CEN/TS 15130:2020

SLOVENSKI STANDARD
01-junij-2020
Nadomešča:
SIST-TS CEN/TS 15130:2007
Poštne storitve - Infrastruktura za elektrotehnične zaznamke pri frankiranju (DPM)
- Informacije v podporo uporabi DPM
Postal services - DPM infrastructure - Messages supporting DPM applications
Postalische Dienstleistungen - Infrastruktur für Elektronische Freimachungsvermerke
(DPM) - Nachrichten zur Unterstützung von Anwendungen der DPM
Services Postaux - Affranchissement électronique, Infrastructure du système - Messages
pris en charge par les applications
Ta slovenski standard je istoveten z: CEN/TS 15130:2020
ICS:
03.240 Poštne storitve Postal services
35.240.69 Uporabniške rešitve IT pri IT applications in postal
poštnih storitvah services
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

CEN/TS 15130
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
April 2020
TECHNISCHE SPEZIFIKATION
ICS 03.240 Supersedes CEN/TS 15130:2006
English Version
Postal services - DPM infrastructure - Messages supporting
DPM applications
Services Postaux - Affranchissement électronique, Postalische Dienstleistungen - Infrastruktur für
Infrastructure du système - Messages pris en charge Elektronische Freimachungsvermerke (DPM) -
par les applications Nachrichten zur Unterstützung von Anwendungen der
DPM
This Technical Specification (CEN/TS) was approved by CEN on 21 October 2019 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to
submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS
available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in
parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2020 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 15130:2020 E
worldwide for CEN national Members.

Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 5
4 Requirements . 10
5 Description of the models (system architecture and interaction diagrams) . 14
Annex A (normative) Implicit certification process . 38
Annex B (normative) Message structure . 40
Annex C (informative) Development principles . 43
Bibliography . 44

European foreword
This document (CEN/TS 15130:2020) has been prepared by Technical Committee CEN/TC 331 “Postal
Services”, the secretariat of which is held by NEN.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document will supersede CEN/TS 15130:2006.
In comparison with the previous edition, the following technical modifications have been made:
a) Normative Annex A Implicit certification process, has been updated with reference to a state-of-the-
art algorithm for new applications of digital signature generation and verification.
b) The Bibliography has been updated accordingly.
According to the CEN/CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United
Kingdom.
Introduction
The purpose of this document is to define a consistent and complete set of messages between vendors
and posts infrastructures in support of DPM applications.
It is assumed that the reader of this document is familiar with computer-related technologies normally
used to design and implement applications requiring an interaction between computer systems. This
document makes use of industry-accepted technical standards and concepts like public key cryptography
and communication protocols.
This document defines the significant content and the format for data exchanges and messages,
consistent with current industry practices. Also, consistent with the concepts of extensibility and
flexibility, this document allows for extensions supporting specific (local) implementations using
additional data elements.
1 Scope
This document specifies the information exchanges between various parties' infrastructures that take
place in support of DPM applications. It complements standards that address the design, security,
applications and readability of Digital Postage Marks.
The following items will be addressed by this document:
— identification of parties participating in exchanges of information described by this document;
— identification of functions (interactions, use cases);
— definition of parties’ responsibilities in the context of above functions;
— definition of messages between parties: message meaning and definition of communication protocols
to support each function;
— definition of significant content (payload) for each message;
— security mechanisms providing required security services, such as authentication, privacy, integrity
and non-repudiation.
This document does not address:
— design of DPM supporting infrastructure for applications internal to providers and carriers;
— design of DPM devices and applications for applications internal to end-users.
NOTE Although there are other communications between various parties involved in postal communications,
this document covers only DPM-related aspects of such communications.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 9798-3, IT Security techniques — Entity authentication — Part 3: Mechanisms using digital
signature techniques
ISO 10126-2, Banking — Procedures for message encipherment (wholesale) — Part 2: DEA algorithm
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at https://www.iso.org/obp
3.1
ascending register value
numerical value that is equal to the total accumulated value of postage that has been accounted for and
printed by the mailing system (usually used in the context of a postage meter or a franking machine)
3.2
authentication
verification of the identity of a person, process or the origin of the data being exchanged
3.3
control sum
sum of the descending register value and ascending register value in a mailing system
3.4
cryptographic material
information used in conjunction with cryptographic methods of protecting information
3.5
cryptographic key
information that uniquely determines a bijection (one-to-one transformation) from the space of
messages to the space of ciphertexts
3.6
Cryptographic Validation Codes
CVC
value, cryptographically derived from selected postal data, which may be used in verifying the integrity
of such data and authenticating its origin
3.7
data integrity
property of a communication channel whereby data has not been altered in an unauthorized manner
since the time it was created, transmitted, or stored by an authorized source
3.8
descending register value
numerical value equal to the total value of unused postage remaining in the mailing system (usually used
in the context of a postage meter or a franking machine)
3.9
Digital Postage Mark
DPM
postmark printed or otherwise attached to a mail item and containing information that may be captured
and used by mail handling organizations and the recipient
3.10
DPM signature verification key
public key that is used for the DPM signature verification
3.11
DPM signing Key
DPM signature generation key
private key that is used for digital signing of DPM information
3.12
DPM verifier
verifier
postal equipment that is used for DPM verification
3.13
Exchange Validation Codes
EVC
code, known to or agreed between a mailer and a licensing post, which when applied to a postal item by
the mailer may be used by the licensing post to authenticate the origin of the item and, under appropriate
circumstances, to verify the integrity of agreed upon DPM data
3.14
implicit certificate
informational element that binds an entity's identity with its public cryptographic key allowing the
verification of the digital signature by another entity using only information contained within the
certificate itself
Note 1 to entry: In Digital Postage Mark verification systems based on public key cryptographic schemes, the
verification key is public and can either be retrieved from a database (explicit certificate) or it can be computed
from the information contained in the Digital Postage Mark (implicit certificate).
3.15
key management infrastructure
systems, policies and procedures used to create, store, distribute and update cryptographic keys
3.16
license
formal permission to account for postal charges and create an agreed upon evidence of payment for such
charges given to qualified mailers by posts, carriers or their authorised agents
3.17
license number
informational element (typically numeric or alphanumeric code) that represents the fact that a mailer
has obtained license from the post or a carrier authorising the mailer to account for postal charges and
to print evidence of a paid postage
3.18
licensing post
postal organisation responsible for issuing licenses to qualified mailers
3.19
MAC key
DPM MAC key
Message Authentication Code (MAC) key used for the protection of the Digital Postal Mark (DPM) in DPM
systems based on symmetric key cryptographic schemes
3.20
mailer
person or organization using the services of a post
3.21
mailing system
system which is used to account and evidence charges for postal services
Note 1 to entry: Variations of a mailing system include:
— franking machine or postage meter;
— personal computer with specialized software;
— online software service.
3.22
Message Authentication Code
MAC
value, cryptographically derived from selected data, which allows data integrity and implicit data origin
to be verified
Note 1 to entry: Since MACs are based on shared secret schemes they allow for weaker (implicit) data origin
verification than digital signatures that are based on public key cryptographic schemes.
3.23
non-repudiation
security service which prevents an entity from denying previous commitments or actions
3.24
parametrisation
process of supplying a system or a device with all input information required for proper operation,
involving assignment of specific numerical values to named variables used in computation of output
values such as data elements of DPM
3.25
post
postal administration postal authority
3.26
post
organization which has been designated by the UPU member country or territory as an operator
responsible for fulfilling part or all of the member's obligations arising from adherence to the UPU
convention and agreements
3.27
postal code
numeric or alphanumeric value that is uniquely indicative of a geographic location of an element of postal
processing and delivery network, including postal processing facilities, retail offices, delivery units and
individual recipient’s mailboxes
3.28
privacy
confidentiality
security service used to keep the (meaningful) content of the information from all but those authorised
to have it
3.29
public key cryptography
cryptographic system that uses two keys: a public key accessible to all parties and a private or secret key
known only to one party (either the sender or the recipient of the message depending on the use of the
system)
Note 1 to entry: An important element of the public key system is that the public and private keys are uniquely
related to each other and it is computationally infeasible to compute private key from the knowledge of public key.
3.30
Public Key Infrastructure
PKI
system of digital certificates, certificate authorities, and registration authorities or agents that allows for
authentication of all parties involved in communication and data exchange processes
3.31
symmetric key cryptography
encryption system in which the sender and receiver of a message share a single, common secret
information (key) that is used both to encrypt and decrypt messages that are being exchanged
3.32
time stamp
value of the current time stored by a system to indicate when a certain transaction took place
3.33
Universal Coordinated Time
UCT
universal time, taking into account the addition or omission of leap seconds by atomic clocks each year
to compensate for changes in the rotation of the earth (Greenwich Mean Time updated with leap seconds)
3.34
vendor
provider and/or operator of mailing systems
3.35
World Wide Web Consortium
W3C
international consortium of companies involved with the development of open standards for internet and
the web
3.36
XML
Extensible Mark-up Language
subset of SGML constituting a particular text mark-up language for interchange of structured data
3.37
XML schema
XML schema is an XML language for describing and constraining the content of XML documents
4 Requirements
4.1 Functional structure
This clause covers the organization of the logical layer of communication between post and vendor.
In the context of this document, a typical postal operator or a carrier of physical mail items is organized
along well-defined functional elements. Specifically, typical functional elements are postal operations
(including: mail collection, processing, sorting, transportation and delivery) and system administration
and management control (including finance and marketing).
Since this document defines (for the major part) communications between vendor and post aimed at
supporting postal revenue collection based on DPM, the postal operator is the main recipient and
beneficiary of the information collected and communicated within the DPM supporting infrastructure.
Therefore, the functional requirements are organized to match the functional elements of the postal
organization namely: postal operations and system administration and management control.
Accordingly, Clause 5 of the present document is organized into the following major subclauses:
— key management processes;
— licensing and parameterization of mailing systems;
— data collection and reporting processes;
— audit-related process.
In this organization, key management processes support postal operations while licensing and
parameterization, data collection and audit-related clauses support system administration and
management control.
Postal revenue collection systems that are based on DPM require postal verification of accounting
processes performed by mailers. In practice, this amounts to DPM verification that is performed on
individual mail items and, as such, becomes a part of postal operations.
DPM verification requires that all verification equipment (verifiers) have access to DPM verification keys
or key materials (symmetric or public).
For the purpose of this document these verification keys are supplied to verifiers from postal key
management infrastructure. The postal key management infrastructure in its relation to vendor key
management infrastructure is covered in subsequent clauses of this document.
4.2 Technical requirements
Technical requirements for this document are driven by the needs of posts and vendors to create and
operate a cost-effective, functional and efficient infrastructure which allows them to exchange
information as described in Clause 5.
This infrastructure will allow interoperability between systems owned and operated by vendors and
posts eliminating the need for custom interfaces between specific parties. The use of established
technologies and industry-standard solutions will minimize the cost of such infrastructure. The optimum
set of solutions is highly dependent on specific conditions and the state of the technology at any given
time.
Specific performance levels (like scalability, speed, reliability, availability) are outside the scope of this
document, as they evolve quickly and they vary greatly between organizations.
Annex B includes as an example a specific implementation of the transport layer using XML schema
standard for data representation.
4.3 Security requirements
4.3.1 General
This subclause is a review of security requirements which are of specific interest to posts and vendors, in
the context of DPM infrastructure. It includes a discussion of threats, vulnerabilities and approaches to
reduce risks.
4.3.2 Introduction
This clause defines security requirements for the DPM supporting infrastructure and in its general
approach follows Annex C “Security analysis considerations” of EN 14615. 4.3.4 defines threats and
countermeasures that are specific to DPM supporting infrastructure.
Security of the Digital Postage Marks (DPM) rests on the information present in the DPM, and on security
of DPM supporting infrastructure. The DPM information is designed to convince a verifier after it captures
and interprets it that the postal charge accounting for the mail piece has occurred and that the payment
has been made or will be made (depending on the payment arrangement). The basic principle at work
here is the notion that certain information can be known to a mailer’s postage evidencing device only if
it has access to a protected (secret or private) piece of information known as a key. Access to such key
shall always trigger an accounting action that results in a secure accounting for the postal charge
(amount) required to be paid for the service of postal delivery. This secure accounting is performed either
by deduction of the computed postage amount from an accounting register (descending register)
responsible for storage of pre-paid funds or simply by updating a secure non-volatile register (ascending
register) by the computed amount or both. Thus the DPM security and its linkage to a payment
mechanism are delivered through secure cryptographic information processing using a private (secret)
key. It is of paramount importance that such keys be securely managed throughout their use within the
system. This document deals with DPM key management system and its specific arrangements
concerning vendor-post interface.
A cryptographic system normally requires a clear definition of the message sender, message
communication channel, message recipient and the message itself. For the purpose of this document both
vendor and post play roles of sender and recipient since they engage in exchange of vital information
required for the proper functioning of a DPM-based payment system. Such exchange is organized by using
a public or private communication network that is referred to as a communication channel. In the process
of exchanging required information vendor and post execute an agreed upon communication protocol
normally consisting of a several rounds of sending and receiving information.
The usual services of information security are entity or message data origin authentication, message data
integrity, message data confidentiality (privacy) and sender non-repudiation (see Bibliography [2] [5] [6]
[7] [8] [9] [10] [11] [12] [13] [14])
4.3.3 Security business objectives, policy and economics
This subclause defines most important security business objectives, policy and economics. Other more
detailed security objectives, policy and economics are application and environment dependent and
typically can be derived from the objectives listed below:
a) postal business objective is to create and maintain cost effective access to postal services for mailers
without negative impact on the quality of service and its ease of use. Specifically, postal revenue
collection including DPM infrastructure security measures shall be balanced against the cost of
implementation and maintenance of secure DPM supporting Infrastructure. This shall be done in
such a way that the overall combined cost of revenue collection including the cost that shall be
incurred by post, vendor and their joint customers is minimal;
b) fundamental security policy and economics requirement is that a postal revenue collection system
does not allow for attacks (resulting in significant revenue losses) that are easy to mount for
dishonest mailers or outside participants and are difficult to detect and protect against for post and
vendor. The qualifications “easy” and “difficult” here are understood in economic terms. “Easy”
means that material, human and timing resources required to mount an attack are relatively low
compared with potential economic rewards for a successful attack. “Difficult” means that those
required resources are relatively high compared to potential rewards. Similarly, countermeasures
implemented by vendor and post are “easy” if they require comparatively low resources for
successful detection of an attack and result in identification and prosecution of perpetrators.
Countermeasures that require comparatively large resources are considered “difficult”. More
specifically, there are several fundamental security policy requirements, namely: 1) the postal
accounting systems/devices manufactured and distributed by vendor shall accurately account for
postal funds, 2) the postal accounting systems/devices shall provide all necessary information for
verification of postage payment, 3) the payment verification systems shall be able to detect postal
fraud, identify responsible party or parties and support evidence collection and prosecution of
responsible party or parties and 4) the design of vendor and post infrastructures supporting DPM
shall not allow for “easy” attacks that do not have effective countermeasures (defined as
countermeasures that require small material, human and timing resources);
c) legal framework shall be developed that defines legal recourse against perpetrators of postal fraud
in the digital environment together with required standards of evidence. The legal framework for
DPM infrastructure environment is outside of the scope of this document.
4.3.4 Threats and vulnerabilities (attacks)
Threats correspond to methods of attacking a system with the objective of causing damage to it, its
operators or users. Actual attacks may combine several such methods.
The approach taken in this document is to define only threats and vulnerabilities that are specific to DPM
supporting infrastructure and avoid definition and description of attacks common to all digital
communication systems.
The remainder of this clause is devoted to the identification and brief description of a number of threats
that are specific to DPM supporting infrastructure:
a) collusion involves cooperation between two or more parties with fraudulent intent. It may occur
between mailers, between a mailer and a supplier (vendor), or between one of these and a corrupt
postal employee. For example, an individual employed by one mailer may assist another mailer to
generate mail purporting to originate in his own organization, or a mailer may bribe a postal
employee to gain access to protected information such as key and key material. Collusion attacks
cannot be totally prevented but at a minimum postal audit of vendor and mailing system as well as
DPM verification processes will support the detection of collusion;
b) cryptanalysis is the use of mathematical techniques in an attempt to defeat the use of cryptographic
methods, particularly in the context of information security services. It is normally aimed at the
recovery of cryptographic keys by exploiting knowledge of the cryptographic algorithm, data that
forms input to and/or output from the algorithm, or both. DPM infrastructure design and
communication protocols employed in the vendor-post interface described in this document make
use of public and symmetric key cryptographic primitives. This document generally avoids making
specific recommendations concerning precise use and type of cryptographic primitives within key
management, data collection and reporting, licensing, parameterization and audit procedures. For
the purpose of this document it is sufficient to describe all covered protocols and procedures using
generic nomenclatures such as public or symmetric key schemes and thus leaving the choice of
specific primitives to qualified designers of the DPM supporting infrastructure. However, it is
strongly recommended that only well-known and tested cryptographic primitives such as RSA, DSA,
ECDSA, Triple DES and AES be used as primitives in the procedures described in this document.
Specific choice of cryptographic primitives should be guided by computational, interoperability and
IT constraints as well as other system requirements known to exist in country-specific systems.
Recommended implementations of proven cryptographic primitives are described in appropriate
ISO, CEN, ANSI and other national standards and are outside of the scope of this document;
c) illegitimate key access covers access to the secret cryptographic key or keys of a legitimate device or
user by an unauthorized party, thereby allowing the party concerned to masquerade
(cryptographically) as the legitimate device or user. Illegitimate access to cryptographic keys puts at
risk any cryptographically protected features of the system. A properly designed DPM infrastructure
system prevents such access by requiring a sound key management and protection system as
described in this document;
d) Information Technology (IT) system infiltration covers the range of threats that are common to IT
systems. All of the issues associated with IT system infiltration are addressed in separate documents
and are not covered by this document since they are not specific to DPM infrastructure. However,
several classes of threats that are of particular interest in the design, implementation and
administration of DPM supporting infrastructure are briefly described. It is strongly advised that
designers of DPM supporting infrastructure systems review, assess and implement technical and
administrative countermeasures appropriate for their specific IT systems:
1) network tampering covers a range of threats that are both passive and active attacks on
communications channels. Network tampering attacks may be conducted on public networks,
such as the internet, or private networks, such as a vendor or post’s internal network. Monitoring
of network traffic and data in order to gain access to confidential information is a passive attack
that may be accomplished using freely available network administration tools. Active attacks
include injecting data into a communications channel and modifying data on a communications
channel. Injecting data involves inserting additional traffic into a communication channel. The
traffic may be a replay of prior data or newly constructed data. The purpose of injecting data may
be to gain access to services (e.g. replaying an authorization to increase the postage value
resident in a mailing system) or to deny services (e.g. to overwhelm a server with data thereby
denying service to others). Modifying data involves changing the content of data sent via a
communication channel before the intended recipient receives the data (e.g. increasing a credit
limit);
2) unauthorized database and server modification covers the range of threats that involve
unauthorized access to computers and databases that implement an IT System in order to modify
the server or database. The access may be local (e.g. from a computer keyboard) or remote (e.g.
over a computer network). For example, modifying a server configuration could enable the
unauthorized viewing of confidential information or the denial of access to authorized parties.
Similarly, the modification of data in a database either directly or by restoring a backup of earlier
data could be used to change privileges (e.g. a credit limit);
3) illegitimate long-term storage access covers the range of threats that involve access and/or
modification of archival data (e.g. backup tapes of servers and databases or even paper records).
Illegitimate access to archival data could reveal confidential information to unauthorized parties.
Unauthorized modification of archival data could be used to obscure evidence of other attacks
or facilitate unauthorized database and server modification;
e) repudiation occurs when one of the parties to a transaction denies his or her involvement in it. For
example, in a Mailing system management system, the sending of a postage value download to a
customer’s meter represents the transfer of money. If the customer subsequently claims that the
download was never received, the postal administration and/or vendor could lose revenue if it is
unable to tie the download transaction to the customer’s subsystem (e.g. through an undeniable audit
trail or transaction history). Similarly, in a system based on postal administration of postage
accounting a mailer could attempt to deny responsibility for the origination of items. Repudiation is
addressed in this document where appropriate by the recommended use (within key management,
audit and data reporting procedures) of proven digital signature primitives and protocols;
f) security system infiltration is defined as penetration of a security system with the objective of
disabling it or reducing its effectiveness. For example, fraudulent DPM public verification key
insertion, in which an unauthorised key value is inserted into the set of legitimate verification keys
supported by the security system, would jeopardize the integrity of a postal revenue collection
system. Similarly, some key management systems recommended in this document and supporting
DPMs protected by symmetric key cryptography require internal postal sharing of a single universal
DPM verification key between a server and multiple verifiers. Although this document is generally
not concerned with post’s and vendor’s internal key management procedures, it is strongly
recommended that all DPM verification keys (public or symmetric) be protected for privacy and
checked for authenticity and data integrity before use.
4.3.5 Vendor-post channel
Sound DPM infrastructure in all cases, requires a secure communication channel between the vendor and
the post that can be established using traditional (standard) methods of digital encryption and signature
as described in ISO/IEC 9798-3 and ISO 10126-2. This secure communication channel between the
vendor and the post is referred to as the vendor-post channel. An established secure vendor-post channel
provides for mutual authentication (and non-repudiation when needed) between vendor and post before
any transmission of data occurs in the channel. The channel is also enabled to protect the integrity of all
data exchanged through the channel by allowing both vendor and post to check that received data has
not been altered during transmission process. Finally, the channel is protected against eavesdropping by
unauthorized parties, thus protecting confidentiality (privacy) of the data transmitted through it. The
communication protocols described in this document enable the services of authentication, non-
repudiation, data integrity and privacy independently of each other, as needed. Whenever reference is
made to the vendor-post channel and it is not specified otherwise, it is assumed that all four security
services are enabled.
5 Description of the models (system architecture and interaction diagrams)
5.1 Introduction
This clause makes use of models providing description of essential interactions between main
components of the system, and specifically defines information that is created, collected and
communicated between vendor and post.
This document considers two models when describing the system architecture and corresponding
information flow diagrams. The first model is based on Cryptographic Validation Codes (CVC), while the
second model defines a system based on the use of Exchange Validation Codes (EVC), as they are defined
in EN 14615.
Both models describe the interaction between three entities:
— vendor;
— postal authority (post);
— mailer (using some mailing system from the vendor).
This document defines the exchanges between the vendor and the post (thick arrow labelled [1] in
Figure 1, below).
Figure 1 — System interactions
5.2 Key management processes
5.2.1 General
In any system which depends on cryptography for its security, the process of managing cryptographic
material is crucial to its success.
The key management process distinctly differs from the actual usage of cryptographic keys. The key
management process deals with the administrative tasks such as creation, publication and management
of keys and certificates. The usage of cryptographic keys deals with the operations involved in creating
and verifying digital signatures and encrypting or decrypting messages.
This subclause addresses the following topics:
— initialization and re-key of the vendor-post key management infrastructure;
— distribution of cryptographic material for DPM protection;
— withdrawal of mailing system.
5.2.2 Initialization and re-key of the vendor-post key management infrastructure
For the purpose of this document, the vendor-post key management infrastructure is defined as keys and
procedures involved in establishing a secure vendor-post communication channel as described in 4.3
“Security requirements”.
The process of initialization is defined as the process of generating and communicating cryptographic
keys or key material between the vendor and the post in a secure manner.
For the purpose of this document, the initialization and the re-key processes are treated as identical. The
request for initialization or re-key may come either from vendor or the post and it is not covered in this
document.
In the case when the vendor is responsible for generating cryptographic key or key material, the vendor
is required to securely communicate the appropriate keys to the post. Similarly, when the post is
responsible for generating cryptographic keys or key material, the post is required to securely
communicate the appropriate keys to the vendor.
NOTE Generation of cryptographic material is usually followed by communication of keys or certificates to the
parties other than the party which originates them. This communication is done using either out-of-band or in-band
methods. Out-of-band communication is usually accomplished through a face-to-face meeting of trusted postal and
vendor representatives. It avoids the use of any electronic network and ensures that the cryptographic material is
never exposed while it is communicated between the post and the vendor. This approach also ensures that the
source of the information is known and trusted. Communication through out-of-band methods is necessary before
a secure channel is established between the post and the vendor. It is used to communicate the cryptographic
material needed to establish such a communication channel. Once a secure channel is established, no more out-of-
band communications are necessary.
Other out-of-band methods include: mailing in a tamper evident/resistant enclosure and use of a trusted
3rd party (for example: certificate authority). In-band communication of keys or certificates to be used
for the establishment of communication channels between vendor and post is not recommended.
5.2.3 Distribution of cryptographic material for DPM protection
5.2.3.1 Introduction
This clause covers the creation and distribution of cryptographic keys for mailing systems. Cryptographic
keys are either generated or certified by a postal authority’s infrastructure and are used for the protection
of the Digital Postal Mark (DPM). In the case of public key-based systems DPMs contain a digital signature,
whereas in symmetric key-based systems a message authentication code (MAC) is used.
5.2.3.2 Overview of the process
5.2.3.2.1 General
There are two general categories of cryptographic schemes: public key and symmetric key. Systems
designed to support implementation of public key schemes are known as Public Key Infrastructure (PKI).
5.2.3.2.2 Public key systems
There are two alternatives for certification (authentication) of public keys in a public key-based DPM
system. The first alternative involves a traditional key certification process and is referred to in this
document as PKI certification or explicit certification. The second alternative is known as implicit
certification and involves a joint generation of DPM signing and verification key pair by the vendor and
the post. A small value known as an implicit certificate or optimal mail certificate is included into the
DPM. It is computed in such a way that it allows DPM verifiers to compute DPM signature verification key
1)
without access to external databases.

1)
Method of PKI certification (a1) requires that the verification key certificate is either included in the DPM or stored
in a database and retrieved during DPM verification process through an identifier contained in the DPM. If (which
is frequently the case) the verification key certificate is too large to be included in the DPM, then it is stored and
(often) retrieved from a large secure database containing certificates for all registered MEs. Such database is
maintained by the post and made accessible in a real time to all DPM verifiers. This is frequently costly and
operationally inconvenient for the post. The method of implicit certification avoids this difficulty.
5.2.3.2.3 Public key systems - PKI Certification
As a prerequisite, it is recommended that the vendor-post channel [4.3.4] is used for all communications
required for the PKI certification process. To provide the vendor-post channel capabilities, the following
activities are recommended:
— vendor generates a public key pair for computing digital signatures aimed at signing requests for
certification of mailing system-generated public keys. The private key is referred to as the vendor
signature generation key and the public key is referred to as the vendor signature verification key;
— post generates a public key pair for computing signatures aimed at certifying public keys of MEs. The
private key is referred to as the postal signature generation key and the public key is referred to as
the postal signature verification key;
— The post and the vendor have a mechanism to mutually authenticate each other's public keys.
NOTE This can be done via traditional PKI mechanisms using X509 certificates.
The generic PKI certification process is as follows:
a) vendor transmits a request for certificate containing DPM signature verification key together with
unique mailing system identification information to the post using the secure vendor-post channel;
b) post returns to the vendor the verification key certificate containing DPM signature verification key
and mailing system unique identification information signed with the postal signature generation
key;
c) vendor verifies the DPM signature verification key obtained from the DPM verification key certificate
received from the post. At this point the mailing system’s DPM signing key is ready to be used for
DPM computation and DPM signature verification key is ready be used for DPM verification.
5.2.3.2.4 Public key systems - Implicit certification
A detailed description of implicit certification process is given in Annex A.
As a prerequisite, it is recommended that the vendor-post channel [4.3.5] is used for all communications
required for the implicit certification process. To provide the vendor-post channel capabilities, the
following activities are recommended:
— vendor generates a public key pair for generating signatures. The private key is referred to as the
vendor signature generation key and the public key is referred to as the vendor signature verification
key;
— post generates a elliptic curve public key pair for generating implicit certificates
...