The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman
USPS Electronic Postmark (USPS EPM) Add service (easy integration) Verify trust and add legal strength to electronic content Web-based content authenticity online Protect against tampering ESIGN compliant Store evidence of content with USPS Minimize likelihood that electronic content can be denied or repudiated
Legal Value Non-repudiation Legal/technical concept - sufficient evidence to prevent parties to transactions from falsely denying them in a court of law ESIGN (Electronic Signatures in Global and National Commerce Act 2000) Enables business and government to sign contracts, letters and agreements electronically with the same legal relevance as their paper counterparts USPS Brand As a USPS operation, the USPS EPM service applies federal statutes (ex. wire fraud) to electronic transactions, similar to physical mail world
US Federal Electronic Legislation Government Paperwork Elimination Act (GPEA) 1998 Efficient government service delivery - ensure standards for electronic signatures across federal agencies Health Insurance Portability and Accountability Act (HIPAA) 1996 Improve portability and continuity of health insurance coverage to combat waste, fraud, and abuse within health insurance and health care delivery Gramm-Leach-Bliley Act (GLBA) 1999 Proper collection and distribution of a consumer’s personal information in securities, insurance, and banking industries Electronic Signatures in Global and National Commerce Act (E-SIGN) 2000 Promote e-commerce with performance-based guidelines to eliminate legal barriers to conducting business online, while protecting consumers Sarbanes-Oxley Act 2002 Sweeping reform legislation intended to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws
Deterrence Value Legal strength, enforcement capabilities of US Postal Inspection Service Enforcement capability ensures electronic data protection from fraud Should USPS EPM tampering be detected, the matter may be referred to Postal Inspection Service for possible review and action consistent with federal statutes Supported by federal laws –18 U.S.C 2701 Electronic Communications Privacy Act (ECPA) –18 U.S.C 1343 Wire Fraud –18 U.S.C 2510 regarding electronic communications –18 U.S.C 1028, Fraud and related activity in connection with identification documents and information
Content is hashed. (PKI) Hash signed by user/server digital certificate. Signed hash received, certificate used to sign hash checked for validity. Time stamp (NIST) obtained and signed by USPS digital certificate. Signed hash sent via SSL to USPS EPM Data Center. Content created from application. Internet USPS signed time stamp applied to signed hash of electronic file to produce USPS EPM. Transaction stored in USPS EPM data center for 7 years. Technology
USPS EPM Enabled Tools Software development kit (COM, Java) Web signer toolkit Applications –Microsoft Word Extension (Office 2000, XP, 2003) –Adobe Extension
COMPLIANCE IN ACTION USPS Extension for Microsoft Word DEMO
Customer Benefits Protect against identity fraud in electronic transactions Protect electronic content authenticity Provide legal relevance to electronic content Increase efficiencies (streamline and accelerate workflow processes) Reduce costs (labor, paper, overhead, storage) Reduce risks (audit trails for compliance) Create trust in faceless electronic transactions
Customer Benefits Add strong content authentication technology to online forms Add USPS brand –Federal legal strength (e.g. wire fraud statute) –Enforcement (US Postal Inspection Service) Reduce risks (audit trails for compliance) Competitive advantage – ease of use and brand trust recognition
THANK YOU Q & A