UNE-EN 14615:2005

Foreword
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviations
5 DPM applications and design process
  5.1 Introduction
  5.2 DPM business planning
  5.3 DPM systems analysis
  5.4 DPM security analysis
  5.5 DPM design
Annex A (normative) Specification checklists
  A.1 DPM applications specifications
  A.2 System specification
  A.3 Security specification
  A.4 DPM specification
Annex B (informative) Business planning considerations
  B.1 Possible applications
  B.2 Market segmentation
      B.2.1 Approach
      B.2.2 Mailer segmentation
      B.2.3 Postal access and induction
      B.2.4 Payment
  B.3 Applications selection
      B.3.1 Approach
      B.3.2 Infrastructure requirements and constraints
      B.3.3 Other factors
Annex C (informative) Security analysis considerations
  C.1 Context
  C.2 Security objectives, policy and economics
  C.3 Threats and vulnerabilities
      C.3.1 Introduction
      C.3.2 Environmental context
      C.3.3 General threats to DPM systems
  C.4 Applications and message level security
  C.5 Security services and message level countermeasures
  C.6 Applications level countermeasures
      C.6.1 Introduction
      C.6.2 Access and usage controls
      C.6.3 Duplicate detection
      C.6.4 Induction control
      C.6.5 Inspection & forensic analysis
      C.6.6 Investigation
      C.6.7 Postal item verification
      C.6.8 Obliteration countermeasures
      C.6.9 Security service management
      C.6.10 Volume and revenue controls
  C.7 Countermeasure selection
  C.8 Application of countermeasures
  C.9 Message security implementation options
      C.9.1 Introduction
      C.9.2 Digital signatures
      C.9.3 Message authentication codes
      C.9.4 Exchange validation codes
      C.9.5 Selection of message security techniques
      C.9.6 Application of verification techniques
Annex D (informative) Systems analysis considerations
  D.1 Requirements analysis
  D.2 Functional description
      D.2.1 Approach
      D.2.2 Postal item production
      D.2.3 Rating
      D.2.4 Accounting
      D.2.5 DPM generation
      D.2.6 DPM printing
      D.2.7 Payment
      D.2.8 Induction
      D.2.9 Mail processing: sorting, transportation and delivery
      D.2.10 Component management
      D.2.11 Security management
      D.2.12 Audit
      D.2.13 Application services
  D.3 Function allocation and architecture design
  D.4 Other detailed design aspects
      D.4.1 Introduction
      D.4.2 Data requirements and sourcing
      D.4.3 DPM printing
      D.4.4 DPM data capture
      D.4.5 Applications processing
      D.4.6 Security analysis
      D.4.7 Exception handling
Annex E (informative) DPM design considerations
  E.1 Data content
  E.2 Data entry
  E.3 Data construct mapping
  E.4 Symbology
  E.5 Human readable information
  E.6 Layout, facing & aesthetics
  E.7 Performance and test criteria
Annex F (informative) Statistical analysis of DPM verification
  F.1 Introduction
  F.2 Purpose and scope of postal item verification
  F.3 Detection of DPMs with invalid validation code
      F.3.1 Introduction
      F.3.2 Parameters
      F.3.3 Possible Outcomes
      F.3.4 Analysis of Outcomes
      F.3.5 Calculation of Fraud Incidence
  F.4 Influence of CVC length on fraud detection
  F.5 Detection of duplicate DPMs
Annex G (informative) Message security algorithms
  G.1 Introduction
  G.2 Hash functions used in message security services
  G.3 Asymmetric (public key) cryptographic algorithms
      G.3.1 DSA
      G.3.2 RSA
      G.3.3 ECDSA
      G.3.4 Hybrid digital signatures with partial message recovery
      G.3.5 Other digital signature methods
  G.4 Message authentication code (MAC) algorithms
      G.4.1 CBC DES
      G.4.2 Advanced Encryption Standard (AES)
      G.4.3 HMAC
      G.4.4 MAC truncation and CVC size
  G.5 Exchange validation code generation
  G.6 Selection of algorithms for CVC implementation
      G.6.1 Introduction
      G.6.2 Cryptographic strength of commonly used algorithms
      G.6.3 Validation code size and size inflation
      G.6.4 Generation and verification complexity
      G.6.5 Key generation complexity
      G.6.6 Key management infrastructure
      G.6.7 Intellectual property rights
      G.6.8 Legality of use; export and import approval
Annex H (informative) CVC generation and verification data
  H.1 Introduction
  H.2 Sources of data for verification
      H.2.1 Introduction
      H.2.2 Data encoded on the item
      H.2.3 Data accessed by database look up
  H.3 Selection of data used in the verification process
      H.3.1 Introduction
      H.3.2 Acceptance control code
      H.3.3 Batch identifier and item number; licence plate
      H.3.4 CVC
      H.3.5 Date/time
      H.3.6 Delivery security code
      H.3.7 Device identifier, customer identifier or licence number
      H.3.8 Postage value
      H.3.9 Public key certificate identifier
      H.3.10 Rating parameter(s), including service indicator
Annex I (informative) Architecture examples
  I.1 Introduction
  I.2 The REMPI architecture
      I.2.1 Introduction
      I.2.2 Mailer systems
      I.2.3 Mail finishing system
      I.2.4 Mail finishing print subsystem
      I.2.5 Secure accounting system
      I.2.6 Announcement system
      I.2.7 Acceptance system
      I.2.8 Postal item verification system
      I.2.9 Reconciliation & support systems
      I.2.10 Bank
      I.2.11 Post systems
      I.2.12 Mail handling infrastructure
      I.2.13 Customer information system
      I.2.14 Enquiry & data system
  I.3 USPS IBIP configurations
      I.3.1 Introduction
      I.3.2 System components
      I.3.3 Configuration A
      I.3.4 Configuration B
Annex J (informative) Examples of digital postage marks (not to scale)
  J.1 Australia Post
  J.2 Canada Post
  J.3 Deutsche Post
  J.4 Die Post, Switzerland
  J.5 Royal Mail
  J.6 United States Postal Service (USPS)
Annex K (informative) Relevant intellectual property rights (IPR)
  K.1 Introduction
  K.2 Massachusetts Institute of Technology
  K.3 Neopost
  K.4 Pitney Bowes Inc
  K.5 Pitney Bowes Inc, together with Certicom Corp
  K.6 United States Department of Commerce
  K.7 United States Postal Service
Annex L (informative) DPM design charts
  L.1 Applicability of countermeasures against identified threats
      Application Countermeasure
  L.2 Data elements used by typical applications & countermeasures
  L.3 Mapping data elements onto data source & DPM data constructs
Bibliography