From: David Honig <honig@otc.net>
To: cypherpunks@toad.com
Message Hash: 5d6ad2f44d79900fe57da226929aa92c56171b8219bf86dc326d4e73282dbc3e
Message ID: <3.0.5.32.19980306103212.007aedd0@otc.net>
Reply To: N/A
UTC Datetime: 1998-03-06 18:32:47 UTC
Raw Date: Fri, 6 Mar 1998 10:32:47 -0800 (PST)
From: David Honig <honig@otc.net>
Date: Fri, 6 Mar 1998 10:32:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: UPS to market DIGITAL SIGNATURE AUTHENTICATED DIGITAL DOCUMENT DELIVERY, $5 < $x < $10
Message-ID: <3.0.5.32.19980306103212.007aedd0@otc.net>
MIME-Version: 1.0
Content-Type: text/plain
http://dailynews.yahoo.com/headlines/technology/wired/story.html?s=n/reuters
/980306/wired/stories/ups_2.html
UPS ships high-tech security along with packages
By Randolph Court
SAN FRANCISCO (Wired) - United Parcel Service stepped into the
secure-electronic-data-transmission business this week, promising to make
online-document delivery as trustworthy and easy to use as a dollar bill
minted by the US Treasury.
"We view ourselves as a trusted third party," said Mark Rhoney, vice
president of marketing for electronic commerce at UPS.
But can UPS shift its focus from shipping cartons into computer bits? Its
move marks a head-on assault at a growing business now handled by much
smaller, specialized high-tech companies. What UPS will offer by the second
quarter of 1998 is an alternative to existing systems offered by lesser
known entities like Entrust Technologies and Network Associates' PGP
division.
Entrust and PGP hawk encryption systems that allow one person to send a
secure data file to someone else with no meddling from any outsiders.
UPS's new service, developed in partnerships with Tumbleweed Software and
NetDox, is based on the idea that a supervisor should be involved in the
process to guarantee the integrity of the information being sent.
Say a lawyer wants to send a contract worth $3 million, but the recipient
decides to tinker with the numbers and knock the figure down to $2.5
million. The situation dissolves to finger pointing, each side saying they
agreed to something different.
With the UPS system, the data that is sent will be digitally fingerprinted
and archived with time stamps and receipts from each party, so there will
be records of whether or not a document has been tampered with.
"The document is digitally notarized and legally binding," said NetDox
spokesman Lee Kallman. If there is a finger-pointing situation, UPS will be
able to prove in court exactly what was sent, by whom, who received it, and
when.
"That's what you don't get with other encryption systems, and that's the
void UPS wants to fill," said Kallman. The service will play a role not
unlike the role a government plays when it guarantees the value of
currency, Kallman said.
UPS will insure the integrity of each document, and the identity of both
sender and receiver, for up to $100,000.
The system is called UPS Document Exchange, and it will offer two levels of
security - Dossier for the strong stuff and Courier for the milder version.
For the most sensitive data, UPS will use a system designed by NetDox that
requires users to download a software client that wraps data - any sort of
digital information, from simple documents to multimedia - in two layers of
encryption, an inner 40-bit layer, and an outer 128-bit layer.
The data is sent to a UPS server where it is unwrapped, and a digital
fingerprint is taken and stored; then it is re-wrapped and sent to its
destination, where the recipient opens it with the NetDox client software.
For less-critical data packages, UPS will use a system designed by
Tumbleweed that encrypts data with a varying number of bits to accommodate
the different encryption levels supported by browsers in different countries.
The encrypted data is then sent to a UPS server, where it is stored at a
128-bit encryption level. The server sends an email message to the
recipient telling him or her the Web address where the data resides and how
it can be accessed via browser with RSA encryption.
---
UPS has been close-mouthed on the question of price, saying only that
delivery will be more expensive than a 32-cent stamp and cheaper than a
traditional overnight delivery.
NetDox has been charging $5.35 for domestic transactions and $10.70 for
international data exchanges, according to Kallman. But it hasn't had much
competition. If the UPS service proves viable and other competitors emerge,
prices could drop precipitously, Kallman said.
News of the UPS service was greeted warmly in some corners of the
encryption industry, and skeptically in others.
"We're very excited to hear that a large company like UPS is rolling out a
broad-based service like this," said Gina Klein Jorasch, director of
enterprise marketing at VeriSign. The company provides digital
certificates, which act like identity cards tying a user's identity to a
public key that enables the encryption process.
---
VeriSign has reason to be hopeful, though. Software clients like the ones
provided by NetDox and Tumbleweed require digital certificates, just like
those provided by VeriSign.
"A deal between VeriSign and UPS is very conceivable," Jorasch said.
Jeff Harell, the product manager for PGP products at computer security
giant Network Associates, quarreled with the fundamental idea of involving
outsiders in the data transmission process.
"Why would a corporate customer want to go to third-party systems?" Harell
asked. "A lot of companies don't want to involve a third party that they
are required to trust." Many companies view their data as too important to
risk exposing to a system with so many junctions and exchange points.
PGP is a proprietary system. Users sending and receiving data must both
have PGP, and their keys can only be provided and verified by PGP.
All of this is new in the traditional package delivery industry, but not
unexpected.
"Now that the Web has become so ubiquitous, this strikes me as something
that UPS and the other delivery companies needed to do," said Rita Knox, an
industry analyst with the Gartner Group.
"This is a pretty compelling service," Knox added. "It's available 24/7 and
it's virtually instantaneous."
Federal Express, after a failed attempt to introduce an electronic service
in the early 1980s, ended up setting a standard in the industry in 1995
when it launched a self-service ordering and tracking system on the Web.
Similar services have since been adopted by UPS and Airborne Express, among
other competitors. Analysts are looking ahead to the possibility of UPS's
online delivery service becoming an industry must-have if it proves
successful.
"I definitely anticipate another domino effect if UPS has any success with
this at all," said Michael Sullivan-Trainer of International Data Corp.
"All it takes is one competitor to introduce a new software innovation and
it changes industry dynamics."
------------------------------------------------------------
David Honig Orbit Technology
honig@otc.net Intaanetto Jigyoubu
"But if we have to use force,
it is because we are America;
we are the indispensable nation."
---Secretary of State Madeleine K. Albright
http://www.jya.com/see-far.htm
Return to March 1998
Return to “David Honig <honig@otc.net>”
1998-03-06 (Fri, 6 Mar 1998 10:32:47 -0800 (PST)) - UPS to market DIGITAL SIGNATURE AUTHENTICATED DIGITAL DOCUMENT DELIVERY, $5 < $x < $10 - David Honig <honig@otc.net>