The technology behind the USPS EPM'

1
AND COMPLIANCE March 25, 2004 Adam Hoffman
The technology behind the USPS EPM.
2
USPS Electronic Postmark (USPS EPM)

• Add service (easy integration)
• Verify trust and add legal strength to
  electronic content
• Web-based content authenticity online
• Protect against tampering
• ESIGN compliant
• Store evidence of content with USPS
• Minimize likelihood that electronic content can
  be denied or repudiated

3
Legal Value

Non-repudiationLegal/technical concept -
sufficient evidence to prevent parties to
transactions from falsely denying them in a court
of law ESIGN (Electronic Signatures in Global
and National Commerce Act 2000) Enables business
and government to sign contracts, letters and
agreements electronically with the same legal
relevance as their paper counterparts USPS
BrandAs a USPS operation, the USPS EPM service
applies federal statutes (ex. wire fraud) to
electronic transactions, similar to physical mail
world
4
US Federal Electronic Legislation

• Government Paperwork Elimination Act (GPEA) 1998
  Efficient government service delivery - ensure
  standards for electronic signatures across
  federal agencies
• Health Insurance Portability and Accountability
  Act (HIPAA) 1996Improve portability and
  continuity of health insurance coverage to combat
  waste, fraud, and abuse within health insurance
  and health care delivery
• Gramm-Leach-Bliley Act (GLBA) 1999Proper
  collection and distribution of a consumers
  personal information in securities, insurance,
  and banking industries
• Electronic Signatures in Global and National
  Commerce Act (E-SIGN) 2000Promote e-commerce
  with performance-based guidelines to eliminate
  legal barriers to conducting business online,
  while protecting consumers
• Sarbanes-Oxley Act 2002Sweeping reform
  legislation intended to protect investors by
  improving the accuracy and reliability of
  corporate disclosures made pursuant to the
  securities laws

5
Deterrence Value

• Legal strength, enforcement capabilities of US
  Postal Inspection Service
• Enforcement capability ensures electronic data
  protection from fraud
• Should USPS EPM tampering be detected, the matter
  may be referred to Postal Inspection Service for
  possible review and action consistent with
  federal statutes
• Supported by federal laws
• 18 U.S.C 2701 Electronic Communications Privacy
  Act (ECPA)
• 18 U.S.C 1343 Wire Fraud
• 18 U.S.C 2510 regarding electronic communications
  
• 18 U.S.C 1028, Fraud and related activity in
  connection with identification documents and
  information

6
Technology
Content is hashed. (PKI) Hash signed by
user/server digital certificate.
Signed hash received, certificate used to sign
hash checked for validity. Time stamp (NIST)
obtained and signed by USPS digital certificate.
Signed hash sent via SSL to USPS EPM Data
Center.
Content created from application.
USPS signed time stamp applied to signed hash
of electronic file to produce USPS EPM.
Transaction stored in USPS EPM data center for
7 years.
7
USPS EPM Enabled Tools

• Software development kit (COM, Java)
• Web signer toolkit
• Applications
• Microsoft Word Extension (Office 2000, XP, 2003)
• Adobe Extension

8
COMPLIANCE IN ACTION

• USPS Extension for Microsoft Word
• DEMO

9
Customer Benefits

• Protect against identity fraud in electronic
  transactions
• Protect electronic content authenticity
• Provide legal relevance to electronic content
• Increase efficiencies (streamline and accelerate
  workflow processes)
• Reduce costs (labor, paper, overhead, storage)
• Reduce risks (audit trails for compliance)
• Create trust in faceless electronic transactions

10
Customer Benefits

• Add strong content authentication technology to
  online forms
• Add USPS brand
• Federal legal strength (e.g. wire fraud statute)
• Enforcement (US Postal Inspection Service)
• Reduce risks (audit trails for compliance)
• Competitive advantage ease of use and brand
  trust recognition

11
THANK YOU

• Q A