Electronic PostMark: Implementing the S-43 Standard with TrustedX
Currently and increasingly often, the information we exchange with government departments, banks and other organizations is electronic. This new scenario, in which the participants in the transactions, contracts and communications do not necessarily have to be at the same place at the same time, pose serious trust problems. The Electronic PostMark (EPM) service adds a security layer to transactions in which documents are sent.The EPM service is defined in the S43-3 standard of the Universal Postal Union (UPU)–which represents 191 countries–and although its main purpose entails transferring the certified letter service of traditional mail to the electronic domain, it is applicable to any message exchange scenario.
The purpose of the EPM service is to respond to questions such as: Who initiated the transaction? Who took part in the transaction? When was the document sent, and when did the receivers get it? Did the content remain intact during transmission?
For this reason, the EPM service is based on the use of digital signature services, time-stamps–which imitate traditional stamps–and electronic receipts for assuring the transactions. The electronic receipts are a special characteristic of the EPM standard; they are delivered to clients of the service and prove that a given action was executed at a certain time.
The Electronic PostMark standard offers the following services:
- Electronic signature and verification services: These assure that it is possible to check the integrity of the content of any message and the sender's identity.
Evidences are stored for each of the transactions, meaning the information can be checked again at any time. - Time-stamping services: These add proof to assure the integrity of a transaction at a given moment in time.
- Non-repudiation services: Evidences are stored on the transactions to ensure the four types of non-repudiation: origin, sending, delivery and reception.
- Evidence recovery services: These provide proof of existence, integrity and time-logging of any electronic transaction.
In security terms, the EPM service can be defined as a digital signature and time-stamp verification authority that checks and stores evidences on the integrity of the content of the electronic information.
Safelayer has implemented this standard on the signature services of the TrustedX platform. Defining the functionality of the standard as Web services facilitates integration into business workflows and use by corporate applications.
The above screenshots show the integration of the services in a file explorer in which the contextual menus display the options for each file type (document, signature or transaction identifier).
