- Source: Digital Postmarks
A Digital Postmark (DPM) is a technology that applies a trusted time stamp issued by a postal operator to an electronic document, validates electronic signatures, and stores and archives all non-repudiation data needed to support a potential court challenge. It guarantees the certainty of date and time of the postmarking. This global standard was renamed the Electronic Postal Certification Mark (EPCM) in 2007 shortly after a new iteration of the technology was developed by Microsoft and Poste Italiane. The key addition to the traditional postmarking technology was integrity of the electronically postmarked item, meaning any kind of falsification and tampering will be easily and definitely detected.
Additionally, content confidentiality is guaranteed since document certification is carried out without access or reading by the postal operator. The EPCM will eventually be available through the UPU to all international postal operators in the 191 member countries willing to be compliant with this standard, thus granting interoperability in certified communications between postal operators. In the United States, the US Postal Service operates a non-global standard called the Electronic Postmark, although it is soon expected to provide services utilizing the EPCM.
Providers
In the United States, until the end of 2010, Authentidate was the only authorized USPS EPM provider. However, this contract was allowed to expire.
The process
An electronic document is created
Digital Postmarking client software signs the document locally
The signed document is sent to the Digital Postmarking (DPM) service for postmarking
Upon receipt, the DPM service first validates the authenticity of the signature
If the signature is valid then a timestamp is generated by the DPM service as a counter-signature that includes the date and time
The document, signature, validation results and timestamp are stored in the Digital Postmark non-repudiation database
A Digital Postmark Receipt, including the validation results and the timestamp, is returned to the client software
The client software wraps the original document with the DPM receipt
To verify the signature, local cryptographic verification can do a quick check of integrity or the full receipt or even the original document can be retrieved from the DPM service using the XML Verify request by other parties at a later date and compared with the receipt stored with the document.
Benefits of digital postmarks
The DPM is fundamentally a non-repudiation service supporting designed to protect the sanctity of mail in its digital form:
Digital signature verification
Timestamping of successfully verified signatures
Standalone timestamping
Encryption
Validation of certificate trust chains
Storage and archival of all non-repudiation evidence data required to support subsequent challenges
Legal significance. In addition to federal and state legislative frameworks, the DPM holds legal weight with respect to the following legislation, which have been established to encourage people to form and sign contracts and agreements electronically:
Government Paperwork Elimination Act (GPEA), 1998
Uniform Electronic Transaction Act (UETA), 1999
Electronic Signatures in Global and National Commerce Act (ESIGN), 2000
Working with current infrastructure, it is easy to implement - providing functionality even with no client-side software, and provides automated functionality with client software.
= Additional benefits
=Proactive differentiation "good" email from spam and phishing.
Improved service quality by applying the same standards that govern physical mail to email.
Stronger authentication than other standards such as (Sender ID and DKIM).
Compliance with all federal laws and regulations.
Postal operator enforcement: Mail fraud is virtually non-existent with physical mail due to the legal framework and the vigorous efforts of the U.S. Postal Inspection Service. Digital Postmarks have the same legal recourse for email fraud as for physical mail fraud.
Significant mailing cost reduction to only a few cents.
Applicable services
The Digital Postmark can be used for a variety of business applications:
signing Web forms and documents
delivery of secure documents
interpersonal messaging
Brief history
Key dates in the development of the digital postmark:
1998–1999
The USPS and Canada Post develop the first digital postmark.
1999
The UPU Standards Board begins the process to develop a global technical standard (S43) for the digital postmark.
2001
A workshop hosted by USPS decides on a consistent visual image for digital postmarks offered by Posts.
2002
USPS launches its digital postmark, the "Electronic Postmark". Development work on the S43 standard is completed. Microsoft agrees to define and produce an interface in W2000/XP and Office 2000 and XP 2003 to support the digital postmark.
2003
The UPU Standards Board formally adopts the S43 standard (See article) Archived 2007-06-11 at the Wayback Machine.
It defined a technical standard – "S43 - Electronic PostMark Interface" – which was approved by the UPU Standards Board in November 2003 as a technical standard for the postal industry.
Portugal’s postal service launches a legally recognized digital postmarks service.
2004
The UPU Congress adopts a proposal to amend the UPU Convention to legally define the digital postmark, formally recognizing it as a new optional postal service.
September: The UPU Legally Defined the EPM as a Postal Service (See article)
This makes the EPM an optional postal service for UPU member countries, placing the EPM in the same category as Express Mail.
The UPU definition provides international technological and enforcement standards Archived 2008-11-03 at the Wayback Machine.
2005
Adobe agrees to support the inclusion of the digital postmark.
La Poste France develops an S43-based digital postmark server. It is used as early as 2006.
2006
The UPU Standards Board approves version 3 of the standard S43, the first to enable cross-border and global traffic using digital postmarks.
January: The UPU Approved a DPM Regulation (See article). This regulation was passed as an amendment with the letter mail regulation.
Every postal service has a UPU regulation that manages the service and regulates how the posts will cooperate in that service. This makes it easier to assist member countries in developing the market for worldwide digital postmark services.
This DPM Regulation has dramatically increased interest in the EPM worldwide.
Poste Italiane develops a plug-in to enable Microsoft Office users to connect to a backend server, which delivers digital postmarks that comply with the UPU’s S43 technical standard.
2007
April: The UPU Approved the renaming of Digital postmark to Electronic Postal Certification Mark EPCM
Global usage
Recognizing the great potential of the Digital Postmark, numerous postal administrations worldwide have begun deploying DPM-based solutions. Five postal services – Canada, France, Italy, Portugal and the United States – have developed their own digital postmark and use it today. Major software developers are also working to incorporate the global standard into popular applications used by millions of people worldwide.
United States (first launched EPM in 1996; current EPM released March 2003)
France (first launch in 1999)
Canada (launched 1st quarter 2003)
Portugal (launched September 2003)
Italy (launched 2005 by Poste Italiane as Posteitaliane.mail, now Posteitaliane.post)
Egypt (contracted with provider 1st quarter 2005)
Switzerland (contracted with provider July 2005)
Brazil (contracted with provider 2004)
China (preparing to launch)
Netherlands (preparing to launch)
United Kingdom (preparing to launch)
The Universal Postal Union (UPU) has identified trust services as the greatest opportunity for global postal growth. Specifically, they identified the Digital Postmark as the most important trust service; providing an excellent defense against online fraud and abuse.
Electronic postmarks
The United States Postal Service (USPS) Electronic Postmark (EPM©) is a proprietary variation of the Digital Postmark issued by the USPS. It was introduced in 1996 by the U.S. Postal Service as a service offering that provides proof of integrity and authentication for electronic transactions.
Through the USPS EPM web-based service, any third-party can verify the authenticity of electronic content. This electronic proof, postmarked by the Postal Service, provides evidence to support non-repudiation of electronic transactions. The EPM is designed to deter and detect the fraudulent tampering or altering of electronic data.
= Key features
=The USPS wrote that the key features of their Electronic Postmark are:
Content authentication web-based service (based upon American Bar Association PKI Guidelines) proves document authenticity and timestamp accuracy to detect and prevent fraud.
Integrates easily into existing applications with standard-based interfaces.
Verify options include; local (self contained) & centralized (Internet based).
Verification is free.
128 Bit SSL encryption insuring privacy and security of communications.
Data stays private. Service never has access to your content and requires no modification or transmission of content. (only a hash code of the file is logged as evidence of authenticity.)
= US legal environment
=The USPS listed laws relevant to EPM as follows:
18 U.S.C. §1343 Wire Fraud
18 U.S.C. §2701 Electronic Communications Privacy Act (ECPA)
18 U.S.C. §2510 regarding electronic communications. Definitions (17)Electronic storage means
(A) any temporary, intermediate storage of a wire or electronic communication incident to the electronic transmission thereof
(B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication.
18 U.S.C. §2710 regarding unlawful access to stored electronic communications
18 U.S.C. §1028, Fraud and related activity in connection with identification documents and information
18 U.S.C. §1029, Fraud and related activity in connection with access devices.
Additional
= Other definitions
=A Digital Postmark (DPM) is also a network security mechanism, developed by Penn State researchers Ihab Hamadeh and George Kesidis, to identify which region a packet or a set of packets comes from. It was developed as a way to combat spam and denial-of-service (virus) attacks by isolating the source of such attacks, while still allowing "good" messages to pass through.
A digital postmark works when a perimeter router marks up a packet border with its region-identifying data. Also called a "border router packet marking", it uses an obsolete or unused portion of the packet to place the regional mark-up. When room does not exist in any one portion of the packet, the region information can be broken up and hashed in a subsequently retrievable way.
See also
Trusted timestamping
UPU
USPS
References
External links
USPS Electronic Postmark Page
USPS EPM site
French Post Service
Portugal Post Service
Universal Postal Union homepage
Purchase UPU S43-3 Standard
Universal Postal Union - Postal Technology Center
USPS Glossary of Postal Terms (Publication 32)
Worldwide Postal Network in Figures, October 2006
Article: New marking process traces spammers, pirates and hackers
ETSI Specialist Task Force 318: Registered Emails
Kata Kunci Pencarian:
- Cap pos
- Postmark
- Digital Postmarks
- Trusted timestamping
- DPM
- DomainKeys Identified Mail
- E-government
- E-democracy
- Saucy Jacky postcard
- List of postal codes
- Christmas, Florida
