Electronic PostMark (EPM)
Project Overview
May, 2003Copyright - 2003 - Postal Technology Centre
Posts Facilitating Global Commerce
• If trust and digital evidentiary services are global, the opportunities for organizations to become more efficient suddenly become possible
• Ultimately, as organizations become more efficient, whole economies improve
• Without these services, identity fraud, credit card theft and the cost of processing paper trails will only get worse
Unique Selling Proposition
• For large organizations that need to automate business processes and transactions, EPM/ID is a Suite of Services that provides a trusted digital equivalent to paper-based signed documents.
• The EPM/ID solution is a lower cost, shared Identity/Event/Non-Repudiation service that is overseen by trusted international regulated authorities – The Posts.
Key Benefits
• Entrust electronic data to Posts to: – Reduce information security risks– Accelerate customer adoption of lower
cost online transactions– Eliminate costly “last mile” paper trails
in mission-critical internal processes
Identity Management
• To protect an individual’s identity and privacy by providing a trusted electronic credential through the provision of affordable, strongly authenticated, high volume, in person proofed X.509 based digital certificates
• To federate (bind together) trust between all UPU countries to service general use of certificates (eg. Ensure a document can be trusted when signed by 3 different persons in 3 different countries)
• To enable applications to interface with and use Identity Management services in a consistent way – for example: standard XML schema and interfaces
Electronic PostMark (EPM)
Fundamentally a non-repudiation service supporting
Digital signature verification Timestamping of successfully verified signatures Standalone timestamping Validation of certificate trust chains Storage and archival of all non-repudiation evidence
data required to support subsequent challenges Legislative protection (ie. as for physical mail)
– Internationally recognized neutral Postal 3rd party evidence recording, storage and maintenance for non-repudiation (eg. Notary)
Electronic PostMark (EPM)
• What document was signed
• When the document was signed
• Who signed the document
• Why the document was SignedE-Sign legislation compliant declaration of
intent” I am signing this document because (pick one):
– I Agree with the terms of the document – I Disagree with the terms of the documents– I am the Author of the documents– I am a Reviewer of the document…
Applications and their Effect on the EPM
Web-Form signing
Document signing
Secure Document Delivery
Inter-personal messaging
Embedded Custom Application
Market Segments/Applications overlay
EPM
RegistrationIdentity Mgmt
IPP
DigitalSignatureServices
Tru
st
Se
rvic
es
La
ye
r
SecureDocumentDelivery
InterpersonalMessaging
Web-FormSigning
Embedded Applications
Ap
pli
ca
tio
nS
tre
am
sM
ark
et
Se
gm
en
tsE
xa
mp
les
NonRepudiation
Services
TransactionConfidentiality
PrivacyConsent
Mgmt
AuthenticationServices
Sh
op
flo
or
Act
ivit
y m
gn
t
Leg
al
Tra
nsp
ort
atio
n M
anu
fact
uri
ng
Tax
Fo
rms
Un
eDo
cs
Ph
arm
aceu
tica
l
Go
vern
men
t
Dru
g t
esti
ng
Tra
de
Hea
lth
Car
eM
edic
alR
eco
rds
Mo
ney
Ord
ers
Po
sts
DocumentSigning
Rea
l E
stat
eC
on
trac
ts
Fin
ance
Tra
de
con
f.B
roke
rag
eIn
s. C
laim
sE
tc.
• A formal UPU international standard for the EPM Interface has now been published (Status 0) and currently being tested for use with (MS Word, Sun StarOffice, Canada’s eGovernment applications)
• A standard XML interface is required to call the EPM service from an application
– MS Word– Adobe Acrobat– Sun StarOffice– web forms– UNeDocs– etc.
• Web Service Definition Language (WSDL)
Standard XML Interface
Customer Applications
UNeDocs
• International Trade is valued at$5500 billion USD
• Paper based trade documentation usually is estimated to cost between 5% to 10% of the value of the traded goods
Demo
Demo
Demo
Steve GrayMay 15, 2003:08:00:00EPM1234567890
Steve GrayMay 15, 2003:08:00:00EPM1234567890
Electronic PostMark Verify Electronic PostMark
Steve GrayMay 15, 2003:08:00:00EPM1234567890
Steve GrayMay 15, 2003:08:00:00EPM1234567890
Value Propositions
Service basics
• Every day Services
• Transparency,
(Physical –-> Digital)
• Low cost, transaction-based
Pre-requisites for success
• In-person proofing
• Global policies
• PC software ubiquity
Application EPM CA Desktop Interaction CA1CA1
EPMServerEPM
Server
EPM-enabledApplication
EPM-enabledApplication
Can support multiple CAs where Post is RA only
CRLs published periodically every 12 or 24 hours CRL entries loaded into EPM’s OCSP signatures and certificates verified by
EPM without CA involvement little communications traffic initial user enrollment and certificate
issuance yearly renewals
Document Signing interaction at the document level sign document on the desktop call EPM Server for Signature Verification interactions occurs at origin and at
destination TimeStamps applied heavy interaction between desktop(s) and
EPM
Web Form Signing interaction at the transaction level sign HTML form from the browser HTTP POST to application Application formats request for EPM Interaction takes place between Web
Application and the EPM heavy interaction between browser
and EPM
CA2CA2
CA3CA3
Evidence
DatabaseEPM Infrastructure
Recipient Verification