Proposed specifications would improve mail security

In an effort to make postage meters more secure, the U.S. Postal Service has proposed two new specifications that, among other things, would provide the opportunity for postage to be printed from PCs.

The specifications, published in the Federal Register for comment, propose a new indicium, or postmark, with a 2-D bar code that will contain a digital signature, among other data, and a postal security device (PSD), which performs functions similar to postage meter registers.

USPS has been searching for a better form of on-stage meter security and, in particular, for a way to prevent counterfeiting of the current meter indicia. The proposed standards attempt to address this concern.

There are about 1.5 million postage meters in use in the United States. Collectively they account for approximately $20 billion in postal revenues annually.

Defining a Postmark

One specification defines what a postmark, or evidence of postage, must look like. USPS has proposed that the new postmark contain a unique digital signature carried in a 2-D bar code. A new indicium substitutes for a postage stamp or postage meter imprint as evidence that postage was paid.

Because of the information the indicium will contain, the agency will be better able to deter mail fraud as well as provide additional services, such as mail tracking and tracing, according to Roy Gordon, program manager for the agency's Information Based Indicia Program.

"USPS' initial strategy is to sample [letters] in the mail stream and scan on a random basis," Gordon said. "In the long term, it will scan 100 percent of the mail to deter fraud. The key is that it provides the USPS [with] the ability to provide additional services to carry that data with mail pieces."

Security Requirements

Another specification proposed is a PSD that "identifies security requirements around the monetary function of a meter," Gordon said.

Such a device would provide cryptographic signature, financial accounting, indicium creation, device authorization and audit functions. It most likely will be a hardware device used with a computer or postage meter-based host system.

"A host system specification," Gordon said, "is a requirement for a PC [and] for those products that are designed to print from PCs as well as for more traditional meters like you see today."

PSD core security functions are cryptographic digital signature generation and verification and secure management of the registers that track the remaining amount of money available for indicium creation and the total postage value used by the PSD.

The device will comply with Federal Information Processing Standard (FIPS) 140-1 and will be validated by the National Institute of Standards and Technology (NIST) Computer Systems Laboratory.

Similar Functions

While separate from the electronic postmarking initiative at USPS, the indicium and electronic postmark efforts share similar functions - in particular, digital signing. "Some of the things that get done are the same," Gordon said. "The new indicium will contain a unique digital signature."

USPS is accepting comment on the specifications through Sept. 10.