Digital Postmarks

From Wikipedia, the free encyclopedia

A Digital Postmark (DPM) is a technology that applies a trusted time stamps issued by a Postal Authority to an electronic document, validates electronic signatures, and stores and archives all non-repudiation data needed to support a potential court challenge.

Contents

[edit] The Process

  • An electronic document is created
  • Digital Postmarking client software signs the document locally
  • The signed document is sent to the Digital Postmarking service for postmarking
  • Upon receipt, the Digital Postmark service first validates the authenticity of the signature
  • If the signature is valid then a timestamp is generated by the DPM service as a counter-signature that includes the date and time
  • The document, signature, validation results and timestamp are stored in the Digital Postmark non-repudiation database
  • A Digital Postmark Receipt, including the validation results and the timestamp, is returned to the client software
  • The client software wraps the original document with the DPM receipt
  • To verify the signature, local cryptographic verification can do a quick check of integrity or the full receipt or even the original document can be retrieved from the DPM service using the XML Verify request by other parties at a later date and compared with the receipt stored with the document.[1]

[edit] Benefits of Digital Postmarks

The DPM is fundamentally a non-repudiation service supporting[2] designed to protect the sanctity of mail in its digital form:

  • Digital signature verification
  • Timestamping of successfully verified signatures
  • Standalone timestamping
  • Encryption
  • Validation of certificate trust chains
  • Storage and archival of all non-repudiation evidence data required to support subsequent challenges

Working with current infrastructure, it is easy to implement - providing functionality even with no client-side software, and provides automated functionality with client software.

[edit] Additional Benefits

  • Proactive differentiation "good" email from spam and phishing.
  • Improved service quality by applying the same standards that govern physical mail to email.
  • Stronger authentication than other standards such as (Sender ID and DKIM).
  • Compliance with all federal laws and regulations.
  • Postal authority enforcement: Mail fraud is virtually non-existent with physical mail due to the legal framework and the vigorous efforts of the U.S. Postal Inspection Service. Digital Postmarks have the same legal recourse for email fraud as for physical mail fraud.
  • Significant mailing cost reduction to only a few cents.

[edit] Applicable Services

The Digital Postmark can be used for a variety of business applications:

  • signing Web forms and documents
  • delivery of secure documents
  • interpersonal messaging

[edit] Brief History [3]

Key dates in the development of the digital postmark

[edit] 1998–1999

[edit] 1999

  • The UPU Standards Board begins the process to develop a global technical standard (S43) for the digital postmark.

[edit] 2001

  • A workshop hosted by USPS decides on a consistent visual image for digital postmarks offered by Posts.

[edit] 2002

  • USPS launches its digital postmark, the "Electronic Postmark". Development work on the S43 standard is completed. Microsoft agrees to define and produce an interface in W2000/XP and Office 2000 and XP 2003 to support the digital postmark.

[edit] 2003

  • The UPU Standards Board formally adopts the S43 standard (See article).
    • It defined a technical standard – "S43 - Electronic PostMark Interface" – which was approved by the UPU Standards Board in November 2003 as a technical standard for the postal industry.
  • Portugal’s postal service launches a legally recognized digital postmarks service.

[edit] 2004

  • The UPU Congress adopts a proposal to amend the UPU Convention to legally define the digital postmark, formally recognizing it as a new optional postal service.
  • September: The UPU Legally Defined the EPM as a Postal Service (See article)
    • This makes the EPM an optional postal service for UPU member countries, placing the EPM in the same category as Express Mail.
    • The UPU definition provides international technological and enforcement standards.

[edit] 2005

  • Adobe agrees to support the inclusion of the digital postmark.
  • La Poste France develops an S43-based digital postmark server. It is used as early as 2006.

[edit] 2006

  • The UPU Standards Board approves version 3 of the standard S43, the first to enable cross-border and global traffic using digital postmarks.
  • January: The UPU Approved a DPM Regulation (See article). This regulation was passed as an amendment with the letter mail regulation.
    • Every postal service has a UPU regulation that manages the service and regulates how the posts will cooperate in that service. This makes it easier to assist member countries in developing the market for worldwide digital postmark services.
    • This DPM Regulation has dramatically increased interest in the EPM worldwide.
  • Poste Italiane develops a plug-in to enable Microsoft Office users to connect to a backend server, which delivers digital postmarks that comply with the UPU’s S43 technical standard.

[edit] 2007

  • April: The UPU Approved the renaming of Digital postmark to Electronic Postal Certification Mark EPCM

[edit] Global Usage

Recognizing the great potential of the Digital Postmark, numerous Postal Authorities worldwide have begun deploying DPM-based solutions. Five postal servicesCanada, France, Italy, Portugal and the United States of America – have developed their own digital postmark and use it today. Major software developers are also working to incorporate the global standard into popular applications used by millions of people worldwide [3]

[edit] US Legal Environment

The USPS listed laws relevant to EPM as follows:

  • 18 U.S.C. §1343 Wire Fraud
  • 18 U.S.C. §2701 Electronic Communications Privacy Act (ECPA)
  • 18 U.S.C. §2510 regarding electronic communications. Definitions (17)Electronic storage means
    • (A) any temporary, intermediate storage of a wire or electronic communication incident to the electronic transmission thereof
    • (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication.
  • 18 U.S.C. §2710 regarding unlawful access to stored electronic communications
  • 18 U.S.C. §1028, Fraud and related activity in connection with identification documents and information
  • 18 U.S.C. §1029, Fraud and related activity in connection with access devices.[4]

[edit] Additional

[edit] Other Definitions

A Digital Postmark (DPM) is also a network security mechanism, developed by Penn State researchers, Ihab Hamadeh and George Kesidis, to identify which region, a packet or a set of packets comes from. It was developed as a way to combat spam and denial-of-service (virus) attacks, by isolating the source of such attacks, while still allowing "good" messages to pass through.

A digital postmark works when a perimeter router marks up a packet border with its region-identifying data. Also called a "border router packet marking", it uses an obsolete or unused portion of the packet to place the regional mark-up. When room does not exist in any one portion of the packet, the region information can be broken up and hashed in a subsequently retrievable way.

[edit] See also

[edit] References

  1. ^ Universal Postal Union. (2006). Electronic PostMark (EPM) Interface Specification (S43-3 Draft E).UPU DPM Standards
  2. ^ Universal Postal Union - Postal Technology Centre viewed 2 December 2006.
  3. ^ a b The Digital Postmark: Security for Cyberspace Mail
  4. ^ United States Postal Service. (2006). Benefits of EPM. USPS Benefits of EPM website

[edit] External links