x
Home
Search
Topics
Almanac
Science
Nature
People
History
Society
Signup
Login
HOME
TOPICS
ALMANAC
SCIENCE
NATURE
PEOPLE
HISTORY
SOCIETY
PHILOSOPHY
Digital Postmarks
Topic Home
Discussion
0
Definition
Encyclopedia
A Digital Postmark is a technology that applies a trusted time stamps
Trusted timestamping
Trusted timestamping is the process of securelykeeping track of the creation and modification time of a document. Securityhere means that no one — not even the owner of the document — should be able to change it once it has been recorded provided that the timestamper's integrity is never...

 issued by a postal operator to an electronic document, validates electronic signatures, and stores and archives all non-repudiation
Non-repudiation
Non-repudiation refers to a state of affairs where the purported maker of a statement will not be able to successfully challenge the validity of the statement or contract. The term is often seen in a legal setting wherein the authenticity of a signature is being challenged...

 data needed to support a potential court challenge - it guarantees the certainty of date and time of the postmarking. This global standard was renamed the Electronic Postal Certification Mark (EPCM) in 2007 shortly after a new iteration of the technology was developed by Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...

 and Poste Italiane
Poste Italiane
Poste italiane S.p.A. is the government-owned postal service of Italy, headquartered in Rome.Besides providing core postal services, Poste Italiane Group offers integrated products, as well as communication, logistics and financial services in Italy....

. The key addition to the traditional postmarking technology was integrity of the electronically postmarked item, meaning any kind of falsification and tampering will be easily and definitely detected. Additionally, content confidentiality is guaranteed since document certification is carried out without access or reading by the postal operator. The EPCM will eventually be available through the UPU to all international postal operators in the 191 member countries willing to be compliant with this standard, thus granting interoperability in certified communications between postal operators. In the United States, the US Postal Service
United States Postal Service
The United States Postal Service is an independent agency of the United States government responsible for providing postal service in the United States...

 operates a non-global standard called the Electronic Postmark, although it is soon expected to provide services utilizing the EPCM.

The Process

  • An electronic document
    Electronic document
    An electronic document is any electronic media content that are intended to be used in either an electronic form or as printed output....

     is created
  • Digital Postmarking client software signs the document locally
  • The signed document is sent to the Digital Postmarking service for postmark
    Postmark
    thumb|USS TexasA postmark is a postal marking made on a letter, package, postcard or the like indicating the date and time that the item was delivered into the care of the postal service...

    ing
  • Upon receipt, the Digital Postmark service first validates the authenticity of the signature
  • If the signature is valid then a timestamp is generated by the DPM service as a counter-signature that includes the date and time
  • The document, signature, validation results and timestamp are stored in the Digital Postmark non-repudiation
    Non-repudiation
    Non-repudiation refers to a state of affairs where the purported maker of a statement will not be able to successfully challenge the validity of the statement or contract. The term is often seen in a legal setting wherein the authenticity of a signature is being challenged...

     database
  • A Digital Postmark Receipt, including the validation results and the timestamp, is returned to the client software
  • The client software wraps the original document with the DPM receipt
  • To verify the signature, local cryptographic verification can do a quick check of integrity or the full receipt or even the original document can be retrieved from the DPM service using the XML
    XML
    Extensible Markup Language is a set of rules for encoding documents in machine-readable form. It is defined in the XML 1.0 Specification produced by the W3C, and several other related specifications, all gratis open standards....

     Verify request by other parties at a later date and compared with the receipt stored with the document.

Benefits of Digital Postmarks

The DPM is fundamentally a non-repudiation
Non-repudiation
Non-repudiation refers to a state of affairs where the purported maker of a statement will not be able to successfully challenge the validity of the statement or contract. The term is often seen in a legal setting wherein the authenticity of a signature is being challenged...

 service supporting designed to protect the sanctity of mail in its digital form:
  • Digital signature
    Digital signature
    A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit...

     verification
  • Timestamping
    Trusted timestamping
    Trusted timestamping is the process of securelykeeping track of the creation and modification time of a document. Securityhere means that no one — not even the owner of the document — should be able to change it once it has been recorded provided that the timestamper's integrity is never...

     of successfully verified signatures
  • Standalone timestamping
    Trusted timestamping
    Trusted timestamping is the process of securelykeeping track of the creation and modification time of a document. Securityhere means that no one — not even the owner of the document — should be able to change it once it has been recorded provided that the timestamper's integrity is never...

  • Encryption
    Encryption
    In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...

  • Validation of certificate trust chains
  • Storage and archival of all non-repudiation evidence data required to support subsequent challenges
  • Legal significance. In addition to federal and state legislative frameworks, the DPM holds legal weight with respect to the following legislation:
The following have been established to encourage people to form and sign contracts and agreements electronically.
  • Government Paperwork Elimination Act (GPEA), 1998
    Government Paperwork Elimination Act
    The Government Paperwork Elimination Act requires that, when practicable, Federal agencies use electronic forms, electronic filing, and electronic signatures to conduct official business with the public by 2003. In doing this, agencies will create records with business, legal and, in some cases,...

  • Uniform Electronic Transaction Act (UETA), 1999
    Uniform Electronic Transactions Act
    The Uniform Electronic Transactions Act is one of the several United States Uniform Acts proposed by the National Conference of Commissioners on Uniform State Laws . Since then 47 States, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands have adopted it into their own laws...

  • Electronic Signatures in Global and National Commerce Act (ESIGN), 2000
    Electronic Signatures in Global and National Commerce Act
    The Electronic Signatures in Global and National Commerce Act is a United States federal law passed by the U.S. Congress to facilitate the use of electronic records and electronic signatures in interstate and foreign commerce by ensuring the validity and legal effect of contracts entered into...



Working with current infrastructure, it is easy to implement - providing functionality even with no client-side software, and provides automated functionality with client software.

Additional Benefits

  • Proactive differentiation "good" email from spam
    Spam (electronic)
    Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...

     and phishing
    Phishing
    Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...

    .
  • Improved service quality by applying the same standards that govern physical mail
    Mail
    Mail, or post, is a system for transporting letters and other tangible objects: written documents, typically enclosed in envelopes, and also small packages are delivered to destinations around the world. Anything sent through the postal system is called mail or post.In principle, a postal service...

     to email
    Email
    Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...

    .
  • Stronger authentication than other standards such as (Sender ID
    Sender ID
    Sender ID is an anti-spoofing proposal from the former MARID IETF working group that tried to join Sender Policy Framework and Caller ID. Sender ID is defined primarily in Experimental RFC 4406, but there are additional parts in RFC 4405, RFC 4407 and RFC 4408.- Principles of operation :Sender ID...

     and DKIM).
  • Compliance with all federal laws and regulations.
  • Postal operator enforcement: Mail fraud is virtually non-existent with physical mail due to the legal framework and the vigorous efforts of the U.S. Postal Inspection Service. Digital Postmarks have the same legal recourse
    Legal recourse
    A legal recourse is an action that can be taken by an individual or a corporation to attempt to remedy a legal difficulty.* A lawsuit if the issue is a matter of civil law* Many contracts require mediation or arbitration before a dispute can go to court...

     for email fraud as for physical mail fraud.
  • Significant mailing cost
    History of United States Postal Service rates
    -Plot:Taking the above data and plotting it yields the graph shown to the right.The dark plot is the actual issued price of the stamp and the light plot is the price adjusted for inflation and is shown in 2008 US cents....

     reduction to only a few cents
    Cent (currency)
    In many national currencies, the cent is a monetary unit that equals 1⁄100 of the basic monetary unit. Etymologically, the word cent derives from the Latin word "centum" meaning hundred. Cent also refers to a coin which is worth one cent....

    .

Applicable Services

The Digital Postmark can be used for a variety of business applications:
  • signing Web forms and documents
  • delivery of secure documents
  • interpersonal messaging

1999

  • The UPU Standards Board begins the process to develop a global technical standard (S43) for the digital postmark.

2001

  • A workshop hosted by USPS decides on a consistent visual image for digital postmarks offered by Posts.

2002

  • USPS launches its digital postmark, the "Electronic Postmark". Development work on the S43 standard is completed. Microsoft agrees to define and produce an interface in W2000/XP and Office 2000 and XP 2003 to support the digital postmark.

2003

  • The UPU Standards Board formally adopts the S43 standard (See article).
    • It defined a technical standard – "S43 - Electronic PostMark Interface" – which was approved by the UPU Standards Board in November 2003 as a technical standard for the postal industry.
  • Portugal’s postal service launches a legally recognized digital postmarks service.

2004

  • The UPU Congress adopts a proposal to amend the UPU Convention to legally define the digital postmark, formally recognizing it as a new optional postal service
    Mail
    Mail, or post, is a system for transporting letters and other tangible objects: written documents, typically enclosed in envelopes, and also small packages are delivered to destinations around the world. Anything sent through the postal system is called mail or post.In principle, a postal service...

    .

  • September: The UPU Legally Defined the EPM as a Postal Service (See article)
    • This makes the EPM an optional postal service for UPU member countries, placing the EPM in the same category as Express Mail
      Express mail
      In most postal systems express mail refers to an accelerated delivery service for which the customer pays a surcharge and receives faster delivery. Express mail is a service for domestic mail and is governed by a country's own postal administration...

      .
    • The UPU definition provides international technological and enforcement standards.

2005

  • Adobe agrees to support the inclusion of the digital postmark.
  • La Poste France develops an S43-based digital postmark server. It is used as early as 2006.

2006

  • The UPU Standards Board approves version 3 of the standard S43, the first to enable cross-border and global traffic using digital postmarks.
  • January: The UPU Approved a DPM Regulation (See article). This regulation was passed as an amendment with the letter mail
    Mail
    Mail, or post, is a system for transporting letters and other tangible objects: written documents, typically enclosed in envelopes, and also small packages are delivered to destinations around the world. Anything sent through the postal system is called mail or post.In principle, a postal service...

     regulation.
    • Every postal service has a UPU regulation that manages the service and regulates how the posts will cooperate in that service. This makes it easier to assist member countries in developing the market for worldwide digital postmark services.
    • This DPM Regulation has dramatically increased interest in the EPM worldwide.
  • Poste Italiane
    Poste Italiane
    Poste italiane S.p.A. is the government-owned postal service of Italy, headquartered in Rome.Besides providing core postal services, Poste Italiane Group offers integrated products, as well as communication, logistics and financial services in Italy....

     develops a plug-in to enable Microsoft Office users to connect to a backend server, which delivers digital postmarks that comply with the UPU’s S43 technical standard.

2007

  • April: The UPU Approved the renaming of Digital postmark to Electronic Postal Certification Mark EPCM

Global Usage

Recognizing the great potential of the Digital Postmark, numerous postal administrations worldwide have begun deploying DPM-based solutions. Five postal services – Canada, France, Italy, Portugal and the United States – have developed their own digital postmark and use it today. Major software developers are also working to incorporate the global standard into popular applications used by millions of people worldwide.
  • United States (first launched EPM in 1996; current EPM released March 2003)
  • France (first launch in 1999)
  • Canada (launched 1st quarter 2003)
  • Portugal (launched September 2003)
  • Italy (launched 2005 - not working at present)
  • Egypt (contracted with provider 1st quarter 2005)
  • Switzerland (contracted with provider July 2005)
  • Brazil (contracted with provider 2004)
  • China (preparing to launch)
  • Netherlands (preparing to launch)
  • United Kingdom (preparing to launch)


The Universal Postal Union
Universal Postal Union
The Universal Postal Union is an international organization that coordinates postal policies among member nations, in addition to the worldwide postal system. The UPU contains four bodies consisting of the Congress, the Council of Administration , the Postal Operations Council and the...

 (UPU
Upu
Upu, also called Apu , was the region surrounding Damascus of the 1350 BC Amarna letters. Damascus was named Dimašqu/Dimasqu/ etc. Upu, also called Apu (and Ubi or Upi by some authors), was the region surrounding Damascus of the 1350 BC Amarna letters. Damascus was named Dimašqu/Dimasqu/ etc. Upu,...

) has identified Trust Services as the greatest opportunity for global postal growth. Specifically, they identified the Digital Postmark as the most important Trust Service; providing an excellent defense against online fraud and abuse.

Electronic Postmarks

The United States Postal Service
United States Postal Service
The United States Postal Service is an independent agency of the United States government responsible for providing postal service in the United States...

 (USPS) Electronic Postmark (EPM©) is a proprietary variation of the Digital Postmark issued by the USPS. It was introduced in 1996 by the U.S. Postal Service as a service offering that provides proof of integrity and authentication for electronic transactions, and is being applied to email
Email
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...

 by ePostmarks, Inc. (See ePostmarks Homepage).

Through the USPS EPM web-based service, any third-party can verify the authenticity of electronic content. This electronic proof, postmarked by the Postal Service, provides evidence to support non-repudiation of electronic transactions. The EPM is designed to deter and detect the fraudulent tampering or altering of electronic data.

Key Features

The USPS wrote that the key features of their Electronic Postmark are:
  • Content authentication web-based service (based upon American Bar Association
    American Bar Association
    The American Bar Association , founded August 21, 1878, is a voluntary bar association of lawyers and law students, which is not specific to any jurisdiction in the United States. The ABA's most important stated activities are the setting of academic standards for law schools, and the formulation...

     PKI Guidelines) proves document authenticity and timestamp accuracy to detect and prevent fraud.
  • Integrates easily into existing applications with standard-based interfaces.
  • Verify options include; local (self contained) & centralized (Internet based).
  • Verification is free.
  • 128 Bit SSL encryption insuring privacy and security of communications.
  • Data stays private. Service never has access to your content and requires no modification or transmission of content. (only a hash code of the file is logged as evidence of authenticity.)

US Legal Environment

The USPS listed laws relevant to EPM as follows:
  • 18 U.S.C. §1343 Wire Fraud
    Wire fraud
    Mail and wire fraud is a federal crime in the United States. Together, 18 U.S.C. §§ 1341, 1343, and 1346 reach any fraudulent scheme or artifice to intentionally deprive another of property or honest services with a nexus to mail or wire communication....

  • 18 U.S.C. §2701 Electronic Communications Privacy Act
    Electronic Communications Privacy Act
    The Electronic Communications Privacy Act is a United States law.- Overview :The “electronic communication” means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or...

     (ECPA)
  • 18 U.S.C. §2510 regarding electronic communications. Definitions (17)Electronic storage means
    • (A) any temporary, intermediate storage of a wire or electronic communication incident to the electronic transmission thereof
    • (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication.
  • 18 U.S.C. §2710 regarding unlawful access to stored electronic communications
  • 18 U.S.C. §1028, Fraud and related activity in connection with identification documents and information
  • 18 U.S.C. §1029, Fraud and related activity in connection with access devices.

Other Definitions

A Digital Postmark (DPM) is also a network security
Network security
In the field of networking, the area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources...

 mechanism, developed by Penn State researchers Ihab Hamadeh and George Kesidis, to identify which region a packet or a set of packets comes from. It was developed as a way to combat spam
E-mail spam
Email spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...

 and denial-of-service (virus
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...

) attacks by isolating the source of such attacks, while still allowing "good" messages to pass through.

A digital postmark works when a perimeter router marks up a packet border with its region-identifying data. Also called a "border router packet marking", it uses an obsolete or unused portion of the packet to place the regional mark-up. When room does not exist in any one portion of the packet, the region information can be broken up and hashed in a subsequently retrievable way.

External links


The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
Silverdale Interactive © 2024. All Rights Reserved.
 
x
OK