Digital Postmarks
A Digital Postmark is a technology that applies a trusted time stamps issued by a postal operator to an electronic document, validates electronic signatures, and stores and archives all non-repudiation data needed to support a potential court challenge - it guarantees the certainty of date and time of the postmarking. This global standard was renamed the Electronic Postal Certification Mark in 2007 shortly after a new iteration of the technology was developed by Microsoft and Poste Italiane. The key addition to the traditional postmarking technology was integrity of the electronically postmarked item, meaning any kind of falsification and tampering will be easily and definitely detected. Additionally, content confidentiality is guaranteed since document certification is carried out without access or reading by the postal operator. The EPCM will eventually be available through the UPU to all international postal operators in the 191 member countries willing to be compliant with this standard, thus granting interoperability in certified communications between postal operators. In the United States, the US Postal Service operates a non-global standard called the Electronic Postmark, although it is soon expected to provide services utilizing the EPCM.
Providers
In the United States, until the end of 2010, Authentidate was the only authorized USPS EPM provider. However, this contract was allowed to expire.The process
- An electronic document is created
- Digital Postmarking client software signs the document locally
- The signed document is sent to the Digital Postmarking service for postmarking
- Upon receipt, the DPM service first validates the authenticity of the signature
- If the signature is valid then a timestamp is generated by the DPM service as a counter-signature that includes the date and time
- The document, signature, validation results and timestamp are stored in the Digital Postmark non-repudiation database
- A Digital Postmark Receipt, including the validation results and the timestamp, is returned to the client software
- The client software wraps the original document with the DPM receipt
- To verify the signature, local cryptographic verification can do a quick check of integrity or the full receipt or even the original document can be retrieved from the DPM service using the XML Verify request by other parties at a later date and compared with the receipt stored with the document.
Benefits of digital postmarks
- Digital signature verification
- Timestamping of successfully verified signatures
- Standalone timestamping
- Encryption
- Validation of certificate trust chains
- Storage and archival of all non-repudiation evidence data required to support subsequent challenges
- Legal significance. In addition to federal and state legislative frameworks, the DPM holds legal weight with respect to the following legislation:
- * Government Paperwork Elimination Act, 1998
- * Uniform Electronic Transaction Act, 1999
- * Electronic Signatures in Global and National Commerce Act, 2000
Additional benefits
- Proactive differentiation "good" email from spam and phishing.
- Improved service quality by applying the same standards that govern physical mail to email.
- Stronger authentication than other standards such as.
- Compliance with all federal laws and regulations.
- Postal operator enforcement: Mail fraud is virtually non-existent with physical mail due to the legal framework and the vigorous efforts of the U.S. Postal Inspection Service. Digital Postmarks have the same legal recourse for email fraud as for physical mail fraud.
- Significant mailing cost reduction to only a few cents.
Applicable services
- signing Web forms and documents
- delivery of secure documents
- interpersonal messaging
Brief history
;1998-1999
- The USPS and Canada Post develop the first digital postmark.
- The UPU Standards Board begins the process to develop a global technical standard for the digital postmark.
- A workshop hosted by USPS decides on a consistent visual image for digital postmarks offered by Posts.
- USPS launches its digital postmark, the "Electronic Postmark". Development work on the S43 standard is completed. Microsoft agrees to define and produce an interface in W2000/XP and Office 2000 and XP 2003 to support the digital postmark.
- The UPU Standards Board formally adopts the S43 standard ].
- * It defined a technical standard – "S43 - Electronic PostMark Interface" – which was approved by the UPU Standards Board in November 2003 as a technical standard for the postal industry.
- Portugal’s postal service launches a legally recognized digital postmarks service.
- The UPU Congress adopts a proposal to amend the UPU Convention to legally define the digital postmark, formally recognizing it as a new optional postal service.
- September: The UPU Legally Defined the EPM as a Postal Service ]
- * This makes the EPM an optional postal service for UPU member countries, placing the EPM in the same category as Express Mail.
- * The UPU definition provides international technological and enforcement .
- Adobe agrees to support the inclusion of the digital postmark.
- La Poste France develops an S43-based digital postmark server. It is used as early as 2006.
- The UPU Standards Board approves version 3 of the standard S43, the first to enable cross-border and global traffic using digital postmarks.
- January: The UPU Approved a DPM Regulation ]. This regulation was passed as an amendment with the letter mail regulation.
- * Every postal service has a UPU regulation that manages the service and regulates how the posts will cooperate in that service. This makes it easier to assist member countries in developing the market for worldwide digital postmark services.
- * This DPM Regulation has dramatically increased interest in the EPM worldwide.
- Poste Italiane develops a plug-in to enable Microsoft Office users to connect to a backend server, which delivers digital postmarks that comply with the UPU’s S43 technical standard.
- April: The UPU Approved the renaming of Digital postmark to Electronic Postal Certification Mark EPCM
Global usage
- United States '
- France '
- Canada '
- Portugal '
- Italy '
- Egypt '
- Switzerland '
- Brazil '
- China '
- Netherlands '
- United Kingdom
Electronic postmarks
The United States Postal Service Electronic Postmark is a proprietary variation of the Digital Postmark issued by the USPS. It was introduced in 1996 by the U.S. Postal Service as a service offering that provides proof of integrity and authentication for electronic transactions, and is being applied to email by ePostmarks, Inc. ].Through the USPS EPM web-based service, any third-party can verify the authenticity of electronic content. This electronic proof, postmarked by the Postal Service, provides evidence to support non-repudiation of electronic transactions. The EPM is designed to deter and detect the fraudulent tampering or altering of electronic data.
Key features
The USPS wrote that the key features of their Electronic Postmark are:- Content authentication web-based service ] proves document authenticity and timestamp accuracy to detect and prevent fraud.
- Integrates easily into existing applications with standard-based interfaces.
- Verify options include; local & centralized.
- Verification is free.
- 128 Bit SSL encryption insuring privacy and security of communications.
- Data stays private. Service never has access to your content and requires no modification or transmission of content.
US legal environment
- 18 U.S.C. §1343 Wire Fraud
- 18 U.S.C. §2701 Electronic Communications Privacy Act
- 18 U.S.C. §2510 regarding electronic communications. Definitions Electronic storage means
- * any temporary, intermediate storage of a wire or electronic communication incident to the electronic transmission thereof
- * any storage of such communication by an electronic communication service for purposes of backup protection of such communication.
- 18 U.S.C. §2710 regarding unlawful access to stored electronic communications
- 18 U.S.C. §1028, Fraud and related activity in connection with identification documents and information
- 18 U.S.C. §1029, Fraud and related activity in connection with access devices.
Additional
Other definitions
A Digital Postmark is also a network security mechanism, developed by Penn State researchers Ihab Hamadeh and George Kesidis, to identify which region a packet or a set of packets comes from. It was developed as a way to combat spam and denial-of-service attacks by isolating the source of such attacks, while still allowing "good" messages to pass through.A digital postmark works when a perimeter router marks up a packet border with its region-identifying data. Also called a "border router packet marking", it uses an obsolete or unused portion of the packet to place the regional mark-up. When room does not exist in any one portion of the packet, the region information can be broken up and hashed in a subsequently retrievable way.