Enhancing Security and Privacy in Certified Mail Systems Using Trust Domain Separation

Many governmental certified mail systems have been provided on the Internet to ensure reliable communication as known from registered mail in the postal world. In some cases it is strategically and economically advantageous to share such a system with the private sector. This inevitably leads to additional privacy and trust-related security requirements. Privacy issues especially arise in the case of identification schemes based on national identification numbers being at risk of getting disclosed to business entities. Trust becomes more important when financial interests come into play. Even if trusted third parties may not conspire with senders or recipients concerning a fair message exchange, they may cheat and charge for services never rendered. In this paper we discuss a solution addressing these issues from a practical viewpoint in the Austrian case. We present a model that ensures privacy of national identification numbers and provides a technical supervision of TTPs by distributing trust among different domains. Our concept has been taken up by the Austrian market.