Catálogo de publicaciones - libros

In general, postage is a special payment instrument that is used to get access to certain postal services such as having mail pieces transported from a sender to an intended recipient. As such, postage is a special currency, which is minted by the respective , distributed to consumers of postal services, and eventually applied to mail pieces in order to serve as evidence of prepayment for a postal service. Unused postage, for which no postal service has been provided, is guaranteed by the respective postal operator to be converted back into cash in the amount of its face value. Certain restrictions may apply to the redemption of unused postage.

Electronic postage is a special currency valid only for postal transportation of mail pieces and related additional services. The minting and printing of electronic postage is mostly regulated by national universal postal operators. The rules and regulations for using electronic postage differ from one country to another. Any electronic postage system needs an where mailers can purchase electronic postage and pay for it. All such electronic postage can be turned into valid imprints, which can be applied to physical mailings, thus providing evidence to the postal operator that the mailer has paid for the transport of a mail piece. The postal operators in turn can reconcile the amount of electronic postage they have sold against the amount of electronic postage they have processed through their mail processing centers. This constitutes the basic cycle of electronic postage as shown in Figure 11 on page 26. We will now take a closer look at this cycle.

E-postage devices help mailers to figure the correct amounts of postage for their mail pieces, compile the respective data representation of required imprints, and provide robust printing mechanisms to apply the respective imprints onto the mail pieces in the correct location. Peripheral devices such as folders, inserters, sealers, feeders, scales, sorters and stackers may be connected to e-postage devices to better integrate their core metering functions into the mailer’s business processes.

In modern cryptology, there are some basic mechanisms, which are essential to achieve security in distributed systems and hence in e-postage systems. We introduce these mechanisms at a conceptual level, which explains their security properties and how their cryptographic keys, if any, shall be managed. This will prepare our understanding of the existing e-postage systems in Chapter 6 on page 127, Chapter 7 on page 167 and the particular threats that apply to these systems (see Chapter 8 on page 183). Readers who are interested in a more detailed description and analysis of these mechanisms are referred to the Handbook of Applied Cryptography of Menezes, Oorschot and Vanstone [54], the Encyclopedia of Security and Cryptography of van Tilborg [74], or the reference work Applied Cryptography by Schneier [70].

We have sketched the technical architecture of e-postage systems. They are just another kind of largely distributed system comparable to flight reservation systems, or electronic banking systems. The security risks related to these servers and networks can be analyzed by standard computer security measures and tools. Lots of advice is available for comparing security measures like firewalls, intrusion detection systems, virus scanners, and so forth [93,93]. All of this must be carefully planned, installed, and reviewed and maintained on a regular basis, but it is hardly if at all specific to e-postage systems. What is highly specific to e-postage systems is their cryptographic security design. Thus, we introduce in this chapter the general of offline and online e-postage systems before we take a closer look at industry examples of e-postage systems in the following chapter.

A number of postal operators have started their offline e-postage system infrastructures and encouraged e-postage providers and mailers to follow. In the following sections, we review the (cryptographically secured) offline e-postage systems that exist worldwide. Our emphasis is on industrial scale offline e-postage systems that are supported by a postal operator and at least one e-postage provider. We present these e-postage systems in terms of the general model introduced in Chapter 2 on page 25.

A few postal operators have started their online e-postage system infrastructures and encouraged e-postage providers and mailers to follow. In the following sections, we review the (cryptographically secured) online e-postage systems that exist worldwide. Our emphasis is on industrial scale online e-postage systems that are supported by a postal operator and at least one e-postage provider. We present these e-postage systems in terms of the general model introduced in Chapter 2 on page 25.

The primary goal of e-postage systems is to enable mailers to use the services of postal operators (universal and competitive), to determine the correct amount of postage for each service used, and to transfer the corresponding funds from the mailer to the postal operator in a secure and timely manner. Secondary goals are to provide the postal operators with accurate usage data, to supply mailers with accurate track and trace information and to protect the mailers’ and recipients’ privacy.

Privacy of the post, or secrecy of correspondence, as it is sometimes called is a human right respected and guaranteed in many democratic countries. Sending mail anonymously, however, is not. It is easy to send personal letters anonymously simply by using stamps and omitting the sender’s name and address. The postal operators do not recommend sending mail anonymously for various reasons. An obvious one is that they find it difficult to return such mail to the sender if it is not deliverable.

Before a computerized system is applied to the real world, for example by representing real money by bits and bytes, the stakeholders demand to convince themselves of the security and reliability of the system. This is . It is achieved by good and bad case and the actual system at hand over an extended period of time by a team of experts knowledgeable of the system. A full scale business of system security assurance consulting has been developed since the early 1990’s, when the orange book was retired and overcome by a more flexible assurance methodology called the Common Criteria [41]. For e-postage systems, the postal operators are the primary stakeholders, so they have established a mandatory that any e-postage provider’s system must pass before his system is allowed to be operated in the respective postal market. Major updates and bug fixes of an e-postage system are usually required to be approved by the respective postal operator, in particular if they might affect the financial integrity of the whole or a part of the e-postage system.