1 option
Electronic postage systems : technology, security, economics / by Gerrit Bleumer.
Lippincott Library HE6125 .B54 2007
Available
- Format:
- Book
- Author/Creator:
- Bleumer, Gerrit.
- Series:
- Advances in information security ; v. 26.
- Advances in information security ; v. 26
- Language:
- English
- Subjects (All):
- Postal service--Technological innovations.
- Postal service.
- Postal service--Data processing.
- Computer security.
- Physical Description:
- xxiii, 248 pages : illustrations ; 23 cm.
- Place of Publication:
- [New York] : Springer, [2007]
- Summary:
- As postal liberalization gains momentum, traditional postage meter markets are being transformed into digital meter markets for enterprise mailers. Modern technologies such as cryptography, digital signatures, hardware security devices, the Internet, 2D bar codes, and high-speed scanning equipment have come together to establish different flavors of electronic postage, addressing the needs of postal operators, private carriers and mailers.
- Electronic Postage Systems: Technology, Security, Economics introduces a taxonomy of electronic postage systems and explains their security risks and countermeasures. The underlying cryptographic mechanisms are introduced and explained, and the industrial-scale electronic postage systems existing worldwide, are sorted out with respect to this taxonomy. The author also discusses privacy and anonymous mail, the state of standardization of electronic postage, and the process of security evaluation and testing of electronic postage systems.
- Electronic Postage Systems: Technology, Security, Economics targets practitioners and researchers, including electronic postage designers of postal operators and standardization bodies, software and test engineers, software vendors integrating electronic postage solutions into their applications, security engineers and cryptography experts, and accredited test laboratories evaluating electronic postage systems. This volume is also suitable for graduate-level students in computer science who have an interest in security and electronic commerce.
- Contents:
- 1.1 What is Electronic Postage 1
- 1.2 Short History of Postage 2
- 1.3 Fraud, Meter Manipulation and Countermeasures 9
- 1.4 The Rise of Electronic Postage 16
- 1.5 Advancing Postal Markets 20
- 1.5.1 Postal Security 20
- 1.5.2 Postal Liberalization 21
- 1.5.3 Competitive Postal Operators 22
- 1.5.4 Postal Presorters 23
- 1.5.5 International Mail 23
- 1.6 Outlook 24
- 2 Electronic Postage Systems 25
- 2.1 General Model of E-Postage Systems 25
- 2.1.1 E-Postage Devices 25
- 2.1.2 E-Postage Minting System 28
- 2.1.3 Indicia 32
- 2.1.4 Mail Processing and Verification 34
- 2.1.5 Multi-Carrier Capabilities 35
- 2.2 E-Postage Devices 35
- 2.2.1 Interface to E-Postage Provider 35
- 2.2.2 Storing Electronic Postage 36
- 2.2.3 Computing Secure Indicia 37
- 2.2.4 Postal Security Devices 38
- 2.3 Value Added Services 39
- 2.3.1 Postage Rate Tables 40
- 2.3.2 Acquiring Usage Data from E-postage Devices 43
- 2.3.3 Preparing Traceable Mail 45
- 2.3.4 Postage or Date Correction 46
- 2.3.5 Reply Mail 47
- 2.3.6 Commercial Metering Services 47
- 2.3.7 Addressing, Mail Forwarding and Return Services 48
- 3 General Architecture of E-Postage Systems 51
- 3.1 E-Postage Devices 51
- 3.1.1 Closed Offline E-Postage Devices 52
- 3.1.2 Open Offline E-Postage Devices 63
- 3.1.3 Open Online E-postage Devices 68
- 3.2 E-Postage Provider System 70
- 3.2.1 Local and Remote State of an E-Postage Device 72
- 3.2.2 Offline E-Postage Device Interface 73
- 3.2.3 Online E-Postage Device Interface 76
- 3.2.4 Database of Remote States 78
- 3.2.5 System Operator Interface 78
- 3.2.6 Financial Interface 79
- 3.2.7 Postal Interface 81
- 3.2.8 Postal Registration Interface 83
- 3.3 Post Backoffice 84
- 3.3.1 Link to Bank 84
- 3.3.2 Link to E-Postage Provider 84
- 3.3.3 Link to Mail Processing Center 85
- 3.4 Mail Processing Centers 85
- 3.4.1 Processing Mail 86
- 3.4.2 Postage Verification at Mail Processing Centers 87
- 4 Cryptography Primer 91
- 4.1 Basic Cryptographic Mechanisms 91
- 4.2 Confidentiality and Privacy 92
- 4.2.1 Symmetric Encryption 93
- 4.2.2 Asymmetric Encryption 94
- 4.2.3 Constructions 94
- 4.2.4 Security of Encryption Mechanisms 95
- 4.3 Hash Functions 96
- 4.3.1 Constructions 97
- 4.4 Message Authentication 98
- 4.4.1 Message Authentication Codes 100
- 4.4.2 Digital Signatures 101
- 4.4.3 Security of Message Authentication Mechanisms 102
- 4.5 Key Management 106
- 4.5.1 Key Management Life Cycle 107
- 4.5.2 Random Bit Generators 109
- 4.5.3 Session Key Establishment 112
- 4.5.4 Public Key Certificates 113
- 4.5.5 Security Domains 114
- 4.5.6 Security Architecture 117
- 5 General Security Architecture 119
- 5.1 What is a Security Architecture 119
- 5.2 Offline E-Postage Systems 119
- 5.2.1 Mail Processing Domain (A) 119
- 5.2.2 Refill Domain (B) 121
- 5.3 Online E-Postage Systems 121
- 5.3.1 Mail Processing Domain (A) 122
- 5.3.2 Online E-Postage Domain (C) 122
- 5.4 Backoffice Security Domains 123
- 5.4.1 Provider Post Backoffice Domain (D) 123
- 5.4.2 Provider Bank Backoffice Domain (E) 124
- 5.4.3 Post Bank Backoffice Domain (F) 125
- 5.5 Summary of Cryptographic Keys 125
- 6 Industrial Offline E-Postage Systems 127
- 6.1 Industrial Offline E-Postage 127
- 6.2 The Closed Offline E-Postage Market 127
- 6.3 United States Postal Services 128
- 6.3.1 IBIP for Closed Systems 129
- 6.3.2 Postal Value Added Services 134
- 6.3.3 IBI-Lite for Closed Systems 139
- 6.4 Canada Post Corporation 140
- 6.4.1 Digital Meter Indicia Specification (DMIS) 141
- 6.4.2 Postal Value Added Services 147
- 6.5 Deutsche Post 151
- 6.5.1 Frankit 152
- 6.5.2 Postal Value Added Services 160
- 6.6 Netherlands Post (TPG Post) 164
- 6.7 Other Postal Markets 165
- 6.8 Preliminary Appraisal 165
- 7 Industrial Online E-Postage Systems 167
- 7.1 Industrial Online E-Postage 167
- 7.2 The Online E-Postage Market 167
- 7.3 United States Postal Services 169
- 7.3.1 IBIP for Open Online E-Postage Systems 169
- 7.3.2 Postal Value Added Services 173
- 7.3.3 IBI-Lite for Online E-Postage Systems 174
- 7.4 Deutsche Post 174
- 7.4.1 Stampit for Open Online E-Postage Systems 175
- 7.4.2 Postal Value Added Services 180
- 8 Security Risks in E-Postage Systems 183
- 8.1 Risk Management 183
- 8.2 Attacker Model 185
- 8.2.1 Backoffice Domains 186
- 8.2.2 Refill, Online E-Postage and Mail Delivery Domain 186
- 8.3 Threats to E-Postage Systems 187
- 8.3.1 Social Engineering 187
- 8.3.2 Backoffice Domains 188
- 8.3.3 Refill Domain and Online E-Postage Domain 188
- 8.3.4 Mail Processing Domain 190
- 8.3.5 Algorithmic Level 191
- 8.4 Security Safeguards 195
- 8.4.1 Revenue Reconciliation 196
- 8.4.2 Backoffice Domains 196
- 8.4.3 Refill Domain and Online E-Postage Domain 197
- 8.4.4 Mail Processing Domain 199
- 9 Privacy in E-Postage Systems 201
- 9.1 Anonymous Mail 201
- 9.1.1 R-Anonymous Mail 202
- 9.1.2 P-Anonymous Mail 202
- 9.1.3 Fully-Anonymous Mail 203
- 9.2 Anonymous Postmarks 203
- 9.2.1 Pseudonymity and Unlinkability 203
- 9.2.2 Anonymous Electronic Postmarks 204
- 9.3 Availability 205
- 10 Evaluation, Assurance and Postal Approval 207
- 10.2 The Postal Approval Process 207
- 10.2.1 The Security Evaluation Process 212
- 10.3 Security Compliance Testing 213
- 10.3.1 FIPS 140 213
- 10.3.2 International Postage Meter Approval Requirements 216
- 10.3.3 Security Model of Digital Postage Meters 217
- 10.3.4 FIPS 140 vs. Common Criteria 219
- 10.4 Integration Testing of E-Postage Provider System 221
- 10.5 Readability Testing 222
- 10.6 Postal Standardization Bodies 223
- 10.6.1 CEN TC 331 Postal Services 223
- 10.6.2 Universal Postal Union (UPU) 224
- 11 Outlook 225
- 11.1 The Future of Electronic Postage 225.
- Notes:
- Includes index.
- ISBN:
- 0387293132
- OCLC:
- 65764980
The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.