USPS will use a PKI to manage electronic postage

USPS loses about $100 million a year
from meter tampering, officials said.


The Postal Service moved a step closer to selling postage online after it established a
public-key infrastructure last month.


The service will use a PKI as part of the Information-Based Indicia Program, a program
for selling postage over the Internet by letting users print bar codes on envelopes or
labels from printers at their home offices or in small businesses.


Each of the digital stamps has a bar code that provides unique, scannable information.
The bar code stores the postage amount, user licensing, source and destination ZIP codes,
along with date and time of postage printing.


The program will help the public buy postage more easily, officials said.


The system will also “stem losses from criminal tampering of postage meters,
counterfeiting of indicia and systemic audit and control weaknesses,” a Postal
Service official said.


The service loses about $100 million a year from meter tampering, postal officials
said. Meters account for about $21 billion in revenue a year, Postal Service officials
said.


The service’s PKI will ensure secure transactions for online buyers, IBIP program
manager Roy Gordon said. A digital certificate establishes the identity of the device; a
signature ensures the integrity of the message.


The PKI system is from Cylink Corp. of Sunnyvale, Calif.


The system will create authorization certificates, audit transactions, recover
interrupted transactions and revoke certificates, said Andrew Morbitzer, director of
market development for Cylink.


PKI data is stored in a database from Informix Software Inc. of Menlo Park, Calif.
Tuxedo from BEA Systems Inc. of Sunnyvale, Calif., helps “with transaction processing
and survivability,” Morbitzer said.


Tuxedo manages the data transfer between multiple local and remote terminals and the
application programs they run. USPS wants the program to run even if one center goes down,
Morbitzer said.


The PKI encompasses four systems, each with a different operating system, memory and
processors, Morbitzer said.


The PKI uses the Internet Engineering Task Force’s X.509 Version 3 digital
signature specification, which lets certificate authorities read and understand one
another, Morbitzer said.


The Cylink PKI system the service will use is designed to produce hundreds of millions
of digital certificates, Morbitzer said.


The Postal Service plans to issue digital certificates to companies that develop the
software and hardware used to sell online postage. The companies then sell digital
certificates to individuals or companies that want to buy postage online, Morbitzer said.


The Postal Service sets the standards for the software and hardware, the vendors
develop their products, and the service authorizes their use, Gordon said.


Electronic postage will initially be targeted to small office and home office users and
will eventually be extended to larger organizations, USPS officials said.


USPS anticipates high-volume, high print speed products in the future for use with
large mailing systems running in mainframe or client-server environments to assist in mail
production, postal officials said.


The Postal Service is beta-testing IBIP services in the Washington area and in Northern
Virginia.


It will launch beta tests in San Francisco and Tampa, Fla., during the program’s
Phase 2, service officials said.    

inside gcn

  • Congressman sees broader role for DHS in state and local cyber efforts

    Automating the ATO

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above