February 1999

The Next Generation In Unified Multimedia Messaging

BY MALCOLM SMITH

In May 1996, twenty leading fax and messaging vendors met to discuss the need for a new messaging service, designed to follow post, telex, fax, and e-mail. It would become the fifth and next generation messaging service. Why a new messaging service? The business world spends huge amounts on communications technology, but the most widely accepted form of communication, used every day, worldwide, is the posted letter. We know that the letter we have sent will be received because we personally put it in the envelope; the recipient can have confidence that the contents have not been tampered with, because the envelope has been sealed and its contents signed. The sender can even track the message using a special delivery postal service. In short, we can trust that the postal service is simple and trustworthy, resulting in the continued popularity of the posted letter despite faster electronic alternatives.

Compare this with fax. Typically 70 percent of business documents are created using a PC. The resulting electronic file is then printed out and fed into a fax machine to be converted into another electronic file and transmitted. At the receiving end, another fax machine converts the information back into a paper document. At each end of the communications link, there now exists a paper document, but the authenticity of the original may be in doubt - it could have been scanned or copied, and even if the fax is created using a PC, it is not possible for the recipient to use the information contained in it without complicated scanning or retyping procedures.

Let us consider e-mail. Initially developed for short informal messaging, e-mail provides no automatic confirmation to either sender or recipient that the message received is identical to the message sent. Nor is there any assurance that a message originated from the purported sender, nor that the intended recipient has received it. Added to this, the legal position on company records in electronic form is not clear-cut. In legal disputes, electronic evidence is sometimes accepted and sometimes not. In some countries electronic originals are legally admissible; in others they are not.

Although document transmission costs may have fallen, "whole document cycle costs" have increased. Research studies showed 99 percent of document cycle costs lay in creation, live use, retention, and archiving, with transmission accounting for a mere 1 percent.

THE FIFTH (NEXT) GENERATION
The G5 Messaging Forum members believed that new solutions were needed to address these problems. This fresh system should combine all the positive elements of current message transmission methods, enhance them with additional features, and eliminate negative features, all while using existing standards.

The result of the meeting in May 1996 was the foundation of the G5 Messaging Forum, an open, non-profit organization. Its mission was threefold:

1. To draw up the definition for a new service.
2. To brand and promote the service.
3. To liaise with a range of standards bodies.

Earlier this year, a mere 21 months after the initial meeting between the members, the G5 Messaging Interoperability Agreement was posted on the Internet at www.group5forum.org as an open discussion document. Following worldwide response to the draft, and with feedback from developer workshops in the United States, Europe, and Japan, Version 1.0 of the specification was formally released.

The G5 Messaging Protocol was designed to be easy to use, to integrate seamlessly with fax and Internet e-mail, and to provide legally compliant and secure electronic messaging.

Key features of G5 Messaging are as follows:

• The use of MIME to carry multimedia messages including text, image, voice, video, and e-commerce.
• Inserting document control information into the MIME header file for each message, thus providing a "carrier independent" design.
• Transmission by carrier (using fax protocols), Internet (using Internet protocols), or internal network (using TCP/IP).
• Automatic fallback to fax (carrier) or Internet e-mail should a G5 Message transmission not be possible.

The G5 Messaging specification also brings in quality messaging features that are currently absent from fax and e-mail, including:

• Automatic electronic postmark insertion at point of transmission; the postmark comprising unique message ID, time and date stamp, and encrypted checksum on the file.
• A full message confirmation, including the return of the sender's postmark with one generated by the recipient.
• File (or content) negotiation with dropdown to baseline file formats by media type - an essential feature for successful multimedia messaging.
• Automatic "legally admissible" archiving of inbound and outgoing messages (electronic originals), compliant with 5 New International Codes of Best Practice to be issued in the United States, Europe, and Oceania this autumn, under the "Electronic Original Initiative."
• Three levels of security, including: security attachment (e.g. for Smartcards); whole content encryption using S/MIME but with negotiation to match sender and recipient capabilities; single session encryption.

These features accommodate a spectrum of messaging requirements from informal e-mail to registered post, and can achieve cost savings in the areas of archiving and retention of around $2.50 per document.

The third major set of features has been designed to provide ease of use to the user - a key feature in the success of fax. These include:

• Choice of transports: carrier or Internet, with fallback should one network fail.
• Carrying document-indexing information with the message to provide indexable, searchable document archives.
• Inbound addressing to people, peripherals, or applications.
• "Self building" address books.
• A range of "service calls" providing automated access to address book, viewers, ID verification, and remote archiving services.

THE 5 CODES OF INTERNATIONAL BEST PRACTICE
G5 Messaging has a unique approach to legality and security. We have all read about problems concerning the security of Internet transmissions, and the use of digital signatures and certification authorities, etc., but we must also focus on the related issues of legality and interoperability.

G5 Messaging conforms to "The 5 Codes of International Best Practice for the Transmission and Storage of Electronic Documents," which address the issues of security, legality, and interoperability in a unique and consistent way.

For hundreds of years paper has been an acceptable way for organizations to store their documents. Various sets of guidelines for the handling, transmission, and storage of documents have been produced, but none have been comprehensive and internationally accepted. Following two years of work coordinated by a small U.K. company and involving some 130 organizations, the British Standards Institution (BSI) issued a technical Code of Best Practice (PD0009) in February 1996 for the storage of documents in electronic form on electronic media.

The purpose of this code was to set a standard of system and process controls, which could give confidence that electronic records had been stored and retained according to best practice. This year, new Codes of Best Practice will be published, building on the existing U.K. code and extending it into the other areas of electronic documentation not previously covered. The new codes will be internationally applicable, with simultaneous first publication through six national standards bodies and trade/user organizations in the United States, Europe, and Japan. Work on the codes is being supported by 70 specialist reviewers, six national standards bodies, four international associations, and three bodies coordinating legal change.

The extended codes are designed for use with systems and processes that will be accepted worldwide. Each will cover a discrete key area, offering a technical guide to best practice and defining the working practices and technological requirements needed to ensure the authenticity of an electronic document. Although each code can stand alone, they are also designed to interlink in a dependence hierarchy starting at the first code (electronic storage), so that transmission requires code-compliant storage, and a transmitted ID requires both code-compliant storage and transmission.

The new codes will establish a framework enabling the development of electronic commerce based on documentation that will satisfy the requirements for legal admissibility as evidence, and they will provide a basis for trusted inter-organization communications. Used in conjunction with the trusted third-party services now in development, the codes will enable independent verification of the validity of an electronic document, including demonstration of:

• Time of transmission.
• Mutual non-repudiation of the transmission.
• Legally acceptable unaltered archiving of the transmission.
• Authentication of the verification request.

FEATURES
G5 Messaging has a full feature set of facilities to support both legality and security, and also ensures effective interoperability. Too many current solutions to the problems of legality, security, and interoperability are proprietary and only allow development within "closed user" communities.

Electronic Postmark
At the front of a G5 Message is a G5 Message Header containing details of sender, recipient, subject, and any keywords. At the point of transmission an electronic postmark is added to this header file. This contains three items:

• A unique message ID to identify the message.
• A time and date stamp applied at point of transmission (for legal purposes).
• A checksum of the entire message. The result is then encrypted, which provides security for the content of the message.

For legal/electronic original purposes this message should be securely stored (typically to optical storage) at this point. G5 Messaging provides for automatic selective archiving.

Message Confirmation
The recipient's system verifies the encrypted checksum to ensure the integrity of the message, records the message to secure storage, and generates its own electronic postmark to be returned to the sender as a message confirmation. This is also stored securely. Both parties therefore have two postmarks identifying the message, its time and date checksums, and its confirmation receipt with the same, providing for mutual non-repudiation. If the message is stored securely in compliance with the codes, this standard feature of G5 Messaging will provide a basis for legal admissibility and electronic original retention.

In addition to this core feature there are a number of optional facilities which can be added to the message. As well as being useful in other ways, they will enhance its legal status.

Trusted Remote Archiving
Trusted Remote Archiving is a feature whereby messages are automatically archived to a remote secure archive service. There are two main benefits from this:

• Best practice requires that an offsite copy of the original archive be held for security purposes. A bureau can supply this where needed.
• Bureaus offer independent evidence of a message transmission where needed. This may provide additional support in a contested legal case.

Security and Legality
Other facilities use a feature in G5 Messaging called the security attachment.
This is a method of attaching an additional special purpose encrypted MIME datafile to a message. Typically Smartcards would be used to apply these features. The three facilities are:

• Authenticated sender - "I am the sender of the message."
• Digital signature - "I am personally signing this message."
• Confirmation of a personal receipt confirmation request - "I have personally received this message."

G5 Messaging supplies a standard basis for a recipient to verify each of these applications by reference to a third-party certification authority by use of a G5 Messaging automatic service call.

Encryption
Message encryption is often confused with legality and security. Message encryption as a technique is chiefly concerned with ensuring an unwanted reader is unable to read the contents of a message. As such it has little to do with proving that a transmission took place at a point in time, or that the message was retained in a secure archive, which are the key elements required for legality/electronic original purposes.

G5 Messaging's encryption facilities are unique in that they allow negotiation of the content encryption algorithm with the recipient and a common fallback to ensure a successful encrypted transmission can take place. Digital signatures can also be transmitted within this framework.

For ultra-high level message encryption, a single session encryption call can be set up by means of a service call to a third party. The message encryption and decryption is then only known by that party and provided for that call only.

CONCLUSIONS
G5 Messaging's unique series of facilities provide:

• Legally admissible transfer and electronic original retention.
• Enhancements for personal transmission and receipt.
• Negotiated message encryption.

The importance of these developments can be measured by considering two key areas of information technology activity. Firstly, in Internet commerce, where trading will not be legally sustainable without the effective "Electronic Original" retention of transactions. Secondly, in the area of document retention, where current paper-based records systems are growing at 20 percent per annum. Savings of $2.50 per document are achievable by utilizing the electronic original retention method.

Evidence suggests that there have already been cases where organizations have lost in court, when they might reasonably have expected a better result had certain electronic documents not been ruled inadmissible as evidence. If accused of negligence for allowing such a situation to arise, the directors of such companies could have offered the defense that there existed no generally accepted guidelines relating to electronic documentation as evidence. With the publication of the new codes, no such defense could be put forward with confidence.

There are dangers and pitfalls for any business in the implementation of electronic, Internet-based trading, but the real challenge of the new electronic environment lies in the way in which we conduct and document our business. Those who act positively will be achieving more than simply rationalizing the documentation process. By implementing the practices and procedures of the five new Codes of Best Practice, not only will businesses be safeguarding themselves, they will be making their enterprise far more efficient and productive than ever before.

Malcolm Smith is managing director of 5th Generation Messaging and chairman of the G5 Messaging Forum. The G5 Messaging Forum was established for the purpose of creating a single new, coherent open standard for integrating multimedia messaging, and membership remains open to any organization with an interest in the future of integrated multimedia messaging. The full Interoperability Agreement for G5 Messaging is available at www.group5forum.org. 5th Generation Messaging is championing the development of G5 Messaging, and it is a founding member of the G5 Messaging Forum. For more information, please contact Rosemary White at 44-0-1491-641641.