Postal services - DPM infrastructure - Messages supporting DPM applications

This document specifies the information exchanges between various parties' infrastructures that take place in support of DPM applications. It complements standards that address the design, security, applications and readability of Digital Postage Marks.
The following items will be addressed by this document:
-   identification of parties participating in exchanges of information described by this document;
-   identification of functions (interactions, use cases);
-   definition of parties’ responsibilities in the context of above functions;
-   definition of messages between parties: message meaning and definition of communication protocols to support each function;
-   definition of significant content (payload) for each message;
-   security mechanisms providing required security services, such as authentication, privacy, integrity and non-repudiation.
This document does not address:
-   design of DPM supporting infrastructure for applications internal to providers and carriers;
-   design of DPM devices and applications for applications internal to end-users.
NOTE   Although there are other communications between various parties involved in postal communications, this document covers only DPM-related aspects of such communications.

Postalische Dienstleistungen - Infrastruktur für Elektronische Freimachungsvermerke (DPM) - Nachrichten zur Unterstützung von Anwendungen der DPM

This document specifies the information exchanges between various parties' infrastructures that take place in support of DPM applications. It complements standards that address the design, security, applications and readability of Digital Postage Marks.
The following items will be addressed by this document:
—   identification of parties participating in exchanges of information described by this document;
—   identification of functions (interactions, use cases);
—   definition of parties’ responsibilities in the context of above functions;
—   definition of messages between parties: message meaning and definition of communication protocols to support each function;
—   definition of significant content (payload) for each message;
—   security mechanisms providing required security services, such as authentication, privacy, integrity and non-repudiation.
This document does not address:
—   design of DPM supporting infrastructure for applications internal to providers and carriers;
—   design of DPM devices and applications for applications internal to end-users.
NOTE   Although there are other communications between various parties involved in postal communications, this document covers only DPM-related aspects of such communications.

Services Postaux - Affranchissement électronique, Infrastructure du système - Messages pris en charge par les applications

Poštne storitve - Infrastruktura za elektrotehnične zaznamke pri frankiranju (DPM) - Informacije v podporo uporabi DPM

General Information

Status
Published
Publication Date
14-Apr-2020
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Due Date
15-Apr-2020
Completion Date
15-Apr-2020

RELATIONS

Buy Standard

Technical specification
-TS CEN/TS 15130:2020
English language
44 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day
Technical specification
-TS FprCEN/TS 15130:2019
English language
43 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST-TS CEN/TS 15130:2020
01-junij-2020
Nadomešča:
SIST-TS CEN/TS 15130:2007

Poštne storitve - Infrastruktura za elektrotehnične zaznamke pri frankiranju (DPM)

- Informacije v podporo uporabi DPM
Postal services - DPM infrastructure - Messages supporting DPM applications

Postalische Dienstleistungen - Infrastruktur für Elektronische Freimachungsvermerke

(DPM) - Nachrichten zur Unterstützung von Anwendungen der DPM

Services Postaux - Affranchissement électronique, Infrastructure du système - Messages

pris en charge par les applications
Ta slovenski standard je istoveten z: CEN/TS 15130:2020
ICS:
03.240 Poštne storitve Postal services
35.240.69 Uporabniške rešitve IT pri IT applications in postal
poštnih storitvah services
SIST-TS CEN/TS 15130:2020 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST-TS CEN/TS 15130:2020
---------------------- Page: 2 ----------------------
SIST-TS CEN/TS 15130:2020
CEN/TS 15130
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
April 2020
TECHNISCHE SPEZIFIKATION
ICS 03.240 Supersedes CEN/TS 15130:2006
English Version
Postal services - DPM infrastructure - Messages supporting
DPM applications

Services Postaux - Affranchissement électronique, Postalische Dienstleistungen - Infrastruktur für

Infrastructure du système - Messages pris en charge Elektronische Freimachungsvermerke (DPM) -

par les applications Nachrichten zur Unterstützung von Anwendungen der
DPM

This Technical Specification (CEN/TS) was approved by CEN on 21 October 2019 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to

submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS

available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in

parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,

Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,

Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and

United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels

© 2020 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 15130:2020 E

worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
SIST-TS CEN/TS 15130:2020
CEN/TS 15130:2020 (E)
Contents Page

European foreword ............................................................................................................................................ 3

Introduction .......................................................................................................................................................... 4

1 Scope .......................................................................................................................................................... 5

2 Normative references .......................................................................................................................... 5

3 Terms and definitions ......................................................................................................................... 5

4 Requirements ....................................................................................................................................... 10

5 Description of the models (system architecture and interaction diagrams) ................ 14

Annex A (normative) Implicit certification process .............................................................................. 38

Annex B (normative) Message structure ................................................................................................... 40

Annex C (informative) Development principles ..................................................................................... 43

Bibliography ....................................................................................................................................................... 44

---------------------- Page: 4 ----------------------
SIST-TS CEN/TS 15130:2020
CEN/TS 15130:2020 (E)
European foreword

This document (CEN/TS 15130:2020) has been prepared by Technical Committee CEN/TC 331 “Postal

Services”, the secretariat of which is held by NEN.

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. CEN shall not be held responsible for identifying any or all such patent rights.

This document will supersede CEN/TS 15130:2006.

In comparison with the previous edition, the following technical modifications have been made:

a) Normative Annex A Implicit certification process, has been updated with reference to a state-of-the-

art algorithm for new applications of digital signature generation and verification.

b) The Bibliography has been updated accordingly.

According to the CEN/CENELEC Internal Regulations, the national standards organisations of the

following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria,

Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,

Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of

North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United

Kingdom.
---------------------- Page: 5 ----------------------
SIST-TS CEN/TS 15130:2020
CEN/TS 15130:2020 (E)
Introduction

The purpose of this document is to define a consistent and complete set of messages between vendors

and posts infrastructures in support of DPM applications.

It is assumed that the reader of this document is familiar with computer-related technologies normally

used to design and implement applications requiring an interaction between computer systems. This

document makes use of industry-accepted technical standards and concepts like public key cryptography

and communication protocols.

This document defines the significant content and the format for data exchanges and messages,

consistent with current industry practices. Also, consistent with the concepts of extensibility and

flexibility, this document allows for extensions supporting specific (local) implementations using

additional data elements.
---------------------- Page: 6 ----------------------
SIST-TS CEN/TS 15130:2020
CEN/TS 15130:2020 (E)
1 Scope

This document specifies the information exchanges between various parties' infrastructures that take

place in support of DPM applications. It complements standards that address the design, security,

applications and readability of Digital Postage Marks.
The following items will be addressed by this document:

— identification of parties participating in exchanges of information described by this document;

— identification of functions (interactions, use cases);
— definition of parties’ responsibilities in the context of above functions;

— definition of messages between parties: message meaning and definition of communication protocols

to support each function;
— definition of significant content (payload) for each message;

— security mechanisms providing required security services, such as authentication, privacy, integrity

and non-repudiation.
This document does not address:

— design of DPM supporting infrastructure for applications internal to providers and carriers;

— design of DPM devices and applications for applications internal to end-users.

NOTE Although there are other communications between various parties involved in postal communications,

this document covers only DPM-related aspects of such communications.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC 9798-3, IT Security techniques — Entity authentication — Part 3: Mechanisms using digital

signature techniques

ISO 10126-2, Banking — Procedures for message encipherment (wholesale) — Part 2: DEA algorithm

3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at https://www.iso.org/obp
3.1
ascending register value

numerical value that is equal to the total accumulated value of postage that has been accounted for and

printed by the mailing system (usually used in the context of a postage meter or a franking machine)

---------------------- Page: 7 ----------------------
SIST-TS CEN/TS 15130:2020
CEN/TS 15130:2020 (E)
3.2
authentication

verification of the identity of a person, process or the origin of the data being exchanged

3.3
control sum

sum of the descending register value and ascending register value in a mailing system

3.4
cryptographic material

information used in conjunction with cryptographic methods of protecting information

3.5
cryptographic key

information that uniquely determines a bijection (one-to-one transformation) from the space of

messages to the space of ciphertexts
3.6
Cryptographic Validation Codes
CVC

value, cryptographically derived from selected postal data, which may be used in verifying the integrity

of such data and authenticating its origin
3.7
data integrity

property of a communication channel whereby data has not been altered in an unauthorized manner

since the time it was created, transmitted, or stored by an authorized source
3.8
descending register value

numerical value equal to the total value of unused postage remaining in the mailing system (usually used

in the context of a postage meter or a franking machine)
3.9
Digital Postage Mark
DPM

postmark printed or otherwise attached to a mail item and containing information that may be captured

and used by mail handling organizations and the recipient
3.10
DPM signature verification key
public key that is used for the DPM signature verification
3.11
DPM signing Key
DPM signature generation key
private key that is used for digital signing of DPM information
3.12
DPM verifier
verifier
postal equipment that is used for DPM verification
---------------------- Page: 8 ----------------------
SIST-TS CEN/TS 15130:2020
CEN/TS 15130:2020 (E)
3.13
Exchange Validation Codes
EVC

code, known to or agreed between a mailer and a licensing post, which when applied to a postal item by

the mailer may be used by the licensing post to authenticate the origin of the item and, under appropriate

circumstances, to verify the integrity of agreed upon DPM data
3.14
implicit certificate

informational element that binds an entity's identity with its public cryptographic key allowing the

verification of the digital signature by another entity using only information contained within the

certificate itself

Note 1 to entry: In Digital Postage Mark verification systems based on public key cryptographic schemes, the

verification key is public and can either be retrieved from a database (explicit certificate) or it can be computed

from the information contained in the Digital Postage Mark (implicit certificate).

3.15
key management infrastructure

systems, policies and procedures used to create, store, distribute and update cryptographic keys

3.16
license

formal permission to account for postal charges and create an agreed upon evidence of payment for such

charges given to qualified mailers by posts, carriers or their authorised agents
3.17
license number

informational element (typically numeric or alphanumeric code) that represents the fact that a mailer

has obtained license from the post or a carrier authorising the mailer to account for postal charges and

to print evidence of a paid postage
3.18
licensing post
postal organisation responsible for issuing licenses to qualified mailers
3.19
MAC key
DPM MAC key

Message Authentication Code (MAC) key used for the protection of the Digital Postal Mark (DPM) in DPM

systems based on symmetric key cryptographic schemes
3.20
mailer
person or organization using the services of a post
---------------------- Page: 9 ----------------------
SIST-TS CEN/TS 15130:2020
CEN/TS 15130:2020 (E)
3.21
mailing system
system which is used to account and evidence charges for postal services
Note 1 to entry: Variations of a mailing system include:
— franking machine or postage meter;
— personal computer with specialized software;
— online software service.
3.22
Message Authentication Code
MAC

value, cryptographically derived from selected data, which allows data integrity and implicit data origin

to be verified

Note 1 to entry: Since MACs are based on shared secret schemes they allow for weaker (implicit) data origin

verification than digital signatures that are based on public key cryptographic schemes.

3.23
non-repudiation

security service which prevents an entity from denying previous commitments or actions

3.24
parametrisation

process of supplying a system or a device with all input information required for proper operation,

involving assignment of specific numerical values to named variables used in computation of output

values such as data elements of DPM
3.25
post
postal administration postal authority
3.26
post

organization which has been designated by the UPU member country or territory as an operator

responsible for fulfilling part or all of the member's obligations arising from adherence to the UPU

convention and agreements
3.27
postal code

numeric or alphanumeric value that is uniquely indicative of a geographic location of an element of postal

processing and delivery network, including postal processing facilities, retail offices, delivery units and

individual recipient’s mailboxes
3.28
privacy
confidentiality

security service used to keep the (meaningful) content of the information from all but those authorised

to have it
---------------------- Page: 10 ----------------------
SIST-TS CEN/TS 15130:2020
CEN/TS 15130:2020 (E)
3.29
public key cryptography

cryptographic system that uses two keys: a public key accessible to all parties and a private or secret key

known only to one party (either the sender or the recipient of the message depending on the use of the

system)

Note 1 to entry: An important element of the public key system is that the public and private keys are uniquely

related to each other and it is computationally infeasible to compute private key from the knowledge of public key.

3.30
Public Key Infrastructure
PKI

system of digital certificates, certificate authorities, and registration authorities or agents that allows for

authentication of all parties involved in communication and data exchange processes

3.31
symmetric key cryptography

encryption system in which the sender and receiver of a message share a single, common secret

information (key) that is used both to encrypt and decrypt messages that are being exchanged

3.32
time stamp

value of the current time stored by a system to indicate when a certain transaction took place

3.33
Universal Coordinated Time
UCT

universal time, taking into account the addition or omission of leap seconds by atomic clocks each year

to compensate for changes in the rotation of the earth (Greenwich Mean Time updated with leap seconds)

3.34
vendor
provider and/or operator of mailing systems
3.35
World Wide Web Consortium
W3C

international consortium of companies involved with the development of open standards for internet and

the web
3.36
XML
Extensible Mark-up Language

subset of SGML constituting a particular text mark-up language for interchange of structured data

3.37
XML schema

XML schema is an XML language for describing and constraining the content of XML documents

---------------------- Page: 11 ----------------------
SIST-TS CEN/TS 15130:2020
CEN/TS 15130:2020 (E)
4 Requirements
4.1 Functional structure

This clause covers the organization of the logical layer of communication between post and vendor.

In the context of this document, a typical postal operator or a carrier of physical mail items is organized

along well-defined functional elements. Specifically, typical functional elements are postal operations

(including: mail collection, processing, sorting, transportation and delivery) and system administration

and management control (including finance and marketing).

Since this document defines (for the major part) communications between vendor and post aimed at

supporting postal revenue collection based on DPM, the postal operator is the main recipient and

beneficiary of the information collected and communicated within the DPM supporting infrastructure.

Therefore, the functional requirements are organized to match the functional elements of the postal

organization namely: postal operations and system administration and management control.

Accordingly, Clause 5 of the present document is organized into the following major subclauses:

— key management processes;
— licensing and parameterization of mailing systems;
— data collection and reporting processes;
— audit-related process.

In this organization, key management processes support postal operations while licensing and

parameterization, data collection and audit-related clauses support system administration and

management control.

Postal revenue collection systems that are based on DPM require postal verification of accounting

processes performed by mailers. In practice, this amounts to DPM verification that is performed on

individual mail items and, as such, becomes a part of postal operations.

DPM verification requires that all verification equipment (verifiers) have access to DPM verification keys

or key materials (symmetric or public).

For the purpose of this document these verification keys are supplied to verifiers from postal key

management infrastructure. The postal key management infrastructure in its relation to vendor key

management infrastructure is covered in subsequent clauses of this document.
4.2 Technical requirements

Technical requirements for this document are driven by the needs of posts and vendors to create and

operate a cost-effective, functional and efficient infrastructure which allows them to exchange

information as described in Clause 5.

This infrastructure will allow interoperability between systems owned and operated by vendors and

posts eliminating the need for custom interfaces between specific parties. The use of established

technologies and industry-standard solutions will minimize the cost of such infrastructure. The optimum

set of solutions is highly dependent on specific conditions and the state of the technology at any given

time.

Specific performance levels (like scalability, speed, reliability, availability) are outside the scope of this

document, as they evolve quickly and they vary greatly between organizations.

Annex B includes as an example a specific implementation of the transport layer using XML schema

standard for data representation.
---------------------- Page: 12 ----------------------
SIST-TS CEN/TS 15130:2020
CEN/TS 15130:2020 (E)
4.3 Security requirements
4.3.1 General

This subclause is a review of security requirements which are of specific interest to posts and vendors, in

the context of DPM infrastructure. It includes a discussion of threats, vulnerabilities and approaches to

reduce risks.
4.3.2 Introduction

This clause defines security requirements for the DPM supporting infrastructure and in its general

approach follows Annex C “Security analysis considerations” of EN 14615. 4.3.4 defines threats and

countermeasures that are specific to DPM supporting infrastructure.

Security of the Digital Postage Marks (DPM) rests on the information present in the DPM, and on security

of DPM supporting infrastructure. The DPM information is designed to convince a verifier after it captures

and interprets it that the postal charge accounting for the mail piece has occurred and that the payment

has been made or will be made (depending on the payment arrangement). The basic principle at work

here is the notion that certain information can be known to a mailer’s postage evidencing device only if

it has access to a protected (secret or private) piece of information known as a key. Access to such key

shall always trigger an accounting action that results in a secure accounting for the postal charge

(amount) required to be paid for the service of postal delivery. This secure accounting is performed either

by deduction of the computed postage amount from an accounting register (descending register)

responsible for storage of pre-paid funds or simply by updating a secure non-volatile register (ascending

register) by the computed amount or both. Thus the DPM security and its linkage to a payment

mechanism are delivered through secure cryptographic information processing using a private (secret)

key. It is of paramount importance that such keys be securely managed throughout their use within the

system. This document deals with DPM key management system and its specific arrangements

concerning vendor-post interface.

A cryptographic system normally requires a clear definition of the message sender, message

communication channel, message recipient and the message itself. For the purpose of this document both

vendor and post play roles of sender and recipient since they engage in exchange of vital information

required for the proper functioning of a DPM-based payment system. Such exchange is organized by using

a public or private communication network that is referred to as a communication channel. In the process

of exchanging required information vendor and post execute an agreed upon communication protocol

normally consisting of a several rounds of sending and receiving information.

The usual services of information security are entity or message data origin authentication, message data

integrity, message data confidentiality (privacy) and sender non-repudiation (see Bibliography [2] [5] [6]

[7] [8] [9] [10] [11] [12] [13] [14])
4.3.3 Security business objectives, policy and economics

This subclause defines most important security business objectives, policy and economics. Other more

detailed security objectives, policy and economics are application and environment dependent and

typically can be derived from the objectives listed below:

a) postal business objective is to create and maintain cost effective access to postal services for mailers

without negative impact on the quality of service and its ease of use. Specifically, postal revenue

collection including DPM infrastructure security measures shall be balanced against the cost of

implementation and maintenance of secure DPM supporting Infrastructure. This shall be done in

such a way that the overall combined cost of revenue collection including the cost that shall be

incurred by post, vendor and their joint customers is minimal;

b) fundamental security policy and economics requirement is that a postal revenue collection system

does not allow for attacks (resulting in significant revenue losses) that are easy to mount for

---------------------- Page: 13 ----------------------
SIST-TS CEN/TS 15130:2020
CEN/TS 15130:2020 (E)

dishonest mailers or outside participants and are difficult to detect and protect against for post and

vendor. The qualifications “easy” and “difficult” here are understood in economic terms. “Easy”

means that material, human and timing resources required to mount an attack are relatively low

compared with potential economic rewards for a successful attack. “Difficult” means that those

required resources are relatively high compared to potential rewards. Similarly, countermeasures

implemented by vendor and post are “easy” if they require comparatively low resources for

successful detection of an attack and result in identification and prosecution of perpetrators.

Countermeasures that require comparatively large resources are considered “difficult”. More

specifically, there are several fundamental security policy requirements, namely: 1) the postal

accounting systems/devices manufactured and distributed by vendor shall accurately account for

postal funds, 2) the postal accounting systems/devices shall provide all necessary information for

verification of postage payment, 3) the payment verification systems shall be able to detect postal

fraud, identify responsible party or parties and support evidence collection and prosecution of

responsible party or parties and 4) the design of vendor and post infrastructures supporting DPM

shall not allow for “easy” attacks that do not have effective countermeasures (defined as

countermeasures that require small material, human and timing resources);

c) legal framework shall be developed that defines legal recourse against perpetrators of postal fraud

in the digital environment together with required standards of evidence. The legal framework for

DPM infrastructure environment is outside of the scope of this document.
4.3.4 Threats and vulnerabilities (attacks)

Threats correspond to methods of attacking a system with the objective of causing damage to it, its

operators or users. Actual attacks may combine several such methods.

The approach taken in this document is to define only threats and vulnerabilities that are specific to DPM

supporting infrastructure and avoid definition and description of attacks common to all digital

communication systems.

The remainder of this clause is devoted to the identification and brief description of a number of threats

that are specific to DPM supporting infrastructure:

a) collusion involves cooperation between two or more parties with fraudulent intent. It may occur

between mailers, between a mailer and a supplier (vendor), or between one of these and a corrupt

postal employee. For example, an individual employed by one mailer may assist another mailer to

generate mail purporting to originate in his own organization, or a mailer may bribe a postal

employee to gain access to protected information such as key and key material. Collusion attacks

cannot be totally prevented but at a minimum postal audit of vendor and mailing system as well as

DPM verification processes will support the detection of collusion;

b) cryptanalysis is the use of mathematical techniques in an attempt to defeat the use of cryptographic

methods, particularly in the context of information security services. It is normally aimed at the

recovery of cryptographic keys by exploiting knowledge of the cryptographic algorithm, data that

forms input to and/or output from the algorithm, or both. DPM infrastructure design and

communication protocols employed in the vendor-post interface described in this document make

use of public and symmetric key cryptographic primitives. This document generally avoids making

specific recommendations concerning precise use and type of cryptographic primitives within key

management, data collection and reporting, licensing, parameterization and audit procedures. For

the purpose of this document it is sufficient to describe all covered protocols and procedures using

generic nomenclatures such as public or symmetric key schemes and thus leaving the choice of

specific primitives to qualified designers of the DPM supporting infrastructure. However, it is

strongly recommended that only well-known and tested cryptographic primitives such as RSA, DSA,

ECDSA, Triple DES and AES be used as primitives in the procedures described in this document.

---------------------- Page: 14 ----------------------
SIST-TS CEN/TS 15130:2020
CEN/TS 15130:2020 (E)

Specific choice of cryptographic primitives should be guided by computational, interoperability and

IT constraints as well as other system requirements known to exist in country-specific systems.

Recommended implementations of proven cryptographic primitives are described in appropriate

ISO, CEN, ANSI and other national standards and are outside of the scope of this document;

c) illegitimate key access covers access to the secret cryptographic key or keys of a legitimate device or

user by an unauthorized party, thereby allowing the party concerned to masquerade

(cryptographically) as the legitimate device or user. Illegitimate access to cryptographic keys puts at

risk any cryptographically protected features of the system. A properly designed DPM infrastructure

system prevents such access by requiring a sound key management and protection system as

described in this document;

d) Information Technology (IT) system infiltration covers the range of threats that are common to IT

systems. All of the issues associated with IT system infiltration
...

SLOVENSKI STANDARD
kSIST-TS FprCEN/TS 15130:2019
01-september-2019

Poštne storitve - Infrastruktura za elektrotehnične zaznamke pri frankiranju (DPM)

- Informacije v podporo uporabi DPM
Postal services - DPM infrastructure - Messages supporting DPM applications

Postalische Dienstleistungen - Infrastruktur für Elektronische Freimachungsvermerke

(DPM) - Nachrichten zur Unterstützung von Anwendungen der DPM; Englische
Fassung CEN/TS 15130:2006

Services Postaux - Affranchissement électronique, Infrastructure du système - Messages

pris en charge par les applications
Ta slovenski standard je istoveten z: FprCEN/TS 15130
ICS:
03.240 Poštne storitve Postal services
35.240.69 Uporabniške rešitve IT pri IT applications in postal
poštnih storitvah services
kSIST-TS FprCEN/TS 15130:2019 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
kSIST-TS FprCEN/TS 15130:2019
---------------------- Page: 2 ----------------------
kSIST-TS FprCEN/TS 15130:2019
FINAL DRAFT
TECHNICAL SPECIFICATION
FprCEN/TS 15130
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
June 2019
ICS Will supersede CEN/TS 15130:2006
English Version
Postal services - DPM infrastructure - Messages supporting
DPM applications

Services Postaux - Affranchissement électronique, Postalische Dienstleistungen - Infrastruktur fÃ1/4r

Infrastructure du système - Messages pris en charge Elektronische Freimachungsvermerke (DPM) -

par les applications Nachrichten zur UnterstÃ1/4tzung von Anwendungen
der DPM; Englische Fassung CEN/TS 15130:2006

This draft Technical Specification is submitted to CEN members for Vote. It has been drawn up by the Technical Committee

CEN/TC 331.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,

Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,

Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and

United Kingdom.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are

aware and to provide supporting documentation.

Warning : This document is not a Technical Specification. It is distributed for review and comments. It is subject to change

without notice and shall not be referred to as a Technical Specification.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels

© 2019 CEN All rights of exploitation in any form and by any means reserved Ref. No. FprCEN/TS 15130:2019 E

worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
kSIST-TS FprCEN/TS 15130:2019
FprCEN/TS 15130:2019 (E)
Contents Page

European foreword ............................................................................................................................................ 3

Introduction .......................................................................................................................................................... 4

1 Scope .......................................................................................................................................................... 5

2 Normative references .......................................................................................................................... 5

3 Terms and definitions ......................................................................................................................... 5

4 Requirements ....................................................................................................................................... 10

5 Description of the models (system architecture and interaction diagrams) ................ 14

Annex A (normative) Implicit certification process ............................................................................ 37

Annex B (normative) Message structure ................................................................................................. 39

Annex C (informative) Development principles ................................................................................... 42

Bibliography ....................................................................................................................................................... 43

---------------------- Page: 4 ----------------------
kSIST-TS FprCEN/TS 15130:2019
FprCEN/TS 15130:2019 (E)
European foreword

This document (FprCEN/TS 15130:2019) has been prepared by Technical Committee CEN/TC 331

“Postal Services”, the secretariat of which is held by NEN.
This document is currently submitted to the Vote on TS.
This document will supersede CEN/TS 15130:2006.

In comparison with the previous edition, the following technical modifications have been made:

a) Normative Annex A Implicit certification process, has been updated with reference to a state-of-the-

art algorithm for new applications of digital signature generation and verification.

b) The Bibliography has been updated accordingly.
---------------------- Page: 5 ----------------------
kSIST-TS FprCEN/TS 15130:2019
FprCEN/TS 15130:2019 (E)
Introduction

The purpose of this document is to define a consistent and complete set of messages between vendors

and posts infrastructures in support of DPM applications.

It is assumed that the reader of this document is familiar with computer-related technologies normally

used to design and implement applications requiring an interaction between computer systems. This

document makes use of industry-accepted technical standards and concepts like public key cryptography

and communication protocols.

This document defines the significant content and the format for data exchanges and messages,

consistent with current industry practices. Also, consistent with the concepts of extensibility and

flexibility, this document allows for extensions supporting specific (local) implementations using

additional data elements.
---------------------- Page: 6 ----------------------
kSIST-TS FprCEN/TS 15130:2019
FprCEN/TS 15130:2019 (E)
1 Scope

This document specifies the information exchanges between various parties' infrastructures that take

place in support of DPM applications. It complements standards that address the design, security,

applications and readability of Digital Postage Marks.
The following items will be addressed by this document:

— identification of parties participating in exchanges of information described by this document;

— identification of functions (interactions, use cases);
— definition of parties’ responsibilities in the context of above functions;

— definition of messages between parties: message meaning and definition of communication protocols

to support each function;
— definition of significant content (payload) for each message;

— security mechanisms providing required security services, such as authentication, privacy, integrity

and non-repudiation.
This document does not address:

— design of DPM supporting infrastructure for applications internal to providers and carriers;

— design of DPM devices and applications for applications internal to end-users.

NOTE Although there are other communications between various parties involved in postal communications,

this document covers only DPM-related aspects of such communications.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO/IEC 9798-3, IT Security techniques — Entity authentication — Part 3: Mechanisms using digital

signature techniques

ISO 10126-2, Banking — Procedures for message encipherment (wholesale) — Part 2: DEA algorithm

3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
3.1
ascending register value

numerical value that is equal to the total accumulated value of postage that has been accounted for and

printed by the mailing system (usually used in the context of a postage meter or a franking machine)

---------------------- Page: 7 ----------------------
kSIST-TS FprCEN/TS 15130:2019
FprCEN/TS 15130:2019 (E)
3.2
authentication

verification of the identity of a person, process or the origin of the data being exchanged

3.3
control sum

sum of the descending register value and ascending register value in a mailing system

3.4
cryptographic material

information used in conjunction with cryptographic methods of protecting information

3.5
cryptographic key

information that uniquely determines a bijection (one-to-one transformation) from the space of

messages to the space of ciphertexts
3.6
Cryptographic Validation Codes
CVC

value, cryptographically derived from selected postal data, which may be used in verifying the integrity

of such data and authenticating its origin
3.7
data integrity

property of a communication channel whereby data has not been altered in an unauthorized manner

since the time it was created, transmitted, or stored by an authorized source
3.8
descending register value

numerical value equal to the total value of unused postage remaining in the mailing system (usually used

in the context of a postage meter or a franking machine)
3.9
Digital Postage Mark
DPM

postmark printed or otherwise attached to a mail item and containing information that may be captured

and used by mail handling organizations and the recipient
3.10
DPM signature verification key
public key that is used for the DPM signature verification
3.11
DPM signing Key
DPM signature generation key
private key that is used for digital signing of DPM information
3.12
DPM verifier
verifier
postal equipment that is used for DPM verification
---------------------- Page: 8 ----------------------
kSIST-TS FprCEN/TS 15130:2019
FprCEN/TS 15130:2019 (E)
3.13
Exchange Validation Codes
EVC

code, known to or agreed between a mailer and a licensing post, which when applied to a postal item by

the mailer may be used by the licensing post to authenticate the origin of the item and, under appropriate

circumstances, to verify the integrity of agreed upon DPM data
3.14
implicit certificate

informational element that binds an entity's identity with its public cryptographic key allowing the

verification of the digital signature by another entity using only information contained within the

certificate itself

Note 1 to entry: In Digital Postage Mark verification systems based on public key cryptographic schemes, the

verification key is public and can either be retrieved from a database (explicit certificate) or it can be computed

from the information contained in the Digital Postage Mark (implicit certificate).

3.15
key management infrastructure

systems, policies and procedures used to create, store, distribute and update cryptographic keys

3.16
license

formal permission to account for postal charges and create an agreed upon evidence of payment for such

charges given to qualified mailers by posts, carriers or their authorised agents
3.17
license number

informational element (typically numeric or alphanumeric code) that represents the fact that a mailer

has obtained license from the post or a carrier authorising the mailer to account for postal charges and

to print evidence of a paid postage
3.18
licensing post
postal organisation responsible for issuing licenses to qualified mailers
3.19
MAC key
DPM MAC key

Message Authentication Code (MAC) key used for the protection of the Digital Postal Mark (DPM) in DPM

systems based on symmetric key cryptographic schemes
3.20
mailer
person or organization using the services of a post
---------------------- Page: 9 ----------------------
kSIST-TS FprCEN/TS 15130:2019
FprCEN/TS 15130:2019 (E)
3.21
mailing system
system which is used to account and evidence charges for postal services
Note 1 to entry: Variations of a mailing system include:
— franking machine or postage meter;
— personal computer with specialized software;
— online software service
3.22
Message Authentication Code
MAC

value, cryptographically derived from selected data, which allows data integrity and implicit data origin

to be verified

Note 1 to entry: Since MACs are based on shared secret schemes they allow for weaker (implicit) data origin

verification than digital signatures that are based on public key cryptographic schemes.

3.23
non-repudiation

security service which prevents an entity from denying previous commitments or actions

3.24
parametrisation

process of supplying a system or a device with all input information required for proper operation,

involving assignment of specific numerical values to named variables used in computation of output

values such as data elements of DPM
3.25
post
postal administration postal authority

organization which has been designated by the UPU member country or territory as an operator

responsible for fulfilling part or all of the member's obligations arising from adherence to the UPU

convention and agreements
3.26
postal code

numeric or alphanumeric value that is uniquely indicative of a geographic location of an element of postal

processing and delivery network, including postal processing facilities, retail offices, delivery units and

individual recipient’s mailboxes
3.27
privacy
confidentiality

security service used to keep the (meaningful) content of the information from all but those authorised

to have it
---------------------- Page: 10 ----------------------
kSIST-TS FprCEN/TS 15130:2019
FprCEN/TS 15130:2019 (E)
3.28
public key cryptography

cryptographic system that uses two keys: a public key accessible to all parties and a private or secret key

known only to one party (either the sender or the recipient of the message depending on the use of the

system)

Note 1 to entry: An important element of the public key system is that the public and private keys are uniquely

related to each other and it is computationally infeasible to compute private key from the knowledge of public key.

3.29
Public Key Infrastructure
PKI

system of digital certificates, certificate authorities, and registration authorities or agents that allows for

authentication of all parties involved in communication and data exchange processes

3.30
symmetric key cryptography

encryption system in which the sender and receiver of a message share a single, common secret

information (key) that is used both to encrypt and decrypt messages that are being exchanged

3.31
time stamp

value of the current time stored by a system to indicate when a certain transaction took place

3.32
Universal Coordinated Time
UCT

universal time, taking into account the addition or omission of leap seconds by atomic clocks each year

to compensate for changes in the rotation of the earth (Greenwich Mean Time updated with leap seconds)

3.33
vendor
provider and/or operator of mailing systems
3.34
World Wide Web Consortium
W3C

international consortium of companies involved with the development of open standards for internet and

the web
3.35
XML
Extensible Mark-up Language

subset of SGML constituting a particular text mark-up language for interchange of structured data

3.36
XML schema

XML schema is an XML language for describing and constraining the content of XML documents

---------------------- Page: 11 ----------------------
kSIST-TS FprCEN/TS 15130:2019
FprCEN/TS 15130:2019 (E)
4 Requirements
4.1 Functional structure

This clause covers the organization of the logical layer of communication between post and vendor.

In the context of this document, a typical postal operator or a carrier of physical mail items is organized

along well-defined functional elements. Specifically, typical functional elements are postal operations

(including: mail collection, processing, sorting, transportation and delivery) and system administration

and management control (including finance and marketing).

Since this document defines (for the major part) communications between vendor and post aimed at

supporting postal revenue collection based on DPM, the postal operator is the main recipient and

beneficiary of the information collected and communicated within the DPM supporting infrastructure.

Therefore, the functional requirements are organized to match the functional elements of the postal

organization namely: postal operations and system administration and management control.

Accordingly, Clause 5 of the present document is organized into the following major subclauses:

— key management processes;
— licensing and parameterization of mailing systems;
— data collection and reporting processes;
— audit-related process.

In this organization, key management processes support postal operations while licensing and

parameterization, data collection and audit-related clauses support system administration and

management control.

Postal revenue collection systems that are based on DPM require postal verification of accounting

processes performed by mailers. In practice, this amounts to DPM verification that is performed on

individual mail items and, as such, becomes a part of postal operations.

DPM verification requires that all verification equipment (verifiers) have access to DPM verification keys

or key materials (symmetric or public).

For the purpose of this document these verification keys are supplied to verifiers from postal key

management infrastructure. The postal key management infrastructure in its relation to vendor key

management infrastructure is covered in subsequent clauses of this document.
4.2 Technical requirements

Technical requirements for this document are driven by the needs of posts and vendors to create and

operate a cost-effective, functional and efficient infrastructure which allows them to exchange

information as described in Clause 5.

This infrastructure will allow interoperability between systems owned and operated by vendors and

posts eliminating the need for custom interfaces between specific parties. The use of established

technologies and industry-standard solutions will minimize the cost of such infrastructure. The optimum

set of solutions is highly dependent on specific conditions and the state of the technology at any given

time.

Specific performance levels (like scalability, speed, reliability, availability) are outside the scope of this

document, as they evolve quickly and they vary greatly between organizations.

Annex B includes as an example a specific implementation of the transport layer using XML schema

standard for data representation.
---------------------- Page: 12 ----------------------
kSIST-TS FprCEN/TS 15130:2019
FprCEN/TS 15130:2019 (E)
4.3 Security requirements
4.3.1 General

This subclause is a review of security requirements which are of specific interest to posts and vendors, in

the context of DPM infrastructure. It includes a discussion of threats, vulnerabilities and approaches to

reduce risks.
4.3.2 Introduction

This clause defines security requirements for the DPM supporting infrastructure and in its general

approach follows Annex C “Security analysis considerations” of EN 14615. 4.3.4 defines threats and

countermeasures that are specific to DPM supporting infrastructure.

Security of the Digital Postage Marks (DPM) rests on the information present in the DPM, and on security

of DPM supporting infrastructure. The DPM information is designed to convince a verifier after it captures

and interprets it that the postal charge accounting for the mail piece has occurred and that the payment

has been made or will be made (depending on the payment arrangement). The basic principle at work

here is the notion that certain information can be known to a mailer’s postage evidencing device only if

it has access to a protected (secret or private) piece of information known as a key. Access to such key

shall always trigger an accounting action that results in a secure accounting for the postal charge

(amount) required to be paid for the service of postal delivery. This secure accounting is performed either

by deduction of the computed postage amount from an accounting register (descending register)

responsible for storage of pre-paid funds or simply by updating a secure non-volatile register (ascending

register) by the computed amount or both. Thus the DPM security and its linkage to a payment

mechanism are delivered through secure cryptographic information processing using a private (secret)

key. It is of paramount importance that such keys be securely managed throughout their use within the

system. This document deals with DPM key management system and its specific arrangements

concerning vendor-post interface.

A cryptographic system normally requires a clear definition of the message sender, message

communication channel, message recipient and the message itself. For the purpose of this document both

vendor and post play roles of sender and recipient since they engage in exchange of vital information

required for the proper functioning of a DPM-based payment system. Such exchange is organized by using

a public or private communication network that is referred to as a communication channel. In the process

of exchanging required information vendor and post execute an agreed upon communication protocol

normally consisting of a several rounds of sending and receiving information.

The usual services of information security are entity or message data origin authentication, message data

integrity, message data confidentiality (privacy) and sender non-repudiation (see Bibliography [2] [5] [6]

[7] [8] [9] [10] [11] [12] [13] [14])
4.3.3 Security business objectives, policy and economics

This subclause defines most important security business objectives, policy and economics. Other more

detailed security objectives, policy and economics are application and environment dependent and

typically can be derived from the objectives listed below:

a) postal business objective is to create and maintain cost effective access to postal services for mailers

without negative impact on the quality of service and its ease of use. Specifically, postal revenue

collection including DPM infrastructure security measures shall be balanced against the cost of

implementation and maintenance of secure DPM supporting Infrastructure. This shall be done in

such a way that the overall combined cost of revenue collection including the cost that shall be

incurred by post, vendor and their joint customers is minimal;

b) fundamental security policy and economics requirement is that a postal revenue collection system

does not allow for attacks (resulting in significant revenue losses) that are easy to mount for

---------------------- Page: 13 ----------------------
kSIST-TS FprCEN/TS 15130:2019
FprCEN/TS 15130:2019 (E)

dishonest mailers or outside participants and are difficult to detect and protect against for post and

vendor. The qualifications “easy” and “difficult” here are understood in economic terms. “Easy”

means that material, human and timing resources required to mount an attack are relatively low

compared with potential economic rewards for a successful attack. “Difficult” means that those

required resources are relatively high compared to potential rewards. Similarly, countermeasures

implemented by vendor and post are “easy” if they require comparatively low resources for

successful detection of an attack and result in identification and prosecution of perpetrators.

Countermeasures that require comparatively large resources are considered “difficult”. More

specifically, there are several fundamental security policy requirements, namely: 1) the postal

accounting systems/devices manufactured and distributed by vendor shall accurately account for

postal funds, 2) the postal accounting systems/devices shall provide all necessary information for

verification of postage payment, 3) the payment verification systems shall be able to detect postal

fraud, identify responsible party or parties and support evidence collection and prosecution of

responsible party or parties and 4) the design of vendor and post infrastructures supporting DPM

shall not allow for “easy” attacks that do not have effective countermeasures (defined as

countermeasures that require small material, human and timing resources);

c) legal framework shall be developed that defines legal recourse against perpetrators of postal fraud

in the digital environment together with required standards of evidence. The legal framework for

DPM infrastructure environment is outside of the scope of this document.
4.3.4 Threats and vulnerabilities (attacks)

Threats correspond to methods of attacking a system with the objective of causing damage to it, its

operators or users. Actual attacks may combine several such methods.

The approach taken in this document is to define only threats and vulnerabilities that are specific to DPM

supporting infrastructure and avoid definition and description of attacks common to all digital

communication systems.

The remainder of this clause is devoted to the identification and brief description of a number of threats

that are specific to DPM supporting infrastructure:

a) collusion involves cooperation between two or more parties with fraudulent intent. It may occur

between mailers, between a mailer and a supplier (vendor), or between one of these and a corrupt

postal employee. For example, an individual employed by one mailer may assist another mailer to

generate mail purporting to originate in his own organization, or a mailer may bribe a postal

employee to gain access to protected information such as key and key material. Collusion attacks

cannot be totally prevented but at a minimum postal audit of vendor and mailing system as well as

DPM verification processes will support the detection of collusion;

b) cryptanalysis is the use of mathematical techniques in an attempt to defeat the use of cryptographic

methods, particularly in the context of information security services. It is normally aimed at the

recovery of cryptographic keys by exploiting knowledge of the cryptographic algorithm, data that

forms input to and/or output from the algorithm, or both. DPM infrastructure design and

communication protocols employed in the vendor-post interface described in this document make

use of public and symmetric key cryptographic primitives. This document generally avoids making

specific recommendations concerning precise use and type of cryptographic primitives within key

management, data collection and reporting, licensing, parameterization and audit procedures. For

the purpose of this document it is sufficient to describe all covered protocols and procedures using

generic nomenclatures such as public or symmetric key schemes and thus leaving the choice of

specific primitives to qualified designers of the DPM supporting infrastructure. However, it is

strongly recommended that only well-known and tested cryptographic primitives such as RSA, DSA,

ECDSA, Triple DES and AES be used as primitives in the procedures described in this document.

---------------------- Page: 14 ----------------------
kSIST-TS FprCEN/TS 15130:2019
FprCEN/TS 15130:2019 (E)

Specific choice of cryptographic primitives should be guided by computational, interoperability and

IT constraints as well as other system requirements known to exist in country-specific systems.

Recommended implementations of proven cryptographic primitives are described in appropriate

ISO, CEN, ANSI and other national standards and are outside of the scope of this document;

c) illegitimate key access covers access to the secret cryptographic key or keys of a legitimate device or

user by an unauthorized party, thereby allowing the party concerned to masquerade

(cryptographically) as the legitimate device or user. Illegitimate access to cryptographic keys puts at

risk any cryptographically protected features of the system. A properly designed DPM infrastructure

system prevents such access by requiring a sound key management and protection system as

described in this document;

d) Information Technology (IT) system infiltration covers the range of threats that are common to IT

systems. All of the issues associated with IT system infiltration are addressed in separate documents

and are not covered by this document since they are not specific to DPM infrastructure. However,

several classes of threats that are of particular interest in the design, implementation and

administration of DPM supporting infrastructure are briefly described. It is strongly advised that

designers of DPM supporting infrastructure ystems review, assess and implement technical and

administrative countermeasures appropriate for their specific IT systems:

1) network tampering covers a range of threats that are both passive and active attacks on

communications channels. Network tampering attacks may be conducted on public networks,

such as the internet
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.