Electronic Postage Systems (eBook)

As senior cryptography architect, Gerrit Bleumer has designed the global cryptographic architecture of Francotyp-Postalia (FP), Birkenwerder (Berlin), Germany, which tracks the transport and delivery of cryptographic modules worldwide and supports postage meters from their initialization to removal from market. Since 2004, he heads the department of innovations management and product quality of the research and development division of Francotyp-Postalia. He has served on the advisory board of the Encyclopedia of Cryptography and Security edited by Henk van Tilborg, and for several years on the program committee of the International Network Conference and the Workshop for Secure Data Management held in combination with VLDB. In 1991, he received a diploma in computer science from the University of Karlsruhe, Germany. From 1991 to 1996, he worked as research associate in several research projects in security of health care informatics funded by the Commission of the European Union. From 1997 to 1999, he was senior technical staff member at AT&T Labs—Research in Florham Park, NJ. In 2001 he received a Doctorate in computer science from the University of Dortmund, Germany.

Contents 7
List of Figures 12
List of Tables 15
Foreword 17
Preface 18
Acknowledgements 21
Chapter 1 Introduction 22
1.1 WHAT IS ELECTRONIC POSTAGE 22
1.2 SHORT HISTORY OF POSTAGE 23
1.3 FRAUD, METER MANIPULATION AND COUNTERMEASURES 30
1.4 THE RISE OF ELECTRONIC POSTAGE 37
1.5 ADVANCING POSTAL MARKETS 41
1.6 OUTLOOK 45
Chapter 2 Electronic Postage Systems 46
2.1 GENERAL MODEL OF E-POSTAGE SYSTEMS 46
2.2 E-POSTAGE DEVICES 56
2.3 VALUE ADDED SERVICES 60
Chapter 3 General Architecture of E- Postage Systems 71
3.1 E-POSTAGE DEVICES 71
3.2 E-POSTAGE PROVIDER SYSTEM 90
3.3 POST BACKOFFICE 104
3.4 MAIL PROCESSING CENTERS 105
Chapter 4 Cryptography Primer 110
4.1 BASIC CRYPTOGRAPHIC MECHANISMS 110
4.2 CONFIDENTIALITY AND PRIVACY 111
4.3 HASH FUNCTIONS 115
4.4 MESSAGE AUTHENTICATION 117
4.5 KEY MANAGEMENT 125
Chapter 5 General Security Architecture 138
5.1 WHAT IS A SECURITY ARCHITECTURE 138
5.2 OFFLINE E-POSTAGE SYSTEMS 138
5.3 ONLINE E-POSTAGE SYSTEMS 140
5.4 BACKOFFICE SECURITY DOMAINS 142
5.5 SUMMARY OF CRYPTOGRAPHIC KEYS 144
Chapter 6 Industrial Offline E-Postage Systems 145
6.1 INDUSTRIAL OFFLINE E-POSTAGE 145
6.2 THE CLOSED OFFLINE E-POSTAGE MARKET 145
6.3 UNITED STATES POSTAL SERVICES 146
6.4 CANADA POST CORPORATION 158
6.5 DEUTSCHE POST 169
6.6 NETHERLANDS POST (TPG POST) 182
6.7 OTHER POSTAL MARKETS 183
6.8 PRELIMINARY APPRAISAL 183
Chapter 7 Industrial Online E-Postage Systems 185
7.1 INDUSTRIAL ONLINE E-POSTAGE 185
7.2 THE ONLINE E-POSTAGE MARKET 185
7.3 UNITED STATES POSTAL SERVICES 187
7.4 DEUTSCHE POST 192
Chapter 8 Security Risks in E-Postage Systems 200
8.1 RISK MANAGEMENT 200
8.2 ATTACKER MODEL 202
8.3 THREATS TO E-POSTAGE SYSTEMS 204
8.4 SECURITY SAFEGUARDS 213
Chapter 9 Privacy in E-Postage Systems 218
9.1 ANONYMOUS MAIL 218
9.2 ANONYMOUS POSTMARKS 220
9.3 AVAILABILITY 222
Chapter 10 Evaluation, Assurance and Postal Approval 223
10.1 TERMINOLOGY 223
10.2 THE POSTAL APPROVAL PROCESS 223
10.3 SECURITY COMPLIANCE TESTING 229
10.4 INTEGRATION TESTING OF E-POSTAGE PRO-VIDER SYSTEM 237
10.5 READABILITY TESTING 238
Chapter 11 Outlook 241
11.1 THE FUTURE OF ELECTRONIC POSTAGE 241
References 243
Appendix A List of Acronyms 251
Appendix B About the Author 256
Index 257