EN 14615:2017

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.REOLNRYDQMHPostalische Dienstleistungen - Digitale Freimachungsvermerke - Anwendungen, Sicherheit und GestaltungServices postaux - Marques d'affranchissement digitales - Applications, sécurité et designPostal services - Digital postage marks - Applications, security and design03.240Poštne storitvePostal servicesICS:Ta slovenski standard je istoveten z:EN 14615:2017SIST EN 14615:2017en,fr,de01-november-2017SIST EN 14615:2017SLOVENSKI
STANDARDSIST EN 14615:20051DGRPHãþD

EUROPEAN STANDARD NORME EUROPÉENNE EUROPÄISCHE NORM
EN 14615
September
t r s y ICS
r uä t v r Supersedes EN
s v x s wã t r r wEnglish Version
Postal services æ Digital postage marks æ Applicationsá security and design Services postaux æ Marques d 5affranchissement digitales æ Applicationsá sécurité et design
Postalische Dienstleistungen æ Digitale Freimachungsvermerke æ Anwendungená Sicherheit und Gestaltung This European Standard was approved by CEN on
t December
t r s xä
egulations which stipulate the conditions for giving this European Standard the status of a national standard without any alterationä Upætoædate lists and bibliographical references concerning such national standards may be obtained on application to the CENæCENELEC Management Centre or to any CEN memberä
translation under the responsibility of a CEN member into its own language and notified to the CENæCENELEC Management Centre has the same status as the official versionsä
CEN members are the national standards bodies of Austriaá Belgiumá Bulgariaá Croatiaá Cyprusá Czech Republicá Denmarká Estoniaá Finlandá Former Yugoslav Republic of Macedoniaá Franceá Germanyá Greeceá Hungaryá Icelandá Irelandá Italyá Latviaá Lithuaniaá Luxembourgá Maltaá Netherlandsá Norwayá Polandá Portugalá Romaniaá Serbiaá Slovakiaá Sloveniaá Spainá Swedená Switzerlandá Turkey and United Kingdomä
EUROPEAN COMMITTEE FOR STANDARDIZATION COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre:
Avenue Marnix 17,
B-1000 Brussels
t r s y CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Membersä Refä Noä EN
s v x s wã t r s y ESIST EN 14615:2017

European foreword . 5 Introduction . 6 1 Scope . 8 2 Normative references . 8 3 Terms and definitions . 8 4 Symbols and abbreviations . 11 5 DPM applications and design process . 12 5.1 Introduction . 12 5.2 DPM business planning . 13 5.3 DPM systems analysis . 14 5.4 DPM security analysis . 15 5.5 DPM design . 16 Annex A (normative)
Specification checklists . 17 A.1 Applications specifications . 17 A.2 System specification . 17 A.3 Security specification . 18 A.4 DPM specification . 18 Annex B (informative)
Business planning considerations . 19 B.1 Possible applications . 19 B.2 Market segmentation . 20 B.3 Applications selection . 23 Annex C (informative)
Security analysis considerations . 26 C.1 Context . 26 C.2 Security objectives, policy and economics . 27 C.3 Threats and vulnerabilities . 28 C.4 Applications and message level security . 32 C.5 Security services and message level countermeasures . 34 C.6 Applications level countermeasures . 36 C.7 Countermeasure selection . 47 C.8 Application of countermeasures . 49 C.9 Message security implementation options . 49 Annex D (informative)
Systems analysis considerations . 56 D.1 Requirements analysis . 56 D.2 Functional description . 57 SIST EN 14615:2017

DPM design considerations . 67 E.1 Data content . 67 E.2 Data entry . 68 E.3 Data construct mapping . 69 E.4 Symbology . 70 E.5 Human readable information . 71 E.6 Layout, facing and aesthetics . 72 E.7 Performance and test criteria . 73 Annex F (informative)
Statistical analysis of DPM verification . 74 F.1 Introduction . 74 F.2 Purpose and scope of postal item verification . 74 F.3 Detection of DPMs with invalid validation code . 75 F.4 Influence of CVC length on fraud detection . 80 F.5 Detection of duplicate DPMs . 81 Annex G (informative)
Message security algorithms . 82 G.1 Introduction . 82 G.2 Hash functions used in message security services . 82 G.3 Asymmetric (public key) cryptographic algorithms . 83 G.4 Message authentication code (MAC) algorithms . 86 G.5 Exchange validation code generation . 90 G.6 Selection of algorithms for CVC implementation . 90 Annex H (informative)
CVC generation and verification data . 96 H.1 Introduction . 96 H.2 Sources of data for verification. 96 H.3 Selection of data used in the verification process . 97 Annex I (informative)
Architecture examples . 103 I.1 Introduction . 103 I.2 The REMPI architecture . 103 I.3 USPS IBIP configurations . 107 Annex J (informative)
Examples of digital postage marks (not to scale) . 112 J.1 Australia Post . 112 J.2 Canada Post . 112 J.3 Deutsche Post . 112 J.4 Die Post, Switzerland . 114 J.5 Royal Mail . 115 J.6 United States Postal Service (USPS) . 116 SIST EN 14615:2017

Relevant intellectual property rights (IPR) . 118 K.1 Introduction . 118 K.2 Massachusetts Institute of Technology . 118 K.3 Neopost . 118 K.4 Pitney Bowes Inc . 119 K.5 Pitney Bowes Inc, together with Certicom Corp . 119 K.6 United States Department of Commerce . 120 K.7 United States Postal Service . 120 Annex L (informative)
DPM design charts . 121 L.1 Applicability of countermeasures against identified threats . 121 L.2 Data elements used by typical applications and countermeasures . 125 L.3 Mapping data elements onto data source and DPM data constructs . 129 Bibliography . 131
1) The Universal Postal Union (UPU) is the specialised institution of the United Nations that regulates the universal postal service. The postal services of its 192 member countries form the largest physical distribution network in the world. Some 5 million postal employees working in over 660 000 post offices all over the world handle an annual total of 425 billion letters-post items in the domestic service and almost 6,7 billion in the international service. Some 4,5 billion parcels are sent by post annually. Keeping pace with the changing communications market, posts are increasingly using new communication and information technologies to move beyond what is traditionally regarded as their core postal business. They are meeting higher customer expectations with an expanded range of products and value-added services. 2) The UPU's Standards Board develops and maintains a growing number of standards to improve the exchange of postal-related information between posts, and promotes the compatibility of UPU and international postal initiatives. It works closely with posts, customers, suppliers and other partners, including various international organisations. The Standards Board ensures that coherent standards are developed in areas such as electronic data interchange (EDI), mail encoding, postal forms and meters. UPU standards are published in accordance with the rules given in Part VII of the General information on UPU standards, which can be freely downloaded from the UPU world-wide web site (www.upu.int). SIST EN 14615:2017

3) Mail service contractors are advised to ensure that reliance on patented approaches does not inadvertently lead to the creation of an effective monopoly. This could occur, even if usage of the approaches concerned is licensed by the mail service contractor, unless the terms of the licensing agreement commit the patent holder to making licences available, on appropriate terms, to the mail service contractors customers and suppliers, including competitors of the patent holder. SIST EN 14615:2017

4) UPU Standards are obtainable from the UPU International Bureau, whose contact details are given in the Bibliography; the UPU Standards glossary is freely accessible on URL http://www.upu.int SIST EN 14615:2017

See C.9.2. The use of digital signatures protects:
the sender against forgery by third parties or the recipient, and
the recipient against forgery by third parties and repudiation by the sender. 3.13 exchange validation code EVC code, known to or agreed between a mailer and a licensing post, which when applied to a postal item by the mailer, can be used by the licensing post to authenticate the origin of the item and, under appropriate circumstances, to verify the integrity of agreed upon DPM data Note 1 to entry: See also cryptographic validation code (CVC) and C.9.4. SIST EN 14615:2017

to the checklist in A.3.
Figure 1 — DPM Applications and Design Process SIST EN 14615:2017

This should cover: SIST EN 14615:2017

and Cost Justification: an analysis of the quantitative and qualitative benefits that are expected to result; how these are related to costs and the expected return, both for the mail service contractor and for the other affected parties. Consideration should be given to whether all parties are properly incentivized; i) Critical Success Factors: a description of the key factors which will influence the success of the implementation and subsequent operation and of the measures that need to be taken to control these factors; j) Management Control and Evaluation: a specification of how the implementation and subsequent operations will be managed and controlled. In particular, this should address the key decision points and what quantitative measures need to be available to support management decision processes. 5.3 DPM systems analysis The second stage in the DPM applications and design process is that of Systems Analysis. This should be undertaken in parallel with development of the Security Specification (see 5.4) since the two topics are closely interrelated: at least in payment related applications, many applications functions correspond to security countermeasures. Normal systems analysis and design processes should be followed, but there might be a need to pay particular attention to the phasing of development and introduction. It could well be that longer term objectives cannot be economically realized in the context of the existing postal system infrastructure and designs and plans for implementation should take into account the phasing in of infrastructure developments. The output of this stage shall be a control document, the System Specification, that describes the architecture for the system required to support the selected DPM applications and presents the system design in sufficient detail to give a boundary condition within which the detailed design of DPM applications can be prepared. The System Specification shall cover all systems requirements which need to be met in order to satisfy business objectives. At least the following topics, most of which are discussed at more length in informative Annex D, shall be addressed: SIST EN 14615:2017
...