1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationDD CEN/TS 15523:2011Postal Services Statement ofmailing submissionDD CEN/TS 15523:2011 DRAFT FOR DEVELOPMENTNational forewordThis Draft for Development is the UK implementation o
2、f CEN/TS 15523:2011. It supersedes DD CEN/TS 15523:2006 which iswithdrawn.This publication is not to be regarded as a British Standard.It is being issued in the Draft for Development series of publicationsand is of a provisional nature. It should be applied on thisprovisional basis, so that informat
3、ion and experience of its practicalapplication can be obtained.Comments arising from the use of this Draft for Developmentare requested so that UK experience can be reported to theinternational organization responsible for its conversion toan international standard. A review of this publication will
4、be initiated not later than 3 years after its publication by theinternational organization so that a decision can be taken on itsstatus. Notification of the start of the review period will be made inan announcement in the appropriate issue of Update Standards.According to the replies received by the
5、 end of the review period,the responsible BSI Committee will decide whether to support theconversion into an international Standard, to extend the life of theTechnical Specification or to withdraw it. Comments should be sentto the Secretary of the responsible BSI Technical Committee at BritishStanda
6、rds House, 389 Chiswick High Road, London W4 4AL.The UK participation in its preparation was entrusted to TechnicalCommittee SVS/4, Postal services.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the ne
7、cessaryprovisions of a contract. Users are responsible for its correctapplication. BSI 2011ISBN 978 0 580 73766 4ICS 03.240Compliance with a British Standard cannot confer immunity fromlegal obligations.This Draft for Development was published under the authority ofthe Standards Policy and Strategy
8、Committee on 30 September 2011.Amendments issued since publicationDate Text affectedDD CEN/TS 15523:2011TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN/TS 15523 September 2011 ICS 03.240 Supersedes CEN/TS 15523:2006English Version Postal Services - Statement of mailing su
9、bmission Services postaux - Dclaration de dpt du courrier Postalische Dienstleistungen - bertragung von Daten fr Briefanlieferungen This Technical Specification (CEN/TS) was approved by CEN on 4 June 2011 for provisional application. The period of validity of this CEN/TS is limited initially to thre
10、e years. After two years the members of CEN will be requested to submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard. CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS ava
11、ilable promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached. CEN members are the national standards bodies of Austria
12、, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom. EUROPEA
13、N COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG Management Centre: Avenue Marnix 17, B-1000 Brussels 2011 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TS 15523:2011: EDD CEN/TS 1552
14、3:2011CEN/TS 15523:2011 (E) 2 Contents Page Foreword 4 Introduction .5 1 Scope 8 2 Normative references 8 3 Terms and definitions .9 4 Symbols and Abbreviations 12 5 General Concepts . 13 5.1 Mail communication system domains 14 5.2 Parties, agents and their roles 14 5.2.1 Party attribute 16 5.2.2 A
15、gent attribute 16 5.3 Physical objects 16 5.3.1 Mail item . 16 5.3.2 Mail unit . 16 5.3.3 Mail receptacle 17 5.3.4 Aggregate 17 5.3.5 Mailing submission, acceptance and submission group . 17 5.4 Informational objects . 19 5.4.1 Mail unit attribute 19 5.4.2 Mail receptacle attribute . 20 5.4.3 Aggreg
16、ate attribute . 21 5.4.4 Aggregate catalogue 21 5.4.5 Statement of mailing submission . 21 5.4.6 Electronically exchanged message 21 5.4.7 Observation . 22 5.4.8 Observation attribute . 22 5.4.9 Expectation 22 5.4.10 Postal product/service . 23 5.4.11 Postal product/service attribute 25 5.4.12 Contr
17、act and contract attributes . 25 5.5 Mailer domain process . 25 5.5.1 Message/content preparation 26 5.5.2 List selection . 26 5.5.3 List preparation . 26 5.5.4 Electronic sortation 27 5.5.5 Printing 27 5.5.6 Insertion . 27 5.5.7 Finishing 27 5.5.8 Physical sortation . 27 5.5.9 Containerisation 27 5
18、.5.10 Transportation . 27 5.5.11 Induction 27 5.6 Interfaces . 28 6 Statement of mailing submission (SMS) 28 6.1 SMS structure 29 6.2 Message Content 30 6.2.1 SMS.Header . 30 6.2.2 SMS.Submission . 33 DD CEN/TS 15523:2011CEN/TS 15523:2011 (E) 3 6.2.3 SMS.Parties 38 6.2.4 SMS.Handover . 41 6.2.5 SMS.
19、Aggregates 42 6.2.6 SMS.MailUnits 45 6.3 Message Format 50 6.4 Communication Protocol 51 6.5 Communication channel security 51 7 Application Security 52 7.1 Introduction 52 7.2 Threats and Vulnerabilities. 52 7.3 Applications and Message Level Security 56 7.4 Security Services and Message-level Coun
20、termeasures 58 7.5 Application-level Countermeasures 60 7.5.1 Access and Usage Controls . 60 7.5.2 Countermeasures against Counterfeiting . 61 7.5.3 Countermeasures against Duplication (copying) 62 7.5.4 Countermeasures against Inappropriate Induction . 63 7.5.5 Countermeasures against Miss-Applicat
21、ion 63 7.5.6 Countermeasures against collusion . 64 7.5.7 Countermeasures against Impersonation 64 7.5.8 Obliteration countermeasures . 65 7.5.9 Countermeasures against inappropriate Refund Request . 65 Annex A (informative) Examples of SMS documents . 66 A.1 Identical postcards 67 A.1.1 Text of the
22、 XML document: 68 A.1.2 Screen snapshot of XML document 73 A.2 First class envelopes with ranges of unique identifiers . 74 A.2.1 Text of the XML document: 75 A.2.2 Screen snapshot of XML document 78 A.3 Uniquely identified first class envelopes 79 A.3.1 Text of the XML document: 79 A.3.2 Screen sna
23、pshot of XML document 83 Annex B (informative) Text of the XML Schema for SMS . 84 Annex C (informative) Example of a protocol for secure communication of EEM . 93 C.1 Set up for ECDSA scheme 93 C.2 Protocol 94 C.2.1 Part 1: Message generation 94 C.2.2 Part 2: Message Verification 95 Bibliography 96
24、 DD CEN/TS 15523:2011CEN/TS 15523:2011 (E) 4 Foreword This document (CEN/TS 15523:2011) has been prepared by Technical Committee CEN/TC 331 “Postal Services”, the secretariat of which is held by NEN. Attention is drawn to the possibility that some of the elements of this document may be the subject
25、of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This document supersedes CEN/TS 15523:2006. This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association. NOTE This doc
26、ument has been prepared by experts coming from the Technical Committee CEN/TC 331 “Postal Services” and UPU, under the frame of the Memorandum of Understanding between UPU and CEN. The UPUs contribution to the specification was made, by the UPU Standards Board1) and its subgroups, in accordance with
27、 the rules given in Part V of the “General information on UPU standards“. According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic
28、, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom. 1) The UPUs Standards Board develops and maintains a gr
29、owing number of standards to improve the exchange of postal-related information between posts, and promotes the compatibility of UPU and international postal initiatives. It works closely with posts, customers, suppliers and other partners, including various international organizations. The Standard
30、s Board ensures that coherent standards are developed in areas such as electronic data interchange (EDI), mail encoding, postal forms and meters. UPU standards are published in accordance with the rules given in Part VII of the General information on UPU standards, which can be freely downloaded fro
31、m the UPU world-wide web site (www.upu.int). DD CEN/TS 15523:2011CEN/TS 15523:2011 (E) 5 Introduction Widespread proliferation of electronic, internet-based data communications provides a cost-effective platform for integrating a global mail communication system. The essence of such integration is a
32、n automated exchange of computerised information between mailers, postal and recipients domains. Within each of these domains there is a wealth of information that has been or could be collected, computerised and subsequently communicated to other domains to enhance the overall mail system. This inf
33、ormation is typically information about mail units and it allows for effective control and management of the entire mail distribution network. Most commercial-purpose mail is created and finished with the help or under control of computer-driven equipment. Mail-descriptive computerised data is a by-
34、product of the mail creation/finishing process and it has significant value for both postal operators and their agents and frequently for mail recipients. Specifically, when a plurality of mail items (designated as a mailing submission) are prepared for induction into a postal distribution network b
35、y a mailer, it is only natural that the mailing submission should be accompanied by an electronic document (or computer file) that is commonly referred to as a statement of mailing submission. The main goal of the statement of mailing submission (SMS) is to provide support information for mission-cr
36、itical applications in the mail communication system, and specifically for applications in the postal domain. The most important applications in the postal domain come from operations (mail entry/induction, processing/sorting, transportation and delivery), postal marketing (maintenance of existing p
37、roducts and services, design of new postal products and services, customer relationship management and management of quality of service), and finance (revenue management including collection and protection of revenue). The main purpose of the present technical specification is to define basic concep
38、ts associated with the statement of mailing submission (framed using methodology of an entity-relationship model), and then to define the content, message structure and protocol that can be used by mailers or their agents to communicate to posts information supporting major postal applications, and
39、also to provide a detailed analysis of application-level security. The following section describes information requirements supporting major postal processes. Postal operations information requirements Mail entry/induction process is a controlled acceptance process that is designed to enable transfe
40、r of typically medium or large size mailings (e.g. mailings containing more than several hundred mail items) from mailers or their agents to postal operators. Mail entry process involves verification of mail make-up (i.e. check of the information present on mail units for its postal process friendli
41、ness) and verification of payment. The process is based on comparison of information created or otherwise known to postal acceptance personnel against information supplied by mailer. Critical data elements supporting mailing submission entry are: Mailing submission composition such as number of mail
42、 units of various kind contained in the submission; Type and identities of mail units included into submission; Gross and net weight of mail units included into submission and gross and net weight of the submission itself; Worksharing information if mailing submission has been pre-sorted or contains
43、 mail pre-barcoded by mailer or its agents. This information includes geographic distribution (number and type of mail units for each postal code), postal codes assigned to and marked on each mail unit as well as information concerning quantity, location and markings for all non-qualified (or residu
44、al) entities; Payment information including accounting information and postage information for various categories of postal products included in the mailing and totals for each category; DD CEN/TS 15523:2011CEN/TS 15523:2011 (E) 6 Identity of the SMS associated with the mailing submission; Security
45、information such as key certificates as described in the present specification (Annex D). Mail processing information requirements support cost-effective mail sorting. In addition to the information identified above, the mail sort-supporting electronic information may include identities of all mail
46、units included in the submission linked with their associated address information including postal codes. Mail transportation information requirements support cost-effective transportation of mail units and aggregates between postal processing and delivery offices. Thus, in addition to the informati
47、on identified in the previous sections, mail transportation-supporting information may include (if they are known during mail preparation process) identities and scheduling data for various transportation vehicles (trucks, railroad cars, aircrafts and boats) that will be used for transporting mailin
48、g submission. Mail delivery process information requirements support cost-effective delivery of mail. In addition to the information described above mail delivery-supporting information may include number, identity and type of mail units that require special delivery or handling (e.g. proof of deliv
49、ery or return receipt). Postal marketing information requirements Marketing information is mainly concerned with a detailed description of a mailers use of various postal products and services offered by a postal operator. These may include: Number of first class mail items included in the submission; Number of second class mail items included in the submission; Number of special rate mail items (e.g. overweight or oversize); Number of mail items that require special delivery (e.g. registered, certified, time-specific delivery etc.); Number of items that require forward
