[Federal Register: April 15, 1997 (Volume 62, Number 72)]
[Notices]
[Page 18375-18377]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr15ap97_dat-100]
=======================================================================
-----------------------------------------------------------------------
POSTAL SERVICE
Privacy Act of 1974, System of Records
AGENCY: Postal Service.
ACTION: Notice of new system of records.
-----------------------------------------------------------------------
SUMMARY: This document publishes notice of a new Privacy Act system of
records, Collection and Delivery Records--Customer Public Key
Certificate Records, USPS 010.090. The new system consists of an
electronic database containing limited information about postal
customers who have been authorized public key certificates by the
Postal Service. A public key certificate is a digital document that can
be used to validate the authenticity of a digitally signed document
sent by way of the Internet, a service provider, or a value-added
network from one customer to another. The Postal Service acts as the
certifying authority that assigns and holds public key certificates for
participating customers, the records subjects covered by this system.
DATES: Any interested party may submit written comments on the proposed
new system of records. This proposal will become effective without
further notice on May 27, 1997, unless comments received on or before
that date result in a contrary determination.
ADDRESSES: Written comments on this proposal should be mailed or
delivered to Payroll Accounting and Records, United States Postal
Service, 475 L'Enfant Plaza SW, Room 8650, Washington, DC 20260-5243.
Copies of all written comments will be available at the above address
for public inspection and photocopying between 8 a.m. and 4:45 p.m.,
Monday through Friday.
FOR FURTHER INFORMATION CONTACT: Betty E. Sheriff, (202) 268-2608.
SUPPLEMENTARY INFORMATION: The Postal Service is conducting a pilot
program with several federal agencies. The Postal Service's role is to
act as the certifying authority by using and managing X.509 public key
certificates containing a person's distinguished name, public key, and
other identifying information. Under the program a customer applies to
a Registrar (a Postal Service authority) to receive a Postal Service
public key certificate. Information collected through the application
process is limited to the customer name, address, phone number,
electronic mail address, signature, and payment information.
The Registrar then creates a key pair consisting of a public key
and a private key. Keys are long, random, bit strings that are unique
to the user. That application information, as well as a distinguished
name for the user, is transmitted to the Postal Service database
covered by this system. The database returns a signed certificate to
the Registrar, who enters it onto a disk along with the distinguished
name, public key, and private key. The disk is
[[Page 18376]]
given to the customer who uses special software, along with the private
key, to send and digitally sign documents. The public key and
certificate are public data, but the customer is instructed not to
disclose the private key and personal identification number (PIN)
associated with the private key to a third party.
Maintenance of these records is not expected to affect individual
privacy rights because, to the extent that the system covers
individuals, limited information about them is kept. A large segment of
the population covered by the system is businesses, which are not
covered by the Privacy Act. Other than digital components for public
key certification, the information kept about a customer is name,
distinguished name, public key(s), account, phone number, postal and
electronic mail address, and payment information.
Information kept within the database is protected by several
layers. The computer housing the database is located in a building with
access controlled by guards and a room with access controlled by the
use of card keys. Other components of the security architecture are an
asynchronous gateway, a network firewall, LAN connection, operating
system, database management system, application software, database
software security architecture, application software security
architecture, and key generation and maintenance. Each of these levels
has been subjected to an external audit to ensure security of the
system. In addition, internal access to the database is limited to the
system administrator, database administrator, and designated support
personnel. Key pairs are protected against cryptanalysis by encrypting
the private key and by using a shared secret algorithm to protect the
encryption key, and the certificate authority key is stored in a
separate, tamperproof hardware device. Finally, activities are audited
and archived information is protected from corruption, deletion, and
modification.
With the above security controls the information will be protected
from unauthorized access unless a customer does not heed a warning to
keep the private key and PIN secret. If a private key is compromised,
the Postal Service will immediately revoke upon notification from the
certificate holder the related certificate.
Pursuant to 5 U.S.C. 552a(e)(11), interested persons are invited to
submit written data, views, or arguments regarding this proposal. A
report of the following proposed system has been sent to Congress and
to the Office of Management and Budget for their evaluation.
USPS 010.090
SYSTEM NAME:
Collection and Delivery Records--Customer Public Key Certificate
Records, USPS 010.090.
SYSTEM LOCATIONS:
Marketing, Headquarters, and Information Systems Service Center,
San Mateo, CA.
CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
Business and individual postal customers who apply to receive a
public key certificate.
CATEGORIES OF RECORDS IN THE SYSTEM:
The following information is kept with regard to customers who have
applied for public key certificates from the Postal Service: Name,
address, phone number, electronic mail address, payment information,
customer's public key(s), certificate serial numbers, customer's
distinguished name, effective dates of authorized certificates,
certificate algorithm, date of revocation or expiration of certificate,
Postal Service-authorized digital signature, and information supplied
by the customer to identify who may have access to public key data
related to that customer.
AUTHORITY FOR MAINTENANCE OF THE SYSTEM:
39 U.S.C. 403 and 404.
PURPOSE(S):
Information within this system is used to issue and manage public
key certificates.
ROUTINE USES OF RECORDS MAINTAINED IN THE SYSTEM, INCLUDING CATEGORIES
OF USERS AND THE PURPOSES OF SUCH USES:
General routine use statements a, b, c, d, e, f, g, h, and j listed
in the prefatory statement at the beginning of the Postal Service's
published system notices apply to this system. Other routine uses
follow:
1. The X.509 certificate and public key associated with a records
subject may be disclosed to persons who provide the associated
certificate number or distinguished name and who have not been denied
access by the records subject.
POLICIES AND PRACTICES FOR STORING, RETRIEVING, ACCESSING, RETAINING,
AND DISPOSING OF RECORDS IN THE SYSTEM:
STORAGE:
Paper, automated database, and computer storage media.
RETRIEVABILITY:
Customer name, distinguished name, certificate serial number, and
public key.
SAFEGUARDS:
Hard copy records and computers containing information within this
system of records are located in a building with entrance access
controlled by guards and room access controlled by card readers.
Information within the database is protected by a security architecture
of several layers that includes an asynchronous gateway, network
firewall, operating security system, and database software security
architecture. Internal access to the database is limited to the system
administrator, database administrator, and designated support
personnel. Key pairs are protected against cryptanalysis by encrypting
the private key and by using a shared secret algorithm to protect the
encryption key, and the certificate authority key is stored in a
separate, tamperproof, hardware device. Activities are audited and
archived information is protected from corruption, deletion, and
modification.
RETENTION AND DISPOSAL:
a. Pending Public Key Certificate Application Files. These records
are added as received to an electronic database. Move to authorized
certificate file when they are updated with the required data. Destroy
records not updated within 90 days from the date of receipt.
b. Public Key Certificate Directory. These records are maintained
in an electronic database and are constantly updated. Destroy records
as they are superseded or deleted.
c. Authorized Public Key Certificate Master File. These records are
maintained in an electronic database for the life of the authorized
certificate. Move to the certificate revocation file when certificate
is revoked or expired.
d. Public Key Certificate Revocation List. Cut off this file at the
end of each calendar year. Destroy these records 30 years from the date
of cutoff.
SYSTEM MANAGER(S) AND ADDRESS:
Vice President, Technology Applications, United States Postal
Service, 475 L'Enfant Plaza SW, Washington, DC 20260-2403
NOTIFICATION PROCEDURE:
Individuals wanting to know whether information about them is
maintained in this system of records must address inquiries in writing
to the system manager. Inquiries must contain name and certificate
serial number.
RECORD ACCESS PROCEDURES:
Access must be requested in accordance with the Notification
Procedure above and the Postal Service
[[Page 18377]]
Privacy Act regulations regarding access to records and verification of
identity under 39 CFR 266.6.
CONTESTING RECORD PROCEDURES:
See Notification Procedure and Record Access Procedures above.
RECORD SOURCE CATEGORIES:
Customers.
Stanley F. Mires,
Chief Counsel, Legislative.
[FR Doc. 97-9590 Filed 4-15-97; 8:45 am]
BILLING CODE 7710-12-P