PosteCS^TM
- Benefits

Privacy and Security

Canada Post and the Privacy of Information

Canada Post is well regarded as keeping confidential any personal information received from its customers. Information obtained by Canada Post from PosteCS™ users will be kept confidential and only used for the purpose for which it is collected.

Canada Post as the Trusted Third Party

The Post Office has earned a reputation as a "trusted third party" based on the Corporation -

1. demonstrating rigorous protection of the "mail";
2. demonstrating neutrality regarding the content of messages in its charge;
3. keeping personal addressing information confidential.

Security

PosteCS is an Internet-based document delivery service that allows you to send electronic documents securely with speed and convenience, 24 hours per day, 7 days a week to anyone with an Internet e-mail address and a Web browser. The security options of PosteCS mean that your document delivery is more secure, private and reliable than either fax or e-mail. PosteCS does this by employing a combination of industry standards and proprietary security measures to provide sensitive documents a secure channel of delivery. Using PosteCS security features and options, the sender can ensure a secure transaction from the moment the document leaves the sender’s desktop until it arrives on the intended recipient’s desktop.

PosteCS Security Features

Server Authentication - PosteCS authenticates the secure Postal server, before uploading the document, via a server digital certificate.

Secure Sockets Layer (SSL) - The connection to the server is secured by the sender selecting Secure Sockets Layer (SSL) transmission. SSL is a standard protocol that protects the document from interception during transmission. As the document leaves the sender, it is encrypted with a key known only by the server. This scrambles the transmission and successful decryption by the server ensures that the document has not been tampered with during transit. SSL also secures the connection between the server and the recipient. The receiver must have a Web browser that supports SSL. PosteCS' SSL use automatically reverts to 40-bit encryption if browsers are not 128-bit enabled.

Electronic Postmark - On a Sender's request, an Electronic Postmark™ will accompany a PosteCS package. It is a Canada Post date-stamped and time-stamped, cryptographically sealed digital object containing an "electronic footprint" of the original package, among other attributes. The Electronic Postmark™ record is then, by way of a Canada Post digital signature, digitally "sealed" to prevent undetected modification of the package.

Document Encryption - In addition, the document is encrypted while it is on the PosteCS server. The server encrypts the document using 128-bit RSA encryption technology.

Document Expiration - Senders can specify an expiry date for the document to reside on the PosteCS server. The receiver is notified of the limited time to access and retrieve the document. Once the expiration date has passed, the document is permanently deleted from the server.

Recipient Authentication - PosteCS creates a unique, dynamically generated URL for each recipient of a document and distributes the URL through e-mail notification. Since each URL is associated with only one recipient e-mail address, that recipient is accountable for all server activity through that URL. Through the tracking feature, the sender can discover if and when a document was received or if a document was not received because an invalid e-mail address or an incorrect password attempt.

Password Protection - Senders should specify use of a password to access the PosteCS message. The correct password would need to be keyed in by the recipient to retrieve the password-protected document.

With PosteCS, there are two password choices to protect access to the document. If the intended recipient is a PosteCS user, the sender can request the use of the recipient's PosteCS account password. Alternatively, a unique password should be communicated to the recipient to protect the document. In this case, the sender communicates the password to the recipient through an alternate channel.