Proposed specifications would improve mail security

In an effort to make postage meters more secure, the U.S. Postal Service has proposed two new specifications that, among other things, would provide the opportunity for postage to be printed from PCs.

The specifications, published in the Federal Register for comment, propose a new indicium, or postmark, with a 2-D bar code that will contain a digital signature, among other data, and a postal security device (PSD), which performs functions similar to postage meter registers.

USPS has been searching for a better form of on-stage meter security and, in particular, for a way to prevent counterfeiting of the current meter indicia. The proposed standards attempt to address this concern.

There are about 1.5 million postage meters in use in the United States. Collectively they account for approximately $20 billion in postal revenues annually.

Defining a Postmark

One specification defines what a postmark, or evidence of postage, must look like. USPS has proposed that the new postmark contain a unique digital signature carried in a 2-D bar code. A new indicium substitutes for a postage stamp or postage meter imprint as evidence that postage was paid.

Because of the information the indicium will contain, the agency will be better able to deter mail fraud as well as provide additional services, such as mail tracking and tracing, according to Roy Gordon, program manager for the agency's Information Based Indicia Program.

"USPS' initial strategy is to sample [letters] in the mail stream and scan on a random basis," Gordon said. "In the long term, it will scan 100 percent of the mail to deter fraud. The key is that it provides the USPS [with] the ability to provide additional services to carry that data with mail pieces."

Security Requirements

Another specification proposed is a PSD that "identifies security requirements around the monetary function of a meter," Gordon said.

Such a device would provide cryptographic signature, financial accounting, indicium creation, device authorization and audit functions. It most likely will be a hardware device used with a computer or postage meter-based host system.

"A host system specification," Gordon said, "is a requirement for a PC [and] for those products that are designed to print from PCs as well as for more traditional meters like you see today."

PSD core security functions are cryptographic digital signature generation and verification and secure management of the registers that track the remaining amount of money available for indicium creation and the total postage value used by the PSD.

The device will comply with Federal Information Processing Standard (FIPS) 140-1 and will be validated by the National Institute of Standards and Technology (NIST) Computer Systems Laboratory.

Similar Functions

While separate from the electronic postmarking initiative at USPS, the indicium and electronic postmark efforts share similar functions - in particular, digital signing. "Some of the things that get done are the same," Gordon said. "The new indicium will contain a unique digital signature."

USPS is accepting comment on the specifications through Sept. 10.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.