Electronic PostMark (EPM) Project Overview May, 2003 Copyright Postal Technology Centre

Posts Facilitating Global Commerce If trust and digital evidentiary services are global, the opportunities for organizations to become more efficient suddenly become possible Ultimately, as organizations become more efficient, whole economies improve Without these services, identity fraud, credit card theft and the cost of processing paper trails will only get worse

Unique Selling Proposition For large organizations that need to automate business processes and transactions, EPM/ID is a Suite of Services that provides a trusted digital equivalent to paper-based signed documents. The EPM/ID solution is a lower cost, shared Identity/Event/Non-Repudiation service that is overseen by trusted international regulated authorities – The Posts.

Key Benefits Entrust electronic data to Posts to: –Reduce information security risks –Accelerate customer adoption of lower cost online transactions –Eliminate costly “last mile” paper trails in mission-critical internal processes

Identity Management To protect an individual’s identity and privacy by providing a trusted electronic credential through the provision of affordable, strongly authenticated, high volume, in person proofed X.509 based digital certificates To federate (bind together) trust between all UPU countries to service general use of certificates (eg. Ensure a document can be trusted when signed by 3 different persons in 3 different countries) To enable applications to interface with and use Identity Management services in a consistent way – for example: standard XML schema and interfaces

Electronic PostMark (EPM)  Fundamentally a non-repudiation service supporting  Digital signature verification  Timestamping of successfully verified signatures  Standalone timestamping  Validation of certificate trust chains  Storage and archival of all non-repudiation evidence data required to support subsequent challenges  Legislative protection (ie. as for physical mail) –Internationally recognized neutral Postal 3 rd party evidence recording, storage and maintenance for non-repudiation (eg. Notary)

Electronic PostMark (EPM) What document was signed When the document was signed Who signed the document Why the document was Signed  E-Sign legislation compliant declaration of intent”  I am signing this document because (pick one): –I Agree with the terms of the document –I Disagree with the terms of the documents –I am the Author of the documents –I am a Reviewer of the document…

Applications and their Effect on the EPM  Web-Form signing  Document signing  Secure Document Delivery  Inter-personal messaging  Embedded Custom Application

Market Segments/Applications overlay EPM Registration Identity Mgmt IPP Digital Signature Services Trust Services Layer Secure Document Delivery Interpersonal Messaging Web-Form Signing Embedded Applications Application Streams Market Segments Examples Non Repudiation Services Transaction Confidentiality Privacy Consent Mgmt Authentication Services Shop floor Activity mgnt Legal Transportation Manufacturing Tax Forms UneDocs Pharmaceutical Government Drug testing Trade Health Care Medical Records Money Orders Posts Document Signing Real Estate Contracts Finance Trade conf. Brokerage Ins. Claims Etc.

A formal UPU international standard for the EPM Interface has now been published (Status 0) and currently being tested for use with (MS Word, Sun StarOffice, Canada’s eGovernment applications) A standard XML interface is required to call the EPM service from an application –MS Word –Adobe Acrobat –Sun StarOffice –web forms –UNeDocs –etc. Web Service Definition Language (WSDL) Standard XML Interface

Customer Applications UNeDocs International Trade is valued at $5500 billion USD Paper based trade documentation usually is estimated to cost between 5% to 10% of the value of the traded goods

Demo

Steve Gray May 15, 2003:08:00:00 EPM Steve Gray May 15, 2003:08:00:00 EPM

Electronic PostMark Verify Electronic PostMark Steve Gray May 15, 2003:08:00:00 EPM Steve Gray May 15, 2003:08:00:00 EPM

Value Propositions Service basics Every day Services Transparency, (Physical –-> Digital) Low cost, transaction-based Pre-requisites for success In-person proofing Global policies PC software ubiquity

Application EPM CA Desktop Interaction CA1 EPM Server EPM Server EPM-enabled Application EPM-enabled Application  Can support multiple CAs where Post is RA only  CRLs published periodically  every 12 or 24 hours  CRL entries loaded into EPM’s OCSP  signatures and certificates verified by EPM without CA involvement  little communications traffic  initial user enrollment and certificate issuance  yearly renewals Document Signing  interaction at the document level  sign document on the desktop  call EPM Server for Signature Verification  interactions occurs at origin and at destination  TimeStamps applied  heavy interaction between desktop(s) and EPM Web Form Signing  interaction at the transaction level  sign HTML form from the browser  HTTP POST to application  Application formats request for EPM  Interaction takes place between Web Application and the EPM  heavy interaction between browser and EPM CA2 CA3 Evidence Database EPM Infrastructure Recipient Verification