1、Postal services - Digital postage marks - Applications, security and designBS EN 14615:2017BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 14615 September 2017 ICS 03.240 Supersedes EN 14615:2005English Version Pos
2、tal services - Digital postage marks - Applications, security and design Services postaux - Marques daffranchissement digitales - Applications, scurit et design Postalische Dienstleistungen - Digitale Freimachungsvermerke - Anwendungen, Sicherheit und Gestaltung This European Standard was approved b
3、y CEN on 2 December 2016. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national stan
4、dards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and n
5、otified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary,
6、 Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-
7、CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2017 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 14615:2017 ENational forewordThis British Standard is the UK implementation of EN 14615:2017. It supersedes BS EN 146
8、15:2005, which is withdrawn.The UK participation in its preparation was entrusted to Technical Committee SVS/4, Postal services.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions
9、of a contract. Users are responsible for its correct application. The British Standards Institution 2017 Published by BSI Standards Limited 2017ISBN 978 0 580 92812 3ICS 03.240Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under t
10、he authority of the Standards Policy and Strategy Committee on 31 October 2017.Amendments/corrigenda issued since publicationDate Text affectedBRITISH STANDARDBS EN 14615:2017EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 14615 September 2017 ICS 03.240 Supersedes EN 14615:2005English Version
11、Postal services - Digital postage marks - Applications, security and design Services postaux - Marques daffranchissement digitales - Applications, scurit et design Postalische Dienstleistungen - Digitale Freimachungsvermerke - Anwendungen, Sicherheit und Gestaltung This European Standard was approve
12、d by CEN on 2 December 2016. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national s
13、tandards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language an
14、d notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hunga
15、ry, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG C
16、EN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2017 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 14615:2017 EBS EN 14615:2017EN 14615:2017 (E) 2 Contents Page European foreword 5 Introduction 6 1 Scope 8 2 Norma
17、tive references 8 3 Terms and definitions . 8 4 Symbols and abbreviations . 11 5 DPM applications and design process . 12 5.1 Introduction 12 5.2 DPM business planning . 13 5.3 DPM systems analysis . 14 5.4 DPM security analysis . 15 5.5 DPM design 16 Annex A (normative) Specification checklists . 1
18、7 A.1 Applications specifications . 17 A.2 System specification 17 A.3 Security specification 18 A.4 DPM specification . 18 Annex B (informative) Business planning considerations . 19 B.1 Possible applications . 19 B.2 Market segmentation 20 B.3 Applications selection . 23 Annex C (informative) Secu
19、rity analysis considerations . 26 C.1 Context 26 C.2 Security objectives, policy and economics . 27 C.3 Threats and vulnerabilities . 28 C.4 Applications and message level security 32 C.5 Security services and message level countermeasures 34 C.6 Applications level countermeasures . 36 C.7 Counterme
20、asure selection . 47 C.8 Application of countermeasures . 49 C.9 Message security implementation options 49 Annex D (informative) Systems analysis considerations 56 D.1 Requirements analysis . 56 D.2 Functional description 57 BS EN 14615:2017EN 14615:2017 (E) 3 D.3 Function allocation and architectu
21、re design 60 D.4 Other detailed design aspects 60 Annex E (informative) DPM design considerations 67 E.1 Data content . 67 E.2 Data entry 68 E.3 Data construct mapping . 69 E.4 Symbology . 70 E.5 Human readable information 71 E.6 Layout, facing and aesthetics 72 E.7 Performance and test criteria 73
22、Annex F (informative) Statistical analysis of DPM verification 74 F.1 Introduction . 74 F.2 Purpose and scope of postal item verification . 74 F.3 Detection of DPMs with invalid validation code 75 F.4 Influence of CVC length on fraud detection . 80 F.5 Detection of duplicate DPMs . 81 Annex G (infor
23、mative) Message security algorithms 82 G.1 Introduction . 82 G.2 Hash functions used in message security services . 82 G.3 Asymmetric (public key) cryptographic algorithms . 83 G.4 Message authentication code (MAC) algorithms . 86 G.5 Exchange validation code generation . 90 G.6 Selection of algorit
24、hms for CVC implementation 90 Annex H (informative) CVC generation and verification data . 96 H.1 Introduction . 96 H.2 Sources of data for verification 96 H.3 Selection of data used in the verification process 97 Annex I (informative) Architecture examples 103 I.1 Introduction 103 I.2 The REMPI arc
25、hitecture 103 I.3 USPS IBIP configurations 107 Annex J (informative) Examples of digital postage marks (not to scale) . 112 J.1 Australia Post 112 J.2 Canada Post 112 J.3 Deutsche Post 112 J.4 Die Post, Switzerland 114 J.5 Royal Mail . 115 J.6 United States Postal Service (USPS) 116 BS EN 14615:2017
26、EN 14615:2017 (E) 4 Annex K (informative) Relevant intellectual property rights (IPR) . 118 K.1 Introduction . 118 K.2 Massachusetts Institute of Technology 118 K.3 Neopost 118 K.4 Pitney Bowes Inc 119 K.5 Pitney Bowes Inc, together with Certicom Corp . 119 K.6 United States Department of Commerce .
27、 120 K.7 United States Postal Service . 120 Annex L (informative) DPM design charts . 121 L.1 Applicability of countermeasures against identified threats 121 L.2 Data elements used by typical applications and countermeasures 125 L.3 Mapping data elements onto data source and DPM data constructs 129
28、Bibliography 131 BS EN 14615:2017EN 14615:2017 (E) 5 European foreword This document (EN 14615:2017) has been prepared by Technical Committee CEN/TC 331 “Postal services”, the secretariat of which is held by NEN, in collaboration with the UPU. NOTE This document has been prepared by experts coming f
29、rom CEN/TC 331 and UPU, under the frame of the Memorandum of Understanding between UPU and CEN. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by March 2018, and conflicting national standards shall
30、 be withdrawn at the latest by March 2018. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This document supersedes EN 14615:2005. Thi
31、s document (EN 14615:2017) is the CEN equivalent of UPU1)standard S36-4. It may be amended only after prior consultation, between CEN/TC 331 and the UPU Standards Board, in accordance with the Memorandum of Understanding between CEN and the UPU. The UPUs contribution to the standard was made, by the
32、 UPU Standards Board2)and its subgroups, in accordance with the rules given in Part V of the “General information on UPU standards”. This document is the second version of EN 14615, but corresponds to the fourth version (S36-4) of UPU standard S36, the revision history of which can be found in the F
33、oreword of the UPU versions of the specification. According to the CEN-CENELEC Internal Regulations, the national standards organisations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland,
34、Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. 1)The Universal Postal Union
35、(UPU) is the specialised institution of the United Nations that regulates the universal postal service. The postal services of its 192 member countries form the largest physical distribution network in the world. Some 5 million postal employees working in over 660 000 post offices all over the world
36、 handle an annual total of 425 billion letters-post items in the domestic service and almost 6,7 billion in the international service. Some 4,5 billion parcels are sent by post annually. Keeping pace with the changing communications market, posts are increasingly using new communication and informat
37、ion technologies to move beyond what is traditionally regarded as their core postal business. They are meeting higher customer expectations with an expanded range of products and value-added services. 2)The UPUs Standards Board develops and maintains a growing number of standards to improve the exch
38、ange of postal-related information between posts, and promotes the compatibility of UPU and international postal initiatives. It works closely with posts, customers, suppliers and other partners, including various international organisations. The Standards Board ensures that coherent standards are d
39、eveloped in areas such as electronic data interchange (EDI), mail encoding, postal forms and meters. UPU standards are published in accordance with the rules given in Part VII of the General information on UPU standards, which can be freely downloaded from the UPU world-wide web site (www.upu.int).
40、BS EN 14615:2017EN 14615:2017 (E) 6 Introduction The transition from letterpress to digital printing provides the opportunity for a more effective way to communicate information on postal items. Current Postmarks include information such as postage value, date of posting and equipment identification
41、, but this information is not readily machine readable. The emergence of digital printing and image processing technologies offers the opportunity to encode critical data in the form of digital postage marks (DPMs) which are more suitable for computer data capture. However, the adoption of these tec
42、hnologies requires careful study, both to maximize the benefits from their introduction and because digital printing technology might bring with it the need for different security measures than those commonly used in association with letterpress printing. The document identifies a variety of factors
43、 which need to be considered in the DPM design process. It has three main purposes. It is intended to serve as: a) a standard process: for the design of applications using digital postage marks; b) a guide: to help in structuring local standards for digital postage marks; c) a cross reference: to po
44、int to other standards and documents related to DPM applications. It is stressed that the factors identified are intended to be representative and do not constitute an exhaustive list. Similarly, the document provides many examples of possible architectures and design solutions to the issues which a
45、re raised. These are non-normative. They are given for illustrative purposes only and there certainly exists a wide range of other possibilities which are not described. It is not intended to suggest that any one architecture or design or technical solution described is in any way required or in any
46、 way superior to any other, whether described herein or not. The implementation of certain of the techniques described in the informative sections of this specification might involve the use of intellectual property that is the subject of patent rights. It is the responsibility of users of the stand
47、ard to conduct any necessary patent searches and to ensure that any pertinent patents are in the public domain; are licensed3)or are avoided. Neither CEN nor the UPU can accept any responsibility in case of infringement, on the part of users of this document, of any third party intellectual property
48、 rights. Nevertheless, document users and owners of such rights are encouraged to advise the Secretariat of the UPU Standards Board and/or of CEN/TC 331 of any explicit claim that any technique or solution described herein is protected by patent in any CEN or UPU member country. Any such claims will
49、, without prejudice, be documented in the next update of this standard, or otherwise at the discretion of the Standards Board, respectively CEN/TC 331. Annex K of this document lists the intellectual property rights brought to the attention of CEN/TC 331 and the UPU Standards Board prior to approval of the publication of this version of the standard. The mention of intellectual property rights, in Annex K, is on a without prejudice basis. That is, such mention indicates only that some party has expressed the view that use of the standard might, in some circumstan
