Providers/ASP’s.
• Creation of Worldwide Virtual Business Network – Connected (Cascading) AMMX Servers linked to communities of connected clients. – AMMX Servers hosted by Corporates – AMMX Servers hosted by Communities – AMMX Servers hosted by Network Providers – AMMX Servers hosted by Application Service Providers (ASP’s)
• Hosting of Global AMMX Business Directories for Secure and Auditable (SOX compliant) AMMX message/file exchange. – The ownership of this directory carries huge value in its own right, with all AMMX technology users needing to register on the AMMX Directory upon installing the AMMX client. AFT then automatically distribute a unique digital signature and mailbox address to that client. – Public key updates for a whole community can be made with one update of an entry into the AMMX directory. For each AMMX client transmission a check is made with the directory to use the latest public key available for that destination client. Public keys can therefore be changed as frequently as desired with little disruption to operations making the system even more secure. – Each AMMX user then creates an entry in the directory indicating what level of AMMX tracking he can offer… (example follows): –

Example of AMMX Trading Levels

• AMMX Level 1 – (Customs and Excise to Logistics/Shipper full audit trail)
• AMMX Level 2 – (Logistics/Shipper to Manufacturer full audit trail)
• AMMX Level 3 – (Manufacturer to component supplier full audit trail)
• AMMX Level 4 – (Component supplier to Raw Material Supplier full audit trail)

So In the above example US Customs and Excise could request that they only accepted Shipping manifests etc from shippers who provided AMMX Level 3 auditability (audit trails would come automatically with each document shipped).

The shipper would therefore have to make sure both the manufacturers and component suppliers who supply them, all used AMMX technology, so the audit trail could be passed through to US Customs.

This would mean that by examining the audit trail relating to the above example US Customs would be able to identify the person who authorised the release of the documents from the exact application on the exact system (date and time) to support the shipment of raw materials to the component manufacturer who made components that were sent to the product manufacturer who in turn handed them over to the freight/shipping company for export to the US.

Each person, each system, each company, and each country all fully secured (digital signatures/certificates, full error checking, full top level encryption) clearly identified at each stage of the full audit trail. This is due to the data contained in the Global AMMX Directory of Companies with unique digital signatures relating to each machine using an AMMX client.

Ownership of the Global Directory becomes a key factor. Compiling the directory, issuing certificates globally and making the directory available (at a charge) for application service providers to advertise their solutions on the AMMX Directory. So controlling access to the directory (as well as the technology) is where the true future financial opportunity lies.

Incorporation into PC’s/Mobile devices and standard feature

In future the very light weight AMMX client could be allocated to every PC and a public key could be allocated to a PC or even an individual. This opens up a secure and auditable route through from Banks, Insurance Companies, Gas, Electricity and Telco’s, Government bodies, Health Organisations to name but a few, to the general public for the first time.

The data file (say Electricity Bill) could be sent as a secure AMMX transmission and when received, the AMMX client passes the data file through into the Outlook mailbox as an unread secure email transmission.

In future AMMX client could be installed onto mobile devices for similar purposes.

Data Transformation, Mapping and Routing

Outside of the provision and support of the AMMX global ultra secure file transfer network, AdvanceFirst Technologies core business is the sale and support of B2B gateway solutions all with interfaces to AMMX file transfer technology. These solutions range from single PC based software solutions to our Corporate B2B gateway Advance Information Broker.

Please click through to the AdvanceFirst main website at www.advancefirst.com to find out more about the Advance Business Collaborator (ABC) suite of electronic trading and systems integration solutions.

For more information on the AMMX Client/Server Technology please call: –

+44 (0)1932 789004

Or email to enquiries@advancefirst.com