EN 14615-2005 en Postal services - Digital postage marks - Applications security and design《邮政服务 数字邮政标记 设备 安全和设计》.pdf

1、BRITISH STANDARD BS EN 14615:2005 Postal services Digital postage marks Applications, security and design The European Standard EN 14615:2005 has the status of a British Standard ICS 03.240 BS EN 14615:2005 This British Standard was published under the authority of the Standards Policy and Strategy

2、Committee on 18 February 2005 BSI 18 February 2005 ISBN 0 580 45451 7 National foreword This British Standard is the official English language version of EN 14615:2005. The UK participation in its preparation was entrusted to Technical Committee SVS/4, Postal services, which has the responsibility t

3、o: A list of organizations represented on this committee can be obtained on request to its secretary. Cross-references The British Standards which implement international or European publications referred to in this document may be found in the BSI Catalogue under the section entitled “International

4、 Standards Correspondence Index”, or by using the “Search” facility of the BSI Electronic Catalogue or of British Standards Online. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. Compliance with a British St

5、andard does not of itself confer immunity from legal obligations. aid enquirers to understand the text; present to the responsible European committee any enquiries on the interpretation, or proposals for change, and keep the UK interests informed; monitor related international and European developme

6、nts and promulgate them in the UK. Summary of pages This document comprises a front cover, an inside front cover, the EN title page, pages 2 to 117 and a back cover. The BSI copyright notice displayed in this document indicates when the document was last issued. Amendments issued since publication A

7、md. No. Date CommentsEUROPEANSTANDARD NORMEEUROPENNE EUROPISCHENORM EN14615 January2005 ICS03.240 Englishversion PostalservicesDigitalpostagemarksApplications,security anddesign ServicespostauxMarquesdaffranchissementdigitales Applications,scuritetdesign PostalischeDeinstleistungenDigitale Freimachu

8、ngsvermerkeInhalte,Sicherheitund Gestaltung ThisEuropeanStandardwasapprovedbyCENon26August2004. CENmembersareboundtocomplywiththeCEN/CENELECInternalRegulationswhichstipulatetheconditionsforgivingthisEurope an Standardthestatusofanationalstandardwithoutanyalteration.Uptodatelistsandbibliographicalref

9、erencesconcernings uchnational standardsmaybeobtainedonapplicationtotheCentralSecretariatortoanyCENmember. ThisEuropeanStandardexistsinthreeofficialversions(English,French,German).Aversioninanyotherlanguagemadebytra nslation undertheresponsibilityofaCENmemberintoitsownlanguageandnotifiedtotheCentral

10、Secretariathasthesamestatusast heofficial versions. CENmembersarethenationalstandardsbodiesofAustria,Belgium,Cyprus,CzechRepublic,Denmark,Estonia,Finland,France, Germany,Greece,Hungary,Iceland,Ireland,Italy,Latvia,Lithuania,Luxembourg,Malta,Netherlands,Norway,Poland,Portugal, Slovakia, Slovenia,Spai

11、n,Sweden,SwitzerlandandUnitedKingdom. EUROPEANCOMMITTEEFORSTANDARDIZATION COMITEUROPENDENORMALISATION EUROPISCHESKOMITEEFRNORMUNG ManagementCentre:ruedeStassart,36B1050Brussels 2005CEN Allrightsofexploitationinanyformandbyanymeansreserved worldwideforCENnationalMembers. Ref.No.EN14615:2005:EEN 14615

12、:2005 (E) 2 Contents page Foreword6 1 Scope 8 2 Normative references 8 3 Terms and definitions .9 4 Symbols and abbreviations11 5 DPM applications and design process12 5.1 Introduction12 5.2 DPM business planning 13 5.3 DPM systems analysis 14 5.4 DPM security analysis.14 5.5 DPM design 15 Annex A (

13、normative) Specification checklists.16 A.1 DPM applications specifications16 A.2 System specification .16 A.3 Security specification16 A.4 DPM specification16 Annex B (informative) Business planning considerations 17 B.1 Possible applications 17 B.2 Market segmentation.18 B.2.1 Approach 18 B.2.2 Mai

14、ler segmentation 18 B.2.3 Postal access and induction 19 B.2.4 Payment19 B.3 Applications selection.20 B.3.1 Approach 20 B.3.2 Infrastructure requirements and constraints20 B.3.3 Other factors 21 Annex C (informative) Security analysis considerations .22 C.1 Context22 C.2 Security objectives, policy

15、 and economics 23 C.3 Threats and vulnerabilities .24 C.3.1 Introduction24 C.3.2 Environmental context24 C.3.3 General threats to DPM systems .25 C.4 Applications and message level security .27 C.5 Security services and message level countermeasures.29 C.6 Applications level countermeasures .31 C.6.

16、1 Introduction31 C.6.2 Access and usage controls 31 C.6.3 Duplicate detection34 C.6.4 Induction control .36 C.6.5 Inspection export and import approval.83 Annex H (informative) CVC generation and verification data84 H.1 Introduction84 H.2 Sources of data for verification84 H.2.1 Introduction84 H.2.2

17、 Data encoded on the item.85 H.2.3 Data accessed by database look up 85 H.3 Selection of data used in the verification process.85 H.3.1 Introduction85 H.3.2 Acceptance control code87 H.3.3 Batch identifier and item number; licence plate 87 H.3.4 CVC .88 H.3.5 Date / time.88 H.3.6 Delivery security c

18、ode.88 H.3.7 Device identifier, customer identifier or licence number 89 H.3.8 Postage value.89 H.3.9 Public key certificate identifier.89 H.3.10 Rating parameter(s), including service indicator.89 Annex I (informative) Architecture examples 91 I.1 Introduction91 I.2 The REMPI architecture 91 I.2.1

19、Introduction91 I.2.2 Mailer systems .91 I.2.3 Mail finishing system 91 I.2.4 Mail finishing print subsystem.91 I.2.5 Secure accounting system .92 I.2.6 Announcement system .93 I.2.7 Acceptance system .93 I.2.8 Postal item verification system93 I.2.9 Reconciliation b) a guide: to help in structuring

20、local standards for digital postage marks; c) a cross reference: to point to other standards and documents related to DPM applications. It is stressed that the factors identified are intended to be representative and do not constitute an exhaustive list. Similarly, the document provides many example

21、s of possible architectures and design solutions to the issues which are raised. These are non-normative. They are given for illustrative purposes only and there certainly exists a wide range of other possibilities which are not described. It is not intended to suggest that any one architecture or d

22、esign or technical solution described is in any way required or in any way superior to any other, whether described herein or not. The implementation of certain of the techniques described in the informative sections of this specification might involve the use of intellectual property that is the su

23、bject of patent rights. It is the responsibility of users of the standard to conduct any necessary patent searches and to ensure that any pertinent patents are in the public domain; are licensed 3)or are avoided. Neither CEN nor the UPU can accept any responsibility in case of infringement, on the p

24、art of users of this document, of any third party intellectual property rights. Nevertheless, document users and owners of such rights are encouraged to advise the Secretariat of the UPU Standards Board and/or of CEN/TC 331 of any explicit claim that any technique or solution described herein is pro

25、tected by patent in any CEN or UPU member country. Any such claims will, without prejudice, be documented in the next update of this standard, or otherwise at the discretion of the Standards Board, respectively CEN/TC 331. Annex K of this document lists the intellectual property rights brought to th

26、e attention of CEN/TC 331 and the UPU Standards Board prior to approval of the publication of this version of the standard. NOTE The mention of intellectual property rights, in Annex K, is on a without prejudice basis. That is, such mention indicates only that some party has expressed the view that

27、use of the standard might, in some circumstances, infringe the mentioned intellectual property rights. It should not be taken as in any way confirming the validity of such view and users should conduct their own patent searches to determine whether the mentioned IPR is in fact applicable to their sp

28、ecific case. 3) Mail service contractors are advised to ensure that reliance on patented approaches does not inadvertently lead to the creation of an effective monopoly. This could occur, even if usage of the approaches concerned is licensed by the mail service contractor, unless the terms of the licensing agreement commit the patent holder to making licences available, on appropriate terms, to the mail service contractors customers and suppliers, including competitors of the patent holder.