SIST-TS CEN/TS 15523:2011
(Main)Postal Services - Statement of mailing submission
Postal Services - Statement of mailing submission
This Technical Specification specifies a methodology that allows postal operators to define specific statements of mailing submission customised according to their environment and applications.
The document defines information requirements for existing generic postal information processing applications related to major postal functions, namely operations, finance and marketing by specifically identifying the information that could be collected within the mailer’s domain and transmitted to the postal domain.
In addition, this document defines the organisation of data into messages by describing data content, format and communication protocol suitable for communication of data originating in the mailer’s domain.
The specification also provides a detailed analysis and recommendations for implementing application level security threats and countermeasures particularly relevant for postal revenue protection in controlled mail entry settings.
Finally, this document provides several examples of concrete statements of mailing submissions and an example of a secure communication protocol recommended for transmission of such statements.
NOTE The SMS describes letter mail or flats that are submitted for distribution and would not deal explicitly with content of letters or flats whether it concerns customs or any other party that could in principle be interested in knowing the content of these mail units.
Postalische Dienstleistungen - Übertragung von Daten für Briefanlieferungen
Diese Technische Spezifikation legt Verfahrensweisen fest, die es Postbetreibern erlauben, spezifische
Posteinlieferungsverzeichnisse zu definieren, die speziell an die jeweiligen Umgebungen und Anwendungen
angepasst sind.
Das Dokument definiert Anforderungen an Informationen für bestehende allgemeine Anwendungen der
postalischen Informationsbearbeitung, die im Zusammenhang mit wichtigen postalischen Funktionen stehen,
d. h. Arbeitsgänge, Finanzierung und Vertrieb, indem es die jeweiligen Informationen identifiziert, die
innerhalb des Versendersektors zusammengetragen und an den speziellen postalischen Sektor übertragen
werden können.
Darüber hinaus definiert dieses Dokument den Vorgang der Organisation von Daten zu Nachrichten durch
Beschreibung des Dateninhalts, des Formats und des Kommunikationsprotokolls, die für die Übertragung von
Daten geeignet sind, die aus dem Sektor des Versenders stammen.
Die Spezifikation liefert auch eine ausführliche Analyse sowie Empfehlungen in Bezug auf Sicherheitsgefährdungen
und Gegenmaßnahmen auf der Anwendungsebene, die von besonderer Relevanz für den
Schutz der Einkünfte in Umgebungen mit kontrollierter Briefeinreichung sind.
Schließlich liefert dieses Dokument mehrere Beispiele für konkrete Posteinlieferungsverzeichnisse sowie ein
Beispiel für ein empfohlenes sicheres Kommunikationsprotokoll für die Übertragung derartiger Verzeichnisse.
ANMERKUNG Das Posteinlieferungsverzeichnis (Statement of mailing Submission – SMS) beschreibt Briefsendungen
und Langbriefe, die zur Verteilung eingeliefert werden, und behandelt nicht explizit den Inhalt von Briefen oder
Langbriefen, unabhängig davon, ob es sich um Kunden oder irgendeine andere Partei handelt, die grundsätzlich Interesse
am Inhalt dieser Sendeeinheiten haben könnte.
Services postaux - Déclaration de dépôt du courrier
Poštne storitve - Izjava o dostavi pisemske pošiljke
Ta tehnična specifikacija določa metodologijo, ki omogoča, da izvajalci poštnih storitev definirajo posebne izjave o dostavi pisemske pošiljke, prilagojene glede na svoje okolje in uporabe. Dokument določa zahteve po podatkih za obstoječe procesne aplikacije za obdelavo generično poštnih podatkov v zvezi z glavnimi poštnimi funkcijami, in sicer operacije, finance in trženje, tako da posebej določa podatke, ki bi se lahko zbrali v domeni pošiljatelja in posredovali v domeno pošte. Poleg tega ta dokument opredeljuje organizacijo podatkov v sporočila, z opisovanjem vsebine podatkov, oblike in komunikacijskega protokola, primernega za posredovanje podatkov, ki izvirajo iz domene pošiljatelja. Specifikacija zagotavlja tudi podrobno analizo in priporočila za izvajanje ukrepov na področju varnostnih groženj in protiukrepe, zlasti pomembne za zaščito poštnih prihodkov v nadzorovanih okoljih za vnos pošte. Ta dokument vsebuje tudi več primerov konkretnih izjav o dostavi pisemske pošiljke ter primer varnega komunikacijskega protokola, ki se priporoča za posredovanje takih izjav.
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
SIST-TS CEN/TS 15523:2011
01-november-2011
1DGRPHãþD
SIST-TS CEN/TS 15523:2007
Poštne storitve - Izjava o dostavi pisemske pošiljke
Postal Services - Statement of mailing submission
Postalische Dienstleistungen - Übertragung von Daten für Briefanlieferungen
Services postaux - Déclaration de dépôt du courrier
Ta slovenski standard je istoveten z: CEN/TS 15523:2011
ICS:
03.240 Poštne storitve Postal services
SIST-TS CEN/TS 15523:2011 en,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
---------------------- Page: 1 ----------------------
SIST-TS CEN/TS 15523:2011
---------------------- Page: 2 ----------------------
SIST-TS CEN/TS 15523:2011
TECHNICAL SPECIFICATION
CEN/TS 15523
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
September 2011
ICS 03.240 Supersedes CEN/TS 15523:2006
English Version
Postal Services - Statement of mailing submission
Services postaux - Déclaration de dépôt du courrier Postalische Dienstleistungen - Übertragung von Daten für
Briefanlieferungen
This Technical Specification (CEN/TS) was approved by CEN on 4 June 2011 for provisional application.
The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.
CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland,
Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2011 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 15523:2011: E
worldwide for CEN national Members.
---------------------- Page: 3 ----------------------
SIST-TS CEN/TS 15523:2011
CEN/TS 15523:2011 (E)
Contents Page
Foreword .4
Introduction .5
1 Scope .8
2 Normative references .8
3 Terms and definitions .9
4 Symbols and Abbreviations . 12
5 General Concepts . 13
5.1 Mail communication system domains . 14
5.2 Parties, agents and their roles . 14
5.2.1 Party attribute . 16
5.2.2 Agent attribute . 16
5.3 Physical objects . 16
5.3.1 Mail item . 16
5.3.2 Mail unit . 16
5.3.3 Mail receptacle . 17
5.3.4 Aggregate . 17
5.3.5 Mailing submission, acceptance and submission group . 17
5.4 Informational objects . 19
5.4.1 Mail unit attribute . 19
5.4.2 Mail receptacle attribute . 20
5.4.3 Aggregate attribute . 21
5.4.4 Aggregate catalogue . 21
5.4.5 Statement of mailing submission . 21
5.4.6 Electronically exchanged message . 21
5.4.7 Observation . 22
5.4.8 Observation attribute . 22
5.4.9 Expectation . 22
5.4.10 Postal product/service . 23
5.4.11 Postal product/service attribute . 25
5.4.12 Contract and contract attributes . 25
5.5 Mailer domain process . 25
5.5.1 Message/content preparation . 26
5.5.2 List selection . 26
5.5.3 List preparation . 26
5.5.4 Electronic sortation . 27
5.5.5 Printing . 27
5.5.6 Insertion . 27
5.5.7 Finishing . 27
5.5.8 Physical sortation . 27
5.5.9 Containerisation. 27
5.5.10 Transportation . 27
5.5.11 Induction . 27
5.6 Interfaces . 28
6 Statement of mailing submission (SMS) . 28
6.1 SMS structure . 29
6.2 Message Content . 30
6.2.1 SMS.Header . 30
6.2.2 SMS.Submission . 33
2
---------------------- Page: 4 ----------------------
SIST-TS CEN/TS 15523:2011
CEN/TS 15523:2011 (E)
6.2.3 SMS.Parties . 38
6.2.4 SMS.Handover . 41
6.2.5 SMS.Aggregates . 42
6.2.6 SMS.MailUnits . 45
6.3 Message Format . 50
6.4 Communication Protocol . 51
6.5 Communication channel security . 51
7 Application Security . 52
7.1 Introduction . 52
7.2 Threats and Vulnerabilities. 52
7.3 Applications and Message Level Security . 56
7.4 Security Services and Message-level Countermeasures . 58
7.5 Application-level Countermeasures . 60
7.5.1 Access and Usage Controls . 60
7.5.2 Countermeasures against Counterfeiting . 61
7.5.3 Countermeasures against Duplication (copying) . 62
7.5.4 Countermeasures against Inappropriate Induction . 63
7.5.5 Countermeasures against Miss-Application . 63
7.5.6 Countermeasures against collusion . 64
7.5.7 Countermeasures against Impersonation . 64
7.5.8 Obliteration countermeasures . 65
7.5.9 Countermeasures against inappropriate Refund Request . 65
Annex A (informative) Examples of SMS documents . 66
A.1 Identical postcards . 67
A.1.1 Text of the XML document: . 68
A.1.2 Screen snapshot of XML document . 73
A.2 First class envelopes with ranges of unique identifiers . 74
A.2.1 Text of the XML document: . 75
A.2.2 Screen snapshot of XML document . 78
A.3 Uniquely identified first class envelopes . 79
A.3.1 Text of the XML document: . 79
A.3.2 Screen snapshot of XML document . 83
Annex B (informative) Text of the XML Schema for SMS . 84
Annex C (informative) Example of a protocol for secure communication of EEM . 93
C.1 Set up for ECDSA scheme . 93
C.2 Protocol . 94
C.2.1 Part 1: Message generation . 94
C.2.2 Part 2: Message Verification . 95
Bibliography . 96
3
---------------------- Page: 5 ----------------------
SIST-TS CEN/TS 15523:2011
CEN/TS 15523:2011 (E)
Foreword
This document (CEN/TS 15523:2011) has been prepared by Technical Committee CEN/TC 331 “Postal
Services”, the secretariat of which is held by NEN.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
This document supersedes CEN/TS 15523:2006.
This document has been prepared under a mandate given to CEN by the European Commission and the
European Free Trade Association.
NOTE This document has been prepared by experts coming from the Technical Committee CEN/TC 331 “Postal
Services” and UPU, under the frame of the Memorandum of Understanding between UPU and CEN.
1)
The UPU‟s contribution to the specification was made, by the UPU Standards Board and its subgroups, in
accordance with the rules given in Part V of the "General information on UPU standards".
According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus,
Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia,
Spain, Sweden, Switzerland and the United Kingdom.
1)
The UPU's Standards Board develops and maintains a growing number of standards to improve the exchange of postal-related
information between posts, and promotes the compatibility of UPU and international postal initiatives. It works closely with posts,
customers, suppliers and other partners, including various international organizations. The Standards Board ensures that coherent
standards are developed in areas such as electronic data interchange (EDI), mail encoding, postal forms and meters. UPU standards are
published in accordance with the rules given in Part VII of the General information on UPU standards, which can be freely downloaded
from the UPU world-wide web site (www.upu.int).
4
---------------------- Page: 6 ----------------------
SIST-TS CEN/TS 15523:2011
CEN/TS 15523:2011 (E)
Introduction
Widespread proliferation of electronic, internet-based data communications provides a cost-effective platform
for integrating a global mail communication system. The essence of such integration is an automated
exchange of computerised information between mailer‟s, postal and recipient‟s domains. Within each of these
domains there is a wealth of information that has been or could be collected, computerised and subsequently
communicated to other domains to enhance the overall mail system. This information is typically information
about mail units and it allows for effective control and management of the entire mail distribution network.
Most commercial-purpose mail is created and finished with the help or under control of computer-driven
equipment. Mail-descriptive computerised data is a by-product of the mail creation/finishing process and it has
significant value for both postal operators and their agents and frequently for mail recipients. Specifically,
when a plurality of mail items (designated as a mailing submission) are prepared for induction into a postal
distribution network by a mailer, it is only natural that the mailing submission should be accompanied by an
electronic document (or computer file) that is commonly referred to as a statement of mailing submission. The
main goal of the statement of mailing submission (SMS) is to provide support information for mission-critical
applications in the mail communication system, and specifically for applications in the postal domain. The
most important applications in the postal domain come from operations (mail entry/induction,
processing/sorting, transportation and delivery), postal marketing (maintenance of existing products and
services, design of new postal products and services, customer relationship management and management of
quality of service), and finance (revenue management including collection and protection of revenue).
The main purpose of the present technical specification is to define basic concepts associated with the
statement of mailing submission (framed using methodology of an entity-relationship model), and then to
define the content, message structure and protocol that can be used by mailers or their agents to
communicate to posts information supporting major postal applications, and also to provide a detailed analysis
of application-level security.
The following section describes information requirements supporting major postal processes.
Postal operations information requirements
Mail entry/induction process is a controlled acceptance process that is designed to enable transfer of typically
medium or large size mailings (e.g. mailings containing more than several hundred mail items) from mailers or
their agents to postal operators. Mail entry process involves verification of mail make-up (i.e. check of the
information present on mail units for its postal process friendliness) and verification of payment. The process
is based on comparison of information created or otherwise known to postal acceptance personnel against
information supplied by mailer. Critical data elements supporting mailing submission entry are:
Mailing submission composition such as number of mail units of various kind contained in the submission;
Type and identities of mail units included into submission;
Gross and net weight of mail units included into submission and gross and net weight of the submission
itself;
Worksharing information if mailing submission has been pre-sorted or contains mail pre-barcoded by
mailer or its agents. This information includes geographic distribution (number and type of mail units for
each postal code), postal codes assigned to and marked on each mail unit as well as information
concerning quantity, location and markings for all non-qualified (or residual) entities;
Payment information including accounting information and postage information for various categories of
postal products included in the mailing and totals for each category;
5
---------------------- Page: 7 ----------------------
SIST-TS CEN/TS 15523:2011
CEN/TS 15523:2011 (E)
Identity of the SMS associated with the mailing submission;
Security information such as key certificates as described in the present specification (Annex D).
Mail processing information requirements support cost-effective mail sorting. In addition to the information
identified above, the mail sort-supporting electronic information may include identities of all mail units included
in the submission linked with their associated address information including postal codes.
Mail transportation information requirements support cost-effective transportation of mail units and aggregates
between postal processing and delivery offices. Thus, in addition to the information identified in the previous
sections, mail transportation-supporting information may include (if they are known during mail preparation
process) identities and scheduling data for various transportation vehicles (trucks, railroad cars, aircrafts and
boats) that will be used for transporting mailing submission.
Mail delivery process information requirements support cost-effective delivery of mail. In addition to the
information described above mail delivery-supporting information may include number, identity and type of
mail units that require special delivery or handling (e.g. proof of delivery or return receipt).
Postal marketing information requirements
Marketing information is mainly concerned with a detailed description of a mailer‟s use of various postal
products and services offered by a postal operator. These may include:
Number of first class mail items included in the submission;
Number of second class mail items included in the submission;
Number of special rate mail items (e.g. overweight or oversize);
Number of mail items that require special delivery (e.g. registered, certified, time-specific delivery etc.);
Number of items that require forwarding services or address correction;
Preferred delivery instructions, redirection and address services (e.g. address hygiene).
Postal finance information requirements
Postal financial applications require an effective payment mechanism for the services by mailers or their
agents. These include automatic generation of all required accounting and funds transfer data and its
supporting documentation for billing and remittance processing. Finance information should include as a
minimum data elements that allow to:
Create, delete and update customer accounts (e.g. unique account IDs);
Identify products and services used by the mailer together with their current tariffs;
Identify mail attributes (e.g. item count, weight, volume) for specific postal products and services;
Support payment for Business Reply and other recipient-paid services;
Automate the receipt and processing of payments (e.g. by using Electronic Funds Transfer);
Automate the processing of all legitimate refunds to mailers;
All required management and control supporting reports.
6
---------------------- Page: 8 ----------------------
SIST-TS CEN/TS 15523:2011
CEN/TS 15523:2011 (E)
Methodology
The methodology adopted for the organisation of SMS begins with a data structure describing all practical
knowable information about mailing submission. This data structure containing all-inclusive information is a
sort of a “super” file or “super” message. The specification describes how to collapse (or cluster) this super
message into new data structures suitable for particular postal applications. This is done by eliminating the
non-essential information depending on the informational needs and requirements of postal applications.
Selection (or adaptation) of data elements, their formats and communication protocols for various specific
applications and environments for the SMS from the ones described in the present specification are left to
postal operators and their customers. It was felt that no group of experts would have sufficiently detailed
knowledge of a broad variety of existing and future postal applications and technical environments in order to
accommodate even the most common ones. For this reason, it was decided that providing a definition of a
super, all-inclusive and adaptable message and the methodology of collapsing it into application-specific
messages (statements) would be the best choice. Similarly, timing considerations for various possible
messages that could be exchanged between mailer and postal domains are outside of the scope of the
present specification. Messages that are defined and described here can be arranged to be created by
mailers and communicated to postal operators before, during or after the actual induction process takes place,
depending on the value and the intended use of the communicated information. The specification leaves the
choice of timing considerations to postal operators and their customers.
7
---------------------- Page: 9 ----------------------
SIST-TS CEN/TS 15523:2011
CEN/TS 15523:2011 (E)
1 Scope
This Technical Specification specifies a methodology that allows postal operators to define specific statements
of mailing submission customised according to their environment and applications.
The document defines information requirements for existing generic postal information processing applications
related to major postal functions, namely operations, finance and marketing by specifically identifying the
information that could be collected within the mailer‟s domain and transmitted to the postal domain.
In addition, this document defines the organisation of data into messages by describing data content, format
and communication protocol suitable for communication of data originating in the mailer‟s domain.
The specification also provides a detailed analysis and recommendations for implementing application-level
security threats and countermeasures particularly relevant for postal revenue protection in controlled mail
entry settings.
Finally, this document provides several examples of concrete statements of mailing submissions and an
example of a secure communication protocol recommended for transmission of such statements.
NOTE The SMS describes letter mail or flats that are submitted for distribution and would not deal explicitly with
content of letters or flats whether it concerns customs or any other party that could in principle be interested in knowing the
content of these mail units.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, or references to a version number, only the edition cited applies. For undated references and
where there is no reference to a version number, the latest edition of the referenced document (including any
amendments) applies.
EN 14615:2005, Postal services – Digital postage marks – Applications, security and design
ISO 10126-2:1991, Banking – Procedures for message encipherment (wholesale) – Part 2: DEA algorithm
ISO/IEC 9798-3:1998, Information technology – Security techniques – Entity authentication – Part 3:
Mechanisms using digital signature techniques
ISO/IEC 15418, Information technology – Automatic identification and data capture techniques – GS1
Application Identifiers and ASC MH10 Data Identifiers and maintenance
ISO/IEC 15434, Information technology – Automatic identification and data capture techniques – Syntax for
high-capacity ADC media
ISO/IEC 15459-1, Information technology – Unique identifiers – Part 1: Unique identifiers for transport units
8
---------------------- Page: 10 ----------------------
SIST-T
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.