DIN CEN TS 15121-2-2011 Postal Services - Hybrid Mail - Part 2 Secured electronic postal services (SePS) interface specification - ECPM Service English version CEN TS 15121-2 2011《.pdf

1、Mrz 2011 Normenausschuss Informationstechnik und Anwendungen (NIA) im DINPreisgruppe 9DIN Deutsches Institut fr Normung e. V. Jede Art der Vervielfltigung, auch auszugsweise, nur mit Genehmigung des DIN Deutsches Institut fr Normung e. V., Berlin, gestattet.ICS 03.240Zur Erstellung einer DIN SPEC kn

2、nen verschiedene Verfahrensweisen herangezogen werden: Das vorliegende Dokument wurde nach den Verfahrensregeln einer Vornorm erstellt.!$a“1629258www.din.deDDIN CEN/TS 15121-2Postalische Dienstleistungen Hybride Sendungen Teil 2: Schnittstellen-Spezifikation fr gesicherte elektronischepostalische Di

3、enste (SePS) ECPM Service;Englische Fassung CEN/TS 15121-2:2011Postal Services Hybrid Mail Part 2: Secured electronic postal services (SePS) interface specification ECPM Service;English version CEN/TS 15121-2:2011Alleinverkauf der Spezifikationen durch Beuth Verlag GmbH, 10772 Berlin www.beuth.deGes

4、amtumfang 14 SeitenDIN SPEC 91197DIN CEN/TS 15121-2 (DIN SPEC 91197):2011-03 Nationales Vorwort Dieses Dokument (CEN/TS 15121-2:2011) wurde vom Technischen Komitee CEN/TC 331 Postalische Dienstleistungen“ erarbeitet, dessen Sekretariat vom NEN (Niederlande) gehalten wird. Das zustndige deutsche Grem

5、ium ist der Arbeitsausschuss NA 043-03-04 AA Postalische Dienstleistungen“ im Normenausschuss Informationstechnik und Anwendungen (NIA). Eine DIN SPEC nach dem Vornorm-Verfahren ist das Ergebnis einer Normungsarbeit, das wegen bestimmter Vorbehalte zum Inhalt oder wegen des gegenber einer Norm abwei

6、chenden Aufstellungsverfahrens vom DIN noch nicht als Norm herausgegeben wird. Zur vorliegenden DIN SPEC wurde kein Entwurf verffentlicht. Erfahrungen mit dieser DIN SPEC sind erbeten vorzugsweise als Datei per E-Mail an niadin.de in Fo rm einer Tabelle. Die Vorlage dieser Tabelle kann im Internet u

7、nter http:/www.din.de/stellungnahme abgerufen werden; oder in Papierform an den Normenausschuss Inform ationstechnik und Anwendungen (NIA) im DIN. Dieses Dokument legt die Schnittstelle fr die elektronische Signatur (EPM) fest; es handelt sich um die bernahme der WPV-Norm S43-1 als Europische Techni

8、sche Spezifikation. Es wird eine XML-Schnittstelle festgelegt, die es Software-Anwendungen ermglicht, einen EPM-Dienst aufzurufen. Aufgrund der sehr spezifischen Anwendung wurde von den interessierten Kreisen kein Bedarf an einer Deutschen Sprachfassung erkannt, so dass diese europische Technische S

9、pezifikation vom DIN in der Englischen Fassung verffentlicht wird. Die Ausnahmegenehmigung zur Verffentlichung der Englischen Fassung aufgrund des Prsidialbeschlusses 1/2004 wurde eingeholt. 2 TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN/TS 15121-2 January 2011 ICS 03.

10、240 English Version Postal Services Hybrid Mail Part 2: Secured electronic postal services (SePS) interface specification ECPM Service Postalische Dienstleistungen Hybride Sendungen Teil 2: Schnittstellen-Spezifikation fr gesicherte elektronische postalische Dienste (SePS) ECPM Service This Technica

11、l Specification (CEN/TS) was approved by CEN on 9 August 2010 for provisional application. The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their comments, particularly on the question whether the CEN/TS can be

12、converted into a European Standard. CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the

13、 CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Lat

14、via, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom. Management Centre: Avenue Marnix 17, B-1000 Brussels 2011 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN natio

15、nal Members. Ref. No. CEN/TS 15121-2:2011: EEUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN/TS 15121-2:2011 (E) 2 Contents Page Foreword 3Introduction .41 Scope 62 Normative references 63 Terms and definitions .64 Symbols and abbreviations 65

16、EPCM service definition 65.1 Service description 65.1.1 Outline .65.1.2 Digital signature verification 75.1.3 Time stamping 75.1.4 Protection of confidentiality .75.1.5 Non-repudiation .75.1.6 Event logging .85.2 Compliance with the SePS specification 85.3 Backwards compatibility .85.4 Cross-border

17、provision of the EPCM service .8Annex A (informative) Relevant intellectual property rights (IPR) 10A.1 Introduction . 10A.2 USPS Trademarks . 10A.3 Patents . 12DIN CEN/TS 15121-2 (DIN SPEC 91197):2011-03 CEN/TS 15121-2:2011 (E) 3 Foreword This document (CEN/TS 15121-2:2011) has been prepared by Tec

18、hnical Committee CEN/TC 331 “Postal Services”, the secretariat of which is held by NEN. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights

19、. This document forms Part 2 of a multi-part CEN standard, CEN/TS 15121, Postal Services - Hybrid Mail. CEN/TS 15121 was originally published as a UPU standard S43 and was adopted by CEN under the current Memorandum of Understanding between UPU and CEN. UPU S43 was a single part standard covering on

20、ly secured electronic postal services, but has been split into parts to allow the standard to be extended to cover other services based on the same concepts and service primitives. These concepts and service primitives are now documented in Part 1 of the standard, CEN/TS 15121-1, and UPU S43a. This

21、part provides the specification of the Electronic Postal Certification Mark (EPCM) service which conforms with the definition in Article 257bis of the UPU Letter Post Regulations. CEN/TC 331 WG2 decided to adopt the UPU S43-b, as it was an integrative part of UPU S43 during the time of the decision

22、to adopt the UPU S43 under the current Memorandum of Understanding between UPU and CEN in 2005. According to the Memorandum of Understanding (MoU) between the UPU and CEN, signed Oct. 22nd, 2001; 3.3 CEN notifies the following deviation from the source text: The term “postal administration“ meaning

23、a postal service designated by one member country of the UPU was changed according with the wording of the Postal Directive to “postal service“. According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to announce this Technical Spe

24、cification: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the

25、United Kingdom. DIN CEN/TS 15121-2 (DIN SPEC 91197):2011-03 CEN/TS 15121-2:2011 (E) 4 Introduction This document provides the specification of the Electronic Postal Certification Mark (EPCM) service which conforms with the definition in Article RL 257bis of the UPU Letter Post Regulations. It is bas

26、ed on a subset of the verbs or operations defined in CEN/TS 15121-1, Postal Services Hybrid Mail Part 1: Secured electronic postal services (SePS) interface specification Concepts, schemas and operations, to which the reader is referred. An EPCM is essentially a digital signature verification and ti

27、mestamping authority which verifies, and logs as evidence, the content integrity of electronic information. The collection of technical services in an EPCM service can cryptographically verify and store electronic evidence in support of the resolution of potential disputes which challenge the authen

28、ticity of events within a cycle of one or more automated transactions involving a postal customer. An EPCM service constructed to this specification can support the capture and reproduction of evidence data attesting to the fact that a target business transaction was conducted and completed in an en

29、vironment of integrity and trustworthiness with respect to one or more of the following attributes: the transaction originator; the party, if any, who closed or terminated the transaction; other parties who participated in the transaction; were the terms, conditions, and commitments understood by al

30、l parties; when was the document agreed to by the stakeholders, and sent to each participating party; when was it received by each participating party; was the content intact throughout transmission; have all parties been notified of all agreed events of significance. An EPCM service which complies

31、with this specification can support the following capabilities: non-repudiation of origin; non-repudiation of submission; non-repudiation of delivery; non-repudiation of receipt. An EPCMs non-repudiation service involves the use of selected combinations of SePS operations in order to ensure end-to-e

32、nd transaction integrity and evidence collection in a confidential and auditable environment. This specification has one main heading: Clause No Description of content 5 EPCM service definition: this defines the EPCM service by reference to the schemas and operations defined in CEN/TS 15121-1:2011.

33、DIN CEN/TS 15121-2 (DIN SPEC 91197):2011-03 CEN/TS 15121-2:2011 (E) 5 The implementation of part or all of this specification might involve the use of intellectual property that is the subject of patent and/or trademark rights. It is the responsibility of users of the standard to conduct any necessa

34、ry searches and to ensure that any pertinent rights are in the public domain; are licensed1) or are avoided. Neither CEN nor the UPU can accept any responsibility in case of infringement, on the part of users of this document, of any third party intellectual property rights. Nevertheless, document u

35、sers and owners of such rights are encouraged to advise the Secretariat of the UPU Standards Board and/or of CEN/TC 331 of any explicit claim that any technique or solution described herein is protected by such rights in any CEN or UPU member country. Any such claims will, without prejudice, be docu

36、mented in the next update of this standard, or otherwise at the discretion of the Standards Board, respectively CEN/TC 331. Annex A of this document lists the intellectual property rights brought to the attention of CEN/TC 331 and the UPU Standards Board prior to approval of the publication of this

37、version of the standard. NOTE The mention of intellectual property rights, in Annex A, is on a without prejudice basis. That is, such mention indicates only that some party has expressed the view that use of the standard might, in some circumstances, infringe the mentioned intellectual property righ

38、ts. It should not be taken as in any way confirming the validity of such view and users should conduct their own searches to determine whether the mentioned IPR is in fact applicable to their specific case. 1) Mail service contractors are advised to ensure that reliance on intellectual property that

39、 is not in the public domain does not inadvertently lead to the creation of an effective monopoly. This could occur, even if usage of the intellectual property concerned is licensed by the mail service contractor, unless the terms of the licensing agreement commit the IPR holder to making licences a

40、vailable, on appropriate terms, to the mail service contractors customers and suppliers, including competitors of the IPR holder. DIN CEN/TS 15121-2 (DIN SPEC 91197):2011-03 CEN/TS 15121-2:2011 (E) 6 1 Scope This document specifies a secured electronic postal service, referred to as the Electronic P

41、ostal Certification Mark (EPCM) service, which provides a chain of evidence, stored by an administration as a trusted third party, to prove the existence of an electronic event, for a certain content, at a certain date and time, and involving one or more identified parties. The service is defined by

42、 reference to the concepts, schemas and operations defined in CEN/TS 15121-1, Postal Services Hybrid Mail Part 1: Secured electronic postal services (SePS) interface specification Concepts, schemas and operations. It requires support for five core SePS operations and permits optional support seven o

43、thers. This version of the specification does not cover: a description of the issues surrounding inter-operability between multiple postal SePS implementations when a business transaction Lifecycle requires the participation of more than one SePS implementation in a cross-border scenario involving t

44、wo or more postal services; issues surrounding SePS usage in a multiple Certificate Authority scenario where inter-operating posts are participating in a cross-border transaction as described above; examination of “Certificate Authority deployment model” alternatives necessitated by the cross-border

45、 scenarios described above. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies

46、. CEN/TS 15121-1:2011, Postal Services Hybrid Mail Part 1: Secured electronic postal services (SePS) interface specification Concepts, schemas and operations NOTE See Part 1 of the standard (CEN/TS 15121-1). 3 Terms and definitions For the purposes of this document, the terms and definitions given i

47、n CEN/TS 15121-1:2011 apply. 4 Symbols and abbreviations For the purposes of this document, the symbols and abbreviations given in CEN/TS 15121-1:2011 apply. 5 EPCM service definition 5.1 Service description 5.1.1 Outline The EPCM service provides a mechanism whereby a party to an electronic transac

48、tion, which might involve multiple electronic exchanges of data between participating parties, can register an electronic document as DIN CEN/TS 15121-2 (DIN SPEC 91197):2011-03 CEN/TS 15121-2:2011 (E) 7 forming part of the transaction lifecycle, with all participating parties and/or authorised thir

49、d parties subsequently being able to verify this registration and its timing. As a corollary, it also provides a mechanism to prevent repudiation of registered documents and to support repudiation of changes made to documents subsequent to their registration. The service is based on five components: digital signature verification; time stamping; protection of confidentiality; non-repudiation and event l