FOR THE U.S. Postal Service (USPS), an American institution that dates back to the days of delivering mail on horseback, implementing a digital certified mail system for the 21st century was a mammoth undertaking, but one which the times clearly called for.

"Like any business, we carefully watch the demand of the marketplace. Here we see a huge change technologically to move information, postage, and money across the Internet," says Bob Krause, vice president of e-commerce for the Washington-based USPS.

When Krause began looking in 1996 for a solution to creating a secure messaging and authentication system, the dearth of commercial digital signing vendors led the USPS to take matters into its own hands.

"It was clear to us that the Internet was going to need appropriate security solutions [for electronic postmark and transaction receipts], so we started looking at becoming a signing authority so we could offer those choices," Krause says.

Working in partnership with a number of companies, the USPS has created a peer-to-peer authentication and security offering called NetPost.Certified, which was deployed in January within several government agencies.

Through the use of an electronic postmark service and CA (certificate authority), NetPost.Certified enables two parties -- one of which currently must be a government agency -- to obtain a USPS-issued digital certificate. The digital certificate is stored on a NetPost.Certified smart card and lets users create a digital signature for strong authentication when messaging files to government computers via a secure and private channel. Upon receipt, the service generates a transaction postmark verifying each delivery.

Digital signatures are verified by comparing the sender's public and private keys. The private key, which is used to create the digital signature, is known only to the sender. The public key, which is used to verify authenticity, is distributed to people who need to recognize the sender's digital signature.

"The postal service will stand by [the date and time] it was transmitted and [by the fact] that it was not tampered with en route. That's the beauty of electronic sending," Krause notes. "The attributes of the physical mail piece have literally been replicated in electronic message form."

Systems requirements for NetPost.Certified include a smart card, smart-card reader, USPS CA, USPS electronic postmark, file transport software, and cryptographic software.

According to Krause, the USPS' "trusted third-party status" made it a logical candidate for driving the development of such a system, as it was imperative to employ key partnerships and take advantage of the best available technology.

"Our approach to this is that you have to be there when that breakthrough occurs.You can't just wake up and say we should be there. The ones that lose big are the ones that just sit on the sidelines," Krause explains.

Technology partners assisted the USPS

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine