USPS To Provide Personal Identity Certification 259
Zentalon writes "The United States Postal Service has announced that it will provide In-Person Proofing (pdf) to physically authenticate individuals before a digital signature certificate is issued to that person. This has a bunch of interesting ramifications; for instance, I could create a simple spam filter that only accepts mail from individuals and organizations that have an authenticated certificate. It could also allow for more secure financial transactions. Anyone know if any other national postal services are planning the same thing?" Funny, they don't seem to always know where to deliver so-called first-class mail ...
Deutsche Post did that (Score:5, Informative)
Article text (Score:1, Informative)
Notices
Dated: June 12, 2003.
D.L. Gamberoni,
Technical Coordinator, Office of the Secretary.
[FR Doc. 03-15347 Filed 6-13-03; 11:53 am]
BILLING CODE 7590-01-M
POSTAL SERVICE
In-Person Proofing at Post Offices
(IPP) Program
AGENCY: U.S. Postal Service. ACTION: Notice.
SUMMARY: The USPS is announcing the availability of an In-Person Proofing at Post Offices (IPP) Program to support the activities of U.S. Certificate Authorities and government organizations.
EFFECTIVE DATE: June 9, 2003.
FOR FURTHER INFORMATION CONTACT: Chuck Chamberlain at 703-292-4172, or Brad Reck at 703-292-3530
SUPPLEMENTARY INFORMATION: In recent years, a number of new federal statutes have sought to preserve the ability of the public and private sectors to use the efficiency of the internet to rapidly exchange time sensitive communications while assuring that people receiving and sending messages are in fact who they say they are. A number of top quality private sector businesses have mastered the technology around the use of secure digital signatures, yielding a greater demand for improved identity verification for individuals seeking to use digital signatures.
This need for improved ''online identity'' creates a unique service opportunity for the Postal Service to provide value to the public, leverage our retail network and enable internet communications to enjoy a new level of security and reliability. Numerous organizations have approached the U.S. Postal Service to conduct In-Person Proofing (IPP) of customers nationwide for physically authenticating an individual's identification at a post office before the organization issues a digital signature certificate to the individual.
IPP supports efficient, affordable, trusted communications through the use of identification verification at Post Offices, incorporation of process enhancements required by the Postal Service, active management of the IPP program by the USPS, and use of a First Class U.S. Mail piece to verify physical addresses of applicants. We believe that IPP conducted at local post offices will create a new broad based capability for the Nation that promotes improved public trust and greater efficiency in the electronic delivery of a wide range of services. These efforts support achieving the goals of the Government Paperwork Elimination Act of 1998, Electronic Signature in Global and National Commerce Act of 2000, Health Insurance Portability and Accountability Act of 1996, Sarbanes- Oxley Act of 2002, and Gramm-Leach- Bliley Act of 1999 and numerous Presidential Directives on eGovernment. The following is a brief description of how IPP would work. An organization can establish a relationship with a qualified U.S. Certificate Authority to integrate digital signing with improved identity verification into an online application. Any individual desiring to use digital certificates that include USPS IPP will complete an application online. The online system will verify the individual's identity via commercial data base checking. The system will then produce a standard Postal Service form to be printed out at the ''applicant's'' personal computer. The individual requesting the service will present this form to a participating post office where the ''In Person Proofing'' process is conducted. After successful completion of the IPP event, the CA will notify the applicant to download their digital certificate. For clarity, the steps in the IPP process are outlined below.
1.0 DESCRIPTION
1.1 Purpose
IPP is a postal program to improve the public key infrastructure of the Nation. The public key infrastructure has emerged as an accepted infrastructure component for protecting and facilitating the electronic communications of the Nation.
2.0 BASIC STANDARDS
2.1 Eligibility
For a Certificate Authority (CA) to use IPP, the CA must incorporate the U.S. Postal Service In-Person Proofing Policy into their Certificate Policy. Conformance to the Po
in bulgaria (Score:2, Informative)
pdf -- txt (Score:2, Informative)
Dated: June 12, 2003.
D. L. Gamberoni,
Technical Coordinator, Office of the Secretary.
[FR Doc. 03Ð 15347 Filed 6Ð 13Ð 03; 11: 53 am]
BILLING CODE 7590 01 M
POSTAL SERVICE
In-Person Proofing at Post Offices (IPP) Program
AGENCY: U. S. Postal Service.
ACTION: Notice.
SUMMARY: The USPS is announcing the
availability of an In-Person Proofing at Post Offices (IPP) Program to support
the activities of U. S. Certificate Authorities and government
organizations.
EFFECTIVE DATE: June 9, 2003.
FOR FURTHER INFORMATION CONTACT:
Chuck Chamberlain at 703Ð 292Ð 4172, or Brad Reck at 703Ð 292Ð 3530
SUPPLEMENTARY INFORMATION: In recent years, a number of new federal statutes have sought to preserve the ability of the public and private sectors to use the efficiency of the internet to rapidly exchange time sensitive communications while assuring that
people receiving and sending messages are in fact who they say they are. A
number of top quality private sector businesses have mastered the
technology around the use of secure digital signatures, yielding a greater
demand for improved identity verification for individuals seeking to
use digital signatures. This need for improved '' online
identity'' creates a unique service opportunity for the Postal Service to
provide value to the public, leverage our retail network and enable internet
communications to enjoy a new level of security and reliability. Numerous
organizations have approached the U. S. Postal Service to conduct In-Person
Proofing (IPP) of customers nationwide for physically authenticating an
individual's identification at a post office before the organization issues a
digital signature certificate to the individual.
IPP supports efficient, affordable, trusted communications through the use
of identification verification at Post Offices, incorporation of process
enhancements required by the Postal Service, active management of the IPP
program by the USPS, and use of a First Class U. S. Mail piece to verify physical
addresses of applicants. We believe that IPP conducted at local post offices will
create a new broad based capability for the Nation that promotes improved public trust and greater efficiency in the
electronic delivery of a wide range of services. These efforts support achieving
the goals of the Government Paperwork Elimination Act of 1998, Electronic
Signature in Global and National Commerce Act of 2000, Health
Insurance Portability and Accountability Act of 1996, Sarbanes-Oxley
Act of 2002, and Gramm-Leach-Bliley Act of 1999 and numerous
Presidential Directives on eGovernment. The following is a brief description of
how IPP would work. An organization can establish a relationship with a
qualified U. S. Certificate Authority to integrate digital signing with improved
identity verification into an online application. Any individual desiring to
use digital certificates that include USPS IPP will complete an application
online. The online system will verify the individual's identity via commercial
data base checking. The system will then produce a standard Postal Service
form to be printed out at the '' applicant's'' personal computer. The
individual requesting the service will present this form to a participating post
office where the '' In Person Proofing'' process is conducted. After successful
completion of the IPP event, the CA will notify the applicant to download their
digital certificate. For clarity, the steps in the IPP process are outlined below.
1.0 DESCRIPTION
1.1 Purpose
IPP is a postal program to improve the public key infrastructure of the Nation.
The public key infrastructure has emerged as an accepted infrastructure
component for protecting and facilitating the electronic
communications of the Nation.
2.0 BASIC STANDARDS
2.1 Eligib
Comment removed (Score:4, Informative)
Re:Certificates (Score:3, Informative)
That verifies your snail mail address, not your identity.
Re:great! (Score:3, Informative)
United States Postal Service
The Post Office Department was transformed into the United States Postal Service, an independent establishment of the executive branch of the Government of the United States. The mission of the Postal Service remained the same, as stated in Title 39 of the U.S. Code: "The Postal Service shall have as its basic function the obligation to provide postal services to bind the Nation together through the personal, educational, literary, and business correspondence of the people. It shall provide prompt, reliable, and efficient services to patrons in all areas and shall render postal services to all communities."
The new Postal Service officially began operations on July 1, 1971. At that time, the Postmaster General left the Cabinet, and the Postal Service received:
* Operational authority vested in a Board of Governors and Postal Service executive management, rather than in Congress.
* Authority to issue public bonds to finance postal buildings and mechanization.
* Direct collective bargaining between representatives of management and the unions.
* A new rate-setting procedure, built around an independent Postal Rate Commission.
Title 39, the Postal Reorganization Act, also vested direction of the powers of the Postal Service in an 11-member Board of Governors. Nine members (the Governors) are appointed by the President, by and with the advice and consent of the Senate. They serve staggered nine-year terms, and no more than five Governors may belong to the same political party. Governors are chosen to represent the public interest generally, may not represent specific interests using the Postal Service, and may be removed only for cause.
Re:Uh-huh... (Score:3, Informative)
The Big Brother aspect comes in the arrangement between the USPS and the CA. As noted above, the CA would be required to check your identity against a Patriot Act database before passing the request on to the Post Office. Reading between the lines, it would seem that information collected from you in your CSR might end up refreshing the data in the Patriot Act database. Combine that with the requirement that certificates expire after four years, and you have a mechanism to keep that national database current. All of this is good IT/database practice. But in the hands of the Government, it raises concerns.
Don't blame just the USPS, geez (Score:5, Informative)
No, not very funny. Rather clueless. Did you know that the USPS has domestic airlines carrying mail?
I can't even count the times I've found stray (or lost) bags of mail in aircraft. One of my many job functions when I worked for a ground handling company was to make sure that mail for Anchorage actually got *on the right aircraft* and didn't wind up on a flight to Miami. We'd actually check behind the belly toolbox on that old nasty DC-8 looking for mail bags.
Ever seen a 55' truck back up to a DC-6? Yes, folks. Bulk loading 33,000lbs of mail into a friggin DC-6 bound for northern Alaska.
Sure, mail gets lost sometimes, but it's not always the fault of the USPS.
USPS offers to outsource services to CAs (Score:1, Informative)
The basic idea is that CAs can leverage the thousands of existing post office branches to outsource the hanling of the proofing services.
Of course, besides having their root certificate stored in Explorer and Netscape/Mozilla, the only other real competitive advantage of CAs has to do with their verification processes. Its not clear if they would be willing to outsource them. The USPS could then easily add its own root certificate to the popular browsers and eat their cake.
Re:Postal employees better than you think (Score:2, Informative)
I was also particularly impressed when my mother received a letter from abroad with just her name and the town as the address; the town is a suburb of London and must number several tens of thousands of inhabitants at the very least.
Hong Kong's SmartID Project does this.... (Score:3, Informative)
and so does Hong Kong Post.
http://www.hongkongpost.gov.hk/product/ecert/ty
Re:The Post Office? Seriously? (Score:5, Informative)
UPS: $66 (2-5 days)
FedEx: $65 (4-5 days)
USPS: $15 (4-6 days)
You can guess who I went with. It took four days to get there.
Re:Amazing what the USPS does do with mail. (Score:2, Informative)
Re:require one of these for a change of address fo (Score:1, Informative)
Speaking as one who is in the process of moving right now (getting keys to the new apartment tomorrow morning), there actually is verification that it's been accepted and processed. You may not run into it if you don't file the change-of-address form pretty early, though, because it's sent to the old address. And, they're fairly clever about it. They account for the possibility that someone will send in the forwarding order late and someone else will have moved in their place before the confirmation is sent. Because of that possibility, they only list the address that the mail is forwarded from. Thus, the person who moves in after you may get your name, but they do not get your new address.
Just in case anyone cares, here's what the letter looks like:
So, yes, someone could play a trick on you, but you would at least find out eventually. Still, they could do a little better. They could provide a phone number (or web site) for you to submit a request; then they'd send a computer-generated form to the "from" address for forwarding; only by returning that form could you get the mail forwarded. Unfortunately, what would happen is that more mail would be lost this way, because in the chaos of moving, people naturally forget to forward their mail until after they've moved, and those people would never be able to get through the system...
Hong Kong has it (Score:4, Informative)
The Hong Kong Government has recently roll out a renew plan for all citizens to renew their ID card (mandatory, must be on the person at all times). This new ID card is a smart card which also allow storage of digital cert.
Because of this mandatory ID, the cert roll out plan (storage and distribution) is relatively easier than other countries.