February 1999
The Next Generation In Unified Multimedia Messaging
BY MALCOLM SMITH
In May 1996, twenty leading fax and messaging vendors met to discuss the need for a new
messaging service, designed to follow post, telex, fax, and e-mail. It would become the
fifth and next generation messaging service. Why a new messaging service? The business
world spends huge amounts on communications technology, but the most widely accepted form
of communication, used every day, worldwide, is the posted letter. We know that the letter
we have sent will be received because we personally put it in the envelope; the recipient
can have confidence that the contents have not been tampered with, because the envelope
has been sealed and its contents signed. The sender can even track the message using a
special delivery postal service. In short, we can trust that the postal service is simple
and trustworthy, resulting in the continued popularity of the posted letter despite faster
electronic alternatives.
Compare this with fax. Typically 70 percent of business documents are created using a
PC. The resulting electronic file is then printed out and fed into a fax machine to be
converted into another electronic file and transmitted. At the receiving end, another fax
machine converts the information back into a paper document. At each end of the
communications link, there now exists a paper document, but the authenticity of the
original may be in doubt - it could have been scanned or copied, and even if the fax is
created using a PC, it is not possible for the recipient to use the information contained
in it without complicated scanning or retyping procedures.
Let us consider e-mail. Initially developed for short informal messaging, e-mail
provides no automatic confirmation to either sender or recipient that the message received
is identical to the message sent. Nor is there any assurance that a message originated
from the purported sender, nor that the intended recipient has received it. Added to this,
the legal position on company records in electronic form is not clear-cut. In legal
disputes, electronic evidence is sometimes accepted and sometimes not. In some countries
electronic originals are legally admissible; in others they are not.
Although document transmission costs may have fallen, "whole document cycle
costs" have increased. Research studies showed 99 percent of document cycle costs lay
in creation, live use, retention, and archiving, with transmission accounting for a mere 1
percent.
THE FIFTH (NEXT) GENERATION
The G5 Messaging Forum members believed that new solutions were needed to address these
problems. This fresh system should combine all the positive elements of current message
transmission methods, enhance them with additional features, and eliminate negative
features, all while using existing standards.
The result of the meeting in May 1996 was the foundation of the G5 Messaging Forum, an
open, non-profit organization. Its mission was threefold:
- To draw up the definition for a new service.
- To brand and promote the service.
- To liaise with a range of standards bodies.
Earlier this year, a mere 21 months after the initial meeting between the members, the
G5 Messaging Interoperability Agreement was posted on the Internet at www.group5forum.org as an open discussion document.
Following worldwide response to the draft, and with feedback from developer workshops in
the United States, Europe, and Japan, Version 1.0 of the specification was formally
released.
The G5 Messaging Protocol was designed to be easy to use, to integrate seamlessly with
fax and Internet e-mail, and to provide legally compliant and secure electronic messaging.
Key features of G5 Messaging are as follows:
- The use of MIME to carry multimedia messages including text, image, voice, video, and
e-commerce.
- Inserting document control information into the MIME header file for each message, thus
providing a "carrier independent" design.
- Transmission by carrier (using fax protocols), Internet (using Internet protocols), or
internal network (using TCP/IP).
- Automatic fallback to fax (carrier) or Internet e-mail should a G5 Message transmission
not be possible.
The G5 Messaging specification also brings in quality messaging features that are
currently absent from fax and e-mail, including:
- Automatic electronic postmark insertion at point of transmission; the postmark
comprising unique message ID, time and date stamp, and encrypted checksum on the file.
- A full message confirmation, including the return of the sender's postmark with one
generated by the recipient.
- File (or content) negotiation with dropdown to baseline file formats by media type - an
essential feature for successful multimedia messaging.
- Automatic "legally admissible" archiving of inbound and outgoing messages
(electronic originals), compliant with 5 New International Codes of Best Practice to be
issued in the United States, Europe, and Oceania this autumn, under the "Electronic
Original Initiative."
- Three levels of security, including: security attachment (e.g. for Smartcards); whole
content encryption using S/MIME but with negotiation to match sender and recipient
capabilities; single session encryption.
These features accommodate a spectrum of messaging requirements from informal e-mail to
registered post, and can achieve cost savings in the areas of archiving and retention of
around $2.50 per document.
The third major set of features has been designed to provide ease of use to the user -
a key feature in the success of fax. These include:
- Choice of transports: carrier or Internet, with fallback should one network fail.
- Carrying document-indexing information with the message to provide indexable, searchable
document archives.
- Inbound addressing to people, peripherals, or applications.
- "Self building" address books.
- A range of "service calls" providing automated access to address book,
viewers, ID verification, and remote archiving services.
THE 5 CODES OF INTERNATIONAL BEST PRACTICE
G5 Messaging has a unique approach to legality and security. We have all read about
problems concerning the security of Internet transmissions, and the use of digital
signatures and certification authorities, etc., but we must also focus on the related
issues of legality and interoperability.
G5 Messaging conforms to "The 5 Codes of International Best Practice for the
Transmission and Storage of Electronic Documents," which address the issues of
security, legality, and interoperability in a unique and consistent way.
For hundreds of years paper has been an acceptable way for organizations to store their
documents. Various sets of guidelines for the handling, transmission, and storage of
documents have been produced, but none have been comprehensive and internationally
accepted. Following two years of work coordinated by a small U.K. company and involving
some 130 organizations, the British Standards Institution (BSI) issued a technical Code of
Best Practice (PD0009) in February 1996 for the storage of documents in electronic form on
electronic media.
The purpose of this code was to set a standard of system and process controls, which
could give confidence that electronic records had been stored and retained according to
best practice. This year, new Codes of Best Practice will be published, building on the
existing U.K. code and extending it into the other areas of electronic documentation not
previously covered. The new codes will be internationally applicable, with simultaneous
first publication through six national standards bodies and trade/user organizations in
the United States, Europe, and Japan. Work on the codes is being supported by 70
specialist reviewers, six national standards bodies, four international associations, and
three bodies coordinating legal change.
The extended codes are designed for use with systems and processes that will be
accepted worldwide. Each will cover a discrete key area, offering a technical guide to
best practice and defining the working practices and technological requirements needed to
ensure the authenticity of an electronic document. Although each code can stand alone,
they are also designed to interlink in a dependence hierarchy starting at the first code
(electronic storage), so that transmission requires code-compliant storage, and a
transmitted ID requires both code-compliant storage and transmission.
The new codes will establish a framework enabling the development of electronic
commerce based on documentation that will satisfy the requirements for legal admissibility
as evidence, and they will provide a basis for trusted inter-organization communications.
Used in conjunction with the trusted third-party services now in development, the codes
will enable independent verification of the validity of an electronic document, including
demonstration of:
- Time of transmission.
- Mutual non-repudiation of the transmission.
- Legally acceptable unaltered archiving of the transmission.
- Authentication of the verification request.
FEATURES
G5 Messaging has a full feature set of facilities to support both legality and security,
and also ensures effective interoperability. Too many current solutions to the problems of
legality, security, and interoperability are proprietary and only allow development within
"closed user" communities.
Electronic Postmark
At the front of a G5 Message is a G5 Message Header containing details of sender,
recipient, subject, and any keywords. At the point of transmission an electronic postmark
is added to this header file. This contains three items:
- A unique message ID to identify the message.
- A time and date stamp applied at point of transmission (for legal purposes).
- A checksum of the entire message. The result is then encrypted, which provides security
for the content of the message.
For legal/electronic original purposes this message should be securely stored
(typically to optical storage) at this point. G5 Messaging provides for automatic
selective archiving.
Message Confirmation
The recipient's system verifies the encrypted checksum to ensure the integrity of the
message, records the message to secure storage, and generates its own electronic postmark
to be returned to the sender as a message confirmation. This is also stored securely. Both
parties therefore have two postmarks identifying the message, its time and date checksums,
and its confirmation receipt with the same, providing for mutual non-repudiation. If the
message is stored securely in compliance with the codes, this standard feature of G5
Messaging will provide a basis for legal admissibility and electronic original retention.
In addition to this core feature there are a number of optional facilities which can be
added to the message. As well as being useful in other ways, they will enhance its legal
status.
Trusted Remote Archiving
Trusted Remote Archiving is a feature whereby messages are automatically archived to a
remote secure archive service. There are two main benefits from this:
- Best practice requires that an offsite copy of the original archive be held for security
purposes. A bureau can supply this where needed.
- Bureaus offer independent evidence of a message transmission where needed. This may
provide additional support in a contested legal case.
Security and Legality
Other facilities use a feature in G5 Messaging called the security attachment.
This is a method of attaching an additional special purpose encrypted MIME datafile to a
message. Typically Smartcards would be used to apply these features. The three facilities
are:
- Authenticated sender - "I am the sender of the message."
- Digital signature - "I am personally signing this message."
- Confirmation of a personal receipt confirmation request - "I have personally
received this message."
G5 Messaging supplies a standard basis for a recipient to verify each of these
applications by reference to a third-party certification authority by use of a G5
Messaging automatic service call.
Encryption
Message encryption is often confused with legality and security. Message encryption as a
technique is chiefly concerned with ensuring an unwanted reader is unable to read the
contents of a message. As such it has little to do with proving that a transmission took
place at a point in time, or that the message was retained in a secure archive, which are
the key elements required for legality/electronic original purposes.
G5 Messaging's encryption facilities are unique in that they allow negotiation of the
content encryption algorithm with the recipient and a common fallback to ensure a
successful encrypted transmission can take place. Digital signatures can also be
transmitted within this framework.
For ultra-high level message encryption, a single session encryption call can be set up
by means of a service call to a third party. The message encryption and decryption is then
only known by that party and provided for that call only.
CONCLUSIONS
G5 Messaging's unique series of facilities provide:
- Legally admissible transfer and electronic original retention.
- Enhancements for personal transmission and receipt.
- Negotiated message encryption.
The importance of these developments can be measured by considering two key areas of
information technology activity. Firstly, in Internet commerce, where trading will not be
legally sustainable without the effective "Electronic Original" retention of
transactions. Secondly, in the area of document retention, where current paper-based
records systems are growing at 20 percent per annum. Savings of $2.50 per document are
achievable by utilizing the electronic original retention method.
Evidence suggests that there have already been cases where organizations have lost in
court, when they might reasonably have expected a better result had certain electronic
documents not been ruled inadmissible as evidence. If accused of negligence for allowing
such a situation to arise, the directors of such companies could have offered the defense
that there existed no generally accepted guidelines relating to electronic documentation
as evidence. With the publication of the new codes, no such defense could be put forward
with confidence.
There are dangers and pitfalls for any business in the implementation of electronic,
Internet-based trading, but the real challenge of the new electronic environment lies in
the way in which we conduct and document our business. Those who act positively will be
achieving more than simply rationalizing the documentation process. By implementing the
practices and procedures of the five new Codes of Best Practice, not only will businesses
be safeguarding themselves, they will be making their enterprise far more efficient and
productive than ever before.
Malcolm Smith is managing director of 5th Generation Messaging and chairman of the
G5 Messaging Forum. The G5 Messaging Forum was established for the purpose of creating a
single new, coherent open standard for integrating multimedia messaging, and membership
remains open to any organization with an interest in the future of integrated multimedia
messaging. The full Interoperability Agreement for G5 Messaging is available at www.group5forum.org. 5th Generation Messaging is
championing the development of G5 Messaging, and it is a founding member of the G5
Messaging Forum. For more information, please contact Rosemary White at 44-0-1491-641641. |