> > Postal Identity Management


Postal Identity Management

IN BRIEF:  As postal services redefine themselves as data-driven service providers, identifying postal service users in an omni-channel delivery environment becomes an essential element of the postal value chain.

The postal service user, the postal item, notification of where or when to deliver a particular item, preferences or even special attributes granting access to certain conditions, all become an integral part of postal service provision.

Creating a postal identity management trust framework creates the infrastructure necessary to enhance the postal service provision to meet the needs of digital society.

See below for examples of postal identity management in practice:

  1. USPS: "Secure Digital Solutions"
  2. Poste Italiane: "Digital Identity"

The postal network is by definition universal. As mail delivery and addresses (senders and recipient identification) become omni-channel, the extension of the postal service provision into new means of digital communication at national and global level demands standards defining the necessary trust frameworks.


Identity is the central organizing principle of modern society

Across the world, states and businesses are tackling the issue of identification; they need to know who their clients are, and ensure that people only get access to the information and services to which they are entitled.

Identity is rapidly becoming the central organizing principle in any modern society, and managing identity in a proper manner is vital. Work currently under way at the UPU to Address the World, in accordance with its Standards S42 and S53, is paving the way, laying the foundations for combining the physical delivery address and the personal identity.

Extending the postal service provision into new means of communication, and enhancing the ability of posts to manage the postal electronic identity (PeID) across the universal postal network, will allow senders and recipients to securely interact and use services any time, any place and anywhere.


Identity management stimulates growth of new services

When high quality PeID management at global postal level (UPU) is made available to the public or private sector, new commercial electronic services requiring identity management can be established.

The PeID acts as an enabler for innovative public and commercial services and is designed to benefit citizens and businesses, especially small and medium-sized enterprises, in all UPU member states. PeID becomes a building block for the net-generation postal network.

Putting a trust framework such as PeID into practice needs a powerful shared vision, one driven by real user needs and public interest, and aligning actors in the field.

Just as the postal address is core to several levels of postal In-Person-Proofing services offered by  most postal service providers today (whether for secured delivery, first class or second class mail, parcel services or postal financial services), so user identification and authentication are essential if many cross-border services are to become successful and secure.


Interoperability - the key to success

Success lies in the interoperability of national postal identity management systems.

  • Definition of Identification: Identification is the process of using claimed or observed attributes of an entity to deduce who the entity is.
  • Definition of Authentication: Authentication is the corroboration of a claimed set of attributes or facts with a specified, or understood, level of confidence. In this document, authentication is the corroboration to attributes of fact related to an identity; as such the term “authentication” implicitly refers to the identification process. Unless explicitly stated, the term authentication is used, in this document, as a shortcut for “identification and authentication”.

Most individual member states have their own user identification and authentication solutions. The efficient use of cross-border services demands that these eID solutions be interoperable.

In other words, the member states must be aware of, and trust, each other’s solutions. This trust reflects the level of assurance that is associated with an authentication solution. Where there is common understanding about the levels of assurance, then interoperability is ensured.

 

Digital Identity vs. Electronic Identification

A major part of our economy is driven by personal data. Knowledge of who the customer is, their preferences, profiles, and predictions about how they might behave, are the new digital currency.

The more customers are willing to share with third parties in order to pay for services in the digital and social society, the more defined this digital identity becomes. A digital identity enables the user to act (or to be serviced in a digital environment) according his/her profile:


Postal identity management is a key factor in the postal value chain: proof of identity, user authentication and trust services form the backbone of data-driven postal provision.

Fig 1: Explanation used by EC DG Connect for eIDAS WS, September 25, 2013

When it comes to personal electronic identification, each EU state has established its own national identification framework, issuing trusted assertions or credentials at a national level.

This electronic identification is an infrastructure provided by a national government; it identifies a particular person and is the digital representation of that person. An electronic identification empowers the user to prove their identity:


Postal identity management is a key factor in the postal value chain: proof of identity, user authentication and trust services form the backbone of data-driven postal provision.

Fig. 2: Explanation used by EC DG Connect for eIDAS WS, September 25, 2013

Applying the electronic identification and the digital identity together provides a trust framework, where the proof of the entity is provided by a national government, and the (digital & social) profile is provided by several identity providers.


The importance of global regulation

Proof of electronic entities and digital identities must be regulated globally.

Extending postal service provision into new means of communication requires a stable and sound framework for upgrading the universal address system. In a data-driven, next-generation postal network, (analogue) addresses must be developed further, becoming identifiers for authenticating senders and recipients. 

Postal operators have traditionally acted as trusted mediators, based on universal rights enshrined in the acts of the UPU guaranteeing secured communication and the right of transit of mail. These rights are currently being extended to the new postal service provision.

Postal identity management, to identify and authenticate the participants in any communication, demands core framework infrastructure which is regulated by the UPU.

This was as equally true in the past, when the global postal network was an item-driven, analogue network, and as it is today and in the future, as postal service providers extend their service provision into the digital world, covering hybrid and digital (e-commerce) postal services.


Sector-specific data protection is part of postal identity management

The UPU officially adopted its data protection compliance framework at the 25th UPU Congress in Doha, 2012, forbidding personal data gathered to provide a physical, digital or financial postal service to be made available to 3rd parties or used for any other purposes without the express permission of the user.

Confidentiality, protection and security of personal data are the cornerstones of the UPU service provision.


Postal identity management in practice

Postal services have already begun implementing their own postal identity management solutions. Here 2 examples:


1. United States Postal Service: “Secure Digital Solutions”

The United States Postal Service (USPS) is leveraging its assets to evolve in the digital space by creating secure digital solutions. According to the USPS, these are:

  • Privacy & Security: U.S. law requires strict consumer privacy protection and adherence to information security requirements  
  • Governance & Enforcement: Strict governance structure and the protection of a federal law enforcement agency
  • Industry Alliances: The USPS has a $ 68 billion revenue platform that enables a $ 900 billion mailing industry, 36,000 retail outlets and 152 million delivery points 
  • International Relationships: The UPU is a gateway enabling international commerce


The USPS has identified three major areas of customer demand:

1)       Privacy & Security: According a study by the U.S. Department of Justice (2005 – 2010), the estimated annual value of data stolen by cyber thieves was $ 114 billion. 86% of Americans say internet companies should ask permission to use personal information, 54% of Americans believe website tracking invades their privacy.

2)       Trust: When it comes to US consumers trusting online companies with their personal information, the USPS has been the most trusted government agency over the past seven years.

3)       Convenience: The average US online user has 6.5 unique passwords and 25 online accounts, but limited options for managing sensitive, medical, financial and governmental documents online.

The U.S. government has a national strategy for postal identity management in cyberspace. The goal is to develop a comprehensive Identity Ecosystem Framework: build and implement, enhance confidence and willingness to participate, and ensure the long-term success and sustainability of such an identity ecosystem.


USPS’s product offerings and services are focused on:

  • Postal Identity Management & Access Management Services: User Registration, by providing the appropriate amount of personally identifiable information, such as name, address, date of birth, etc. Information users provide during user registration is compared against information previously collected by an external service provider. ID proofing can be carried out remotely, online or in-person at a local post office.
  • Credentialing will be done by assigning and issuing a credential or a “token” in the form of a code or hardware device. When users supply the assigned credential they are authenticated. 
  • Federal Cloud Credential Exchange (FCCX): The FCCX realizes the U.S. government vision by allowing agencies to securely interact with a single “broker” – the USPS – to authenticate consumers.


Postal identity management is a key factor in the postal value chain: proof of identity, user authentication and trust services form the backbone of data-driven postal provision.

Fig. 3: USPS: Allowing federal agencies in the USA to securely interact with a single trusted “broker” to authenticate customers


Today US federal agencies require the issue of more than 250 million digital credentials to access their respective website applications in support of eGov initiatives. This requires integrating with multiple Identity Service Providers (IDPs), each independently paying for authentication services.

USPS’s solution – Federal Cloud Credential Exchange (FCCX) – creates a centralized interface between agencies and credential providers. This aims at reducing costs and complexity, and speeding up the integration timeline for new IDPs.

This is important for consumer privacy, as IDPs do not know which agency the consumer is logging into. This is important for the federal government, as the authentication costs are decreased through centrally negotiated rates with the USPS.


2. Poste Italiane: "Digital Identity"

During 2011, only 15 – 20% of all Italian users bought goods and services online or sent electronic communications to public administrations – the EU average, in contrast, was 40%. The main reason holding back users was the belief that digital channels are less secure than the traditional, analogue channel.

Poste Italiane S.A. manages the whole process of certifying a user’s electronic identity, using its own physical (14,000 post offices) and digital (cyber security centre) assets.


Postal identity management is a key factor in the postal value chain: proof of identity, user authentication and trust services form the backbone of data-driven postal provision.

Fig. 4: Poste Italiane S.A. combines electronic identification with verified personal identities

The Poste Italiane Group has developed a trusted and secure ecosystem, integrating postal identity management by verifying the identity of the users and linking users to verified personal profiles (including attributes such as shipping preferences, payment options, preferences, etc.).

The result is Poste Italiane’s “Postal Digital Identity”. The platform is designed to enable users to make online transactions and access different e-services, securing Poste Italiane’s leading position as trusted mediator used by senders and recipients alike.



Top of Page

> > Postal Identity Management